004 Informatik
Refine
Year of publication
Document Type
- Bachelor Thesis (51)
- Master's Thesis (34)
- Conference Proceeding (6)
- Contribution to a Periodical (5)
- Article (reviewed) (2)
- Doctoral Thesis (2)
- Book (1)
Conference Type
- Konferenzartikel (6)
Keywords
- IT-Sicherheit (12)
- JavaScript (9)
- Deep learning (5)
- Blockchain (4)
- Computersicherheit (4)
- E-Learning (4)
- HTML 5.0 (4)
- Internet der Dinge (4)
- Internet of Things (4)
- Künstliche Intelligenz (3)
Institute
- Fakultät Medien (M) (ab 22.04.2021) (37)
- Fakultät Medien und Informationswesen (M+I) (bis 21.04.2021) (36)
- Fakultät Elektrotechnik, Medizintechnik und Informatik (EMI) (ab 04/2019) (19)
- Fakultät Elektrotechnik und Informationstechnik (E+I) (bis 03/2019) (6)
- ivESK - Institut für verlässliche Embedded Systems und Kommunikationselektronik (4)
- Zentrale Einrichtungen (3)
- Fakultät Wirtschaft (W) (2)
- IMLA - Institute for Machine Learning and Analytics (1)
Open Access
- Closed Access (47)
- Open Access (28)
- Closed (26)
- Diamond (3)
Linux and Linux-based operating systems have been gaining more popularity among the general users and among developers. Many big enterprises and large companies are using Linux for servers that host their websites, some even require their developers to have knowledge about Linux OS. Even in embedded systems one can find many Linux-based OS that run them. With its increasing popularity, one can deduce the need to secure such a system that many personnel rely on, be it to protect the data that it stores or to protect the integrity of the system itself, or even to protect the availability of the services it offers. Many researchers and Linux enthusiasts have been coming up with various ways to secure Linux OS, however new vulnerabilities and new bugs are always found, by malicious attackers, with every update or change, which calls for the need of more ways to secure these systems.
This Thesis explores the possibility and feasibility of another way to secure Linux OS, specifically securing the terminal of such OS, by altering the commands of the terminal, getting in the way of attackers that have gained terminal access and delaying, giving more time for the response teams and for forensics to stop the attack, minimize the damage, restore operations, and to identify collect and store evidence of the cyber-attack. This research will discuss the advantages and disadvantages of various security measures and compare and contrast with the method suggested in this research.
This research is significant because it paints a better picture of what the state of the art of Linux and Linux-based operating systems security looks like, and it addresses the concerns of security enthusiasts, while exploring new uncharted area of security that have been looked at as a not so significant part of protecting the OSes out of concern of the various limitations and problems it entails. This research will address these concerns while exploring few ways to solve them, as well as addressing the ideal areas and situations in which the proposed method can be used, and when would such method be more of a burden than help if used.
Truth is the first causality of war”, is a very often used statement. What rather intrigues the mind is what causes the causality of truth. If one dives deeper, one may also wonder why is this so-called truth the first target in a war. Who all see the truth before it dies. These questions rarely get answered as the media and general public tends to focus more on the human and economic losses in a war or war like situation. What many fail to realize is that these truthful pieces of information are critical to how a situation further develops. One correct information may change the course of the whole war saving millions and one mis-information may do the opposite.
Since its inception, some studies have been conducted to propose and develop new applications for OSINT in various fields. In addition to OSINT, Artificial Intelligence is a worldwide trend that is being used in conjunction witThe question here is, what is this information. Who transmits this and how? What is the source. Although, there has been an extensive use of the information provided by the secret services of any nation, which have come handy to many, another kind of information system is using the one that is publicly available, but in different pieces. This kind of information may come from people posting on social media, some publicly available records and much more. The key part in this publicly available information is that these are just pieces of information available across the globe from various different sources. This could be seen as small pieces of a puzzle that need to be put together to see the bigger picture. This is where OSINT comes in place.
