Effectively using Android without Google Play Services with gplayweb in Docker

There are many good reasons of using Android without Google Play Services (the Google's proprietary part of Android operating system), mostly to protect its privacy. Google Play Services contain background processes used by Google not only to provide services (e.g., push notifications, accurate geolocation combining GPS, Wi-Fi and ...

View comments .

more ...

Dynamic Risk Assessment and Response Computation using Bayesian Attack Models

Information systems concentrate invaluable resources, generally composed of the computers, and servers that process the data of an organisation. They constitute an increasingly attractive target for attackers. Given the number and complexity of attacks, security teams need to focus their actions on the most important attacks, in order to select the most efficient security controls. Because of the threat posed by advanced multi-step attacks, it is difficult for security operators to fully defend against all vulnerabilities when deploying countermeasures. Deploying intrusion detection sensors to monitor attacks exploiting residual vulnerabilities is not sufficient and new tools are needed to assess the risk associated with the security events produced by these sensors.

In this PhD thesis, we build a complete framework for static and dynamic risk assessment, leveraging prior knowledge on the information system (e.g., network topology, vulnerabilities, etc.) and dynamic events (e.g., intrusion alerts, attack detection, etc.), to propose responses to prevent future attacks.

View comments .

more ...

Hybrid Risk Assessment Model based on Bayesian Networks

Because of the threat posed by advanced multi-step attacks, it is difficult for security operators to fully cover all vulnerabilities when deploying countermeasures. Deploying sensors to monitor attacks exploiting residual vulnerabilities is not sufficient and new tools are needed to assess the risk associated with the security events produced by these sensors. Although attack graphs were proposed to represent known multi-step attacks occurring in an information system, they are not directly suited for dynamic risk assessment.

In this paper, we present the Hybrid Risk Assessment Model (HRAM), a Bayesian network-based extension to topological attack graphs, capable of handling topological cycles, making it fit for any information system. This hybrid model is subdivided in two complementary models: (1) Dynamic Risk Correlation Models, correlating a chain of alerts with the knowledge on the system to analyse ongoing attacks and provide the hosts' compromise probabilities, and (2) Future Risk Assessment Models, taking into account existing vulnerabilities and current attack status to assess the most likely future attacks. We validate the performance and accuracy of this model on simulated network topologies and against diverse attack scenarios of realistic size.

View comments .

more ...

Bayesian Attack Model for Dynamic Risk Assessment

Because of the threat of advanced multi-step attacks, it is often difficult for security operators to completely cover all vulnerabilities when deploying remediations. Deploying sensors to monitor attacks exploiting residual vulnerabilities is not sufficient and new tools are needed to assess the risk associated to the security events produced by these sensors. Although attack graphs were proposed to represent known multi-step attacks occurring in an information system, they are not directly suited for dynamic risk assessment.

In this paper, we present the Bayesian Attack Model (BAM), a Bayesian network-based extension to topological attack graphs, capable of handling topological cycles, making it fit for any information system. Evaluation is performed on realistic topologies to study the sensitivity of its probabilistic parameters.

View comments .

more ...