Change search
Refine search result
123 1 - 50 of 108
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Afzal, Zeeshan
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Garcia, Johan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Lindskog, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Partial Signature Matching in an MPTCP World using Insert-only Levenshtein DistanceManuscript (preprint) (Other academic)
  • 2.
    Afzal, Zeeshan
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Garcia, Johan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Lindskog, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Brunström, Anna
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Slice Distance: An Insert-Only Levenshtein Distance with a Focus on Security Applications2018In: Proceedings of NTMS 2018 Conference and Workshop, New York: IEEE, 2018, p. 1-5Conference paper (Refereed)
    Abstract [en]

    Levenshtein distance is well known for its use in comparing two strings for similarity. However, the set of considered edit operations used when comparing can be reduced in a number of situations. In such cases, the application of the generic Levenshtein distance can result in degraded detection and computational performance. Other metrics in the literature enable limiting the considered edit operations to a smaller subset. However, the possibility where a difference can only result from deleted bytes is not yet explored. To this end, we propose an insert-only variation of the Levenshtein distance to enable comparison of two strings for the case in which differences occur only because of missing bytes. The proposed distance metric is named slice distance and is formally presented and its computational complexity is discussed. We also provide a discussion of the potential security applications of the slice distance.

  • 3.
    Afzal, Zeeshan
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Lindskog, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Automated Testing of IDS Rules2015In: Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on, IEEE conference proceedings, 2015Conference paper (Refereed)
    Abstract [en]

    As technology becomes ubiquitous, new vulnerabilities are being discovered at a rapid rate. Security experts continuously find ways to detect attempts to exploit those vulnerabilities. The outcome is an extremely large and complex rule set used by Intrusion Detection Systems (IDSs) to detect and prevent the vulnerabilities. The rule sets have become so large that it seems infeasible to verify their precision or identify overlapping rules. This work proposes a methodology consisting of a set of tools that will make rule management easier.

  • 4.
    Afzal, Zeeshan
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Lindskog, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    IDS rule management made easy2016In: Electronics, Computers and Artificial Intelligence (ECAI), 2016 8th International Conference on, IEEE conference proceedings, 2016Conference paper (Refereed)
    Abstract [en]

    Signature-based intrusion detection systems (IDSs) are commonly utilized in enterprise networks to detect and possibly block a wide variety of attacks. Their application in industrial control systems (ICSs) is also growing rapidly as modem ICSs increasingly use open standard protocols instead of proprietary. Due to an ever changing threat landscape, the rulesets used by these IDSs have grown large and there is no way to verify their precision or accuracy. Such broad and non-optimized rulesets lead to false positives and an unnecessary burden on the IDS, resulting in possible degradation of the security. This work proposes a methodology consisting of a set of tools to help optimize the IDS rulesets and make rule management easier. The work also provides attack traffic data that is expected to benefit the task of IDS assessment.

  • 5.
    Afzal, Zeeshan
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Health, Science and Technology (starting 2013).
    Multipath TCP IDS Evasion and Mitigation2015In: Information Security: 18th International Conference, ISC 2015, Trondheim, Norway, September 9-11, 2015, Proceedings, Springer, 2015, Vol. 9290, p. 265-282Conference paper (Refereed)
    Abstract [en]

    The existing network security infrastructure is not ready for future protocols such as Multipath TCP (MPTCP). The outcome is that middleboxes are configured to block such protocols. This paper studies the security risk that arises if future protocols are used over unaware infrastructures. In particular, the practicality and severity of cross-path fragmentation attacks utilizing MPTCP against the signature-matching capability of the Snort intrusion detection system (IDS) is investigated. Results reveal that the attack is realistic and opens the possibility to evade any signature-based IDS. To mitigate the attack, a solution is also proposed in the form of the MPTCP Linker tool. The work outlines the importance of MPTCP support in future network security middleboxes.

  • 6.
    Afzal, Zeeshan
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Health, Science and Technology (starting 2013).
    Lidén, Anders
    A Multipath TCP Proxy2015Conference paper (Refereed)
    Abstract [en]

    Multipath TCP (MPTCP) is an extension to traditionalTCP that enables a number of performance advantages,which were not offered before. While the protocol specificationis close to being finalized, there still remain some concernsregarding deployability and security. This paper describes theon going work to develop a solution that will facilitate thedeployment of MPTCP. The solution will not only allow non-MPTCP capable end-hosts to benefit from MPTCP performancegains, but also help ease the network security concerns that manymiddleboxes face due to the possibility of data stream beingfragmented across multiple subflows.

  • 7. Agustí, Ramón
    et al.
    Fazekas, Péter
    Gómez Barquero, David
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Oliver, Miquel
    Pérez-Romero, Jordi
    Tralli, Velio
    NEWCOM DR7.2: First report on common framework/models and activities in Department 72005Report (Refereed)
    Abstract [en]

    This deliverable provides a description of the framework identified for the collaborative activities between different partners in the context of NEWCOM department 7 on QoS provision in heterogeneous wireless networks. The considered models, assumptions and expected results are pointed out for each activity. The deliverable also includes a report on the means to achieve the integration between the different partners

  • 8. Agustí, Ramón
    et al.
    Fazekas, Péter
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Oliver, Miquel
    Pérez-Romero, Jordi
    Studer Ferreira, Lucio
    Tralli, Velio
    NEWCOM DR7.4: Final Report on the activities carried out in Department 72007Report (Refereed)
    Abstract [en]

    This deliverable constitutes the final report of all the activities that carried out in the framework of the NEWCOM department 7. It contains a description of the main technical achievements for each one of the activities in which the department has been organised togehter with the list of indicators reflecting the degree of integration that has been achieved among the different partners

  • 9. Andersson, Carin
    et al.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Survey and Analysis of Project Management Competence within Research Projects at Karlstad University2007Other (Other (popular science, discussion, etc.))
    Abstract [en]

    Research at universities is today often conducted as projects. This is especially true in the engineering, natural science, medicine, and social science disciplines. Research projects are typically carried out by different categories of employers, such as professors, associate professors, assistant professors, and PhD students. These projects are typically managed by the person that applied for the project money, or the person that is the most experienced researcher at the department, which is often a professor or associate professor. From such leading persons, miracles are expected. Except acting as project managers, they are also engaged in many other parallel activities, e.g., supervision of PhD students, undergraduate and graduate education, conference organization and administration, project application writing, and representing the department internally as well as externally.



