Information Leakage Through Online Social Networking: Opening The Doorway For Advanced Persistence Threats,
2010
University of Melbourne
Information Leakage Through Online Social Networking: Opening The Doorway For Advanced Persistence Threats, Nurul Nuha Abdul Molok, Shanton Chang, Atif Ahmad
Australian Information Security Management Conference
The explosion of online social networking (OSN) in recent years has caused damages to organisations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to realise their social engineering techniques and undetectable zero-day exploits. APT attackers use a spear-phishing method that targeted on key employees of victim organisations through social media in order to conduct reconnaissance and theft of confidential proprietary information. This conceptual paper posits OSN as the most challenging channel of information leakage and provides an explanation about the underlying factors of …
Development And Evaluation Of A Secure Web Gateway Using Existing Icap Open Source Tools,
2010
University of Canterbury
Development And Evaluation Of A Secure Web Gateway Using Existing Icap Open Source Tools, Michael Pearce, Ray Hunt
Australian Information Security Management Conference
This work in progress paper discusses the development and evaluation of an open source secure web gateway. The proof of concept system uses a combination of open source software (including the Greasyspoon ICAP Server, Squid HTTP proxy, and Clam Antivirus) to perform the various security tasks that range from simple (such as passive content insertion) to more advanced (such as active content alteration) by modules installed on the server. After discussing the makeup of the proof of concept system we discuss our evaluation methodology for both effectiveness and performance. The effectiveness was tested using comparative analysis of groups of self-browsing …
Information Security Risk Assessment: Towards A Business Practice Perspective,
2010
University of Melbourne
Information Security Risk Assessment: Towards A Business Practice Perspective, Piya Shedden, Wally Smith, Atif Ahmad
Australian Information Security Management Conference
Information security risk assessments (ISRAs) are of great importance for organisations. Current ISRA methods identify an organisation’s security risks and provide a measured, analysed security risk profile of critical information assets in order to build plans to treat risk. However, despite prevalent use in organisations today, current methods adopt a limited view of information assets during risk identification. In the context of day-to-day activities, people copy, print and discuss information, leading to the ‘leakage’ of information assets. Employees will create and use unofficial assets as part of their day-to-day routines. Furthermore, employees will also possess important knowledge on how to …
The Economics Of Developing Security Embedded Software,
2010
Charles Sturt University
The Economics Of Developing Security Embedded Software, Craig S. Wright, Tanveer A. Zia
Australian Information Security Management Conference
Market models for software vulnerabilities have been disparaged in the past citing how these do little to lower the risk of insecure software. In this paper we argue that the market models proposed are flawed and not the concept of a market itself. A well-defined software risk derivative market would improve the information exchange for both the software user and vendor removing the often touted imperfect information state that is said to believe the software industry. In this way, users could have a rational means of accurately judging software risks and costs and as such the vendor could optimally apply …
New Approaches To Mitigation Of Malicious Traffic In Voip Networks,
2010
University of Canterbury
New Approaches To Mitigation Of Malicious Traffic In Voip Networks, Tobi Wulff, Ray Hunt
Australian Information Security Management Conference
Voice over IP (VoIP) telephony is becoming widespread in use, and is often integrated into computer networks. Because of this, malicious software threatens VoIP systems in the same way that traditional computer systems have been attacked by viruses, worms, and other automated agents. VoIP networks are a challenge to secure against such malware as much of the network intelligence is focused on the edge devices and access environment. This paper describes the design and implementation of a novel VoIP security architecture in which evaluation of, and mitigation against, malicious traffic is demonstrated by the use of virtual machines to emulate …
Program Transformations For Information Personalization,
2010
University of Dayton
Program Transformations For Information Personalization, Saverio Perugini, Naren Ramakrishnan
Computer Science Faculty Publications
Personalization constitutes the mechanisms necessary to automatically customize information content, structure, and presentation to the end user to reduce information overload. Unlike traditional approaches to personalization, the central theme of our approach is to model a website as a program and conduct website transformation for personalization by program transformation (e.g., partial evaluation, program slicing). The goal of this paper is study personalization through a program transformation lens and develop a formal model, based on program transformations, for personalized interaction with hierarchical hypermedia. The specific research issues addressed involve identifying and developing program representations and transformations suitable for classes of hierarchical …
