Journal: Computers & Security

Abbreviation

Comput. secur.

Publisher

Elsevier

Journal Volumes

ISSN

0167-4048

Description

Filters

2013 - 201912020 - 20232
Reset filters

Search Results

Publications 1 - 3 of 3
  • Learning From Safety Science: A Way Forward For Studying Cybersecurity Incidents In Organizations
    Item type: Journal Article
    Ebert, Nico; Schaltegger, Thierry; Ambuehl, Benjamin; et al. (2023)
    Computers & Security
    In the aftermath of cybersecurity incidents within organizations, explanations of their causes often revolve around isolated technical or human events such as an Advanced Persistent Threat or a “bad click by an employee.” These explanations serve to identify the responsible parties and inform efforts to improve security measures. However, safety science researchers have long been aware that explaining incidents in socio-technical systems and determining the role of humans and technology in incidents is not an objective procedure but rather an act of social constructivism: what you look for is what you find, and what you find is what you fix. For example, the search for a technical “root cause” of an incident might likely result in a technical fix, while from a sociological perspective, cultural issues might be blamed for the same incident and subsequently lead to the improvement of the security culture. Starting from the insights of safety science, this paper aims to extract lessons on what general explanations for cybersecurity incidents can be identified and what methods can be used to study causes of cybersecurity incidents in organizations. We provide a framework that allows researchers and practitioners to proactively select models and methods for the investigation of cybersecurity incidents.
  • On the Security of Containers: Threat Modeling, Attack Analysis, and Mitigation Strategies
    Item type: Journal Article
    Wong, Ann Yi; Chekole, Eyasu Getahun; Ochoa, Martín; et al. (2023)
    Computers & Security
    Traditionally, applications that are used in large and small enterprises were deployed on “bare metal” servers installed with operating systems. Recently, the use of multiple virtual machines (VMs) on the same physical server was adopted due to cost reduction and flexibility. Nowadays, containers have become popular for application deployment due to smaller footprints than the VMs, their ability to start and stop more quickly, and their capability to pack the application binaries and their dependencies/libraries in standalone units for seamless portability. A typical container ecosystem includes a code repository (e.g., GitHub) where the container images are built from the codes and libraries and then pushed to the image registry (e.g., Docker Hub) for subsequent deployment as application containers. However, the pervasive use of containers also leads to a wide-range of security breaches such as attackers stealing credentials, source codes and sensitive data from image registry and code repository, carrying out DoS attacks on application containers, and gaining root access to misuse the underlying host resources, among others. In this paper, we first perform threat modeling on the containers ecosystem using the popular threat modeling framework, called STRIDE. Using STRIDE, we identify the vulnerabilities in each system component, and investigate potential security threats and their consequences. Then, we conduct a comprehensive survey on the existing countermeasures designed against the identified threats and vulnerabilities in containers. In particular, we assess the strengths and weaknesses of the existing mitigation strategies designed against such threats. We believe that this work will help researchers and practitioners to gain a deeper understanding of the threat landscape in containers and the state-of-the-art countermeasures. We also discuss open research problems, the research gaps and future research directions in containers security, which may ignite further research to be done in this area.
  • APFS: Adaptive Probabilistic Filter Scheduling against distributed denial-of-service attacks
    Item type: Journal Article
    Seo, Dongwon; Lee, Heejo; Perrig, Adrian (2013)
    Computers & Security
    Distributed denial-of-service (DDoS) attacks are considered to be among the most crucial security challenges in current networks because they significantly disrupt the availability of a service by consuming extreme amount of resource and/or by creating link congestions. One type of countermeasure against DDoS attacks is a filter-based approach where filter-based intermediate routers within the network coordinate with each other to filter undesired flows. The key to success for this approach is effective filter propagation and management techniques. However, existing filter-based approaches do not consider effective filter propagation and management. In this paper, we define three necessary properties for a viable DDoS solution: how to practically propagate filters, how to place filters to effective filter routers, and how to manage filters to maximize the efficacy of the defense. We propose a novel mechanism, called Adaptive Probabilistic Filter Scheduling (APFS), that effectively defends against DDoS attacks and also satisfies the three necessary properties. In APFS, a filter router adaptively calculates its own marking probability based on three factors: 1) hop count from a sender, 2) the filter router's resource availability, and 3) the filter router's link degree. That is, a filter router that is closer to attackers, has more available resources, or has more connections to neighbors inserts its marking with a higher probability. These three factors lead a victim to receive more markings from more effective filter routers, and thus, filters are quickly distributed to effective filter routers. Moreover, each filter router manages multiple filters using a filter scheduling policy that allows it to selectively keep the most effective filters depending on attack situations. Experimental results show that APFS has a faster filter propagation and a higher attack blocking ratio than existing approaches that use fixed marking probability. In addition, APFS has a 44% higher defense effectiveness than existing filter-based approaches that do not use a filter scheduling policy. © 2012 Elsevier B.V. All rights reserved.
Publications 1 - 3 of 3