Saudi Cultural Missions Theses & Dissertations

Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10

Browse

Filters

20232

Settings

Subject: search.filters.subject.NIST

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    ItemRestricted
    Security Risk Analysis for Industrial Control Systems Malwares
    (Saudi Digital Library, 2023-12-06) Alrihali, Muhannad; Raza, Hassan
    Industrial Control Systems (ICS) play a vital role in the operation and administration of critical infrastructures, such as power plants, industrial facilities, water treatment plants, and transportation networks. However, the growing number of targeted attacks with malware focused on these systems has generated significant concern over their security. This dissertation thoroughly investigates comprehensive risk analysis on ICS malware, addressing the gap between the technical details of these attacks and their broader implications for the reliability and security of critical infrastructures. This study comprehensively analyses notable examples of ICS malware, such as HermeticWiper, BlackEnergy, and Industroyer 2, by utilising a strategic combination of the MITRE ATT&CK, NIST SP 800-82, and CIS frameworks. The implementation of an integrated approach provides a proactive method for the recognition and reduction of security issues. This dissertation offers valuable insights into the strategies and techniques employed by cyber adversaries through an analysis of the behaviour and technical aspects of the attacks and security risk analysis. This dissertation highlights the need to thoroughly understand the risks associated with ICS malware through combined technical research and strategic risk assessment.
    39 0
  • Thumbnail Image
    ItemRestricted
    Improving Insecure Deserialization Discovery in Web Applications
    (Saudi Digital Library, 2023-10-25) Almuaddi, Ahmed; Djenouri, Djamel
    Insecure deserialization vulnerability has posed a persistent threat to backend systems and web applications since 2004, exposing devastating exploits such as remote code execution and privilege escalation. A significant challenge for testing for this vulnerability is the reliability of feed-back obtained from the tested target which made detecting the vulnerability difficult. This project aims to address this issue by introducing a novel method to provide a viable feedback mechanism that should show success or failure of attack and thus, improve the accuracy of testing. Our pro-posed tool addresses the lack of reliability issue by applying the blind approach on testing insecure deserialization. This mechanism removes the need for readable feedback from the target and instead relies on the behaviour of the target to determine the success or failure of the approach. This pro-vides a much more precise assessment of attack success or failure, thus improving the overall relia-bility of vulnerability detection. This was observable in my tests where the tool provided the out-come of the test. The tool also performed internal port scanning, which could be a serious vulnera-bility. In conclusion, the feedback mechanism introduced in this project shows the severity of Inse-cure deserialization, as well as the opportunity to automate the scanning process. Keywords: Serialization; RMI; RCE; CVE; OWASP; NIST; NVD; SQL; Gadgets; Bytestream; Magic Method; Transformers.
    12 0

Copyright owned by the Saudi Digital Library (SDL) © 2025