scholarly journals Analysis of Attack Graph Representations for Ranking Vulnerability Fixes

10.29007/2c1q ◽  
2018 ◽  
Author(s):  
Tom Gonda ◽  
Tal Pascal ◽  
Rami Puzis ◽  
Guy Shani ◽  
Bracha Shapira
Keyword(s):  
Network Connectivity ◽  
Centrality Measures ◽  
Sensitive Information ◽  
Graph Representations ◽  
Connectivity Graph ◽  
Attack Graph ◽  
Software Vulnerabilities ◽  
Planning Graph ◽  
Ranking Measures ◽  
Gain Access

Software vulnerabilities in organizational computer networks can be leveraged by an attacker to gain access to sensitive information. As fixing all vulnerabilities requires much effort, it is critical to rank the possible fixes by their importance. Centrality measures over logical attack graphs, or over the network connectivity graph, often provide a scalable method for finding the most critical vulnerabilities.In this paper we suggest an analysis of the planning graph, originating in classical planning, as an alternative for the logical attack graph, to improve the ranking produced by centrality measures. The planning graph also allows us to enumerate the set of possible attack plans, and hence, directly count the number of attacks that use a given vulnerability. We evaluate a set of centrality-based ranking measures over the logical attack graph and the planning graph, showing that metrics computed over the planning graph reduce more rapidly the set of shortest attack plans.

scholarly journals Assessment of current practices in creating and using passwords as a control mechanism for information access

2007 ◽  
Vol 9 (2) ◽  
Author(s):  
P. L. Wessels ◽  
L. P. Steenkamp
Keyword(s):  
Control Mechanism ◽  
Personal Information ◽  
Information Access ◽  
Sensitive Information ◽  
Access To Information ◽  
Network Servers ◽  
Critical Issues ◽  
Data Files ◽  
Gain Access ◽  
Current Practices

One of the critical issues in managing information within an organization is to ensure that proper controls exist and are applied in allowing people access to information. Passwords are used extensively as the main control mechanism to identify users wanting access to systems, applications, data files, network servers or personal information. In this article, the issues involved in selecting and using passwords are discussed and the current practices employed by users in creating and storing passwords to gain access to sensitive information are assessed. The results of this survey conclude that information managers cannot rely only on users to employ proper password control in order to protect sensitive information. 

Architecture of Mobile Payment System with Tolerate Mechanism

2012 ◽  
Vol 241-244 ◽  
pp. 2539-2543
Author(s):  
Jin Hui Zhao ◽  
Li Jie Yin ◽  
Li Li Xiong ◽  
Xu Qian
Keyword(s):  
Payment System ◽  
Security Requirements ◽  
Mobile Payment ◽  
System Management ◽  
Stable Operation ◽  
Sensitive Information ◽  
System Construction ◽  
Security Technology ◽  
And Performance ◽  
Gain Access

A good architecture is the basis of system security and stable operation, which can effectively reduce the risk of system construction, and ensure health development. The mobile payment system involves many links; the process is complex and diverse with higher security requirements. Combined with advanced security technology --- tolerance mechanisms, a novel mobile payment system architecture is design. Voting unit and detection unit checks the states of system; management unit restores or reconstructs system to ensure the operation of key services by redundancy of services and equipments; Threshold (n, t) multiplies the difficulty of the attack proxy server to gain access to sensitive information. According to security and performance analysis, proposed architecture is safe and effective.

Like Moths to a Flame: Unsecured Networks, Tech-Savvy Students, and District Policy

2020 ◽  
Vol 23 (2) ◽  
pp. 47-59
Author(s):  
Jonathan D. Becker ◽  
Douglas A. Levin
Keyword(s):  
Information Security ◽  
Data Privacy ◽  
School Leaders ◽  
Duty Of Care ◽  
Sensitive Information ◽  
District Leaders ◽  
District Policy ◽  
Discipline Policies ◽  
Technology Policies ◽  
Gain Access

School systems collect and maintain increasingly significant amounts of data and information on students, faculty, and staff and have a duty of care to ensure that sensitive information remains secure. Therefore, sitting and/or aspiring school leaders need to develop at least a basic understanding of data privacy and information security considerations. In this case, students discover a way to log in to internal district information systems and gain access to sensitive school and district data and information. School and district leaders are faced with the challenge of how to respond to such an information security breach and how to discipline the students. This case should cause sitting and/or aspiring school leaders to think deeply about and examine technology policies, information security protocols, as well as related school discipline policies.

