Ändra sökning
Länk till posten
Permanent länk

Direktlänk
BETA
Publikationer (10 of 111) Visa alla publikationer
Voronkov, A., Martucci, L. & Lindskog, S. (2020). Measuring the Usability of Firewall Rule Sets. IEEE Access, 27106-27121
Öppna denna publikation i ny flik eller fönster >>Measuring the Usability of Firewall Rule Sets
2020 (Engelska)Ingår i: IEEE Access, E-ISSN 2169-3536, s. 27106-27121Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Firewalls are computer systems that assess the network traffic using an ideally coherentand manageable set of rules. This study aims to provide means to measure the usability of firewall rulesets in terms of how easily IT professionals can understand and manage them. First, we conductedsemi-structured interviews with system administrators wherein we obtained the usability challenges relatedto the management of firewall rule sets. This was followed by the analysis of related work. The interviewresults were combined with the findings from the related work. Accordingly, we acquired four usabilityattributes related to the manageability of firewalls; these were formally defined. We tested and measured thecognitive aspects related to the structure and ordering of the rules through a user study. A third user studywith system administrators validated our metrics. It exhibited a very strong correlation between the metricsand how the administrators characterized usability.

Ort, förlag, år, upplaga, sidor
IEEE, 2020
Nyckelord
Firewall rule set, iptables, formalization, metrics, usability, user study
Nationell ämneskategori
Människa-datorinteraktion (interaktionsdesign)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-64702 (URN)10.1109/ACCESS.2020.2971093 (DOI)
Anmärkning

Artikeln publicerad som manuskript i Voronkovs lic.uppsats.

Tillgänglig från: 2017-10-17 Skapad: 2017-10-17 Senast uppdaterad: 2020-02-20Bibliografiskt granskad
Afzal, Z., Garcia, J., Lindskog, S. & Brunström, A. (2019). Using Partial Signatures in Intrusion Detection for Multipath TCP. In: Aslan Askarov, René Rydhof Hansen, Willard Rafnsson (Ed.), Secure IT-systems: 24th Nordic Conference, NordSec 2019, Aalborg, Denmark, November 18–20, 2019, Proceedings. Paper presented at NordSec2019: 24th Nordic Conference on Secure IT Systems, 18-20 November, 2019, Aalborg, Denmark, (pp. 71-86). Cham, Switzerland: Springer
Öppna denna publikation i ny flik eller fönster >>Using Partial Signatures in Intrusion Detection for Multipath TCP
2019 (Engelska)Ingår i: Secure IT-systems: 24th Nordic Conference, NordSec 2019, Aalborg, Denmark, November 18–20, 2019, Proceedings / [ed] Aslan Askarov, René Rydhof Hansen, Willard Rafnsson, Cham, Switzerland: Springer, 2019, s. 71-86Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Traditional security mechanisms such as signature basedintrusion detection systems (IDSs) attempt to find a perfect match of aset of signatures in network traffic. Such IDSs depend on the availabilityof a complete application data stream. With emerging protocols such asMultipath TCP (MPTCP), this precondition cannot be ensured, result-ing in false negatives and IDS evasion. On the other hand, if approximatesignature matching is used instead in an IDS, a potentially high numberof false positives make the detection impractical. In this paper, we showthat, by using a specially tailored partial signature matcher and knowl-edge about MPTCP semantics, the Snort3 IDS can be empowered withpartial signature detection. Additionally, we uncover the type of Snort3rules suitable for the task of partial matching. Experimental results withthese rules show a low false positive rate for benign traffic and highdetection coverage for attack traffic.

Ort, förlag, år, upplaga, sidor
Cham, Switzerland: Springer, 2019
Serie
Lecture Notes in Computer Science, ISSN 0302-9743 ; 11875
Nationell ämneskategori
Teknik och teknologier
Forskningsämne
Datavetenskap; Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-75755 (URN)10.1007/978-3-030-35055-0_5 (DOI)
Konferens
NordSec2019: 24th Nordic Conference on Secure IT Systems, 18-20 November, 2019, Aalborg, Denmark,
Tillgänglig från: 2019-11-14 Skapad: 2019-11-14 Senast uppdaterad: 2020-01-14Bibliografiskt granskad
Afzal, Z., Garcia, J., Lindskog, S. & Brunström, A. (2018). Slice Distance: An Insert-Only Levenshtein Distance with a Focus on Security Applications. In: Proceedings of NTMS 2018 Conference and Workshop: . Paper presented at 9th IFIP International Conference on New Technologies, Mobility and Security, 26-28 February 2018, Paris, France (pp. 1-5). New York: IEEE
Öppna denna publikation i ny flik eller fönster >>Slice Distance: An Insert-Only Levenshtein Distance with a Focus on Security Applications
2018 (Engelska)Ingår i: Proceedings of NTMS 2018 Conference and Workshop, New York: IEEE, 2018, s. 1-5Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Levenshtein distance is well known for its use in comparing two strings for similarity. However, the set of considered edit operations used when comparing can be reduced in a number of situations. In such cases, the application of the generic Levenshtein distance can result in degraded detection and computational performance. Other metrics in the literature enable limiting the considered edit operations to a smaller subset. However, the possibility where a difference can only result from deleted bytes is not yet explored. To this end, we propose an insert-only variation of the Levenshtein distance to enable comparison of two strings for the case in which differences occur only because of missing bytes. The proposed distance metric is named slice distance and is formally presented and its computational complexity is discussed. We also provide a discussion of the potential security applications of the slice distance.

