1 - 4 of 4
ItemShort-Term and Long-Term Solutions for Secure Verification of Aircraft- Reported ADS-B Location in Air Traffic Networks( 2018-01-03)Automatic dependent surveillance-broadcast (ADSB) is the foundation of next-generation air traffic management systems. The precision granted by ADS-B will allow for the network to support the huge growth in air traffic in the coming decades and assist both air traffic controllers and pilots in improving safety in flight. However, the ADS-B protocol has serious security vulnerabilities. Coupled with the importance of ADS-B in the air transportation system, these security issues make ADS-B an appealing target for attack by adversaries. This paper dismisses the need for encryption and focuses security strategies on location verification. Multilateration is combined with data fusion and location tracking for effective and undemanding short-term and long-term location verification. By taking input from air traffic controllers, a secondary location tracking systems allows for a backup record of controlled aircraft that can easily be referred to in emergencies.
ItemA Novel Method to Enhance ISSP Compliant: an Approach Drawing Upon the Concept of Empowerment in Erm System Workflow( 2018-01-03)Nowadays, enterprises employ information security system to protect organizational assets, then enforce employee to follow system workflow (i.e., information security policies). Although companies control employee by predefined workflow, employees tend to circumvent the workflow when the workflow is impeded and being inflexibility. Thus, the goal of this study is to delineate the new concept of system workflow, which is the method of increasing system workflow flexibility. We propose the notion of empowered system workflow through in the specific context of the enterprise digital rights management system (ERM). The ERM as an example of an information security system plays a role in persistently protecting information assets. This study examined the differences between the proposed notion of ERM system and the conventional ERM system through three aspects (psychological ownership, perceived benefit, and awareness of audit). The results of this study are expected to shed light on new approach to compliance behavior.
ItemOn the Effectiveness of Hardware Enforced Control Flow Integrity( 2018-01-03)Defenses such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and stack canaries have been circumvented by recent exploits. As a result, security researchers have turned towards Control Flow Integrity (CFI) to defend systems. Previous attempts to achieve CFI have tried to remain efficient and practical, but were exploitable. The NSA proposed a CFI system which integrates new hardware and program instrumentation. The purpose of this research is to assess and improve this proposal. In this paper, the system is exploited through the development of simple, vulnerable programs. It is shown to be effective in mitigating Jump Oriented Programming (JOP) attacks through an algorithm introduced as part of this work. Finally, different approaches are proposed to improve upon this system while their merits and issues are assessed.