scholarly journals Medical Image Security Using Quantum Cryptography

10.28945/3968 ◽  
2018 ◽  
Keyword(s):  
Communication Systems ◽  
Medical Image ◽  
High Speed ◽  
Sensitive Information ◽  
Sensitive Data ◽  
New Developments ◽  
Security Applications ◽  
New Applications ◽  
Secured Communication ◽  
Gain Access

[This Proceedings paper was revised and published in the 2018 issue of the journal Issues in Informing Science and Information Technology, Volume 15] Medical images are very sensitive data that are being transferred here and there either for referral cases or consultation. Since these images are very sensitive, they have to be kept securely. Since the advent of the internet, transferring of these images is being done on the network in the form of data. Data security applications have drawn lots of interest over time. Unauthorized users daily derive ways to gain access to sensitive information while application programmers continue to devise new methods of keeping information safe. One of the best ways to which data could be kept secured is through the use of cryptography. Not just Cryptography, there are new applications of the principles of quantum mechanics to cryptography has led to a remarkable new dimension in secured communication. As a result of these new developments, it is now possible to construct cryptographic communication systems which keep transferred data safe and secure. Therefore, in this paper, a reliable and dependable way of securing medical image using Darpa Quantum Network that delivers end to end network security via high-speed Quantum Key Distribution, and testing the Network against sophisticated eavesdropping attacks is being proposed.

scholarly journals Development of IoT Health Monitor System using Security Patterns

2020 ◽  
Vol 9 (3) ◽  
pp. 1573-1580
Keyword(s):  
Health Care ◽  
Network Connectivity ◽  
Sensitive Data ◽  
Security Patterns ◽  
Software Application ◽  
Software Vulnerabilities ◽  
Secure Software ◽  
Health Care Applications ◽  
Iot Devices ◽  
Health Monitor

Context: The most important non-functional requirement of the software application is the security. Developing Secure Software is a challenging Process. Software vulnerabilities and defects may disclose by developers, users, hackers due to Software-intensive systems get connected more and more in every day’s lives. A better way to develop secure software is, enhance security processes in all the phases in SDLC. To enhance security in SDLC process required lots of mechanisms and systematic measures to assess the security during the development process. Objective: In this paper, we propose a method “Security aware-Software Development Life Cycle (Sa-SDLC) using Security Patterns”. We also measure our security efforts in SDLC. This method fills the insecurity gaps from root level to top level in Granular style approach. Our method is suggestible for security critical applications such as Medical, Finance, Legacy and Communication (Messaging like email) Systems. Results: we successfully implemented our approach on remote health monitor since IoT devices are convenient in everyday life, these devices are using in home, environment, healthcare due to its feasible networking, storage and process features etc. In IoT health care applications, security of the sensitive data is paramount since humans are part of the IoT platform. IoTs heterogeneous network connectivity and expected growth, opens many new threats and attacks which impacts on life of a patient. Conclusion: Hence, our proposed methodology is implemented on Security Essential IoT based health care application and measures shows our method is improved software security

scholarly journals Ebola Impact and Quarantine in a Network Model

2016 ◽  
Vol 13 (4) ◽  
Author(s):  
Anca Radulescu ◽  
Joanna Herron
Keyword(s):  
Information Transfer ◽  
Short Range ◽  
Compartmental Model ◽  
Dynamic Networks ◽  
Network Connectivity ◽  
Disease Dynamics ◽  
Epidemic Spread ◽  
Connectivity Graph ◽  
Connectivity Patterns ◽  
Local Parameters

Much effort has been directed towards using mathematical models to understand and predict contagious disease, in particular Ebola outbreaks. Classical SIR (susceptible-infected-recovered) compartmental models capture well the dynamics of the outbreak in certain communities, and accurately describe the differences between them based on a variety of parameters. However, repeated resurgence of Ebola contagions suggests that there are components of the global disease dynamics that we don’t yet fully understand and can’t effectively control. In order to understand the dynamics of a more widespread contagion, we placed SIR models within the framework of dynamic networks, with the communities at risk of contracting the virus acting as nonlinear systems, coupled based on a connectivity graph. We study how the effects of the disease (measured as the outbreak impact and duration) change with respect to local parameters, but also with changes in both short-range and long-range connectivity patterns in the graph. We discuss the implications of optimizing both these measures in increasingly realistic models of coupled communities. KEYWORDS: Epidemic Spread; Network Dynamics; Network Connectivity; Coupled Differential Equations; Compartmental Model; Information Transfer; Outbreak Impact; Outbreak Duration

scholarly journals Efficient Defense Decision-Making Approach for Multistep Attacks Based on the Attack Graph and Game Theory