    In this report, a survey of project management competence within research projects at Karlstad University is presented. Empirical data have been gathered through two questionnaires and six complementary interviews. Professors and associate professors as well as PhD students have participated in the study. The survey shows that the active project managers have learned to lead projects based on experience and very few project managers have a formal leadership education. This implies that long established project management methods and tools are seldom used.



    Based on the outcome from the survey and our own observations, four concrete activities to improve project management skills are proposed in the report. The first activity is to provide a suitable and well-balanced course in project management methods that is offered to both active and future project managers. The second activity is to establish experience networks among active project mangers at Karlstad University. The third activity is to create a mentor program for new project managers. The fourth activity is to establish a group of experienced project managers that can assist in and give support to ongoing and planned projects.

  • 10.
    Brunström, Anna
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Alfredsson, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Garcia, Johan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    NEWCOM DR6.2: First report on frameworks/models matching Department 6 needs2005Report (Refereed)
    Abstract [en]

    During the first phase of NEWCOM the focus areas of Department 6 were identified and refined. A number of relevant knowledge gaps were identified for the areas transport protocols, architectures and cross-layer aspects, and modelling. In this deliverable we describe a first set of frameworks/models to support research integration within the Department. The integration approach and the defined models/frameworks are described for each one of the selected knowledge gaps. The deliverable also includes a report on tools, software libraries and traces that can be shared between the partners

  • 11.
    Brunström, Anna
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Fischer Hübner, Simone
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Martucci, Leonardo
    NEWCOM DR7.1: Report on the knowledge gaps to be filled and the action plan2004Report (Refereed)
    Abstract [en]

    This deliverable is the starting point of the activities in the NEWCOM Department 7 QoS Provision in Wireless Networks: Mobility, Security and Radio Resource Management. It provides the view of the department in terms of the objectives of the European research on Wireless Network aspects and, after developing the framework for QoS provision in wireless networks, it identifies the knowledge gaps existing in the fields of radio resource allocation, mobility management and security issues. As a result of that, the action plan for the future activities in the department is established

  • 12.
    Brunström, Anna
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Garcia, Johan
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    NEWCOM DR6.1: Report on the knowledge gaps to be filled and the action plan2004Report (Refereed)
    Abstract [en]

    The EU FP6 network of excellence in wireless communication, Newcom, is a large network that covers most areas of wireless communication. The research work within Newcom is organized into a number of departments and projects where Department 6 addresses Protocols and Architectures, and Traffic Modelling for (Reconfigurable/ Adaptive) Wireless Networks. The scope of Department 6 is quite broad making it important to further identify and refine the focus areas of the department. This document summarizes research areas that fall within the competence of and are of interest for the members of Department 6 and also describes the background of the partners within these areas. A set of knowledge gaps that will be addressed within the department are identified. A number of integrating activities that can be used to coordinate the efforts of the partners are described and an action plan for the continued work within the department is provided

  • 13.
    Brunström, Anna
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Garcia, Johan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    NEWCOM DR6.4: Proceedings of the Newcom Department 6 Second Technical Workshop2005Report (Refereed)
    Abstract [en]

    The Second Newcom Department 6 Technical Workshop was organized in Barcelona on September 16-17, 2005. The workshop program contained 6 presentations and provided a good overview of ongoing research integration activities within the department. All of the three areas of the department, transport protocols, architectures and cross-layer aspects, and modelling were represented with presentations. This deliverable contains the presentation material from the workshop. The included presentations are:



    - Westwood-SCTP: A Transport Protocol for Traffic Balancing on Multihomed Hosts

    - Transport Layer Handover using SCTP

    - The Optimization of Transport Protocol over Ad-Hoc Networks

    - Wireless Networks Emulation

    - An Analytical Model of Rate-Controlled MPEG Video Sources in a UMTS Network

    - An Analytical Model of a Rate-controlled MPEG-4 Video Source Capturing both Intra-frame and Inter-frame Correlation



    As an option, a supporting paper for the presentation could also be supplied by the authors. The

    deliverable contains supporting articles for two of the presentations

  • 14.
    Brunström, Anna
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Proceedings of the 2nd International Workshop on Security and Communication Networks (IWSCN 2010)2010Book (Refereed)
    Abstract [en]

