Digital Commons Network^™

Cyber Power In The 21st Century, Joseph M. Elbaum

Theses and Dissertations

Historically, the United States Congress has acknowledged that a separate branch of military service is required to exert supremacy over each of the recognized Domains of Operation. Throughout the evolution of modern warfare, leading minds in military theory have come to the conclusion that due to fundamental differences inherent in the theory and tactics that must be employed in order to successfully wage war within a domain’s associated environment, a specialized force was needed - until now. With the recent inclusion of Cyberspace as an operational domain by the Department of Defense, the case should be made that it, too, …

Sub-Circuit Selection And Replacement Algorithms Modeled As Term Rewriting Systems, Eric D. Simonaire

Theses and Dissertations

Intent protection is a model of software obfuscation which, among other criteria, prevents an adversary from understanding the program’s function for use with contextual information. Relating this framework for obfuscation to malware detection, if a malware detector can perfectly normalize a program P and any obfuscation (variant) of the program O(P), the program is not intent protected. The problem of intent protection on programs can also be modeled as intent protection on combinational logic circuits. If a malware detector can perfectly normalize a circuit C and any obfuscation (variant) O(C) of the circuit, the circuit is not intent protected. In …

Secureqemu: Emulation-Based Software Protection Providing Encrypted Code Execution And Page Granularity Code Signing, William B. Kimball

Theses and Dissertations

This research presents an original emulation-based software protection scheme providing protection from reverse code engineering (RCE) and software exploitation using encrypted code execution and page-granularity code signing, respectively. Protection mechanisms execute in trusted emulators while remaining out-of-band of untrusted systems being emulated. This protection scheme is called SecureQEMU and is based on a modified version of Quick Emulator (QEMU) [5]. RCE is a process that uncovers the internal workings of a program. It is used during vulnerability and intellectual property (IP) discovery. To protect from RCE program code may have anti-disassembly, anti-debugging, and obfuscation techniques incorporated. These techniques slow the …

A Novel Authentication And Validation Mechanism For Analyzing Syslogs Forensically, Steena D.S. Monteiro

All Graduate Theses and Dissertations, Spring 1920 to Summer 2023

This research proposes a novel technique for authenticating and validating syslogs for forensic analysis. This technique uses a modification of the Needham Schroeder protocol, which uses nonces (numbers used only once) and public keys. Syslogs, which were developed from an event-logging perspective and not from an evidence-sustaining one, are system treasure maps that chart out and pinpoint attacks and attack attempts. Over the past few years, research on securing syslogs has yielded enhanced syslog protocols that focus on tamper prevention and detection. However, many of these protocols, though efficient from a security perspective, are inadequate when forensics comes into play. …

Impact Analysis Of System And Network Attacks, Anupama Biswas

All Graduate Theses and Dissertations, Spring 1920 to Summer 2023

Systems and networks have been under attack from the time the Internet first came into existence. There is always some uncertainty associated with the impact of the new attacks. Compared to the problem of attack detection, analysis of attack impact has received very little attention. Generalize and forecasting the kind of attack that will hit systems in future is not possible. However, it is possible to predict the behavior of a new attack and, thereby, the impact of the attack. This thesis proposes a method for predicting the impact of a new attack on systems and networks as well as …

A C To Register Transfer Level Algorithm Using Structured Circuit Templates: A Case Study With Simulated Annealing, Jonathan D. Phillips

All Graduate Theses and Dissertations, Spring 1920 to Summer 2023

A tool flow is presented for deriving simulated annealing accelerator circuits on a field programmable gate array (FPGA) from C source code by exploring architecture solutions that conform to a preset template through scheduling and mapping algorithms. A case study carried out on simulated annealing-based Autonomous Mission Planning and Scheduling (AMPS) software used for autonomous spacecraft systems is explained. The goal of the research is an automated method for the derivation of a hardware design that maximizes performance while minimizing the FPGA footprint. Results obtained are compared with a peer C to register transfer level (RTL) logic tool, a state-of-the-art …

Recommendations For Applying Security-Centric Technology Utilizing A Layered Approach In The Era Of Ubiquitous Computing: (A Guide For The Small Business Enterprise)., Yevetta Gibson

Regis University Student Publications (comprehensive collection)

The purpose of this work is to advise and assist Small Business in applying security centric technology to better manage and secure their information assets. Computer Crimes and Incursions are growing exponentially, in complexity, and in their sinister application. In the face of this onslaught small businesses, indeed organizations everywhere, need to accept this as a business constant or reality, identify the threats, acknowledge the vulnerabilities, and make plans to meet these challenges.