Ort, förlag, år, upplaga, sidor
New York: IEEE, 2018
Nyckelord
Measurement, Pattern matching, Time complexity, Transforms, Security, DNA
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-67012 (URN)10.1109/NTMS.2018.8328718 (DOI)000448864200049 ()978-1-5386-3662-6 (ISBN)978-1-5386-3663-3 (ISBN)
Konferens
9th IFIP International Conference on New Technologies, Mobility and Security, 26-28 February 2018, Paris, France
Projekt
HITS, 4707
Forskningsfinansiär
KK-stiftelsen, 4707
Tillgänglig från: 2018-04-17 Skapad: 2018-04-17 Senast uppdaterad: 2020-01-14Bibliografiskt granskad
Voronkov, A., Iwaya, L. H., Martucci, L. & Lindskog, S. (2018). Systematic Literature Review on Usability of Firewall Configuration. ACM Computing Surveys, 50(6), Article ID 87.
Öppna denna publikation i ny flik eller fönster >>Systematic Literature Review on Usability of Firewall Configuration
2018 (Engelska)Ingår i: ACM Computing Surveys, ISSN 0360-0300, E-ISSN 1557-7341, Vol. 50, nr 6, artikel-id 87Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Firewalls are network security components that handle incoming and outgoing network traffic based on a set of rules. The process of correctly configuring a firewall is complicated and prone to error, and it worsens as the network complexity grows. A poorly configured firewall may result in major security threats; in the case of a network firewall, an organization’s security could be endangered, and in the case of a personal firewall, an individual computer’s security is threatened. A major reason for poorly configured firewalls, as pointed out in the literature, is usability issues. Our aim is to identify existing solutions that help professional and non-professional users to create and manage firewall configuration files, and to analyze the proposals in respect of usability. A systematic literature review with a focus on the usability of firewall configuration is presented in the article. Its main goal is to explore what has already been done in this field. In the primary selection procedure, 1,202 articles were retrieved and then screened. The secondary selection led us to 35 articles carefully chosen for further investigation, of which 14 articles were selected and summarized. As main contributions, we propose a taxonomy of existing solutions as well as a synthesis and in-depth discussion about the state of the art in firewall usability. Among the main findings, we perceived that there is a lack (or even an absence) of usability evaluation or user studies to validate the proposed models. Although all articles are related to the topic of usability, none of them clearly defines it, and only a few actually employ usability design principles and/or guidelines.

Ort, förlag, år, upplaga, sidor
New York, NY, USA: Association for Computing Machinery (ACM), 2018
Nyckelord
usability, Firewall, systematic literature review, visualization
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-65622 (URN)10.1145/3130876 (DOI)000419881700010 ()
Projekt
HITS, High Quality Networked Services in a Mobile World (4707)
Forskningsfinansiär
KK-stiftelsen
Tillgänglig från: 2018-01-18 Skapad: 2018-01-18 Senast uppdaterad: 2019-11-09Bibliografiskt granskad
Momen, N., Pulls, T., Fritsch, L. & Lindskog, S. (2017). How much Privilege does an App Need? Investigating Resource Usage of Android Apps. In: Proceedings of the Fifteenth International Conference on Privacy, Security and Trust – PST 2017 (IEEE proceedings pendings): . Paper presented at The Fifteenth International Conference on Privacy, Security and Trust – PST 2017. August 28-30, 2017 Calgary, Alberta, Canada. IEEE
Öppna denna publikation i ny flik eller fönster >>How much Privilege does an App Need? Investigating Resource Usage of Android Apps
2017 (Engelska)Ingår i: Proceedings of the Fifteenth International Conference on Privacy, Security and Trust – PST 2017 (IEEE proceedings pendings), IEEE, 2017Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Arguably, one of the default solutions to many of today’s everyday errands is to install an app. In order to deliver a variety of convenient and user-centric services, apps need to access different types of information stored in mobile devices, much of which is personal information. In principle, access to such privacy sensitive data should be kept to a minimum. In this study, we focus on privilege utilization patterns by apps installed on Android devices. Though explicit consent is required prior to first time access to the resource, the unavailability of usage information makes it unclear when trying to reassess the users initial decision. On the other hand, if granted privilege with little or no usage, it would suggest the likely violation of the principle of least privilege. Our findings illustrate a plausible requirement for visualising resource usage to aid the user in their decision- making and finer access control mechanisms. 