h other areas (AI). AI is the branch of computer science that is in charge of developing intelligent systems. In terms of contribution, this work presents a 9-step systematic literature review as well as consolidated data to support future OSINT studies. It was possible to understand where the greatest concentration of publications was, which countries and continents developed the most research, and the characteristics of these publications using this information. What are the trends for the next OSINT with AI studies? What AI subfields are used with OSINT? What are the most popular keywords, and how do they relate to others over time?A timeline describing the application of OSINT is also provided. It was also clear how OSINT was used in conjunction with AI to solve problems in various areas with varying objectives. Private investigators and journalists are no longer the primary users of open-source intelligence gathering and analysis (OSINT) techniques. Approximately 80-90 percent of data analysed by intelligence agencies is now derived from publicly available sources. Furthermore, the massive expansion of the internet, particularly social media platforms, has made OSINT more accessible to civilians who simply want to trawl the Web for information on a specific individual, organisation, or product. The General Data Protection Regulation (GDPR) of the European Union was implemented in the United Kingdom in May 2018 through the new Data Protection Act, with the goal of protecting personal data from unauthorised collection, storage, and exploitation. This document presents a preliminary review of the literature on GDPR-related work.
The reviewed literature is divided into six sections: ’What is OSINT?’, ’What are the risks?’ and benefits of OSINT?’, ’What is the rationale for data protection legislation?’, ’What are the current legislative frameworks in the UK and Europe?’, ’What is the potential impact of the GDPR on OSINT?’, and ’Have the views of civilian and commercial stakeholders been sought and why is this important?’. Because OSINT tools and techniques are available to anyone, they have the unique ability to be used to hold power accountable. As a result, it is critical that new data protection legislation does not impede civilian OSINT capabilities.
In this paper we see how OSINT has played an important role in the wars across the globe in the past. We also see how OSINT is used in our everyday life. We also gain insights on how OSINT is playing a role in the current war going on between Russia and Ukraine. Furthermore, we look into some of these OSINT tools and how they work. We also consider a use case where OSINT is used as an anti terrorism tool. At the end, we also see how OSINT has evolved over the years, and what we can expect in the future as to what OSINT may look like.
In den letzten Jahren ist die Relevanz des Wassersparens und der nachhaltigen Nutzung dieses lebenswichtigen Elements angesichts des Klimawandels und abnehmender Wasserressourcen erheblich gestiegen. In diesem Kontext legt die vorliegende Bachelorarbeit, die in Zusammenarbeit mit der Firma Hansgrohe erstellt wurde, den Fokus auf die Schaffung eines Konzeptes sowie der prototypischen Realisierung eines Serious Games. Das Ziel des Spiels ist es, bei Kindern ein Bewusstsein und Verständnis für die nachhaltige Wassernutzung zu fördern. Im Zuge des Projekts wurde ein iterativer Spiel-Design-Prozess verfolgt, um ein pädagogisch wertvolles und ansprechendes Spielkonzept zu entwickeln. Der nutzerzentrierte Ansatz war maßgeblich, um ein tiefgehendes Verständnis für die Bedürfnisse und Vorlieben der jungen Zielgruppe zu erlangen und somit ein optimal auf die Lernerfahrung abgestimmtes Produkt zu entwerfen. Das Spiel kombiniert Elemente der Exploration, Simulation und des Casual Gamings, um das Verständnis für die nachhaltige Wassernutzung auf spielerische und interaktive Weise zu vermitteln. Die Resultate der prototypischen Umsetzung wurden mittels Nutzertests überprüft, um die Effektivität und Benutzerfreundlichkeit zu sichern. Diese Arbeit unterstreicht nicht nur die Wichtigkeit eines verantwortungsvollen Umgangs von Wasser, sondern illustriert zudem, wie durch innovatives Spiel-Design die Bildung und Sensibilisierung von Kindern in Bezug auf zentrale ökologische Themen erreicht werden können.
Conceptualization and implementation of automated optimization methods for private 5G networks
(2023)
Today’s companies are adjusting to the new connectivity realities. New applications require more bandwidth, lower latency, and higher reliability as industries become more distributed and autonomous. Private 5th Generation (5G) networks known as 5G Non-Public Networks (5G-NPN), is a novel 3rd Generation Partnership Project (3GPP)- based 5G network that can deliver seamless and dedicated wireless access for a particular industrial use case by providing the mentioned application’s requirements. To meet these requirements, several radio-related aspects and network parameters should be considered. In many cases, the behavior of the link connection may vary based on wireless conditions, available network resources, and User Equipment (UE) requirements. Furthermore, Optimizing these networks can be a complex task due to the large number of network parameters and KPIs that need to be considered. For these reasons, traditional solutions and static network configuration are not affordable or simply impossible. Despite the existence of papers in the literature that address several optimization methods for cellular networks in industrial scenarios, more insight into these existing but complex or unknown methods is needed.
