Digitala Vetenskapliga Arkivet

Endre søk
Begrens søket
1 - 13 of 13
RefereraExporteraLink til resultatlisten
Permanent link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Treff pr side
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Forfatter A-Ø
  • Forfatter Ø-A
  • Tittel A-Ø
  • Tittel Ø-A
  • Type publikasjon A-Ø
  • Type publikasjon Ø-A
  • Eldste først
  • Nyeste først
  • Skapad (Eldste først)
  • Skapad (Nyeste først)
  • Senast uppdaterad (Eldste først)
  • Senast uppdaterad (Nyeste først)
  • Disputationsdatum (tidligste først)
  • Disputationsdatum (siste først)
  • Standard (Relevans)
  • Forfatter A-Ø
  • Forfatter Ø-A
  • Tittel A-Ø
  • Tittel Ø-A
  • Type publikasjon A-Ø
  • Type publikasjon Ø-A
  • Eldste først
  • Nyeste først
  • Skapad (Eldste først)
  • Skapad (Nyeste først)
  • Senast uppdaterad (Eldste først)
  • Senast uppdaterad (Nyeste først)
  • Disputationsdatum (tidligste først)
  • Disputationsdatum (siste først)
Merk
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 1.
    Abbas, Haider
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektroniksystem.
    Options-Based Security-Oriented Framework for Addressing Uncerainty Issues in IT Security2010Doktoravhandling, monografi (Annet vitenskapelig)
    Abstract [en]

    Continuous development and innovation in Information Technology introduces novel configuration methods, software development tools and hardware components. This steady state of flux is very desirable as it improves productivity and the overall quality of life in societies. However, the same phenomenon also gives rise to unseen threats, vulnerabilities and security concerns that are becoming more critical with the passage of time. As an implication, technological progress strongly impacts organizations’ existing information security methods, policies and techniques, making obsolete existing security measures and mandating reevaluation, which results in an uncertain IT infrastructure. In order to address these critical concerns, an options-based reasoning borrowed from corporate finance is proposed and adapted for evaluation of security architecture and decision- making to handle them at organizational level. Options theory has provided significant guidance for uncertainty management in several domains, such as Oil & Gas, government R&D and IT security investment projects. We have applied options valuation technique in a different context to formalize optimal solutions in uncertain situations for three specific and identified uncertainty issues in IT security. In the research process, we formulated an adaptation model for expressing options theory in terms useful for IT security which provided knowledge to formulate and propose a framework for addressing uncertainty issues in information security. To validate the efficacy of this proposed framework, we have applied this approach to the SHS (Spridnings- och Hämtningssystem) and ESAM (E-Society) systems used in Sweden. As an ultimate objective of this research, we intend to develop a solution that is amenable to automation for the three main problem areas caused by technological uncertainty in information security: i) dynamically changing security requirements, ii) externalities caused by a security system, iii) obsoleteness of evaluation. The framework is general and capable of dealing with other uncertainty management issues and their solutions, but in this work we primarily deal with the three aforementioned uncertainty problems. The thesis presents an in-depth background and analysis study for a proposed options-based security-oriented framework with case studies for SHS and ESAM systems. It has also been assured that the framework formulation follows the guidelines from industry best practices criteria/metrics. We have also proposed how the whole process can be automated as the next step in development.

  • 2.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektroniksystem.
    Magnusson, Christer
    Department of Computer and System Sciences, Stockholm University, Sweden.
    Yngström, Louise
    Department of Computer and System Sciences, Stockholm University, Sweden.
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektroniksystem.
    Addressing Dynamic Issues in Information Security Management2011Inngår i: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 19, nr 1, s. 5-24Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Purpose – The paper addresses three main problems resulting from uncertainty in information securitymanagement: i) dynamically changing security requirements of an organization ii) externalities caused by a securitysystem and iii) obsolete evaluation of security concerns.

    Design/methodology/approach – In order to address these critical concerns, a framework based on optionsreasoning borrowed from corporate finance is proposed and adapted to evaluation of security architecture anddecision-making for handling these issues at organizational level. The adaptation as a methodology is demonstrated by a large case study validating its efficacy.

    Findings – The paper shows through three examples that it is possible to have a coherent methodology, buildingon options theory to deal with uncertainty issues in information security at an organizational level.

    Practical implications – To validate the efficacy of the methodology proposed in this paper, it was applied tothe SHS (Spridnings- och Hämtningssystem: Dissemination and Retrieval System) system. The paper introduces themethodology, presents its application to the SHS system in detail and compares it to the current practice.

    Originality/value – This research is relevant to information security management in organizations, particularlyissues on changing requirements and evaluation in uncertain circumstances created by progress in technology.