    This publication contains the Proceedings of the 2nd International Workshop on Security and Communication Networks (IWSCN 2010) that will be held on May 2628, 2010 in Karlstad, Sweden. IWSCN 2010 brings together researchers, developers, practitioners, and users interested in the area of security and communication networks. The workshop focuses on how to design, build, and evaluate future networks that are secure, reliable, and provide high and predictable performance. The aim of the workshop is to serve as a forum for presenting current and future work, as well as to exchange research ideas in these fields.Papers containing research contributions focusing on aspects of security and communication networks were solicited for submission to IWSCN 2010. A total of 40 papers were received, representing authors from 20 different countries and 5 different continents. Each paper was reviewed by at least three members of the technical program committee. After a thorough review process, 13 papers were selected for presentation at the workshop, giving an acceptance rate of 32.5%. In addition to the technical papers, two keynote presentations on The Changing Performance Goals in Internet Video Streaming and Dependable Protocols for Wireless Sensor Networks will be provided by Carsten Griwodz from the Simula Research Laboratory AS in Norway and Levente Buttyán from Budapest University of Technology and Economics in Hungary, respectively. Furthermore, a tutorial on Penetration Testing from an Attacker Perspective will be given by Vesa Virta from the National Defence Radio Establishment in Sweden.IWSCN 2010 is organized by the Department of Computer Science at Karlstad University and is supported by the Euro-NF and Newcom++ EU Networks of Excellence, and IEEE Sweden Section. The workshop is sponsored by Compare Karlstad Foundation, Coromatic, and TeliaSonera, and we thank them for their support. We also gratefully thank all authors, members of the program committee, and the local organizing committee for contributing to the scientific quality of the workshop

  • 15.
    Brunström, Anna
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Garcia, Johan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    NEWCOM DR6.6: Second report on common frameworks/models matching Department 62006Report (Refereed)
    Abstract [en]

    Work within Department 6 of NEWCOM is organized into the areas transport protocols, architectures and cross-layer aspects, and modelling. In this deliverable we provide a second report on the frameworks/models used to support research integration within the Department. The integration approach and the defined models/frameworks are described for each one of the three areas of the department. The deliverable also includes an updated report on tools, software libraries and traces that can be shared between the partners

  • 16.
    Brunström, Anna
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Garcia, Johan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    NEWCOM DR6.7: Proceedings of the Newcom Department 6 Second Technical Workshop2006Report (Refereed)
    Abstract [en]

    The Third Newcom Department 6 Technical Workshop was organized in Catania, Italy, on February 2, 2006. The workshop program contained 4 presentations and contained reports on ongoing integrated research activities as well as presentation intended to initiate additional joint research within the department. All of the three areas of the department, transport protocols, architectures and cross-layer

    aspects, and modelling were represented with presentations. This deliverable contains the presentation material from the workshop. The included presentations are:



    - P2P-based Video transmission in wireless networks

    - Transport Layer Handover using SCTP

    - WIPEMU 4G System Emulation and Sample Results

    - Wireless Networks Emulation



    Where available the presentation notes are also included with the presentations

  • 17.
    Brunström, Anna
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Garcia, Johan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    NEWCOM DR6.9: Proceedings of the Newcom Department 6 Fourth Technical Workshop2006Report (Refereed)
    Abstract [en]

    The Fourth Newcom Department 6 Technical Workshop was organized in Toulouse, France, on September 13-14, 2006. The workshop program contained 6 presentations and contained reports on ongoing integrated research activities as well as presentation intended to initiate additional joint research activities between the partners. All of the three areas of the department, transport protocols, architectures and cross-layer aspects, and modelling were represented with presentations. This deliverable contains the presentation material from the workshop. The included presentations are:



    - P2P Video Transmission over Heterogeneous Wired/Wireless Networks: A Starting Point for Integrated Research

    - DCCP Overview and First Experiments

    - Estimation of the SCTP Failover Time

    - Improving End to End Goodput of Ad Hoc Networks with SCTP Multihoming

    - A Taxonomy and Survey of SCTP Research

    - Integrating KAUnet and SWINE



    Where available the presentation notes are also included with the presentations

  • 18. Bubenko jr, Janis
    et al.
    Fischer Hübner, Simone
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Nilsson, Anders G.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Information Systems and Project Management.
    Promote IT 2004: Proceedings of the Fourth Conference for the Promotion of research in IT at New Universities and University Colleges in Sweden, 5-7 May, Karlstad University, The Knowledge Foundation, Part 1 and Part 22004Book (Refereed)
    Abstract [sv]

    The Knowledge Foundation of Sweden and Karlstad University are proud to announce the fourth annual conference for promoting research and advanced education in topics of IT at Sweden's new universities and university colleges. The conference takes place at Karlstad University in Sweden, May 5-7, 2004.



    The conference is in the Foundation's programme for promoting research and advanced education in topics of IT at Sweden's new universities and university colleges. Almost 200 MSEK (about 22 MEUR) has been allocated, for a period of five years, in order to increase the number of IT-teachers with a PhD. degree at Sweden's new universities and university colleges.



    Since the start of the programme in year 2000, almost one hundred persons are actively pursuing their graduate studies and research at these new universities and colleges. These are the persons that now present their progress at this conference

  • 19.
    Dahlberg, Rasmus
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Standardized Syslog Processing: Revisiting Secure Reliable Data Transfer and Message Compression2016Report (Other academic)
    Abstract [en]

    Today's computer logs are like smoking guns and treasure maps in case of suspicious system activities: they document intrusions, and log crucial information such as failed system updates and crashed services. An adversary thus has a clear motive to observe, alter, and delete log entries, considering that she could (i) start by using the log's content to identify new security vulnerabilities, and (ii) exploit them without ever being detected. With this in mind we consider syslog standards and open source projects that safeguard events during the storage and transit phases, and examine how data compression effects security. We conclude that there are syslog standards in place that satisfy security on a hop-by-hop basis, that there are no such standards for secure storage, and that message compression is not recommended during transit.

