Bengt Carlsson

A risk analysis of a smart home automation system

Enforcing security in Internet of Things environments has been identified as one of the top barriers for realizing the vision of smart, energy-efficient homes and buildings. In this context, understanding the risks related to the use and potential misuse of information about homes, partners, and end-users, as well as, forming methods for integrating security-enhancing measures in the design is not straightforward and thus requires substantial investigation. A risk analysis applied on a smart home automation system developed in a research project involving leading industrial actors has been conducted. Out of 32 examined risks, 9 were classified as low and 4 as high, i.e., most of the identified risks were deemed as moderate. The risks classified as high were either related to the human factor or to the software components of the system. The results indicate that with the implementation of standard security features, new, as well as, current risks can be minimized to acceptable levels albeit that the most serious risks, i.e., those derived from the human factor, need more careful consideration, as they are inherently complex to handle. A discussion of the implications of the risk analysis results points to the need for a more general model of security and privacy included in the design phase of smart homes. With such a model of security and privacy in design in place, it will contribute to enforcing system security and enhancing user privacy in smart homes, and thus helping to further realize the potential in such IoT environments. Smart home automation systems introduce security and user privacy risks.A risk analysis of a smart home automation system is designed and conducted.32 risks are identified, of which four are classified as severe and 19 as moderate.The severe risks are related to the software components, as well as human behavior.It is concluded that security and privacy should be integrated in the design phase.

The Rise and Fall of Napster - An Evolutionary Approach

The paper addresses dynamics in information ecosystems due to competition between selfish agents to get control of protectable resources. In our case study we investigate the first arms race on Internet triggered by the Napster introduction of an easy to use service for sharing files with music content among users. We set up a model for investigation of possible scenarios emerging from the Napster and Gnutella peer-to-peer tools for information sharing. We also introduce a formal model for analyzing the Napster scenario in the cases of selfish or altruistic users. The prediction provided by our model is in line with what really happened in the Napster case. The model also shows that the outcome was indeed unavoidable if we have selfish users.

Agile development with security engineering activities

Agile software development has been used by industry to create a more flexible and lean software development process, i.e making it possible to develop software at a faster rate and with more agility during development. There are however concerns that the higher development pace and lack of documentation are creating less secure software. We have therefore looked at three known Security Engineering processes, Microsoft SDL, Cigatel touchpoints and Common Criteria and identified what specific security activities they performed. We then compared these activities with an Agile development process that is used in industry. Developers, from a large telecommunication manufacturer, were interviewed to learn their impressions on using these security activities in an agile development process. We produced a security enhanced Agile development process that we present in this paper. This new Agile process use activities from already established security engineering processes that provide the benefit the developers wanted but did not hinder or obstruct the Agile process in a significant way.

Privacy-Invasive Software and Preventive Mechanisms

Computers are increasingly more integrated into peoples¿ daily lives. In this development, user privacy is affected by the occurrence of privacy-invasive software (PIS), sometimes loosely labelled as spyware. The border between legitimate software and PIS is vague and context dependent, at best specified through End-User License Agreements (EULA). This lack of spyware definition result in that current countermeasures are bound to noticeable misclassification rates. In this work we present a classification of PIS from which we come to the conclusion that additional mechanisms that safeguard users¿ consent during software installation is needed, to effectively counteract PIS. We further present techniques that counteract PIS by increasing user awareness about software behaviour, which allow users to base their software installation consent on more informed decisions.

Improving software security with static automated code analysis in an industry setting

Software security can be improved by identifying and correcting vulnerabilities. In order to reduce the cost of rework, vulnerabilities should be detected as early and efficiently as possible. Static automated code analysis is an approach for early detection. So far, only few empirical studies have been conducted in an industrial context to evaluate static automated code analysis. A case study was conducted to evaluate static code analysis in industry focusing on defect detection capability, deployment, and usage of static automated code analysis with a focus on software security. We identified that the tool was capable of detecting memory related vulnerabilities, but few vulnerabilities of other types. The deployment of the tool played an important role in its success as an early vulnerability detector, but also the developers perception of the tools merit. Classifying the warnings from the tool was harder for the developers than to correct them. The correction of false positives in some cases created new vulnerabilities in previously safe code. With regard to defect detection ability, we conclude that static code analysis is able to identify vulnerabilities in different categories. In terms of deployment, we conclude that the tool should be integrated with bug reporting systems, and developers need to share the responsibility for classifying and reporting warnings. With regard to tool usage by developers, we propose to use multiple persons (at least two) in classifying a warning. The same goes for making the decision of how to act based on the warning. Copyright