  • 3.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektroniksystem.
    Magnusson, Christer
    Department of Computer and System Sciences, Stockholm University, Sweden.
    Yngström, Louise
    Department of Computer and System Sciences, Stockholm University, Sweden.
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektroniksystem.
    Architectural Description of an Automated System for Uncertainty Issues Management in Information Security2010Inngår i: International Journal of Computer Science and Information Security, ISSN 1947-5500, Vol. 8, nr 3, s. 89-67Artikkel i tidsskrift (Fagfellevurdert)
  • 4.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Magnusson, Christer
    Yngström, Louise
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    A Structured Approach for Internalizing Externalities Caused by IT Security Mechanisms2010Inngår i: IEEE ETCS 2010, Wuhan, China, 2010, s. 149-153Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Organizations relying on Information Technology for their business processes have to employ various Security Mechanisms (Authentication, Authorization, Hashing, Encryption etc) to achieve their organizational security objectives of data confidentiality, integrity and availability. These security mechanisms except from their intended role of increased security level for this organization may also affect other systems outside the organization in a positive or negative manner called externalities. Externalities emerge in several ways i.e. direct cost, direct benefit, indirect cost and indirect benefit. Organizations barely consider positive externalities although they can be beneficial and the negative externalities that could create vulnerabilities are simply ignored. In this paper, we will present an infrastructure to streamline information security externalities that appear dynamically for an organization

  • 5.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Mikroelektronik och Informationsteknik, IMIT.
    Magnusson, Christer
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Mikroelektronik och Informationsteknik, IMIT.
    Analyzing IT Security Evaluation needs for Developing Countries2009Inngår i: IPID Annual Workshop 2009, Orebro, Sweden, 2009Konferansepaper (Annet vitenskapelig)
  • 6.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Sundkvist, Stefan
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Increasing the Performance of Crab Linux Router Simulation Package Using XEN2006Inngår i: IEEE International Conference on Industrial and Information Systems, Kandy, Sri Lanka, 2006, s. 459-462Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Nowadays hardware components are very expensive, especially if the prime purpose is to perform some routing related lab exercises. Physically connected network resources are required to get the desired results. Configuration of network resources in a lab exercise consumes much time of the students and scientists. The router simulation package Crab(1), based on KnoppW, Quagga' and User Mode Linux (UML) is designed for the students to facilitate them in performing lab exercises on a standalone computer where no real network equipment is needed. In addition to that it provides the facility of connection with the real network equipments. Crab also handles the pre configuration of different parts of the simulated networks like automatic IT addressing etc. This paper will describe the performance enhancing of Crab by replacing User Mode Linux virtual machine with XEN capable of providing ten virtual sessions concurrently using a standalone computer.

  • 7.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Yngström, Louise
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Adaptability Infrastructure for Bridging IT Security Evaluation and Options Theory2009Inngår i: ACM- IEEE SIN 2009 International Conference on Security of Information and Networks, North Cyprus, 2009Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The constantly rising threats in IT infrastructure raise many concerns for an organization, altering security requirements according to dynamically changing environment, need of midcourse decision management and deliberate evaluation of security measures are most striking. Common Criteria for IT security evaluation has long been considered to be victimized by uncertain IT infrastructure and considered resource hungry, complex and time consuming process. Considering this aspect we have continued our research quest for analyzing the opportunities to empower IT security evaluation process using Real Options thinking. The focus of our research is not only the applicability of real options analysis in IT security evaluation but also observing its implications in various domains including IT security investments and risk management. We find it motivating and worth doing to use an established method from corporate finance i.e. real options and utilize its rule of thumb technique as a road map to counter uncertainty issues for evaluation of IT products. We believe employing options theory in security evaluation will provide the intended benefits. i.e. i) manage dynamically changing security requirements ii) accelerating evaluation process iii) midcourse decision management. Having all the capabilities of effective uncertainty management, options theory follows work procedures based on mathematical calculations quite different from information security work processes. In this paper, we will address the diversities between the work processes of security evaluation and real options analysis. We present an adaptability infrastructure to bridge the gap and make them coherent with each other. This liaison will transform real options concepts into a compatible mode that provides grounds to target IT security evaluation and common criteria issues. We will address ESAM system as an example for illustrations and applicability of the concepts.

  • 8.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektroniksystem.
    Yngström, Louise
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektroniksystem.
    Empowering Security Evaluation of IT Products with Options Theory2009Inngår i: 30th IEEE Symposium on Security & Privacy, Oakland, USA, 2009Konferansepaper (Fagfellevurdert)
  • 9.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Yngström, Louise
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Option Based Evaluation: Security Evaluation of IT Products Based on Options Theory2009Inngår i: IEEE  ECBS-EERC 2009, New York: IEEE , 2009, s. 134-141Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Reliability of IT systems and infrastructure is a critical need for organizations to trust their business processes. This makes security evaluation of IT systems a prime concern for these organizations. Common Criteria is an elaborate, globally accepted security evaluation process that fulfills this need. However CC rigidly follows the initial specification and security threats and takes too long to evaluate and as such is also very expensive. Rapid development in technology and with it the new security threats further aggravates the long evaluation time problem of CC to the extent that by the time a CC evaluation is done, it may no longer be valid because new security threats have emerged that have not been factored in. To address these problems, we propose a novel Option Based Evaluation methodology for security of IT systems that can also be considered as an enhancement to the CC process. The objective is to address uncertainty issues in IT environment and speed up the slow CC based evaluation processes. OBE will follow incremental evaluation model and address the following main concerns based on options theory i.e. i) managing dynamic security requirement with mid-course decision management ii) devising evaluation as an improvement process iii) reducing cost and time for evaluation of an IT product.

