Assessing and Mitigating Risks in Computer Systems
Doctoral thesis
Permanent lenke
https://hdl.handle.net/1956/4004Utgivelsesdato
2008-09-26Metadata
Vis full innførselSamlinger
Sammendrag
When it comes to non-trivial networked computer systems, bulletproof security is very hard to achieve. Over a system's lifetime new security risks are likely to emerge from e.g. newly discovered classes of vulnerabilities or the arrival of new threat agents. Given the dynamic environment in which computer systems are deployed, continuous evaluations and adjustments are wiser than one-shot e orts for perfection. Security risk management focuses on assessing and treating security risks against computer systems. In this thesis, elements from risk management are applied to two real-world systems to identify, evaluate, and mitigate risks. One of the pinpointed weaknesses is studied in-depth to produce an exploit against the a ected system. In addition, approaches to handle common software security problems are described.
Består av
Paper I: IEEE security & privacy 6(4), Netland, L-H.; Espelid, Y.; Klingsheim, A. N.; Helleseth, H.; Henriksen, J. B:, Open Wireless Networks on University Campuses, pp. 14-20. Copyright 2008 IEEE. Reproduced with permission. Published version. The published version is also available at: http://dx.doi.org/10.1109/MSP.2008.92Paper II: Hole, K. H.; Klingsheim, A. N.; Netland, L-H.; Espelid, Y.; Tjøstheim, T.; Moen, V., 2008, Risk Assessment of Services in a National Security Infrastructure. Full text not available in BORA.
Paper III: Financial Cryptography and Data Security, Lecture Notes in Computer Science, 5143, Espelid, Y.; Netland, L-H.; Klingsheim, A. N.; Hole, K. H., A Proof of Concept Attack against Norwegian Internet Banking Systems. Copyright 2008 Springer. Full text not available in BORA due to publisher restrictions. The published version is available at: http://dx.doi.org/ 10.1007/978-3-540-85230-8_18
Paper IV: Proceedings of The Ifip Tc 11 23rd International Information Security Conference 278, Espelid, Y.; Netland, L-H.; Klingsheim, A. N.; Hole, K. J., Robbing Banks with Their Own Software - an Exploit against Norwegian Online Banks. Copyright 2008 Springer. Full text not available in BORA due to publisher restrictions. The published version is available at: ttp://dx.doi.org/10.1007/978-0-387-09699-5_5
Paper V: Netland, L-H.; Espelid, Y.; Mughal, K. A., 2008, Security Pattern for Input Validation. Full text not available in BORA.
Paper VI: Espelid, Y.; Netland, L-H.; Mughal, K.; Hole, K. J., 2008, Simplifying Client-Server Application Development with Secure Reusable Components. Full text not available in BORA
Paper VII: Second International Conference on Availability, Reliability and Security, Netland, L-H.; Espelid, Y.; Mughal, K. A., A Reflection-Based Framework for Content Validation, pp697-706. Copyright 2007 IEEE. Reproduced with permission. Published version. The published version is also available at: http://dx.doi.org/10.1109/ARES.2007.19
Utgiver
The University of BergenOpphavsrett
The authorCopyright the author. All rights reserved