  • 20. Faigl, Zoltán
    et al.
    Fazekas, Péter
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Brunström, Anna
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Analytical Analysis of the Performance Overheads of IPsec in Mobile IPv6 Scenarios2008In: Advances in Mobile and Wireless Communications: Views of the 16th IST Mobile and Wireless Communication Summit / [ed] István Frigyes, Janos Bito, and Péter Bakki, Berlin/Heidelberg, Germany: Springer-Verlag , 2008Chapter in book (Refereed)
  • 21. Faigl, Zoltán
    et al.
    Fazekas, Péter
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Brunström, Anna
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Performance Analysis of IPsec in MIPv6 Scenarios2007Conference paper (Refereed)
    Abstract [en]

    This paper describes an analysis of the performance overheads caused by the processing and space requirements of IPsec when protecting Mobile IPv6 (MIPv6) signaling. Signaling between the Mobile Nodes and the Home Agent (HA) in a large-scale reference scenario is considered. The analysis is based on queuing theory and focuses on the overall utilization of the HA by the MIPv6 signaling processes as well as the total mean response time for a mobility process in the network. The results can assist network designers in finding the most appropriate security configuration for their specific network and mobility scenario

  • 22. Faigl, Zoltán
    et al.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT.
    Brunstrom, Anna
    Karlstad University, Faculty of Economic Sciences, Communication and IT.
    Tóth, Katalin
    Providing Tunable Security in IEEE 802.11i Enabled Networks2006Report (Other academic)
    Abstract [en]

    The basic idea of QoS is to provide mechanisms that can offer different service levels, which are expressed through well-defined parameters that are specified at run-time on the basis of need. Bit rate, throughput, delay, jitter, and packet loss rate are all examples of common QoS parameters suggested for packet networks. These parameters are all aimed to express(and guarantee) a certain service level with respect to reliability and/or performance. In this report, we investigate how security can be treated as yet another QoS parameter through the use of tunable security services. The main idea with this work is to let users specify a trade-off between security and performance through the choice of available security configuratio (s). The performance metric used is latency. The concept is illustrated using the IEEE 802.11i wireless local area networking standard.

  • 23. Faigl, Zoltán
    et al.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Brunström, Anna
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Experimental Evaluation of the Performance Costs of Different IKEv2 Authentication Methods2008Conference paper (Refereed)
    Abstract [en]

    This paper presents an experimental evaluation of the costs of different IKEv2 authentication methods. The studied methods are pre-shared keys (PSK), extensible authentication protocol (EAP) using MD5 and TLS, which are typically referred to as EAP-MD5 and EAP-TLS, respectively. For the EAP-based methods RADIUS is used as AAA server. Different lengths of certification chains are studied in the EAP-TLS case. The paper first presents a brief overview of the considered authentication methods. Then, an experimental comparison of the costs for computations and messages transfers associated with the authentication methods are provided. The measurement results illustrate the practical costs involved for IKEv2 authentication, and show the performance implications of using different authentication methods. EAP-TLS is several times more demanding than both PSK and EAP-MD5. When EAP-TLS is used, the length of certificate chains also has a notable impact on performance

  • 24. Faigl, Zoltán
    et al.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Brunström, Anna
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    IKEv2 Performance when Protecting Mobile IPv6 Signaling2007Conference paper (Refereed)
    Abstract [en]

    This paper describes an analysis of the performance overheads caused by the processing and space requirements of the IKEv2 protocol using Diameter and EAP-TLS authentication when protecting Mobile IPv6 signaling. IKEv2 negotiation between mobile nodes, the home agent, and the AAA server in a large-scale reference scenario is considered. The analysis is based on queuing theory and focuses on the overall utilization of the home agent and the AAA server by the IKEv2 reauthentication processes as well as the total mean response time for such a process in the network

  • 25. Faigl, Zoltán
    et al.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Brunström, Anna
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Tóth, Katalin
    Providing Tunable Security in IEEE 802.11i Enabled Networks2006Report (Refereed)
    Abstract [en]

    The basic idea of QoS is to provide mechanisms that can offer different service levels, which are expressed through well-defined parameters that are specified at run-time on the basis of need. Bit rate, throughput, delay, jitter, and packet loss rate are all examples of common QoS parameters suggested for packet networks. These parameters are all aimed to express (and guarantee) a certain service level with respect to reliability and/or performance. In this report, we investigate how security can be treated as yet another QoS parameter through the use of tunable security services. The main idea with this work is to let users specify a trade-off between security and performance through the choice of available security configuration(s). The performance metric used is latency. The concept is illustrated using the IEEE 802.11i wireless local area networking standard.

  • 26. Ferreira, Lucio
    et al.
    Perez-Romero, Jordi
    Tralli, Velio
    Fazekas, Peter
    Oliver, Miquel
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Agustí, Ramón
    QoS Provision in Wireless Networks: Mobility, Security, and Radio Resource Management: An Overview2006Conference paper (Other (popular science, discussion, etc.))
  • 27.
    Fischer Hübner, Simone
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Rannenberg, Kai
    Yngström, Louise
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Security and Privacy in Dynamic Environments: Proceedings of the IFIP TC-11 21st International Information Security Conference (SEC 2006)2006Book (Refereed)
    Abstract [en]

    This book contains the Proceedings of the 21st IFIP TC-11 International Information Security Conference (IFIP/SEC 2006) on Security and Privacy in Dynamic Environments held in May 2224 2006 in Karlstad, Sweden. The first IFIP/SEC conference was arranged in May 1983 in Stockholm, Sweden, one year before TC-11 was founded, with the active participation of the Swedish IT Security Community. The IFIP/SEC conferences have since then become the flagship events of TC-11.We are very pleased that we succeeded with our bid to after 23 years hold the IFIP/SEC conference again in Sweden.



    The IT environment now includes novel, dynamic approaches such as mobility, wearability, ubiquity, ad hoc use, mind/body orientation, and business/market orientation. This modern environment challenges the whole information security research community to focus on interdisciplinary and holistic approaches whilst retaining the benefit of previous research efforts. Papers offering research contributions focusing on dynamic environments in addition to other aspects of computer security and privacy were solicited for submission to IFIP/SEC 2006. We received 141 submissions which were all reviewed by at least three members of the international program committee. At a one-day program committee meeting, the submitted papers were discussed, and 35 papers were selected for presentation at the conference, which means an acceptance rate of 24.8%. A special emphasis of IFIP/SEC 2006 is on Privacy and Privacy Enhancing Technologies, which is addressed by 9 of the 35 accepted papers. Further topics addressed include security in mobile and ad hoc networks, access control for dynamic environments, new forms of attacks, security awareness, intrusion detection and network forensics.