Secure IT systems

We propose a security Risk Assessment process model which details the steps in the Risk Assessment process, such as resources used for Risk Assessment, actions performed on these resources, input data gained by these actions, risk evaluation methods applied and finally the output produced. The model highlights different paths that can be taken in RA methods, some issues with the existing methods and potential areas for development of new methods.We propose a security Risk Assessment process model which details the steps in the Risk Assessment process, such as resources used for Risk Assessment, actions performed on these resources, input data gained by these actions, risk evaluation methods applied and finally the output produced. The model highlights different paths that can be taken in RA methods, some issues with the existing methods and potential areas for development of new methods.In this paper we describe the THAPS vulnerability scanner for PHP web applications. THAPS is based on symbolic execution of PHP with specialised support for scanning extensions and plug-ins of larger application frameworks. We further show how THAPS can integrate the results of dynamic analyses, generated by a customised web crawler, into the static analysis. This enables analysis of often used advanced dynamic features such as dynamic code load and reflection. To the best of our knowledge, THAPS is the first tool to apply this approach and the first tool with specific support for analysis of plug-ins. In order to verify our approach, we have scanned 375 WordPress plugins and a commercial (monolithic) web application, resulting in 68 and 28 confirmed vulnerabilities respectively.

Privacy-Invasive Software in Filesharing Tools

Personal privacy is affected by the occurrence of adware and spyware in peertopeer tools. In an experiment, we investigated five file-sharing tools and found that they all contained ad-/spyware programs, and, that these hidden components communicated with several servers on the Internet. Although there was no exchange of files by way of the file-sharing tools, they generated a significant amount of network traffic. Amongst the retrieved ad-/spyware programs that communicated with the Internet, we discovered that privacy-invasive information such as, e.g., user data and Internet browsing history was transmitted. In conclusion, ad-/spyware activity in file-sharing tools creates serious problems not only to user privacy and security, but also to network and system performance. The increasing presence of hidden and bundled ad-/spyware programs in combination with the absence of proper anti-ad/spyware tools are therefore not beneficial for the development of a secure and stable use of the Internet.

Coordination Models for Dynamic Resource Allocation

A number of different coordination models for dynamic resource allocation are proposed. The models are based on an asynchronous and distributed approach which makes use of mobile agents to distribute the resources of the providers between the consumers. Each provider has a broker, i.e., the mobile agent, that continually visits all or a subset of the consumers, offering the resources currently available at the corresponding provider. The models are increasingly complex, starting with a rather simple static mechanism, and ending with a sophisticated solution that balance the allocations both from the consumer and the provider perspective. Finally, an evaluation of the models in a realistic Intelligent Network domain is presented.

A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting

A security-enhanced agile software development process, SEAP, is introduced in the development of a mobile money transfer system at Ericsson Corp. A specific characteristic of SEAP is that it includes a security group consisting of four different competences, i.e., Security manager, security architect, security master and penetration tester. Another significant feature of SEAP is an integrated risk analysis process. In analyzing risks in the development of the mobile money transfer system, a general finding was that SEAP either solves risks that were previously postponed or solves a larger proportion of the risks in a timely manner. The previous software development process, i.e., The baseline process of the comparison outlined in this paper, required 2.7 employee hours spent for every risk identified in the analysis process compared to, on the average, 1.5 hours for the SEAP. The baseline development process left 50% of the risks unattended in the software version being developed, while SEAP reduced that figure to 22%. Furthermore, SEAP increased the proportion of risks that were corrected from 12.5% to 67.1%, i.e., More than a five times increment. This is important, since an early correction may avoid severe attacks in the future. The security competence in SEAP accounts for 5% of the personnel cost in the mobile money transfer system project. As a comparison, the corresponding figure, i.e., For security, was 1% in the previous development process.

Software Vulnerability Assessment Version Extraction and Verification

Software vendors do not on a regular basis label their products with the exact software version. This is contrary to branded household products where model numbers and serial numbers allows the consumer to identify the product and get assistance if something goes wrong. We investigated version and product information within 8468 different software programs, where freeware and shareware showed a considerable lack of relevant information. A tool is proposed for identifying relevant version information and for verifying potential threats matched against a software vulnerability database. We suggest that software vendors in the future conform to general conventions of storing version information in a standardized way.