Ort, förlag, år, upplaga, sidor
IEEE, 2017
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-65605 (URN)10.1109/PST.2017.00039 (DOI)000447643500028 ()978-1-5386-2487-6 (ISBN)978-1-5386-2488-3 (ISBN)
Konferens
The Fifteenth International Conference on Privacy, Security and Trust – PST 2017. August 28-30, 2017 Calgary, Alberta, Canada
Tillgänglig från: 2018-01-15 Skapad: 2018-01-15 Senast uppdaterad: 2019-07-11Bibliografiskt granskad
Iwaya, L. H., Voronkov, A., Martucci, L. A., Lindskog, S. & Fischer-Hübner, S. (2016). Firewall Usability and Visualization: A Systematic Literature Review.
Öppna denna publikation i ny flik eller fönster >>Firewall Usability and Visualization: A Systematic Literature Review
Visa övriga...
2016 (Engelska)Rapport (Refereegranskat)
Abstract [en]

Firewalls are network security components that allow administrators to handle incoming and outgoing traffic based on a set of rules. Such security appliances are typically the first line of defense, creating a barrier between organization’s internal network and the outside network (e.g., Internet). The process of correctly configuring a firewall is complex and error prone, and it only gets worse as the complexity of the network grows. A vulnerable firewall configuration will very likely result in major threats to the organization’s security. In this report we aim to investigate how to make administrator task of planning and implementing firewall solutions easier, from the stand points of usability and visualization. Our scientific investigation starts with the understanding of the state-of-the-art on this specific field. To do so, we conducted a Systematic Literature Review (SLR), a strict methodology to plan a literature review, to gather relevant information, to synthesize and compare approaches, and to report findings. During the initial search process thousands of papers were screened, leading us to 125 papers carefully selected for further readings. In the secondary study, ten relevant works were identified and assessed, in which authors tackled the issues of usability and visualization for Firewalls and Personal Firewalls. Among the main findings, we perceive that there is a lack (or even absence) of user studies to validate the proposed models. This leads us to a series of unwarranted solutions, that need to be prototyped and tested with real users. We also see an huge opportunity for integrative approaches, that could combine firewall research areas, such as automatic anomaly detection, advisory systems, and varying visualization schemes.

Förlag
s. 63
Serie
Karlstad University Studies, ISSN 1403-8099 ; 37
Nyckelord
firewall, usability, visualization, systematic literature review
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-44688 (URN)978-91-7063-718-6 (ISBN)
Projekt
High Quality Networked Services in a Mobile World (HITS)
Forskningsfinansiär
KK-stiftelsen, 4707
Tillgänglig från: 2016-08-26 Skapad: 2016-08-12 Senast uppdaterad: 2018-06-04Bibliografiskt granskad
Afzal, Z. & Lindskog, S. (2016). IDS rule management made easy. In: Electronics, Computers and Artificial Intelligence (ECAI), 2016 8th International Conference on: . Paper presented at 8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 30 June-2 July 2016, Ploiesti, Romania. IEEE
Öppna denna publikation i ny flik eller fönster >>IDS rule management made easy
2016 (Engelska)Ingår i: Electronics, Computers and Artificial Intelligence (ECAI), 2016 8th International Conference on, IEEE, 2016Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Signature-based intrusion detection systems (IDSs) are commonly utilized in enterprise networks to detect and possibly block a wide variety of attacks. Their application in industrial control systems (ICSs) is also growing rapidly as modem ICSs increasingly use open standard protocols instead of proprietary. Due to an ever changing threat landscape, the rulesets used by these IDSs have grown large and there is no way to verify their precision or accuracy. Such broad and non-optimized rulesets lead to false positives and an unnecessary burden on the IDS, resulting in possible degradation of the security. This work proposes a methodology consisting of a set of tools to help optimize the IDS rulesets and make rule management easier. The work also provides attack traffic data that is expected to benefit the task of IDS assessment.