    These Proceedings also include the papers of the following two workshops that are associated with SEC 2006: the workshop on Security Culture organized by IFIP Working Group 11.1/11.8 as well as the I-NetSec06 workshop on Privacy and Anonymity Issues in Networked and Distributed Systems organized by IFIP Working Group 11.4. Both workshops were organized autonomously by the respective IFIP Working Groups. They had their own call for papers, program committees, and selection processes with acceptance rates of papers similar to the one of the main IFIP/SEC 2006 conference.



    IFIP/SEC 2006 is organized in cooperation with Karlstad University, SIG Security, and Dataföreningen i Sverige. We would like to thank Microsoft AB, Karlstads kommun, SAAB AB, and TietoEnator, who are sponsoring IFIP/SEC 2006. Furthermore, we gratefully thank all authors, members of the program committees, and additional reviewers for their contributions to the scientific quality of this conference and the two workshops. Last but not least, we owe thanks to the organizing committee, and especially to its chair Dr. Albin Zuccato, for all the efforts and dedication in preparing this conference

  • 28.
    Hasselström, Nicklas
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Hjern, Gunnar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Hoorn, Richard
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Hult, Marcus
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Häger, Johan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Syren, Jens
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Alfredsson, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Lindskog, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    The Design, Implementation, and Performance Evaluation of Secure Socket SCTP 2.02015Report (Other academic)
    Abstract [en]

    The Stream Control Transmission Protocol (SCTP) is acomparatively new transport protocol that presents some advanced features compared to other standardized transport protocols. However, there are currently no standardized end-to-end security solutions suited for SCTP. One proposal for end-to-end encryption is the Secure Socket SCTP (S2-SCTP) protocol, developed by researchers at Karlstad University.  The security solution for SCTP described in this report uses key agreement for obtaining keys to be able to provide data confidentiality by encryption. The protocol is based on the S2-SCTP protocol, with smaller changes, and an overlaying management protocol has been designed and implemented. The management protocolis used to enable encryption and TLS authentication, to give a secure communication library over existing Berkeley Sockets. The performance evaluation of S2-SCTP compared to the already standardized end-to-endsecurity solutions, i.e., TLS over SCTP and DTLS over SCTP, shows that S2-SCTP achieves a higher throughput while still maintaining most of the advantages of SCTP.

  • 29.
    Hedbom, Hans
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Axelsson, Stefan
    Jonsson, Erland
    A Comparison of the Security of Windows NT and UNIX1998In: / [ed] Svein J. Knapskog and Tønnes Brekne, Trondheim, Norway, 1998Conference paper (Refereed)
    Abstract [en]

    This paper presents a brief comparison of two operating systems, Windows NT and UNIX. The comparison covers two different aspects. First, we compare the main security features of the two operating systems and then we make a comparison of a selection of vulnerabilities most of which we know have been used for making real intrusions. We found that Windows NT has slightly more rigorous security features than standard UNIX but the two systems display similar vulnerabilities. The conclusion is that there are no significant differences in the real level of security between these systems

  • 30.
    Hedbom, Hans
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Axelsson, Stefan
    Jonsson, Erland
    Analysis of the Security of Windows NT1998Report (Refereed)
    Abstract [en]

    This paper presents an analysis of the security in Windows NT 4.0, working in both stand-alone and networking mode. The objective of the work was to find out how secure this operating system actually is. A technical overview of the system, and in particular its security features is given. The system security was analyzed and practical intrusion attempts were made in order to verify vulnerabilities or to find new ones. All vulnerabilities are described in detail and classified according to a classification scheme. A comparison to commonly known UNIX weaknesses was made. It revealed generic similarities between the two systems to a surprisingly high degree. Finally a number of recommendations are given. The paper concludes that there are ample opportunities to improve the security of Windows NT. We have reason to believe that it is probably not higher than that of UNIX

  • 31.
    Hedbom, Hans
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Jonsson, Erland
    A Preliminary Evaluation of the Security of a Non-Distributed Version of Windows NT1997In: / [ed] Arto Karila and Timo Aalto, Espoo, Finland, 1997Conference paper (Refereed)
    Abstract [en]

    In this paper we present a preliminary evaluation of the security of a non-distributed version of Windows NT. The objectives of the work are twofold: first, to learn more about the security system; and, second, to find out how secure the system actually is. Thus the architecture and security mechanisms of Windows NT have been studied. Furthermore, the paper contains a few examples of successful intrusions on the target system, which was a standard personal computer with Windows NT Workstation 3.51 and one with NT Workstation 4.0, both working in a stand-alone mode. We have also found some evidence that other, more severe security flaws exist in the system

  • 32.
    Hedbom, Hans
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Jonsson, Erland
    A Security Evaluation of a Non-Distributed Version of Windows NT1997Report (Refereed)
    Abstract [en]

    In this paper we present an evaluation of the security in Windows NT. The objectives of the work are twofold: first, to learn more about the security system; and, second, to find out how secure the system actually is. To investigate the latter, the authors, have adopted the role of attackers. This paper contains results from several attempts to violate the security of Windows NT. In some cases, the attempts were successful, meaning that we gained access to information or resources that should be protected. The target systems were standard personal computers with Windows NT Workstation 3.51 and Windows NT Workstation 4.0 respectively, both working in stand-alone mode

