Results 1 -
7 of
7
On the inability of existing security models to cope with data mobility in dynamic organizations
- In Modeling Security Workshop
, 2008
"... In dynamic organizations, the mobility of data outside the organiza-tional perimeter causes an increased level of threats such as the loss of confidential data and the loss of reputation. Some modeling tools, like Microsoft’s TAM, play an important role in identifying threats in tradi-tional IT syst ..."
Abstract
-
Cited by 5 (2 self)
- Add to MetaCart
(Show Context)
In dynamic organizations, the mobility of data outside the organiza-tional perimeter causes an increased level of threats such as the loss of confidential data and the loss of reputation. Some modeling tools, like Microsoft’s TAM, play an important role in identifying threats in tradi-tional IT systems. In these IT systems the physical infrastructure and roles are assumed to be static. We show that current modeling tools are not powerful enough to help the designer identify the emerging threats due to mobility of data and change of roles, because they do not include the mobility of IT systems nor the organizational dynamics in the security model. Researchers have proposed new security models that particularly focus on data mobility and the dynamics of modern organizations, such as frequent role changes of a person. We show that none of the new secu-rity models simultaneously considers the data mobility and organizational dynamics to a satisfactory extent. As a result, none of the new security models effectively identifies the potential security threats caused by data mobility in a dynamic organization. 1
Secure Portable Execution Environments: A Review of Available Technologies
"... Live operating systems and virtualisation allow a known, defined, safe and secure execution environment to be loaded in to a PC’s memory and executed with either minimal or possibly no reliance on the PC’s internal hard disk drive. The ability to boot a live operating system or load a virtual enviro ..."
Abstract
-
Cited by 3 (3 self)
- Add to MetaCart
(Show Context)
Live operating systems and virtualisation allow a known, defined, safe and secure execution environment to be loaded in to a PC’s memory and executed with either minimal or possibly no reliance on the PC’s internal hard disk drive. The ability to boot a live operating system or load a virtual environment (containing an operating system) from a USB storage device allows a secure portable execution environment to be created. Portable execution environments have typically been used by technologists, for example to recover data from a failing PC internal hard disk drive or to perform forensic analysis. However, with the commercial potential of portable execution environments becoming realised the requirement for such environments to be secure is becoming increasingly important. To be considered truly secure a portable execution environment should require authentication prior to loading the executing environment (from the USB mass storage device) and provide full encryption of the whole mass storage device. This paper discusses the outcomes from building four portable execution environments, using commercially available and/or freeware technologies. An overview is given of the emerging commercial requirement for secure portable USB execution environments, the security threats addressed and research performed in the area. The technologies and products considered in the review are outlined together with rationale behind the selection. The findings from the implementation of the four portable execution environments are discussed including successes, failures and difficulties encountered. A set of security requirements is defined which is used to gauge the effectiveness of each of the four environments.
Hardware Trojan Horse Device based on Unintended
- USB Channel, presented at the 3rd International Conference on Network & System Security NSS’09, Gold
, 2009
"... Abstract This paper discusses research activities that investigated the risk associated with USB devices. The research focused on identifying, characterizing and modelling unintended USB channels in contemporary computer systems. Such unintended channels can be used by a USB Hardware Trojan Horse d ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
(Show Context)
Abstract This paper discusses research activities that investigated the risk associated with USB devices. The research focused on identifying, characterizing and modelling unintended USB channels in contemporary computer systems. Such unintended channels can be used by a USB Hardware Trojan Horse device to create two way communications with a targeted network endpoint, thus violating the integrity and confidentiality of the data residing on the endpoint. The work was validated through the design and implementation of a proof of concept Hardware Trojan Horse device that uses two such unintended USB channels to successfully interact with a target network endpoint to compromise and exfiltrate data from it.
A Low Cost Hardware Trojan horse Device based on Unintended USB channels and a Solution
"... Nowadays every device is becoming available as a USB device. As a result of that these devices may be used to attack a network endpoint. This paper aims at implementing a Hardware Trojan horse device which when used by a malicious insider can attack a network endpoint to steal the confidential infor ..."
Abstract
- Add to MetaCart
(Show Context)
Nowadays every device is becoming available as a USB device. As a result of that these devices may be used to attack a network endpoint. This paper aims at implementing a Hardware Trojan horse device which when used by a malicious insider can attack a network endpoint to steal the confidential information over unintended USB channels. Endpoint Security Solutions are available to protect the stealing of information through USB Mass Storage, USB Printer interfaces but still they have no control over the USB audio and USB keyboard interfaces. So these interfaces can be used in an unintended way to attack a network endpoint and steal the information. This paper also focuses on methodologies that can be applied to block the unintended USB channels.
cope with data mobility
, 2008
"... On the inability of existing security models to ..."
(Show Context)
POLICIES THEORY AND PRACTICE
"... IPA Dissertation Series No. 2012-04 The research reported in this thesis has been carried out under the auspices of IPA, the Dutch Research School for Programming research and Algorithmics. ISBN: 978-90-365-3331-7 ISSN: 1381-3617 (CTIT Ph.D.-thesis series No. 12-218) DOI number: 10.3990/1.9789036533 ..."
Abstract
- Add to MetaCart
IPA Dissertation Series No. 2012-04 The research reported in this thesis has been carried out under the auspices of IPA, the Dutch Research School for Programming research and Algorithmics. ISBN: 978-90-365-3331-7 ISSN: 1381-3617 (CTIT Ph.D.-thesis series No. 12-218) DOI number: 10.3990/1.9789036533317
inconsistencies between security policies
"... Portunes: generating attack scenarios by finding ..."
(Show Context)