Attribute-Based, Usefully Secure Email, Christopher P. Masone

Dartmouth College Ph.D Dissertations

A secure system that cannot be used by real users to secure real-world processes is not really secure at all. While many believe that usability and security are diametrically opposed, a growing body of research from the field of Human-Computer Interaction and Security (HCISEC) refutes this assumption. All researchers in this field agree that focusing on aligning usability and security goals can enable the design of systems that will be more secure under actual usage. We bring to bear tools from the social sciences (economics, sociology, psychology, etc.) not only to help us better understand why deployed systems fail, but …

Developing Network Situational Awareness Through Visualization Of Fused Intrusion Detection System Alerts, Serafin A. Avitia V

Theses and Dissertations

With networks increasing in physical size, bandwidth, traffic volume, and malicious activity, network analysts are experiencing greater difficulty in developing network situational awareness. Traditionally, network analysts have used Intrusion Detection Systems to gain awareness but this method is outdated when analysts are unable to process the alerts at the rate they are being generated. Analysts are unwittingly placing the computer assets they are charged to protect at risk when they are unable to detect these network attacks. This research effort examines the theory, application, and results of using visualizations of fused alert data to develop network situational awareness. The fused …

A Secure And Efficient Communications Architecture For Global Information Grid Users Via Cooperating Space Assets, Victor P. Hubenko

Theses and Dissertations

With the Information Age in full and rapid development, users expect to have global, seamless, ubiquitous, secure, and efficient communications capable of providing access to real-time applications and collaboration. The United States Department of Defense’s (DoD) Network-Centric Enterprise Services initiative, along with the notion of pushing the “power to the edge,” aims to provide end-users with maximum situational awareness, a comprehensive view of the battlespace, all within a secure networking environment. Building from previous AFIT research efforts, this research developed a novel security framework architecture to address the lack of efficient and scalable secure multicasting in the low earth orbit …

An Analysis Of Botnet Vulnerabilities, Sean W. Hudson

Theses and Dissertations

Botnets are a significant threat to computer networks and data stored on networked computers. The ability to inhibit communication between servers controlling the botnet and individual hosts would be an effective countermeasure. The objective of this research was to find vulnerabilities in Unreal IRCd that could be used to shut down the server. Analysis revealed that Unreal IRCd is a very mature and stable IRC server and no significant vulnerabilities were found. While this research does not eliminate the possibility that a critical vulnerability is present in the Unreal IRCd software, none were identified during this effort.

Mitigating Reversing Vulnerabilities In .Net Applications Using Virtualized Software Protection, Matthew A. Zimmerman

Theses and Dissertations

Protecting intellectual property contained in application source code and preventing tampering with application binaries are both major concerns for software developers. Simply by possessing an application binary, any user is able to attempt to reverse engineer valuable information or produce unanticipated execution results through tampering. As reverse engineering tools become more prevalent, and as the knowledge required to effectively use those tools decreases, applications come under increased attack from malicious users. Emerging development tools such as Microsoft's .NET Application Framework allow diverse source code composed of multiple programming languages to be integrated into a single application binary, but the potential …

Appropriation Of Privacy Management Within Social Networking Sites, Catherine Dwyer

Dissertations

Social networking sites have emerged as one of the most widely used types of interactive systems, with memberships numbering in the hundreds of millions around the globe. By providing tools for their members to manage an ever-changing set of relationships, social networking sites push a constant expansion of social boundaries. These sites place less emphasis on tools that limit social boundaries to enable privacy.

The rapid expansion of online social boundaries has caused privacy shockwaves. Privacy offline is enabled by constraints of time and space. Online, powerful search engines and long term digital storage means private data have no expiration …

Using Hierarchical Temporal Memory For Detecting Anomalous Network Activity, Gerod M. Bonhoff

Theses and Dissertations

This thesis explores the nature of cyberspace and forms an argument for it as an intangible world. This research is motivated by the notion of creating intelligently autonomous cybercraft to reside in that environment and maintain domain superiority. Specifically, this paper offers 7 challenges associated with development of intelligent, autonomous cybercraft. The primary focus is an analysis of the claims of a machine learning language called Hierarchical Temporal Memory (HTM). In particular, HTM theory claims to facilitate intelligence in machines via accurate predictions. It further claims to be able to make accurate predictions of unusual worlds, like cyberspace. The research …

What Constitutes An Act Of War In Cyberspace, Kelli S. Kinley

Theses and Dissertations

In December 2005 a new mission statement was released by the Air Force Leadership, "to deliver sovereign options for the defense of the United States of America and its global interests...to fly and fight in Air, Space and Cyberspace." (Wynne & Mosley, 2005) With the stand up of the AFCYBER command and the use of cyberspace to carry out our daily mission the U.S. needs to have a clear understanding of what war in cyberspace looks like and what the laws are governing war in cyberspace. This research and it's resulting data analysis is intended to provide a better understanding …

Comparing Information Assurance Awareness Training For End-Users: A Content Analysis Examination Of Air Force And Defense Information Systems Agency User Training Modules, John W. Frugé