Front Matter,
2010
Embry-Riddle Aeronautical University
Masthead,
2010
Embry-Riddle Aeronautical University
Back Matter,
2010
Embry-Riddle Aeronautical University
Cyber Situational Awareness Using Live Hypervisor-Based Virtual Machine Introspection,
2010
Air Force Institute of Technology
Cyber Situational Awareness Using Live Hypervisor-Based Virtual Machine Introspection, Dustyn A. Dodge
Theses and Dissertations
In this research, a compiled memory analysis tool for virtualization (CMAT-V) is developed as a virtual machine introspection (VMI) utility to conduct live analysis during cyber attacks. CMAT-V leverages static memory dump analysis techniques to provide live dynamic system state data. Unlike some VMI applications, CMAT-V bridges the semantic gap using derivation techniques. CMAT-V detects Windows-based operating systems and uses the Microsoft Symbol Server to provide this context to the user. This research demonstrates the usefulness of CMAT-V as a situational awareness tool during cyber attacks, tests the detection of CMAT-V from the guest system level and measures its impact …
Hijacking User Uploads To Online Persistent Data Repositories For Covert Data Exfiltration,
2010
Air Force Institute of Technology
Hijacking User Uploads To Online Persistent Data Repositories For Covert Data Exfiltration, Curtis P. Barnard
Theses and Dissertations
As malware has evolved over the years, it has gone from harmless programs that copy themselves into other executables to modern day botnets that perform bank fraud and identity theft. Modern malware often has a need to communicate back to the author, or other machines that are also infected. Several techniques for transmitting this data covertly have been developed over the years which vary significantly in their level of sophistication. This research creates a new covert channel technique for stealing information from a network by piggybacking on user-generated network traffic. Specifically, steganography drop boxes and passive covert channels are merged …
A Comparative Analysis Of Ascii And Xml Logging Systems,
2010
Air Force Institute of Technology
A Comparative Analysis Of Ascii And Xml Logging Systems, Eric C. Hanington
Theses and Dissertations
This research compares XML and ASCII based event logging systems in terms of their storage and processing efficiency. XML has been an emerging technology, even for security. Therefore, it is researched as a logging system with the mitigation of its verbosity. Each system consists of source content, the network transmission, database storage, and querying which are all studied as individual parts. The ASCII logging system consists of the text file as source, FTP as transport, and a relational database system for storage and querying. The XML system has the XML files and XML files in binary form using Efficient XML …
Accelerating Malware Detection Via A Graphics Processing Unit,
2010
Air Force Institute of Technology
Accelerating Malware Detection Via A Graphics Processing Unit, Nicholas S. Kovach
Theses and Dissertations
Real-time malware analysis requires processing large amounts of data storage to look for suspicious files. This is a time consuming process that (requires a large amount of processing power) often affecting other applications running on a personal computer. This research investigates the viability of using Graphic Processing Units (GPUs), present in many personal computers, to distribute the workload normally processed by the standard Central Processing Unit (CPU). Three experiments are conducted using an industry standard GPU, the NVIDIA GeForce 9500 GT card. The goal of the first experiment is to find the optimal number of threads per block for calculating …
Reputation-Based Internet Protocol Security: A Multilayer Security Framework For Mobil Ad Hoc Networks,
2010
Air Force Institute of Technology
Reputation-Based Internet Protocol Security: A Multilayer Security Framework For Mobil Ad Hoc Networks, Timothy H. Lacey
Theses and Dissertations
This research effort examines the theory, application, and results for a Reputation-based Internet Protocol Security (RIPSec) framework that provides security for an ad-hoc network operating in a hostile environment. In RIPSec, protection from external threats is provided in the form of encrypted communication links and encryption-wrapped nodes while internal threats are mitigated by behavior grading that assigns reputations to nodes based on their demonstrated participation in the routing process. Network availability is provided by behavior grading and round-robin multipath routing. If a node behaves faithfully, it earns a positive reputation over time. If a node misbehaves (for any number of …
Code White: A Signed Code Protection Mechanism For Smartphones,
2010
Air Force Institute of Technology
Code White: A Signed Code Protection Mechanism For Smartphones, Joseph M. Hinson Iv
Theses and Dissertations