In this thesis, a series of optimization methods were implemented to deliver an optimal configuration solution for a 5G private network. To facilitate this implementation, a testing system was implemented. This system enables remote control over the UE and 5G network, establishment of a test environment, extraction of relevant KPI reports from both UE and network sides, assessment of test results and KPIs, and effective utilization of the optimization and sampling techniques.
The research highlights the advantageous aspects of automated testing by using OFAT, Simulated Annealing, and Random Forest Regressor methods. With OFAT, as a common sampling method, a sensitivity analysis and an impact of each single parameter variation on the performance of the network were revealed. With Simulated Annealing, an optimal solution with MSE of roughly 10 was revealed. And, in the Random Forest Regressor, it was seen that this method presented a significant advantage over the simulated annealing method by providing substantial benefits in time efficiency due to its machine- learning capability. Additionally, it was seen that by providing a larger dataset or using some other machine-learning techniques, the solution might be more accurate.
Künstliche Intelligenzen, Deep Learning und Machine-Learning-Algorithmen sind im digitalen Zeitalter zu einem Punkt gekommen, in dem es schwer ist zu unterscheiden, welche Informationen und Quellen echt sind und welche nicht. Der Begriff „Deepfakes“ wurde erstmals 2017 genutzt und hat bereits 2018 mit einer App bewiesen, wie einfach es ist, diese Technologie zu verwenden um mit Videos, Bildern oder Ton Desinformationen zu verbreiten, politische Staatsoberhäupter nachzuahmen oder unschuldige Personen zu deformieren. In der Zwischenzeit haben sich Deepfakes bedeutend weiterentwickelt und stellen somit eine große Gefahr dar.
Diese Arbeit bietet eine Einführung in das Themengebiet Deepfakes. Zudem behandelt sie die Erstellung, Verwendung und Erkennung von Deepfakes, sowie mögliche Abwehrmaßnahmen und Auswirkungen, welche Deepfakes mit sich bringen.
As e-commerce platforms have grown in popularity, new difficulties have emerged, such as the growing use of bots—automated programs—to engage with e-commerce websites. Even though some algorithms are helpful, others are malicious and can seriously hurt e-commerce platforms by making fictitious purchases, posting fictitious evaluations, and gaining control of user accounts. Therefore, the development of more effective and precise bot identification systems is urgently needed to stop such actions. This thesis proposes a methodology for detecting bots in E-commerce using machine learning algorithms such as K-nearest neighbors, Decision Tree, Random Forest, Support Vector Machine, and Neural Network. The purpose of the research is to assess and contrast the output of these machine learning methods. The suggested approach will be based on data that is readily accessible to the public, and the study’s focus will be on the research of bots in e-commerce.
The purpose of the study is to provide an overview of bots in e-commerce, as well as information on the different kinds and traits of bots, as well as current research on bots in e-commerce and associated work on bot detection in e-commerce. The research also seeks to create a more precise and effective bot detection system as well as find critical factors in detecting bots in e-commerce.
This research is significant because it sheds light on the increasing issue of bots in e-commerce and the requirement for more effective bot detection systems. The suggested approach for using machine learning algorithms to identify bots in ecommerce can give e-commerce platforms a more precise and effective bot detection system to stop malicious bot activities. The study’s results can also be used to create a more effective bot detection system and pinpoint key elements in detecting bots in e-commerce.
In dieser Arbeit wird der Bildbearbeitungsprozess von Dokumenten mithilfe von einem schlicht gehaltenem Neuronalen Netzwerk und Bearbeitungsoperationen optimiert. Ziel ist es, abfotografierte Dokumente zum Drucken aufzubereiten, sodass die Schrift gut lesbar, gerade und nicht verzerrt ist und Störfaktoren herausgefiltert werden. Als API zur Verfügung gestellt, können Bilder von Dokumenten beliebiger Größe und Schriftgröße bearbeitet werden. Während ein unter schlechten Bedingungen schräg aufgenommenes Bild nach Tesseract keine Buchstaben enthält, wird mit dem bearbeiteten Bild davon eine Buchstabenfehlerrate von 0,9% erreicht.