2020 ◽  
Vol 2020 ◽  
pp. 1-12
Author(s):  
Jing Liu ◽  
Yuchen Zhang ◽  
Hao Hu ◽  
Jinglei Tan ◽  
Qiang Leng ◽  
...  
Keyword(s):  
Game Theory ◽  
Network Connectivity ◽  
Theory Model ◽  
Network Survivability ◽  
Small Scale ◽  
Defense Strategies ◽  
Attack Graph ◽  
Attack Scenario ◽  
Core Issue ◽  
Network States

In the multistep attack scenario, each rational attack-defense player tries to maximize his payoff, but the uncertainty about his adversary prevents him from taking the favorable actions. How to select the best strategy from the candidate strategies to maximize the defense payoff becomes the core issue. For this purpose, the paper innovatively designs a game theory model from the point of network survivability in combination with the attribute attack graph. The attack graph is created based on the network connectivity and known vulnerabilities using the MulVAL toolkit, which gives the full view of all the known vulnerabilities and their interdependence. Then, we use the attack graph to extract attack-defense actions, candidate attack-defense strategies, attack-defense payoffs, and network states, as well as other game modeling elements. Afterwards, the payoffs of attack-defense strategies are quantified by integrating attack-defense strength and network survivability. In addition, we input the above elements into the game model. Through repeated learning, deduction, and improvement, we can optimize the layout of defense strategies. Finally, the efficient strategy selection approach is designed on the tradeoff between defense cost and benefit. The simulation of attack-defense confrontation in small-scale LAN shows that the proposed approach is reliable and effective.

scholarly journals Combating insider fraud in Financial Institutions/impact

2019 ◽  
Vol 14 ◽  
pp. 3351-3358
Author(s):  
Yaya Itai ◽  
Emmanuel Onwubiko
Keyword(s):  
Financial Institutions ◽  
Financial Institution ◽  
Insider Threat ◽  
Sensitive Information ◽  
Financial Industry ◽  
Workplace Environment ◽  
Full Compliance ◽  
Emerging Trends ◽  
Gain Access ◽  
Do So

The fear of fraud is constant. Unfortunately, now more than ever before, fraud is being committed by employees on the inside, the very people who are supposed to be supporting and protecting an organization. Even though the financial industry is one of the most regulated, financial institution are still getting with the highest rate of internal fraud. Insider threat has always existed within each Financial Institution. In the recent years, insider threat has become a more prominent issue because of the emerging trends in the workplace. This change to a more flexible and productive workplace environment allows employees to easily gain access to an organization’s critical and sensitive information. While the risk of insider threat has certainly increased, Financial Institution have not deployed enough controls to mitigate this risk either because they believe that the frequency of such threat is very low or because they feel powerless to do so.  This paper tends to employ techniques that would abate the spate of Insider fraud and cybercrime on customer transactions and insider processing which is in full compliance with most regulatory mandate of Countries Government bank.

scholarly journals A Method for Information Grabbing, Bypassing Security and Detecting Web Application Vulnerabilities

2018 ◽  
Vol 7 (4.36) ◽  
pp. 762
Author(s):  
B. J. Santhosh Kumar ◽  
B. R. Pushpa
Keyword(s):  
Web Application ◽  
Personal Information ◽  
False Negative ◽  
Social Networking Site ◽  
Sensitive Information ◽  
Legitimate User ◽  
Advanced Search ◽  
Audio Video ◽  
Text Images ◽  
Gain Access

A single file on web contains text, images, audio, video and formatting instructions enclosed within a script. Website files are hosted on servers. The Servers “serve” those files to individual users upon request. Anonymous user with minimum user credentials can request on behalf of legitimate user to grab sensitive, confidential and personal information without legitimate users knowledge.[3] The proposed method makes use of URL as input for finding web vulnerabilities. Testing of proposed method is conducted to evaluate the performance based on the accuracy received. Performance is evaluated based on false negative and false positive results. Experiment is also conducted for web vulnerability assessment and penetration testing. The proposed method also checks for information grabbing from web using Google dork. Google dork helps to enter a network without permission and/or gain access to unauthorized information. Advanced search strings called Google dork queries used to locate sensitive information. This paper describes the method for web application vulnerabilities detection by using google dork, bypass first level security in any web and hack username and password in social networking site.  

scholarly journals Network Connectivity Graph for Malicious Traffic Dissection

2015 ◽  
Author(s):  
Enrico Bocchi ◽  
Luigi Grimaudo ◽  
Marco Mellia ◽  
Elena Baralis ◽  
Sabyasachi Saha ◽  
...  
Keyword(s):  
Network Connectivity ◽  
Connectivity Graph
Sign in / Sign up

Export Citation Format

Share Document