This research develops Code White, a hardware-implemented trusted execution mechanism for the Symbian mobile operating system. Code White combines a signed whitelist approach with the execution prevention technology offered by the ARM architecture. Testing shows that it prevents all untrusted user applications from executing while allowing all trusted applications to load and run. Performance testing in contrast with an unmodified Symbian system shows that the difference in load time increases linearly as the application file size increases. The predicted load time for an application with a one megabyte code section remains well below one second, ensuring uninterrupted experience for the …
Iphone 3gs Forensics: Logical Analysis Using Apple Itunes Backup Utility,
2010
Zayed University
Iphone 3gs Forensics: Logical Analysis Using Apple Itunes Backup Utility, Mona Bader, Ibrahim Baggili
Electrical & Computer Engineering and Computer Science Faculty Publications
The iPhone mobile is used worldwide due to its enhanced computing capabilities, increased storage capacity as well as its attractive touch interface. These characteristics made the iPhone a popular smart phone device. The increased use of the iPhone lead it to become a potential source of digital evidence in criminal investigations. Therefore, iPhone forensics turned into an essential practice for forensic and security practitioners today. This research aimed at investigating and examining the logical backup acquisition of the iPhone 3GS mobile device using the Apple iTunes backup utility. It was found that significant data of forensic value such as e-mail …
Pseudonym-Based Rfid Discovery Service To Mitigate Unauthorized Tracking In Supply Chain Management,
2010
Singapore Management University
Pseudonym-Based Rfid Discovery Service To Mitigate Unauthorized Tracking In Supply Chain Management, Qiang Yan, Robert H. Deng, Zheng Yan, Yingjiu Li, Tieyan Li
Research Collection School Of Computing and Information Systems
Unauthorized tracking of RFID tagged assets at the system level, where an adversary tracks movement of RFID tagged assets by eavesdropping network messages or compromising date center servers, has not been well recognized in prior research. Compared to the traditional unauthorized tracking by clandestine scanning at the physical level, unauthorized tracking at the system level could be even more harmful as the adversary is able to obtain tracking information on a global scale and without physical presence. This paper analyzes the threat of unauthorized tracking by a semi-trusted RFID Discovery Service which maintains a database of RFID tag location records …
On Challenges In Evaluating Malware Clustering,
2010
University of North Carolina, Chapel Hill
On Challenges In Evaluating Malware Clustering, Peng Li, Limin Liu, Debin Gao, Michael K Reiter
Research Collection School Of Computing and Information Systems
Malware clustering and classification are important tools that enable analysts to prioritize their malware analysis efforts. The recent emergence of fully automated methods for malware clustering and classification that report high accuracy suggests that this problem may largely be solved. In this paper, we report the results of our attempt to confirm our conjecture that the method of selecting ground-truth data in prior evaluations biases their results toward high accuracy. To examine this conjecture, we apply clustering algorithms from a different domain (plagiarism detection), first to the dataset used in a prior work's evaluation and then to a wholly new …
Embellishing Text Search Queries To Protect User Privacy,
2010
Singapore Management University
Embellishing Text Search Queries To Protect User Privacy, Hwee Hwa Pang, Xuhua Ding, Xiaokui Xiao
Research Collection School Of Computing and Information Systems
Users of text search engines are increasingly wary that their activities may disclose confidential information about their business or personal profiles. It would be desirable for a search engine to perform document retrieval for users while protecting their intent. In this paper, we identify the privacy risks arising from semantically related search terms within a query, and from recurring highspecificity query terms in a search session. To counter the risks, we propose a solution for a similarity text retrieval system to offer anonymity and plausible deniability for the query terms, and hence the user intent, without degrading the system’s precision-recall …
A New Framework For Rfid Privacy,
2010
Singapore Management University
A New Framework For Rfid Privacy, Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao
Research Collection School Of Computing and Information Systems
Formal RFID security and privacy frameworks are fundamental to the design and analysis of robust RFID systems. In this paper, we develop a new definitional framework for RFID privacy in a rigorous and precise manner. Our framework is based on a zero-knowledge (ZK) formulation [8,6] and incorporates the notions of adaptive completeness and mutual authentication. We provide meticulous justification of the new framework and contrast it with existing ones in the literature. In particular, we prove that our framework is strictly stronger than the ind-privacy model of [18], which answers an open question posed in [18] for developing stronger RFID …
