Computer and Network Security Essentials

An overview of basic computer security concepts is presented along with a brief history of major computer security events of the late twentieth and early twenty-first centuries. This is followed by a description of the most important computer security vulnerabilities that exist today and countermeasures being used to mitigate them. Future trends in computer security are assessed.

In this chapter, a new review and taxonomy of the classifiers that have been used with intrusion detection systems in the last two decades is presented. The main objective of this chapter is to provide the reader with the knowledge required to build an effective classifier for IDSs problems by reviewing this phase in component-by-component structure rather than paper-by-paper organization. We start by presenting the extracted features that resulted from the pre-processing phase. These features are supposed to be supplied to the pattern analyzer, and therefore different types of analyzers are presented. We discuss also the knowledge representation that is produced from these pattern analyzers. In addition, the decision making component (of IDS) which we called here detection phase is also presented in details with the most common algorithms used with IDS. The chapter explores the classifier decision types and the possible threats with their subclasses. The chapter also discusses the current open issues that face pattern analyzers that work in adversarial environments like intrusion detection systems and some contributions in this field. The components discussed in this chapter represent the core of the framework of any IDS.

The aim of this chapter is to apply an advanced journal-published state machine engine to the analysis of state variables that can detect the presence of Advanced Persistent Threat (APT) and other malware. The Finite Angular State Velocity Machine (FAST-VM) can model and analyze large amounts of state information over a temporal space. The ability to analyze and model large amounts of data over time is a key factor in detecting Advanced Persistent Threat. Experimentally, the FAST-VM has analyzed 10,000,000 state variable vectors in around 24 ms. This demonstrates the application of “big data” to the area of cyber security. The Finite Angular State Transition Velocity Machine (FAST-VM) has the capability to address these challenges and is based on previous published work with Spicule. It reduces the high order of state variable changes that have subtle changes in them over time to a threat analysis that is easy to comprehend and can also predict future threats. FAST-VM unifies the three major areas of IDS (anomaly, misuse, and specification) into a single model. The FAST-VM mathematical analysis engine has shown great computational possibilities in prediction, classification, and detection, but it has never been mapped to a system’s state variables. This technology seeks to determine how to map the state variables in a system to detect APT. Successful technology development in this area could dramatically affect all facets of computation, especially autonomous vehicles and networks. This chapter will present theory then application of this advanced technology.

In recent years, there is an increase in the geographical and logical spread of data. Even the organizations competing with each other normally, increasingly collaborate with each other to exploit the distributed data and collaboratively undertake data mining therein. However, the increased sharing of data gives rise to privacy concerns as the collaborative entities may be competing with each other. The need for efficient algorithms in terms of privacy and efficiency for the different adversary and data models for various areas of application is therefore an important research problem. In this chapter, we discuss the state-of-the-art of cryptographic Privacy Preserving Distributed Data Mining (PPDDM) approaches. In particular, we focus on the case study of Privacy Preservation in Distributed Association Rule Mining (PPDARM). We primarily discuss information-theoretically secure schemes that aim to improve the state-of-the-art in the area of PPDARM by providing the highest level of security.We discuss efficient and secure privacy preserving information-theoretically secure schemes that an application designer could choose from depending on the application requirements, the partition model, the adversary model and the number of participating parties for collaborative association rule mining.

Nowadays, users and corporates are more and more connected to the web. User accesses her/his sensitive business/non-business applications using a web browser. There are numerous browsers’ based attacks and many of them are implemented using JavaScript. One of these attacks is Drive-by-Download. Security researchers introduced several tools and techniques to detect and/or prevent this serious attack. Few address the browser forensics to identify the attack traces/evidences and reconstruct the executed events of a downloaded malicious content. In this study, we introduce a postmortem forensic methodology that investigates a web browser subjected to Drive-by-Download attack. We develop a Firefox browser extension (FEPFA) to delve into the malicious URLs. The developed system is tested on malicious web pages and successfully identifies the digital evidences of the attack. The majority of the collected evidences were non-volatile evidences that could assist forensic investigator in the postmortem analysis.

