D'Hondt, Alexandre
[UCL]
Bahmad, Hussein
[UCL]
Sadre, Ramin
[UCL]
Nowadays, information security takes an increasing place in the world of Information Technologies. We work using software products provided by the enterprise, often assuming that these products are safe for use. More and more often, our work cannot be achieved without using online resources, requiring complex services and then expanding the attack surface on enterprise's systems. One may have noticed in the media these last years some effects of the exposure of enterprise or governmental systems, ranging from information leaks (e.g. top-secret information exfiltration from the NSA by Edward Snowden until 2013) to theft of large amounts of money (e.g. 81 million dollars stolen by hackers to Bangladesh in April 2016), including Denials of Service (e.g. a large distributed DoS on servers in US and Europe in 2014). A large part of these can be explained by an inappropriate or insufficient management of information security and a mistaken risk assessment, whose some are simply due to incomplete or non-existent knowledge about the security of used software products. In this scope, a large effort was made this last decade in order to control the resources of an enterprise environment. Relying mostly on application white-listing, patch management and privileges restriction, which are the essential strategies to mitigate targeted cyber-intrusions, these products help enterprises mainly to detect (and, if possible, block) intrusions (e.g. aimed to cause data leakage or interrupting systems) but do not emphasize the process of maintaining Software Approved Products Lists in an automated way and as a common base to enforce the control on the various resources across their operational units. As such online systems are aimed to detect and/or block threats, offline systems better suit the need to prevent them. An offline framework, following well-defined guidelines, could fulfil the requirement to sufficiently know about a software before deploying it in a real environment. In this master thesis, we propose to design and develop a modular and extensible framework in order to automate the greatest possible part of the Software APL establishment process by gathering data from various reference sources (i.e. security guidelines for hardening applications and security controls), by using an infrastructure with particular capabilities and means to gather application metadata and by structuring the collected data into a comprehensive dynamic knowledge base. We also propose to conduct some analysis of common applications based on a scenario elaborated to show the capabilities of our solution.
Référence bibliographique |
D'Hondt, Alexandre ; Bahmad, Hussein. Design and implementation of a software APL automation framework - Analysis of common applications. Ecole polytechnique de Louvain, Université catholique de Louvain, 2016. Prom. : Sadre, Ramin. |
Permalien |
http://hdl.handle.net/2078.1/thesis:8128 |