  • 33.
    Hedbom, Hans
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Jonsson, Erland
    Risks and Dangers of Security Extensions2001Conference paper (Refereed)
    Abstract [en]

    Securing computer systems is an increasing concern as more and more systems are connected together in large networks. Traditional operating system based protection mechanisms have failed to fully meet the demands of this new situation. To overcome some of the shortcomings of these mechanisms new types have been developed with the intention to stop or reduce the impact of the new threats. We would like to call these new mechanisms security extensions, since they are not usually part of the core operating system. However, security extensions often contain sensitive and vital information that also needs to be secured. Usually they are dependent on the security mechanisms of the operating system for their own protection, i.e., they are dependent on the security of a mechanism whose insecurity they are supposed to patch. This is clearly an undesirable situation. We thus argue that security extensions actually add risks and vulnerabilities to the system when the underlying system is insecure or when they are not capable of handling their own security by themselves. In this paper, we discuss and analyze possible vulnerabilities in three types of security extensions, i.e., anti-malware software, firewalls, and intrusion detection systems. We also introduce a crude classification scheme for the different types of risks that the security extensions discussed add to the system.

  • 34.
    Iwaya, Leonardo H.
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Voronkov, Artem
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Martucci, Leonardo A.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Lindskog, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Firewall Usability and Visualization: A Systematic Literature Review2016Report (Refereed)
    Abstract [en]

    Firewalls are network security components that allow administrators to handle incoming and outgoing traffic based on a set of rules. Such security appliances are typically the first line of defense, creating a barrier between organization’s internal network and the outside network (e.g., Internet). The process of correctly configuring a firewall is complex and error prone, and it only gets worse as the complexity of the network grows. A vulnerable firewall configuration will very likely result in major threats to the organization’s security. In this report we aim to investigate how to make administrator task of planning and implementing firewall solutions easier, from the stand points of usability and visualization. Our scientific investigation starts with the understanding of the state-of-the-art on this specific field. To do so, we conducted a Systematic Literature Review (SLR), a strict methodology to plan a literature review, to gather relevant information, to synthesize and compare approaches, and to report findings. During the initial search process thousands of papers were screened, leading us to 125 papers carefully selected for further readings. In the secondary study, ten relevant works were identified and assessed, in which authors tackled the issues of usability and visualization for Firewalls and Personal Firewalls. Among the main findings, we perceive that there is a lack (or even absence) of user studies to validate the proposed models. This leads us to a series of unwarranted solutions, that need to be prototyped and tested with real users. We also see an huge opportunity for integrative approaches, that could combine firewall research areas, such as automatic anomaly detection, advisory systems, and varying visualization schemes.

  • 35. Jonsson, Erland
    et al.
    Strömberg, Lars
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    On the Functional Relation between Security and Dependability Impairments1999Conference paper (Refereed)
    Abstract [en]

    Problems related to security and dependability/reliability are still treated separately in many contexts. It has been shown that there is a considerable conceptual overlap, however, and an integrated framework for the two disciplines has already been suggested. This paper shows that there is also a conceptual overlap of impairments from these areas and suggests an integrated approach that clarifies the functional relation between these, both from dependability and security viewpoints. The overall objective is to arrive at a general and clear-cut framework that would describe how trustable (dependable, secure) a system is, regardless of the reason for its not being totally trustable. For example, it should be possible to treat a system failure caused by an intentional intrusion or a hardware fault using the same methodology. A few examples from real-world situations are given to support the suggested approach

  • 36. Knapskog, Svein J
    et al.
    Lindskog, StefanKarlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Pre-proceedings of the 1st International Workshop on Security and Communication Networks (IWSCN 2009)2009Collection (editor) (Refereed)
    Abstract [en]

    This book contains the Proceedings of the 1st International Workshop on Security and Communication Networks (IWSCN) that will be held in May 20–22, 2009 in Trondheim, Norway. The aim of IWSCN is to bring together researchers, developers, practitioners, and users interested in the area of security and communication networks. The purpose of the workshop is to serve as a forum for presenting current and future work, as well as to exchange research ideas in this field.

     

    Papers offering research contributions focusing on aspects of security and communication networks were solicited for submission to IWSCN 2009. We received 20 submissions which were all reviewed by two to three members of the international program committee. Eight full papers and five short papers were selected for presentation at the conference. In addition, a tutorial on access control will be provided and three invited talks will be given by internationally well known researchers. Furthermore, two of the round 1 candidates in the Cryptographic Hash Algorithm Competition arranged by the National Institute of Standards and Technology (NIST)—Edon-R' and Blue Midnight Wish—will also be presented.

     

    IWSCN 2009 is organized in cooperation between the centre for Quantifiable Quality of Service in Communication Systems (Q2S) and IEEE Norway Section. We gratefully thank all authors, members of the program committees, and the local organizing committee for contributing to the scientific quality of the workshop. Last but not least, we owe thanks to Pavel Moravec at VSB-Technical University of Ostrava in Czech Republic for his assistance with the publication system.