Deployments in hostile & unattended environments and non-replenishable energy supply have influenced the protocol design in wireless sensor networks. In-network processing of sensor readings helps in reducing the redundant reverse multicast traffic, communicated from leaf nodes to the base station. However, hostile deployments and in-network processing of sensor readings have raised security concerns. The present work explores different malleable cryptosystems (or homomorphic cryptosystems) used in wireless sensor networks to ensure the privacy and confidentiality of sensor readings at vulnerable intermediate nodes. As per our knowledge, the comprehensive discussion of malleable cryptosystems, presented in this chapter, increases the applicability of these cryptosystems in Wireless Sensor Networks as well as in other research areas such as Internet of Things, Network Coding, and Cloud Computing.

In this chapter, a new review and taxonomy of the input data and pre-processing techniques of intrusion detection systems are presented. This chapter surveys the literature over the last two decades on the data of intrusion detection systems. We present also in this chapter a framework for understanding the different components described in the literature that allows readers to systematically understand the works and envision future hybrid approaches. The chapter describes how to collect the data, and how to prepare this data for different types of processing. We opted to organize the chapter along a component-by-component structure, rather than a paper-by-paper organization, since we believe this will give the reader a wider perspective about the process of constructing an intrusion detection system and its evaluation mechanisms. The organization of this chapter represents an ideal intrusion detection system since it contains most of the components of IDS, so existing approaches can be neatly accommodated within this framework. This will allow the reader to construct and explore new systems by assembling the described components in novel arrangements. We have also conducted important comparisons after each component of IDS supported by some tables to give the reader a better perspective about that particular component. In this sense, it provides insights that a reader would not gain by simply reading the original source papers. The classifiers used with IDS are beyond the scope of this chapter.

The use of communication networks and the Internet has rocketed in the last years. From the traditional, wired settings to the wireless ones, connectivity is becoming almost ubiquitous in modern societies. Security concerns are critical, such as data forgery or tampering. In order to address these needs, security protocols have been proposed for each setting over the years. This chapter introduces the essential aspects of several representative protocols concerning authentication, remote connection, secure data exchange, and wireless protection for networks and Internet. Remarkably, basic notions on well-known protocols such as Kerberos are presented without entering into low-level details.

We decided to use simpler definitions of security and privacy, boiling down to their most essential characteristics. Our guide was the famous Cooley’s classic definition of personal immunity as “a right of complete immunity: to be let alone” [3]. This phrase was soon adapted for definition of privacy. Being provided by a lawyer, it includes physical aspects of privacy—critical in the real world but not essential in the virtual world; as will be clear from our definitions of security and privacy in the next paragraph, we see these aspects more as security characteristics than privacy characteristics.

Underwater Acoustic Networks (UANs) use acoustic communication and are characterized by limited bandwidth capacity, high energy consumption, long propagation delay, which cause the traditional protocols designed for radio channels to be either inapplicable or to be inefficient for UANs. The chapter introduces a three-layer protocol architecture for UANs which is Micro-ANP (including Application, Network-transport, and Physical layer). Further, based on the Micro-ANP architecture and Recursive LT (RLT) code, a handshake-free reliable transmission mechanism is presented in detail.

Unauthorized access to information continues to be a challenging problem, especially in a time where cyber-attacks are on the rise. Current security measures (e.g., access control systems, firewalls, intrusion detection systems) alone are not sufficient to protect the information technology (IT) infrastructure from a resourceful malicious attacker. This chapter presents a novel approach to configure a honeypot environment using football play formations to form a Virtual Security Shield (VSS). We show how VSS can be used to simulate moving a honeypot to different locations in the network to generate valuable information about a malicious attacker. This information can be used to prevent future unauthorized access to an infrastructure. We also provide results from a proof of concept experiment.

A barcode is a graphical image that stores data in special patterns of vertical spaced lines (linear or 1D barcode), or special patterns of vertical and horizontal squares (2D barcode). The encoded data can be retrieved using imaging devices such as barcode scanner machines and smartphones with specific reader applications. 2D barcodes are considered inexpensive tools in business marketing, and several companies are using them to facilitate the post-sale follow-up procedure of their products. Many previous studies discussed the potential risks in using 2D barcodes and proposed different security solutions against barcode threats. In this paper, we present a comparative study of various attacks to 2D barcodes and of the available protection mechanisms. We highlight the limitations and weaknesses of these mechanisms and explore their security capabilities. According to our analysis, although many of the available barcode security systems offer cryptographic solutions, they can still have weak points such as the adoption of insecure cryptographic mechanisms. In some cases, cryptographic solutions do not even provide enough detail to evaluate their effective security. We revise potential weaknesses and suggest remedies based on the recommendations from the European Union Agency for Network and Information Security (ENISA).

As cloud computing is becoming popular, more and more users continue to shift to cloud services for massive data storage rather than building private data centers. However, to protect data confidentiality on untrusted external servers and at the same time allow search and information retrieval, it is necessary to store the data in searchable encrypted form. This represents a challenging problem for which considerable effort has been made, and several approaches have been proposed in the literature. The basic idea of these techniques is to encrypt the data in a way that allows an untrusted server to perform a keyword search using a trapdoor without revealing any information about the keyword(s) or the content of the encrypted data. In this chapter, we introduce the problem and review the basic concepts and current knowledge about searchable encryption. We also discuss various application scenarios and basic primitives and techniques for exact and approximate search over encrypted data on the cloud.

Cloud computing is an emerging computing paradigm that offers computational facilities and storage as services dynamically on demand basis via the Internet. The ability to scale resources and the pay-as-you-go usage model has contributed to its growth. However, cloud computing inevitably poses various security challenges and majority of prospective customers are worried about unauthorized access to their data. Service providers need to ensure that only authorized users access the resources, and for this they need to adopt strong user authentication mechanisms. The mechanism should provide users with the flexibility to access multiple services without repeated registration and authentication at each provider. Considering these requirements, this chapter deliberates a Single Sign-on based two-factor authentication protocol for cloud based services. The proposed scheme uses password and a mobile token as authentication factors and does not require a verifier table. The formal verification of the protocol is done using Scyther.

The twenty-first century belongs to the world of computing, specially as a result of the so-called cloud computing. This technology enables ubiquitous information management and thus people can access all their data from any place and at any time. In this landscape, the emergence of cloud storage has had an important role in the last 5 years. Nowadays, several free-access public cloud storage services make it possible for users to have a free backup of their assets and to manage and share them, representing a low-cost opportunity for Small and Medium Enterprises (SMEs). However, the adoption of cloud storage involves data outsourcing, so a user does not have the guarantee about the way her data will be processed and protected. Therefore, it seems necessary to endow public cloud storage with a set of means to protect users’ confidentiality and privacy, to assess data integrity and to guarantee a proper backup of information assets. Along this paper, we discuss the main challenges to achieve such a goal, underlining the set of functionalities already implemented in the most popular public cloud storage services.

Elliptic Curve Cryptography (ECC) is a branch of public-key cryptography based on the arithmetic of elliptic curves. In the short life of ECC, most standards have proposed curves defined over prime finite fields using the short Weierstrass form. However, some researchers have started to propose as a more secure alternative the use of Edwards and Montgomery elliptic curves, which could have an impact in current ECC deployments. This chapter presents the different types of elliptic curves used in Cryptography together with the best-known procedure for generating secure elliptic curves, Brainpool. The contribution is completed with the examination of the latest proposals regarding secure elliptic curves analyzed by the SafeCurves initiative.

Wireless sensor networks (WSNs) are a fundamental part of many emerging ICT scenarios, and, consequently, there are several security threats to which they are exposed. In recent years, malware propagation has gained special attention due to the resource improvements of sensor nodes of WSNs. The main goal of this work is to perform an analysis of the mathematical models proposed in the scientific literature by focusing the attention on network models. From this study, some suggestions in order to design efficient mathematical models for malware propagation in WSNs are proposed.

Authenticating the identity of users is a critical issue in information security. Biometrics is known for recognizing users based on their physiological or behavioral traits as identifiers and these cannot be easily stolen unlike passwords or ID cards. Biometrics could be employed as the primary means for authentication, called user identification, as well as a complementary (secondary) method for authentication, known as user verification. Biometric traits that cannot be easily forged and are supposedly unique for each user can form the basis of techniques for user identification. Biometric traits need not be unique for each user, but, can be used to validate whether a user is whom he/she claims to be form the basis for user verification techniques. The first half of the chapter describes several biometric techniques used for identification and verification and compares them with respect to different operating parameters. In addition, the different components (constituent blocks) of a biometric system and the performance metrics used to analyze the effectiveness of biometric systems are also discussed. The second half of the chapter focuses on the security aspects of biometric systems, especially spoofing attacks and a solution to enhance the security and effectiveness through multi-biometric systems.

Two important topics related to the cloud security are discussed in this chapter: the authentication of logical users accessing the cloud, and the security of data stored on public cloud servers. A real cloud platform is used as example; it is designed and implemented to support basic web applications, and to be shared by small and medium companies. Such platform is built using the OpenStack architecture. The user authentication is based on an original biometric approach exploiting fingerprints and open to multimodal improvements. The platform guarantees secure access of multiple users and complete logical separation of computational and data resources, related to different companies. High level of protection of the data, stored in the cloud, is ensured by adopting a peculiar data fragmentation approach.Details are given about the authentication process and of the service modules involved in the biometric authentication. Furthermore are discussed the key issues, related to the integration of the biometric authentication, in the cloud platform.

In digital forensics in general and in network forensics in particular, search through very large amounts of data plays a crucial role. It is used for finding evidence in digital media as well as for finding traces of attacks in computer memory and network traffic. The amount of data to be processed is not the only challenge faced by a search algorithm. Variations in data make the search task even more difficult, and the reasons for these variations are heterogeneous (transmission errors, differences in implementation of various protocols, different data formatting on various sources of information, attempts to hide the traces of criminal activities, and so on). In some cases, especially in network forensics, velocity of data is an additional factor that further complicates the task of a search algorithm. Therefore, the use of sophisticated search algorithms implemented in an efficient way and the reduction of data quantities to process are the key success factors of digital forensics investigation. In this chapter, constrained approximate bit-parallel search algorithms capable of both reducing the size of the data sets to process and efficiently processing the remaining data are explained. We analyze capabilities of these algorithms to correctly detect evidence/traces of attacks and to keep the false-positive rate at an acceptable level.

With the advance of technology, Criminal Justice agencies are being confronted with an increased need to investigate cybercrimes perpetrated partially or entirely over the Internet. In order to conceal illegal online activity, criminals often use private browsing features or browsers designed to provide complete private browsing. The use of private browsing is a common challenge faced in, for example, child exploitation investigations, which usually originate on the Internet. Although private browsing features are not designed specifically for criminal activity, they have become a valuable tool for criminals looking to conceal their online activity. Private browsing features and browsers often require a more in-depth, post-mortem analysis. This often requires the use of multiple tools, as well as different forensic approaches to uncover incriminating evidence. This evidence may be required in a court of law, where analysts are often challenged both on their findings and on the tools and approaches used to recover evidence. However, there are very few research studies on forensic acquisition and analysis of privacy preserving Internet browsers. Therefore in this chapter, we firstly review the private mode of popular Internet browsers. Next, we describe the forensic acquisition and analysis of Browzar, a privacy preserving Internet browser.

SIM cards as part of smart cards are considered one of the elements found in every mobile phone either smartphone or not. They are used to communicate through the telephone network. SIM cards can be used to track the mobile or to extract user’s data like SMS or phonebook. Moreover, criminal cases involving mobile phone activities are increasing. Therefore, mobile security and analysis is important during the investigation.We will emphasize on all the elements related to SIM cards. These elements are the differences between its communication protocols, SIM card application development environment, and SIM card file structure including the file meta-data. We will also describe in detail how to communicate with SIM card and extract information which can help with criminal investigation. In this research, we also investigate the SMS forensics and how we can use this information to track user’s activities during a certain period of time.

Physical Unclonable Function PUFs are probabilistic functions that are widely used for the security of silicon technology chips including ASIC/FPGA. Despite the prevalence of numerous techniques for fabrication of Silicon PUFs (SPUFs), to the best of our knowledge, a well-established dynamic technique that can provide updated secret keys to improve ROPUF security against modeling attacks does not exist. In this book chapter, an area-efficient technique that exploits an appropriate reconfiguration mechanism and utilizes dedicated FPGA resources to build a dynamic multi-stage ROPUF (d-ROPUF) structures is proposed. To determine the correlation between each structure and its performance, the normality of the generated RO frequencies is studied. Experimental results show that a structure with fewer stages has higher performance in terms of variability and diverseness. Statistical characteristics of the response bits are studied at normal and varying temperature and voltage variations in order to validate the performance of the proposed technique in terms of uniqueness, uniformity, bit-aliasing, and reliability. Our results show that the d-ROPUF exhibits better uniqueness, uniformity, bit-aliasing, and reliability at varying operating conditions when compared with other techniques.

Physical Unclonable Functions (PUFs) is an emerging area, in the hardware security field. As a relatively new concept for computers and networks security, there is an ongoing research in various technologies. There are alternative proposed designs, so far, regarding different targets each time. This chapter is a state of the art, regarding the most important technologies, of PUFs designs. The alternative PUFs technologies are studied and analyzed, while the advantages of each one are highlighted. Furthermore, the silicon subclass of PUFs is detailed focused, since it is among the most important and widely applied. This is due to the fact that they can be easily implemented in a modern security system, with sufficient and flexible designs. Comparisons regarding implementation issues such as performance, area resources, and achieved security level are discussed in detail.

Data usually takes different shapes and appears as files, windows, processes’ memory, network connections, etc. Information flow tracking technology keeps an eye on these different representations of a data item. Integrated with a usage control (UC) infrastructure, this allows us to enforce UC requirements on each representation of a protected data item. To enable UC enforcement in distributed settings, we need to be able to track information flows across system boundaries. In this paper, we introduce a state-based information flow model for tracking explicit flows between systems equipped with UC technology. We demonstrate the applicability of our approach by means of an instantiation in the field of video surveillance, where systems are increasingly accessed via insecure mobile applications. Based on usage control and inter-system information flow tracking, we show how video data transmitted from a video surveillance server to mobile clients can be protected against illegitimate duplication and redistribution after receipt.

The explosive growth, complexity, adoption, and dynamism of cyberspace over the last decade have radically altered the globe. A plethora of nations have been at the very forefront of this change, fully embracing the opportunities provided by the advancements in science and technology in order to fortify the economy and to increase the productivity of everyday’s life. However, the significant dependence on cyberspace has indeed brought new risks that often compromise, exploit, and damage invaluable data and systems. Thus, the capability to proactively infer malicious activities is of paramount importance. In this context, generating cyber threat intelligence related to probing/scanning and Distributed Denial of Service (DDoS) activities renders an effective tactic to achieve the latter.In this chapter, we investigate such malicious activities by uniquely analyzing real Internet-scale traffic targeting network telescopes or darknets, which are defined by routable, allocated yet unused Internet Protocol (IP) addresses. Specifically, we infer and characterize their independent events as well as address the problem of large-scale orchestrated campaigns, which render a new era of such stealthy and debilitating events. We conclude this chapter by highlighting some research gaps that pave the way for future work.

The high-level contribution of this chapter is the design of a framework for Session Mobility as a Service (SMaaS) for cloud computing environments. The SMaaS framework is suitable for thin clients as it requires a client to maintain only one active TCP session at any time with a server in the cloud. Once the client finds a suitable server to start or continue a session (from its previous state), the client and server establish an IPSec Security Association (IPSec SA) and all session-pertaining messages, including the Session Handoff messages, are exchanged in a secure fashion, leaving no scope for any spoofing attacks. The session transfer is triggered by the server when it starts observing an increase and variations in the round trip time of the acknowledgement packets received from the client and considers this as indication of an impending congestion on the path to the client. Upon session transfer, a client can continue obtaining the service from where it was left off (with the previous server), rather than starting from scratch. The SMaaS Gateway Server and the Servers in the cloud coordinate each other through a secure SMaaS Ticket (containing the authentication information for the user, client machine, and the session state) that can be encrypted and decrypted only by these servers. This chapter presents a detailed design of the SMaaS framework and a qualitative comparison with other related schemes (like Kerberos, anycasting as well as the sequential, parallel/mirror server, and peer-to-peer file transfer protocols).

The Internet of Things (IoT) has brought a wealth of new technologies both in homes and businesses onto IP networks not natively designed to securely support such myriad devices. Networks once hosting only computers and printers now routinely contain payment systems, Wi-Fi and mobile/wearable devices, VoIP phones, vending machines, sensor and alarm systems, servers, security cameras, thermostats, door locks and other building controls, just to name a few. This chapter analyzes current best practices for securing computer networks with special attention to IoT challenges, discusses selected major IoT security incidents, details selected IoT cyber attacks as proofs of concept, and presents a framework for securely deploying IoT devices in the enterprise and at home.

The rapid and widespread advancement of cyber-threats within the past few years has had a profound impact on virtually everyone, from ordinary people to governments and local organizations. This has caused cyber security to be considered a global challenge now, and new software and hardware intrusion detection algorithms are being developed which increasingly require human cognition based innovative approaches to detect and further prevent malicious activities of adversaries. Although, state-of-the-art learning algorithms have been employed to find concealed attack patterns embedded within normal internet packet flows and endpoint data, they still rely heavily on known signatures or known behaviors, which are unavailable for an unknown threat. Furthermore, to evade detection, new complex cyber-attacks have deviously resorted to mimicking the single scale features of normal internet flows and to produce overlapped features in an algorithm’s classification feature space. Consequently, the extraction of actionable information from a real-world data set for reliable classification of cyber-threats requires a deeper analysis than that afforded by conventional single scale analysis tools. Chaos theory, fractals, and wavelets are important mathematical tools that can be used to perform multiscale analysis of a data set to extract the deeply hidden irregularities and thus detect anomalies. These techniques utilize the properties of scale and complexity of an object to reveal finer details, which are otherwise impossible to be uncovered by coarser single scale analysis. Moreover, these methods aim to emulate human cognition in decision making and reasoning and therefore, are also known as cognitive computing and computationally intelligent tools. This chapter elaborates the significance of incorporating multiscale analysis and cognitive computing concepts into current anomaly detection mechanisms. Particularly, inseparability and class overlap of cyber feature space is illustrated to emphasize the critical importance of multiscale analysis in cyber security domain. There is a vast research potential in this domain as highlighted by the relevant examples and references in this chapter.

In this chapter, we present a comparative study on the performance of Neural Network training algorithms towards the goal of developing an intelligent system that can classify, in real-time, the behavior of control systems. An investigation on the performance of five neural network training algorithms: Levenberg–Marquardt, Broyden–Fletcher–Goldfarb–Shanno (BFGS) Quasi–Newton, Resilient Backpropagation, Scaled Conjugate Gradient, and Gradient Descent with Momentum and Adaptive Learning Rate, in classifying 30,000 records of simulated operational data on a typical industrial control system is conducted. The comparisons are made on four neural network system metrics: network error performance, success rate, run time, and number of epochs (iterations). The results are tabulated and analyzed. The chapter concludes with perceptive observations and offers avenues for future research extensions. We envision this small scale study would pave the way to the utilization of intelligent analytics as an avenue towards the realization of an enhanced security posture of our nation’s critical infrastructures. Further, this case study on the application of machine learning technology on information security may offer additional forum for academic inquisition.

Evolution in Information Technology has introduced Cloud Computing as a new technology that refers to resource virtualization. Cloud Computing involves storing and accessing data and developing and managing applications over the Internet. Despite the many advantages of the specific technology, such as the availability of stored data, cost and time saving and scalability, security and privacy are considered critical factors in Cloud Computing. This chapter’s main target is to present and discuss privacy and confidentiality issues in Cloud Computing. Some of the many challenges faced are security threats regarding managing sensitive data and vulnerabilities in the virtualized environment and network security. The methodology used, in order to demonstrate these issues, is by using a virtualized environment and software automation tools. The remote hosts are configured within the cloud in order to be secured.

Performance evaluation is an important aspect when designing a system. However, with intrusion detection systems (IDS), there are many other factors to consider. What are the metrics which are being used to compare the systems? Which attacks do particular approaches detect? Is the solution able to adapt and recognize new attacks, or is it limited to a set of attacks which were known at the time the system was designed? This chapter provides an overview of some of these concerns and tries to highlight in each surveyed IDS which metrics are used for performance evaluation, whether or not the solution is flexible, and which attacks the IDS is able to detect. This will provide the reader with a good basis for choosing the type of approach to use to guard against attacks, or as a basis to dig deeper into a particular aspect of intrusion detection.

The evolution of software service delivery has changed the way accountability is performed. The complexity related to cloud computing environments increases the difficulty in properly performing accountability, since the evidences are spread through the whole infrastructure, from different servers at physical, virtualization, and application layers. This complexity increases when we are considering cloud federation because besides the inherent complexity of the virtualized environment, the federation members may not implement the same security procedures and policies. The main objective of this chapter is to present concepts about cloud security, discussing why accountability in federated scenarios is important and hard to provide, and propose an accountability framework, named CloudAcc, that supports audit, management, planning and billing process in federated cloud environments.

A cyber kill chain is a traditional model to analyze cyber security threats, whether there is a malware inside a computer system, covert and illegitimate channels found on a network, or an insider threat. This model has been used by cyber security professionals extensively, however, has found little attention in the academic domain. Further, with the evolution of the threat landscape into more advanced and persistent threats, this model has been challenged due to its weakness to incorporate advanced threats that are able to change their signatures, behaviors and can hide inside a computing node and remain undetected by masquerading their true nature. This chapter describes the traditional kill chain model in detail; discusses weaknesses of this model; proposes a new kill chain analytical model that supports concurrent analysis of threat stages, as opposed to sequential analysis of the existing kill chain model; and explains how the new model mimics the human mental process of threat analysis with examples. The proposed cyber kill chain model strengthens the analysis model of cyber security experts and enriches cyber professionals’ understanding of threats and attacks holistically.

In this chapter, multiple Social Engineering defense methods are comprehensively reviewed. Focus has been placed on examining data, which supports the hypothesis that security awareness is one of the key strengths one can develop, to assist themselves and others, in avoiding and countering increased Social Engineering attacks in this day and age. Various case studies have also been analyzed and evaluated, which demonstrates positive impact on the security outlook of employees, once continuous and sufficient security training is delivered. Evidences of effective counter-techniques have been gathered using a variety of sources, all of which can be employed by businesses and individuals to deter and prevent Social Engineering attacks from taking place.