  • 10.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Yngström, Louise
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    ROA Based Agile Security Evaluation of IT Products for Developing Countries2009Inngår i: IPID 4th Annual Conference 2009, London, UK, 2009Konferansepaper (Annet vitenskapelig)
  • 11.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Security Evaluation of IT Products: Bridging the Gap between Common Criteria (CC) and Real Option Thinking2008Inngår i: WCECS 2008: WORLD CONGRESS ON ENGINEERING AND COMPUTER SCIENCE, 2008, s. 530-533Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Information security has long been considered as a key concern for organizations benefiting from the electronic era. Rapid technological developments have been observed in the last decade which has given rise to novel security threats, making IT, an uncertain infrastructure. For this reason, the business organizations have an acute need to evaluate the security aspects of their IT infrastructure. Since many years, CC (Common Criteria) has been widely used and accepted for evaluating the security of IT products. It does not impose predefined security rules that a product should exhibit but a language for security evaluation. CC has certain advantages over ITSEC1, CTCPEC2 and TCSEC3 due to its ability to address all the three dimensions: a) it provides opportunity for users to specify their security requirements, b) an implementation guide for the developers and c) provides comprehensive criteria to evaluate the security requirements. Among the few notable shortcomings of CC is the amount of resources and a lot of time consumption. Another drawback of CC is that the security requirements in this uncertain IT environment must be defined before the project starts. ROA is a well known modern methodology used to make investment decisions for the projects under uncertainty. It is based on options theory that provides not only strategic flexibility but also helps to consider hidden options during uncertainty. ROA comes in two flavors: first for the financial option pricing and second for the more uncertain real world problems where the end results are not deterministic. Information security is one of the core areas under consideration where researchers are employing ROA to take security investment decisions. In this paper, we give a brief introduction of ROA and its use in various domains. We will evaluate the use of Real options based methods to enhance the Common Criteria evaluation methodology to manage the dynamic security requirement specification and reducing required time and resources. We will analyze the possibilities to overcome CC limitations from the perspective of the end user, developer and evaluator. We believe that with the ROA enhanced capabilities will potentially be able to stop and possibly reverse this trend and strengthen the CC usage with a more effective and responsive evaluation methodology.

  • 12.
    Mahmood, Aimen
    et al.
    Natl Univ Sci & Technol, Islamabad, Pakistan.
    Abbas, Haider
    KTH.
    Amjad, Faisal
    Natl Univ Sci & Technol, Islamabad, Pakistan..
    CNN-HMM Model for Real Time DGA Categorization2023Inngår i: PROCEEDINGS OF THE 20TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, SECRYPT 2023 / [ed] DiVimercati, SD Samarati, P, INSTICC , 2023, s. 822-829Konferansepaper (Fagfellevurdert)
    Abstract [en]

    To remotely control the target machine, hackers manage to establish a connection between victim and their Command and Control server(C2). In order to hide their C2 they generate domain names algorithmically. Such algorithms are called Domain Generation algorithms(DGA). These algorithmically generated domain names are either gibberish as the characters are generated and concatenated randomly, or pure dictionary words or the combination of the two. This paper presents an algorithm that classifies the DGA running on a compromised system either as gibberish, dictionary oriented or the mixed one, in real time. The proposed algorithm consists of two distinct modules i) Network forensics to detect the DGA ii) Classification of the DGA using the combination of Hidden Markov Model and Convolution Neural Network in real time. The algorithm is trained and tested against more than 0.21 million samples taken from more than 50 different DGAs. The algorithm gives as good as 99% accuracy for all types of DGAs. In addition it can detect zero day DGA as well as multiple DGAs running on a system.

  • 13. Raza, Asad
    et al.
    Abbas, Haider
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Yngström, Louise
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Security characterization for evaluation of software architectures using ATAM2009Inngår i: IEEE International Conference on Information and Communication Technologies, 2009. ICICT '09., Karachi, Pakistan, 2009, s. 241-246Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Significant technological advancement in the current electronic era has influenced the work processes of private and government business entities. E-Government is one such area where almost every country is emphasizing and automating their work processes. Software architecture is the integral constituent of any software system with not only cumbersome modeling and development but require heedful evaluation. Considering this aspect we have highlighted in this paper, security evaluation of an ongoing e-society project ESAM using Architectural Tradeoff Analysis Method (ATAM). ESAM is a web based system intended to provide e-services to the Swedish community residents. ATAM is primarily used for architectural evaluation aligned with the quality goals i.e. performance, availability and modifiability of an organization. We present research analysis for characterization, stimuli, and architectural decisions to evaluate software architecture with respect to security measures using ATAM. This security characterization will serve as a tool to evaluate security aspects of a software architecture using ATAM. We believe that ATAM capability of evaluating software security will provide potential benefits in secure software development.

1 - 13 of 13
RefereraExporteraLink til resultatlisten
Permanent link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf