Refine
Year of publication
Document Type
- Master's Thesis (66)
- Bachelor Thesis (29)
- Study Thesis (13)
- Conference Proceeding (4)
- Article (reviewed) (1)
- Book (1)
- Other (1)
Conference Type
- Konferenzband (4)
Language
- English (115) (remove)
Has Fulltext
- yes (115) (remove)
Is part of the Bibliography
- no (115) (remove)
Keywords
- COVID-19 (13)
- Government Measures (13)
- Corona (9)
- Crisis (8)
- IT-Sicherheit (8)
- Export (7)
- Maschinelles Lernen (5)
- Deep learning (4)
- Communication Systems (3)
- Computersicherheit (3)
Institute
- Fakultät Medien (M) (ab 22.04.2021) (31)
- Fakultät Maschinenbau und Verfahrenstechnik (M+V) (28)
- Fakultät Wirtschaft (W) (24)
- Fakultät Elektrotechnik, Medizintechnik und Informatik (EMI) (ab 04/2019) (16)
- IfTI - Institute for Trade and Innovation (13)
- Fakultät Medien und Informationswesen (M+I) (bis 21.04.2021) (11)
- Fakultät Elektrotechnik und Informationstechnik (E+I) (bis 03/2019) (6)
- ivESK - Institut für verlässliche Embedded Systems und Kommunikationselektronik (4)
- INES - Institut für nachhaltige Energiesysteme (2)
- IUAS - Institute for Unmanned Aerial Systems (1)
Open Access
- Closed (44)
- Closed Access (41)
- Open Access (30)
- Diamond (5)
- Gold (1)
Linux and Linux-based operating systems have been gaining more popularity among the general users and among developers. Many big enterprises and large companies are using Linux for servers that host their websites, some even require their developers to have knowledge about Linux OS. Even in embedded systems one can find many Linux-based OS that run them. With its increasing popularity, one can deduce the need to secure such a system that many personnel rely on, be it to protect the data that it stores or to protect the integrity of the system itself, or even to protect the availability of the services it offers. Many researchers and Linux enthusiasts have been coming up with various ways to secure Linux OS, however new vulnerabilities and new bugs are always found, by malicious attackers, with every update or change, which calls for the need of more ways to secure these systems.
This Thesis explores the possibility and feasibility of another way to secure Linux OS, specifically securing the terminal of such OS, by altering the commands of the terminal, getting in the way of attackers that have gained terminal access and delaying, giving more time for the response teams and for forensics to stop the attack, minimize the damage, restore operations, and to identify collect and store evidence of the cyber-attack. This research will discuss the advantages and disadvantages of various security measures and compare and contrast with the method suggested in this research.
This research is significant because it paints a better picture of what the state of the art of Linux and Linux-based operating systems security looks like, and it addresses the concerns of security enthusiasts, while exploring new uncharted area of security that have been looked at as a not so significant part of protecting the OSes out of concern of the various limitations and problems it entails. This research will address these concerns while exploring few ways to solve them, as well as addressing the ideal areas and situations in which the proposed method can be used, and when would such method be more of a burden than help if used.
Encryption techniques allow storing and transferring of sensitive information securely by using encryption at rest and encryption in transit, respectively. However, when computation is performed on these sensitive data, the data needs to be decrypted first and encrypted again after performing the computations. During the computations, the sensitive data becomes vulnerable to attackers as it's in decrypted form. Homomorphic encryption, a special type of encryption technique that allows computation on encrypted data can be used to solve the above-mentioned problem. The best way to achieve maximum security with homomorphic encryption is to perform at least the homomorphic encryption and decryption on the client side (browser) of a web application by not trusting the server. At present time there are many libraries with different homomorphic schemes available for homomorphic encryption. However, there are very few to no JavaScript libraries available to perform homomorphic encryption on the client side of any web application. This thesis mainly focuses on the JavaScript implementation of client-side homomorphic encryption. The fully homomorphic encryption scheme BFV is selected for the implementation. After implementing the fully homomorphic encryption scheme based on the “py-fhe” library, tests are also carried out in order to determine the applicability (in terms of time consumption, security and correctness) of this implementation in a web application by comparing the performance and security for different test cases and different settings.
The aim of this essay is to analyse and evaluate the Italian government measures for exporters in response to COVID-19. The unexpected, rapid and hardly predictable consequences of the pandemic paralyzed the entire globe. For a long time, Italy was the epicentre of the virus, which caused severe damage in the Italian export economy dropping temporarily more than 40%. The Italian government reacted exemplary fast and took multiple countermeasures of high extent especially through the Italian export credit agency SACE. On the one hand, the internationally compared broad structure of SACE was a huge advantage, which allowed to release quickly numerous measures. On the other hand, there is room for improvement regarding the accessibility of measure-related information, which has been partially only available in Italian. Furthermore, there is a remarkable risk resulting from the combination of the high monetary effort to enable the numerous measures, the difficult financial situation of the Italian government and the unpredictability of the COVID-19 consequences.
The core logging and tracing facility in Windows operating system is called Event Tracing for Windows (ETW).
Data sources providing events for ETW are instrumented all over the operating system.
That means most hard- and software assets in a Windows system are instrumented with ETW and so are able to contribute low-level information.
ETW can be used by developers and administrators to get low-level information about operating system's activity.
We describe existing tools to interact with the ETW faciltity and evaluate them based on defined criteria.
Based on relevant application scenarios, we show the richness of informational content for debugging or detecting security incidents with ETW.
The widely used instrumentation of ETW in the operating system and its application results also in security risks according to confidentiality.
Based on common ETW providers we show the impact to confidentiality what ETW offers an adversary.
At the end we evaluate solutions and approaches for a customizable telemetry infrastructure using ETW in large-scale environments.
Though the basic concept of a ledger that anyone can view and verify has been around for quite some time, today’s blockchains bring much more to the table including a way to incentivize users. The coins given to the miner or validator were the first source of such incentive to make sure they fulfilled their duties. This thesis draws inspiration from other peer efforts and uses this same incentive to achieve certain goals. Primarily one where users are incentivised to discuss their opinions and find scientific or logical backing for their standpoint. While traditional chains form a consensus on a version of financial "truth", the same can be applied to ideological truths too. To achieve this, creating a modified or scaled proof of stake consensus mechanism is explored in this work. This new consensus mechanism is a Reputation Scaled - Proof of Stake. This reputation can be built over time by voting for the winning side consistently or by sticking to one’s beliefs strongly. The thesis hopes to bridge the gap in current consensus algorithms and incentivize critical reasoning.
The purpose of this master's thesis was to set up a test bed for the absorption of chemical compounds by carbon-based sorbents and polymers and to develop a method for the detection of these substances applied by liquid chromatography.
The study made it possible to demonstrate the effectiveness of both polymers and biochars sorbents for the adosorption of specific substances. The results obtained open new paths on the study of biochar for the treatment of contaminated water. Some biochars made from plant-based materials have been shown to be almost as effective as commercial products used in plants. The developed chromatography method allows efficient separation of substances and their detection.
On a regular basis, we hear of well-known online services that have been abused or compromised as a result of data theft. Because insecure applications jeopardize users' privacy as well as the reputation of corporations and organizations, they must be effectively secured from the outset of the development process. The limited expertise and experience of involved parties, such as web developers, is frequently cited as a cause of risky programs. Consequently, they rarely have a full picture of the security-related decisions that must be made, nor do they understand how these decisions affect implementation accurately.
The selection of tools and procedures that can best assist a certain situation in order to protect an application against vulnerabilities is a critical decision. Regardless of the level of security that results from adhering to security standards, these factors inadvertently result in web applications that are insufficiently secured. JavaScript is a language that is heavily relied on as a mainstream programming language for web applications with several new JavaScript frameworks being released every year.
JavaScript is used on both the server-side in web applications development and the client-side in web browsers as well.
However, JavaScript web programming is based on a programming style in which the application developer can, and frequently must, automatically integrate various bits of code from third parties. This potent combination has resulted in a situation today where security issues are frequently exploited. These vulnerabilities can compromise an entire server if left unchecked. Even though there are numerous ad hoc security solutions for web browsers, client-side attacks are also popular. The issue is significantly worse on the server side because the security technologies available for server-side JavaScript application frameworks are nearly non-existent.
Consequently, this thesis focuses on the server-side aspect of JavaScript; the development and evaluation of robust server-side security technologies for JavaScript web applications. There is a clear need for robust security technologies and security best practices in server-side JavaScript that allow fine-grained security.
However, more than ever, there is this requirement of reducing the associated risks without hindering the web application in its functionality.
This is the problem that will be tackled in this thesis: the development of secure security practices and robust security technologies for JavaScript web applications, specifically, on the server-side, that offer adequate security guarantees without putting too many constraints on their functionality.
Technology advancement has played a vital role in business development; however, it has opened a broad attack surface. Passwords are one of the essential concepts used in applications for authentication. Companies manage many corporate applications, so the employees must meet the password criteria, which leads to password fatigue. This thesis addressed this issue and how we can overcome this problem by theoretically implementing an IAM solution. In this, we disused MFA, SSO, biometrics, strong password policies and access control. We introduced the IAM framework that should be considered while implementing the IAM solution. Implementing an IAM solution adds an extra layer of security.
This thesis deals with the implementation of character controls and combat system of the Action Adventure 'Scout 3D'. The game development was realized with the game engine Unity 3D. In the first part, the architecture of a typical game engine is explained. The single components are describes step by step. Then, five well-known game engines are compared and evaluated. In the next chapter, a short overview about design and architecture patterns is worked out. The features of Unity, that are used for the implementation, and Unity's animation system 'Mecanim, are described finally. The second part includes the requirement definitions for the game 'Scout COD' which define player input, different conditions that allow or disallow several activities and the behaviour of enemies. With the help of patterns the architecture of the game is designed. Then, the implementation is explained by means of code snippets.
Implementation and Evaluation of an Assisting Fuzzer Harness Generation Tool for AUTOSAR Code
(2024)
The digitalization in vehicles tends to add more connectivity such as over-the-air (OTA) updates. To achieve this digitization, each ECU (Electronic Control Unit) becomes smarter and needs to support more and more different externally available protocols such as TLS, which increases the attack surface for attackers. To ensure the security of a vehicle, fuzzing has proven to be an effective method to discover memory-related security vulnerabilities. Fuzzing the software run- ning on a ECU is not an easy task and requires a harness written by a human. The author needs a deep understanding of the specific service and protocol, which is time consuming. To reduce the time needed by a harness author, this thesis aims to develop FuzzAUTO, the first assistant harness generation tool targeting the AUTOSAR (AUTomotive Open System ARchitecture) BSW (Basic Software) to support manual harness generation.