  • 37. Knapskog, Svein J
    et al.
    Lindskog, StefanKarlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Proceedings of the 1st International Workshop on Security and Communication Networks (IWSCN 2009)2010Conference proceedings (editor) (Refereed)
  • 38. Larson, Ulf E.
    et al.
    Jonsson, Erland
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    A Revised Taxonomy of Data Collection Mechanisms with a Focus on Intrusion Detection2008Conference paper (Refereed)
    Abstract [en]

    Surprisingly few data collection mechanisms have been used for intrusion detection, and most systems rely on network and system call data as input to the detection engine. Even though the quality of log data is vital to the detection process and heavily dependent on the collection mechanism, no extensive survey or taxonomy has been conducted within the detection field. In this paper, we propose a revised taxonomy which provides a unified terminology and a framework in which data collection mechanisms can be systematically inspected, evaluated, and compared. Since the taxonomy is derived from existing mechanisms, it also provides a useful overview of different types of mechanisms. The paper also suggests areas within data collection where additional work is required

  • 39. Larson, Ulf E.
    et al.
    Jonsson, Erland
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    A Structured Overview of Data Collection with a Focus on Intrusion Detection2008Report (Refereed)
    Abstract [en]

    Collection and analysis of audit data is a critical component in many computer-related activities, such as debugging, measurement, and detection. Data is required to be correct and to be delivered in a timely fashion. Additionally, the data should be sparse to reduce the amount of resources used to collect and store it. At the same time, the data must contain the necessary attributes with respect to the goal of the collection. The production of audit data depends directly on the deployed data collection mechanisms. Adequate mechanism knowledge is thus a critical resource for software developers, security officers, and system administrators and operators. This report aims at providing a clear and concise picture of how data collection mechanisms work. It provides a detailed explanation of generic data collection mechanism components and the interaction with the environment, from initial triggering to output of log data records. Furthermore, it provides a taxonomy of mechanism characteristics based on previously published theoretical results [43, 44]. Guidelines and hints for mechanism selection are provided and examples of application fields that benefit from proper mechanism knowledge are presented. An extensive appendix contains 50 surveyed mechanisms. We believe that the classification and the guidelines can be used to assist system administrators and operators in performing resource efficient mechanism selection. The guidelines and the classification can also be used when a specific type of data collection is desired. For example, it is easy to find out what mechanisms collect samples for execution profiling, and what mechanisms that can be reconfigured without the need for restart. This is a valuable source of information that reduces the need to browse multiple manual pages and whitepapers to find the desired mechanism. Furthermore, by using the selection guidelines, we can obtain a more resource efficient data collection and obtain a more accurate data analysis

  • 40. Larson, Ulf E.
    et al.
    Jonsson, Erland
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Health, Science and Technology (starting 2013).
    Guidance for Selecting Data Collection Mechanisms for Intrusion Detection2014In: Handbook of Research on Emerging Developments in Data Privacy / [ed] Manish Gupta, Hershey, PA, USA: IGI Global, 2014, p. 343-374Chapter in book (Refereed)
  • 41. Larson, Ulf E.
    et al.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Nilsson, Dennis K.
    Jonsson, Erland
    Decision Support for Intrusion Detection Data Collection2008Conference paper (Refereed)
    Abstract [en]

    Data collection is a critical but difficult activity for intrusion detection. The amount of resources that must be monitored and the rate at which events are generated makes it impossible to use an exhaustive collection strategy. Furthermore, selection and configuration of data collection mechanisms is a tedious and elaborate task for both designers and operators. Therefore, we propose a decision support system (DSS) for selecting and configuring data collection mechanisms. We suggest a generic system model for selecting data collection mechanisms based on the amount of excess data produced. We also provide an implementation of the system. The DSS reduces effort, time, and expertise required in the selection process, and allows both designers and operators to focus on intrusion detection rather than selection and configuration of data collection mechanisms

  • 42. Larson, Ulf E.
    et al.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Nilsson, Dennis K.
    Jonsson, Erland
    Operator-Centric and Adaptive Intrusion Detection2008Conference paper (Refereed)
    Abstract [en]

    An intrusion detection system should support the operator of the system. Thus, in addition to producing alerts, it should allow for easy insertion of new detection algorithms. It should also support dynamic selection and de-selection of detection algorithms, and it should adjust its resource consumption to the current need. Such a system would allow the operator to easily extend the system when new detection algorithms become available. It would also allow the operator to maintain a low-cost monitoring baseline and perform more extensive monitoring when it is required. In this paper we propose an architecture for intrusion detection which aims at providing the operator with this support. The architecture uses a modular design to promote a high degree of flexibility. This supports creation of an environment in which state-of-the-art intrusion detection algorithms easily can be inserted. The modular design also allows for detection algorithms to be enabled and disabled when required. Additionally, the architecture uses a sensor reconfiguration mechanism to affect the amount of data collected. When a detection algorithm is enabled or disabled, the sensor providing the input data to the algorithm is correspondingly reconfigured. This implies a minimum of excess collected data. To illustrate the feasibility of the architecture, we provide a proof - of-concept supporting monitoring of users for insider detection and webserver monitoring for intrusion attempts

  • 43.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Modeling and Tuning Security from a Quality of Service Perspective2005Doctoral thesis, monograph (Other academic)
    Abstract [en]

    Security has traditionally been thought of as a system or network attribute that was the result of the joint endeavors of the designer, maintainer and user, among others. Even though security can never reach a level of 100%, the aim has been to provide as much security as possible, given the boundary conditions in question. With the advent of, e.g., many low-power computing and communication devices it has become desirable to trade security against other system parameters, such as performance and power consumption. Thus, in many situations, tunable or selectable security, rather than maximal security, is desirable. The overall focus of this thesis is therefore how security with a tunable level could be achieved and traded against other parameters.



    To this end, basic security primitives, such as the intrusion process, flaws, and impairments, are studied. This contributes to a deeper understanding of fundamental problems and paves the way for security modeling. This part of the work provides a great deal of experimental data that are also used for modeling purposes. Attempts to model and systemize security are made based on the knowledge thus achieved. The relation between security and dependability is touched upon, and the use of physical separation to achieve certain desirable security properties is pointed out. However, most of the modeling research is devoted to suggesting methods for achieving different security levels, i.e., tuning security, in particular for networked applications. Here, the widespread Quality of Service (QoS) concept turns out to be a proper means to embed this novel concept, and a taxonomy for tunable data protection services is suggested. Two data protection services are developed in order to test and verify the concept of tunable security. The evaluations are limited to networked applications and confidentiality through selective encryption schemes. The tests show good agreement between experimental and theoretical results.