Ort, förlag, år, upplaga, sidor
IEEE, 2016
Serie
International Conference on Electronics Computers and Artificial Intelligence, ISSN 2378-7147
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:kau:diva-48016 (URN)10.1109/ECAI.2016.7861119 (DOI)000402541200055 ()978-1-5090-2048-5 (ISBN)978-1-5090-2047-8 (ISBN)
Konferens
8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 30 June-2 July 2016, Ploiesti, Romania
Projekt
HITS, 4707
Forskningsfinansiär
KK-stiftelsen
Tillgänglig från: 2017-02-24 Skapad: 2017-02-24 Senast uppdaterad: 2020-01-14Bibliografiskt granskad
Dahlberg, R. & Pulls, T. (2016). Standardized Syslog Processing: Revisiting Secure Reliable Data Transfer and Message Compression. Karlstad: Karlstads universitet
Öppna denna publikation i ny flik eller fönster >>Standardized Syslog Processing: Revisiting Secure Reliable Data Transfer and Message Compression
2016 (Engelska)Rapport (Övrigt vetenskapligt)
Abstract [en]

Today's computer logs are like smoking guns and treasure maps in case of suspicious system activities: they document intrusions, and log crucial information such as failed system updates and crashed services. An adversary thus has a clear motive to observe, alter, and delete log entries, considering that she could (i) start by using the log's content to identify new security vulnerabilities, and (ii) exploit them without ever being detected. With this in mind we consider syslog standards and open source projects that safeguard events during the storage and transit phases, and examine how data compression effects security. We conclude that there are syslog standards in place that satisfy security on a hop-by-hop basis, that there are no such standards for secure storage, and that message compression is not recommended during transit.

Ort, förlag, år, upplaga, sidor
Karlstad: Karlstads universitet, 2016
Serie
Arbetsrapport
Nyckelord
Syslog, rsyslog, syslog-ng, standardized logging, secure data compression
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-45392 (URN)978-91-7063-719-3 (ISBN)
Projekt
HITS
Tillgänglig från: 2016-09-19 Skapad: 2016-08-19 Senast uppdaterad: 2019-11-11
Afzal, Z., Lindskog, S., Brunström, A. & Lidén, A. (2016). Towards Multipath TCP Aware Security Technologies. In: 2016 8th IFIP International Conference onNew Technologies, Mobility and Security (NTMS): . Paper presented at 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Larnaca, Cyprus 21-23 November 2016 (pp. 1-8). New York: IEEE
Öppna denna publikation i ny flik eller fönster >>Towards Multipath TCP Aware Security Technologies
2016 (Engelska)Ingår i: 2016 8th IFIP International Conference onNew Technologies, Mobility and Security (NTMS), New York: IEEE, 2016, s. 1-8Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Multipath TCP (MPTCP) is a proposed extension to TCP that enables a number of performance advantages that have not been offered before. While the protocol specification is close to being finalized, there still remain some unaddressed challenges regarding the deployment and security implications of the protocol. This work attempts to tackle some of these concerns by proposing and implementing MPTCP aware security services and deploying them inside a proof of concept MPTCP proxy. The aim is to enable hosts, even those without native MPTCP support, to securely benefit from the MPTCP performance advantages. Our evaluations show that the security services that are implemented enable proper intrusion detection and prevention to thwart potential attacks as well as threshold rules to prevent denial of service (DoS) attacks.

Ort, förlag, år, upplaga, sidor
New York: IEEE, 2016
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:kau:diva-47594 (URN)10.1109/NTMS.2016.7792485 (DOI)000391578700063 ()978-1-5090-2914-3 (ISBN)
Konferens
8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Larnaca, Cyprus 21-23 November 2016
Projekt
HITS, 4707
Forskningsfinansiär
KK-stiftelsen
Tillgänglig från: 2017-01-06 Skapad: 2017-01-06 Senast uppdaterad: 2020-01-14Bibliografiskt granskad
Afzal, Z., Lindskog, S. & Lidén, A. (2015). A Multipath TCP Proxy. In: : . Paper presented at The 11th Swedish National Computer Networking Workshop (SNCNW), Karlstad, Sweden, May 28–29, 2015.
Öppna denna publikation i ny flik eller fönster >>A Multipath TCP Proxy
2015 (Engelska)Konferensbidrag, Muntlig presentation med publicerat abstract (Refereegranskat)
Abstract [en]

Multipath TCP (MPTCP) is an extension to traditionalTCP that enables a number of performance advantages,which were not offered before. While the protocol specificationis close to being finalized, there still remain some concernsregarding deployability and security. This paper describes theon going work to develop a solution that will facilitate thedeployment of MPTCP. The solution will not only allow non-MPTCP capable end-hosts to benefit from MPTCP performancegains, but also help ease the network security concerns that manymiddleboxes face due to the possibility of data stream beingfragmented across multiple subflows.

Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:kau:diva-39059 (URN)
Konferens
The 11th Swedish National Computer Networking Workshop (SNCNW), Karlstad, Sweden, May 28–29, 2015
Projekt
HITS, 4707
Forskningsfinansiär
KK-stiftelsen
Tillgänglig från: 2016-01-18 Skapad: 2016-01-18 Senast uppdaterad: 2019-11-11Bibliografiskt granskad
Organisationer
Identifikatorer
ORCID-id: ORCID iD iconorcid.org/0000-0003-0778-4736

Sök vidare i DiVA

Visa alla publikationer