Die Komplexität von Softwareprojekten hat in den letzten Jahren stetig zugenommen. Um den gleichzeitig steigenden Anforderungen an die Codequalität gerecht zu werden, setzen auch ursprünglich dynamisch typisierte Programmiersprachen zuhnemend auf statische Typisierung. Dies kann in Form von externen Werkzeugen geschehen, die zusätzlich zum eigentlichen Compiler den Code auf Typsicherheit überprüfen, oder alternativ durch Erweiterung der Compiler selbst, um die Unterstützung für statische Typisierung direkt in der Sprache zu verankern. Ziel des etylizer-Projekts ist es, für die Programmiersprache Erlang zunächst ein solches externes Tool bereitzustellen und langfristig Teil der Compiler-Toolchain zu werden.In dieser Arbeit wird der Typchecker um die Fähigkeit erweitert, Erlang-Projekte vollständig zu verifizieren. Dafür wird zunächst die interne Symboltabelle erweitert, die etylizer nutzt, um Verweise auf Funktionen und Typen aus anderen Modulen aufzulösen. Die Implementierung der Symboltabelle wird so angepasst,dass sie zur Laufzeit um alle für das aktuell geprüfte Modul benötigten Symbole erweitert wird. Um die Laufzeit im Rahmen zu halten, wird ein Algorithmus entwickelt, der die Abhängigkeiten zwischen den Source-Code Dateien des Erlang-Projekts erkennt und anhand dieser entscheidet, welche Dateien sich seit dem letzten Durchlauf geändert haben und deshalb erneut überprüft werden müssen.
The Internet of Things is spreading significantly in every sector, including the household, a variety of industries, healthcare, and emergency services, with the goal of assisting all of those infrastructures by providing intelligent means of service delivery. An Internet of Vulnerabilities (IoV) has emerged as a result of the pervasiveness of the Internet of Things (IoT), which has led to a rise in the use of applications and devices connected to the IoT in our day-to-day lives. The manufacture of IoT devices are growing at a rapid pace, but security and privacy concerns are not being taken into consideration. These intelligent Internet of Things devices are especially vulnerable to a variety of attacks, both on the hardware and software levels, which leaves them exposed to the possibility of use cases. This master’s thesis provides a comprehensive overview of the Internet of Things (IoT) with regard to security and privacy in the area of applications, security architecture frameworks, a taxonomy of various cyberattacks based on various architecture models, such as three-layer, four-layer, and five-layer. The fundamental purpose of this thesis is to provide recommendations for alternate mitigation strategies and corrective actions by using a holistic rather than a layer-by-layer approach. We discussed the most effective solutions to the problems of privacy and safety that are associated with the Internet of Things (IoT) and presented them in the form of research questions. In addition to that, we investigated a number of further possible directions for the development of this research.
As cyber threats continue to evolve, it is becoming increasingly important for organizations to have a Security Operations Center (SOC) in place to effectively defend against them. However, building and maintaining a SOC can be a daunting task without clear guidelines, policies, and procedures in place. Additionally, most current SOC solutions used by organizations are outdated, lack key features and integrations, and are expensive to maintain and upgrade. Moreover, proprietary solutions can lead to vendor lock-in, making it difficult to switch to a different solution in the future.
To address these challenges, this thesis proposes a comprehensive SOC framework and an open-source SOC solution that provides organizations with a flexible and cost-effective way to defend against modern cyber threats. The research methodology involved conducting a thorough literature review of existing literature and research on building and maintaining a SOC, including using SOC as a service. The data collected from the literature review was analyzed to identify common themes, challenges, and best practices for building and maintaining a SOC.
Based on the data collected, a comprehensive framework for building and maintaining a SOC was developed. The framework addresses essential areas such as the scope and purpose of the SOC, governance and leadership, staffing and skills, technologies and tools, processes and procedures, service level agreements (SLAs), and evaluation and measurement. This framework provides organizations with the necessary guidance and resources to establish and effectively operate a SOC, as well as a reference for evaluating the service provided by SOC service providers.
In addition to the SOC framework, a modern open-source SOC solution was developed, which emphasizes several key measures to help organizations defend against modern cyber threats. These measures include real-time, actionable threat intelligence, rapid and effective incident response, continuous security monitoring and alerting, automation, integration, and customization. The use of open-source technologies and a modular architecture makes the solution cost-effective, allowing organizations to scale it up or down as needed.
Overall, the proposed SOC framework and open-source SOC solution provide organizations with a comprehensive and systematic approach for building and maintaining a SOC that is aligned with the needs and objectives of the organization. The open-source SOC solution provides a flexible and cost-effective way to defend against modern cyber threats, helping organizations to effectively operate their SOC and reduce their risk of security incidents and breaches.
In dieser Forschungsarbeit wird die Datensicherheit von Microsoft Azure analysiert und bewertet. Die Bewertung findet dabei aus der Sicht von Unternehmen statt. Im ersten Abschnitt wird zunächst der grundlegende Aufbau und die unterschiedlichen Formen des Cloud Computing beschrieben. Im zweiten Teil wird ein Vergleich der drei größten Cloud Anbieter vollzogen. Der letzte Teil besteht aus der Evaluation der Datensicherheit von Azure, wobei auf Aspekte wie Datenschutz, Bedrohungen und Schutzmaßnahmen eingegangen wird. Abschließend wird eine Empfehlung für das Unternehmen Bechtle GmbH Offenburg IT-Systemhaus abgegeben.
Im Verlauf der Arbeit stellt sich heraus, dass Azure eine ausreichende Datensicherheit bieten kann. Allerdings wird deutlich, dass durch die Kombination von mehreren Nebenfaktoren wie das Patch-Verhalten oder die Antwortzeit auf Sicherheitsschwachstellen seitens Microsofts, eine große Gefahr für die Daten von Unternehmen entstehen kann. Demnach ist Microsoft als Anbieter ein größeres Problem für die Sicherheit von Daten in Azure als der Cloud-Dienst selbst.
Die Thesis beschäftigt sich mit dem Kommunikationsprotokoll Lightweight Machine to Machine, welches für das Internet of Things entwickelt wurde. Es soll untersucht werden, wie das Protokoll funktioniert und wie es eingesetzt werden kann. Ebenfalls soll die Thesis zeigen, wie und ob Lightweight Machine to Machine über Long Term Evolution for Machines für Anwendungen mit begrenzten Ressourcen geeignet ist. Um diese Fragestellung zu beantworten, wurde das Protokoll auf Grund seiner Spezifikation und seinen Softwareimplementationen untersucht. Daraufhin wurde ein Versuchssystem entworfen und dieses anschließend auf sein Laufzeitverhalten und auf sein Energieverbrauch getestet. Die Evaluation des Protokolls ergab, dass es viele sinnvolle Funktionen zugeschnitten auf Geräte im Internet of Things besitzt und diese Funktionen kompakt und verständlich umsetzt. Da das Protokoll noch relativ jung ist, stellt es an verschiedenen Punkten eine Herausforderung dar. Die Tests des Versuchssystems ergaben, dass Lightweight Machine to Machine sich unter bestimmten Bedingungen für ressourcenbegrenzte Anwendungen eignet.
Licht war für die Menschheit schon immer ein Hilfsmittel zur Orientierung. Das Zusammenspiel zwischen hellen und schattierten Oberflächen macht eine räumliche Wahrnehmung erst möglich. Die Lokalisierung von Lichtquellen bietet darüber hinaus für zahlreiche Anwendungsfelder, wie beispielsweise Augmented Reality, ein großes Potential.
Das Ziel der vorliegenden Arbeit war es, ein neuronales Netzwerk zu entwickeln, welches mit Hilfe eines selbst generierten, synthetischen Datensatzes eine Lichtsetzung parametrisiert. Dafür wurden State-of-the-Art Netzwerke aus der digitalen Bildverarbeitung eingesetzt.
Zu Beginn der Arbeit mussten die Eigenschaften der Lichtsetzung extrahiert werden. Eine weitere fundamentale Anforderung war die Aufbereitung des Wissens von Deep Learning.
Für die Generierung des synthetischen Datensatzes wurde eigens ein Framework entwickelt, welches auf der Blender Engine basiert.
Anschließend wurden die generierten Bilder und Metadaten in einem abgewandelten VGG16- und ResNet50-Netz trainiert, validiert und evaluiert.
Eine gewonnene Erkenntnis ist, dass sich künstlich generierte Daten eignen um ein neuronales Netz zu trainieren. Des Weiteren konnte gezeigt werden, dass sich mit Hilfe von Deep Learning Lichtsetzungsparameter extrahieren lassen.
Eine weiterführende Forschungsaufgabe könnte mit dem vorgeschlagenen Ansatzdie Lichtinszenierung von Augmented Reality Anwendungen verbessern.
Organizations striving to achieve success in the long term must have a positive brand image which will have direct implications on the business. In the face of the rising cyber threats and intense competition, maintaining a threat-free domain is an important aspect of preserving that image in today's internet world. Domain names are often near-synonyms for brand names for numerous companies. There are likely thousands of domains that try to impersonate the big companies in a bid to trap unsuspecting users, usually falling prey to attacks such as phishing or watering hole. Because domain names are important for organizations for running their business online, they are also particularly vulnerable to misuse by malicious actors. So, how can you ensure that your domain name is protected while still protecting your brand identity? Brand Monitoring, for example, may assist. The term "Brand Monitoring" applies only to keep tabs on an organization's brand performance, reception, and overall online presence through various online channels and platforms [1]. There has been a rise in the need of maintaining one's domain clear of any linkages to malicious activities as the threat environment has expanded. Since attackers are targeting domain names of organizations and luring unsuspecting users to visit malicious websites, domain monitoring becomes an important aspect. Another important aspect of brand abuse is how attackers leverage brand logos in creating fake and phishing web pages. In this Master Thesis, we try to solve the problem of classification of impersonated domains using rule-based and machine learning algorithms and automation of domain monitoring. We first use a rule-based classifier and Machine Learning algorithms to classify the domains gathered into two buckets – "Parked" and "Non-Parked". In the project's second phase, we will deploy object detection models (Scale Invariant Feature Transform - SIFT and Multi-Template Matching – MTM) to detect brand logos from the domains of interest.
Even though the internet has only been there for a short period, it has grown tremendously. To- day, a significant portion of commerce is conducted entirely online because of increased inter- net users and technological advancements in web construction. Additionally, cyberattacks and threats have expanded significantly, leading to financial losses, privacy breaches, identity theft, a decrease in customers’ confidence in online banking and e-commerce, and a decrease in brand reputation and trust. When an attacker pretends to be a genuine and trustworthy institution, they can steal private and confidential information from a victim. Aside from that, phishing has been an ongoing issue for a long time. Billions of dollars have been shed on the global economy. In recent years, there has been significant progress in the development of phishing detection and identification systems to protect against phishing attacks. Phishing detection technologies frequently produce binary results, i.e., whether a phishing attempt was made or not, with no explanation. On the other hand, phishing identification methodologies identify phishing web- pages by visually comparing webpages with predetermined authentic references and reporting phishing together with its target brand, resulting in findings that are understandable. However, technical difficulties in the field of visual analysis limit the applicability of currently available solutions, preventing them from being both effective (with high accuracy) and efficient (with little runtime overhead). Here, we evaluate existed framework called Phishpedia. This hybrid deep learning system can recognize identity logos from webpage screenshots and match logo variants of the same brand with high precision. Phishpedia provides high accuracy with low run- time. Lastly, unlike other methods, Phishpedia does not require training on any phishing sam- ples whatsoever. Phishpedia exceeds baseline identification techniques (EMD, PhishZoo, and LogoSENSE), inaccurately detecting phishing pages in lengthy testing using accurate phishing data. The effectiveness of Phishpedia was tested and compared against other standard machine learning algorithms and some state-of-the-art algorithms. The given solutions performed better than different algorithms in the given dataset, which is impressive.
Technology advancement has played a vital role in business development; however, it has opened a broad attack surface. Passwords are one of the essential concepts used in applications for authentication. Companies manage many corporate applications, so the employees must meet the password criteria, which leads to password fatigue. This thesis addressed this issue and how we can overcome this problem by theoretically implementing an IAM solution. In this, we disused MFA, SSO, biometrics, strong password policies and access control. We introduced the IAM framework that should be considered while implementing the IAM solution. Implementing an IAM solution adds an extra layer of security.
Eine neue Programmiersprache zu erlernen kann für Anfänger:innen manchmal schwer sein, selbst für Programmiersprachen wie Python, die bekannt dafür sind Einsteigerfreundlich zu sein. Denn selbst wenn die Syntax eines Python Programms schnell verstanden wird, ist oft nicht direkt erkenntlich wie der Code hinter dem Programm funktioniert. Anfänger:innen können dabei auch auf ihre Grenzen stoßen, den Ablauf eines Programmes nur alleine durch den Programmcode zu verstehen. Denn der Text der den Code ausmacht, kann auch nur bis zu einem gewissen Grad vermitteln wie oder was genau abläuft. Um den Ablauf eines Programms besser vermitteln zu können, wird der Code oft z.B. mit Diagrammen visualisiert. Visuelle Elemente können ebenfalls zusätzlich zum Code mehr Unterstützung leisten. Das Thema dieser Arbeit beschäftigt sich mit der Visualisierung von Python Programmen in der Entwicklungsumgebung Visual Studio Code, um Programmieranfänger:innen und Student:innen beim Erlernen der Programmiersprache Python zu unterstützen. Die Entwicklung der Visualisierung beinhaltet, das Erstellen einer Erweiterung in Visual Studio Code, die unter anderem das Debug Adapter Protocol einsetzt um mit dem Python Debugger zu kommunizieren.
Encryption techniques allow storing and transferring of sensitive information securely by using encryption at rest and encryption in transit, respectively. However, when computation is performed on these sensitive data, the data needs to be decrypted first and encrypted again after performing the computations. During the computations, the sensitive data becomes vulnerable to attackers as it's in decrypted form. Homomorphic encryption, a special type of encryption technique that allows computation on encrypted data can be used to solve the above-mentioned problem. The best way to achieve maximum security with homomorphic encryption is to perform at least the homomorphic encryption and decryption on the client side (browser) of a web application by not trusting the server. At present time there are many libraries with different homomorphic schemes available for homomorphic encryption. However, there are very few to no JavaScript libraries available to perform homomorphic encryption on the client side of any web application. This thesis mainly focuses on the JavaScript implementation of client-side homomorphic encryption. The fully homomorphic encryption scheme BFV is selected for the implementation. After implementing the fully homomorphic encryption scheme based on the “py-fhe” library, tests are also carried out in order to determine the applicability (in terms of time consumption, security and correctness) of this implementation in a web application by comparing the performance and security for different test cases and different settings.
Risk-based Cybermaturity Assessment Model - Protecting the company against ransomware attacks
(2023)
Ransomware has become one of the most catastrophic attacks in the previous decade, hurting businesses of all sorts worldwide. So, no organization is safe, and most companies are reviewing their ransomware defensive solutions to avoid business and operational hazards. IT departments are using cybersecurity maturity assessment frameworks like CMMC, C2M2, CMMI, NIST, CIS, CPP, and others to analyze organization security capabilities. In addition to maturity assessment models for the process layer and human pillar, there are much research on the analysis, identification, and defense of cyber threats in product/software layers that propose state-of-the-art approaches.
This motivates a comprehensive ransomware cyber security solution. Then, a crucial question arises: “How companies can measure the security maturity of controls in a specific danger for example for Ransomware attack?” Several studies and frameworks addressed this subject.
Complexity of understanding the ransomware attack, Lack of comprehensive ransomware defense solutions and Lack of cybermaturity assessment model for ransomware defense solutions are different aspects of problem statement in this study. By considering the most important limitations to developing a ransomware defense cybermaturity assessment method, this study developed a cybermaturity assessment methodology and implemented a Toolkit to conduct cyber security self-assessment specifically for ransomware attack to provide a clearer vision for enterprises to analyze the security maturity of controls regardless of industry or size.