    It is clear that future applications will require security that can be set to a desired level in order to optimize total system performance. This thesis shows that this is possible and gives some ideas as to how selectable security can be generally attainable.

  • 44.
    Lindskog, Stefan
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Observations on Operating System Security Vulnerabilities2000Licentiate thesis, monograph (Other academic)
    Abstract [en]

    This thesis presents research on computer security vulnerabilities in general-purpose operating systems. The objective is to investigate intrusions in such systems in order to find and model the underlying generic weaknesses, i.e., weaknesses that would be applicable to many different systems. An attempt is made to create a conceptual basis for the generic modeling of vulnerabilities, addressing security concepts, definitions, and terminology. The investigation of intrusions is based on empirical data collected from three different systems, UNIX, Novell NetWare, and Windows NT. The UNIX and Novell NetWare data were generated from a number of practical intrusion experiments with Masters students, while the Windows NT data resulted from a security analysis that we performed ourselves. This analysis showed that Windows NT, initially thought to be quite secure, still displayed a significant number of vulnerabilities. A comparison with earlier UNIX analyses indicates that the security differences between the systems are related more to factors such as time on market and security-by-obscurity than to inherent security performance. A different approach was taken with the Novell NetWare system. Here, the initial experiments showed quite poor security behavior and we have investigated the security evolution as later versions of the system have been released and have reached the conclusion that, even though some effort has been made to improve security, no significant difference has been achieved, primarily due to backward compatibility requirements. In summary, the work performed here represents a further step towards a full understanding of the generic weaknesses and vulnerabilities that impair commercially available operating systems. This understanding is essential to our aspiration to make these systems secure, or at least sufficiently secure. It is expected that this work, when fully accomplished, will comprise a powerful basis for improving the security of operating systems, at least to the extent that research results are taken into consideration by software developers and manufacturers

  • 45.
    Lindskog, Stefan
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Abou El Kalam, Anas
    Atzeni, Andrea
    Mazzocchi, Daniele
    Pastrone, Claudio
    Salih, Khalid
    Spirito, Maurizio A
    Terzo, Olivier
    Security Evaluation Framework for 6LoWPAN Networks2010Conference paper (Other (popular science, discussion, etc.))
  • 46.
    Lindskog, Stefan
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Brunstrom, Anna
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Lundin, Reine
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Faigl, Zoltán
    A Conceptual Model of Tunable Security Services2006In: Wireless Communication Systems, 2006.: ISWCS '06. 3rd International Symposium on, Piscataway, NJ: IEEE , 2006, p. 531-535Conference paper (Refereed)
    Abstract [en]

    In this paper, we propose a conceptual model for tunable security services. The aim of the model is to provide a tool that can be used to describe and analyze such services in a structured and consistent way. The proposed model can thus serve as a basis to examine the possibilities available for constructing tunable security services based on current and future networking standards and to identify missing requirements. It can also be used to describe and compare previous research results. In the paper, four different use cases are presented that illustrates the powerfulness of the proposed model.

  • 47.
    Lindskog, Stefan
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Brunström, Anna
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    A Comparison of End-to-End Security Solutions for SCTP2008Conference paper (Refereed)
    Abstract [en]

    A comparison of three different end-to-end security solutions for the stream control transmission protocol (SCTP) is presented in this paper. The compared solutions are SCTP over IPsec, TLS over SCTP, and secure socket SCTP (SS-SCTP). The two former are standardized solutions, whereas the latter is a newly proposed solution that was designed to offer as much security differentiation support as possible using standardized solutions and mechanisms. The comparison focuses on three main issues: packet protection, security differentiation, and message complexity. SS-SCTP compares favorably in terms of offered security differentiation and message overhead. Confidentiality protection of SCTP control information is, however, only offered by SCTP over IPsec

  • 48.
    Lindskog, Stefan
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Brunström, Anna
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    An End-to-End Security Solution for SCTP2008Conference paper (Refereed)
    Abstract [en]

    The stream control transmission protocol (SCTP) is a fairly new transport protocol that was initially designed for carrying signaling traffic in IP networks. SCTP offers a reliable end-to-end (E2E) transport. Compared to TCP, SCTP provides a much richer set of transport features such as message oriented transfer, multistreaming to handle head-of-line blocking, and multihoming for enhanced failover. These are all very attractive features, but at the same time proven hard and complex to secure for E2E transports. All existing security solutions have limitations. In this paper, a survey of existing solutions is first given. Then, an alternative solution is proposed. The proposed solution uses the new authenticated chunks for SCTP for integrity protection, TLS for key exchange and authentication, and symmetric encryption implemented at the socket layer for confidentiality protection. A qualitative comparison of the described E2E security solutions is also given

  • 49.
    Lindskog, Stefan
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Brunström, Anna
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Design and Implementation of a Tunable Encryption Service for Networked Applications2005Conference paper (Refereed)
    Abstract [en]

    To achieve the best possible QoS tradeoff between security and performance for networked applications, a tunable and differential treatment of security is required. In this paper, we present the design and implementation of a tunable encryption service. The proposed service is based on a selective encryption paradigm in which the applications can request a desired encryption level. Encryption levels are selected by the applications at the inception of sessions, but can be changed at any time during their lifetime. A prototype implementation is described along with an initial performance evaluation. The experimental results demonstrate that the proposed service offers a high degree of security adaptiveness at a low cost

  • 50.
    Lindskog, Stefan
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Brunström, Anna
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Secure Socket SCTP: A Multi-layer End-to-End Security Solution2008Conference paper (Other (popular science, discussion, etc.))
123 1 - 50 of 108
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf