PROJECTS AND PUBLICATIONS
Modeling and Execution of Complex Attack Scenarios Using Interval Timed Colored Petri Nets (April 2006)
Ole Martin Dahl, Gjovik University College, Norway
Stephen D. Wolthusen, Gjovik University College, Norway
The commonly used flaw hypothesis model (FHM) for performing penetration tests provides only limited, highlevel guidance for the derivation of actual penetration attempts. In this paper, a mechanism for the systematic modeling, simulation, and exploitation of complex multistage and multi-agent vulnerabilities in networked and distributed systems based on stochastic and interval-timed colored Petri nets is described and analyzed through case studies elucidating several properties of Petri net variants and their suitability to modeling this type of attack.
This is my master's thesis, carried out in the last semester of my Masters of Science education in information security. The report includes a paper in appendix B that summarise some of the work on twelve pages. The complete thesis is more thourough and illuminate additional topics in both the penetration testing and Petri net domain.
Contract Signing Using PGP (December 2004) [PDF]*
This project was written as a part of the msc course payment systems and non-repudiation. This article examines the difficulties of achieving fair contract signing over an untrusted network. An automated e-mail and PGP-based trusted third-party was programed to achievie fair and secure contract signing in an hopefully more user friendly fashion than most contract signing protocols dictate today. Code is not enclosed.
Limitations and Differences of using IPsec, TLS/SSL or SSH as VPN-solution (December 2004) [PDF]*
This small article was written as a part of the msc course perimeter security. This article briefly disscuss IPsec, TLS/SSL and SSH as VPN-solution.
Indicators of Information Warfare (December 2004) [PDF]*
This essay was written as a part of the msc information warfare. In this report we discuss infromation warfare in crisis and everyday life. We also loacte indicators of such attacks in some chosen scenarios.
TLS Extensions (May 2004) [PDF]*
This project was written as a part of the msc course network security. The report focus on extensions for TLS. Some basics of the current protocol and then a description of TLS extensions proposed by the Internet community at the time of writing. The report ends with some visions and suggestions for the future of TLS.
SHABeist - A Java-Based Crypthographic Hash Algorithm (December 2003) [PDF]*
This project was done as a part of the msc course cryptology. SHABeist is a cryptographic hash algorithm which was developed as an exercise to better understand the concept and workings of cryptographic hash algorithms. The report contains a breakdown of important attributes of cryptographic hash algorithms, a performance study against SHA-1 and MD5, and also details some of the SHABeist code. Code is not enclosed. In Norwegian only!
Project in Information Security and Security Architecture (December 2003) [PDF]*
This was an project done in the msc cource information security and security architecture. It uses RM ODP with UML sematics and NS 5814 for risk analysis. The project is based in a online betting system scenario. In Norwegian only!
Skolelinux - User Administration (May 2003) [PDF]*
This is my main project done in the end of my bachelor degree program in computer engineering. The topic of this project was improving user administration features in the GNU/Linux distribution Skolelinux. More specifically, printer quotas and LDAP netgroups.
*)Adobe Portable Document Format Click here to download Adobe Acrobat Reader