Theses and Dissertations

Today, the threats to information security and assurance are great. While there are many avenues for IT professionals to safeguard against these threats, many times these defenses prove useless against typical system users. Mandated by laws and regulations, all government agencies and most private companies have established information assurance (IA) awareness programs, most of which include user training. Much has been given in the existing literature to laying out the guidance for the roles and responsibilities of IT professionals and higher level managers, but less is specified for "everyday" users of information systems. This thesis attempts to determine the content …

Suspicion Modeling In Support Of Cyber-Influence Operations/Tactics, Henry G. Paguirigan

Theses and Dissertations

Understanding the cognitive process of IT user suspicion may assist organizations in development of network protection plans, personnel training, and tools necessary to identify and mitigate nefarious intrusions of IT systems. Exploration of a conceptual common ground between psycho-social and technology-related concepts of suspicion are the heart of this investigation. The complexities involved in merging these perspectives led to the overall research question: What is the nature of user suspicion toward IT: The research problem/phenomenon was addressed via extensive literature review, and use of the Interactive Qualitative Analysis problem/phenomenon. Analysis of the system led to the development of a model …

Software Assurance Best Practices For Air Force Weapon And Information Technology Systems - Are We Bleeding?, Ryan A. Maxon

Theses and Dissertations

In the corporate world, "bits mean money," and as the Department of Defense (DoD) becomes more and more reliant on net-centric warfare, bits mean national security. Software security threats are very real, as demonstrated by the constant barrage of Internet viruses, worms, Trojans, and hackers seeking to exploit the latest vulnerability. Most organizations focus their resources on reactive defenses such as firewalls, antivirus software, and encryption, however as demonstrated by the numerous attacks that are successful, those post facto measures are not enough to stop the bleeding. The DoD defines software assurance (SwA) as the "level of confidence that software …

A Formal Specification And Proof Of System Safety Using The Schematic Protection Model, Raymond S. Way

Theses and Dissertations

This research formally specifies the Schematic Protection Model (SPM) and provides a sound, flexible tool for reasoning formally about systems that implement a security model like SPM, to prove its ability to provide security services such as confidentiality and integrity. The theory described by the resultant model was logically proved in the Prototype Verification System (PVS), an automated prover. Each component of SPM was tested, as were several anomalous conditions, and each test produced results consistent with the model. The model is internally modular, and therefore easily extensible, yet cohesive since the theory to be proved encompasses the entire specification. …

Developing A Reference Framework For Cybercraft Trust Evaluation, Shannon E. Hunt

Theses and Dissertations

It should be no surprise that Department of Defense (DoD) and U.S. Air Force (USAF) networks are the target of constant attack. As a result, network defense remains a high priority for cyber warriors. On the technical side, trust issues for a comprehensive end-to-end network defense solution are abundant and involve multiple layers of complexity. The Air Force Research Labs (AFRL) is currently investigating the feasibility of a holistic approach to network defense, called Cybercraft. We envision Cybercraft to be trusted computer entities that cooperate with other Cybercraft to provide autonomous and responsive network defense services. A top research goal …

Feasibility Study Of Encoding Operational Mission Metadata Into Ipv6 Packet Headers, Timothy R. Policarpio

Theses and Dissertations

The purpose of this research is to determine the feasibility of using the header fields and header extensions of IPv6 packets to encode mission metadata into computer network streams. Specifically, this thesis seeks to answer several research questions addressing the performance of different packet header encoding methods, specifically which method provides the least end-to-end delay of a file transfer over a hypothetical network as well as which method produces the least amount of additional network overhead during its operation in the hypothetical network. The research questions are answered through a comprehensive literature review and with the use of several network …

Applying Automated Theorem Proving To Computer Security, Kelly K. Mcelroy

Theses and Dissertations

While more and more data is stored and accessed electronically, better access control methods need to be implemented for computer security. Formal modelling and analysis have been successfully used in certain areas of computer systems, such as verifying the security properties of cryptographic and authentication protocols. However, formal models for computer systems in cyberspace, like networks, have hardly advanced. A highly regarded graduate textbook cites the Take-Grant model created in 1977 as one of the \current" examples of security modelling and analysis techniques. This model is rarely used in practice though. This research implements the Take-Grant Protection model's four de …

Cyber Flag: A Realistic Cyberspace Training Construct, Andrew P. Hansen

Theses and Dissertations

As is well understood, the rapidly unfolding challenges of cyberspace is a fundamental warfare paradigm shift revolutionizing the way future wars will be fought and won. A significant test for the Air Force (indeed any organization with a credible presence in cyberspace) will be providing a realistic training environment that fully meets this challenge. Why create another Flag level exercise? Realistic training (that which is effective, comprehensive and coordinated) is crucial to success in time of war. Red Flag provides dominant training within the air domain and now with the evolution of cyberspace, a comprehensive training environment is necessary to …

An Analysis Of Information Asset Valuation (Iav) Quantification Methodology For Application With Cyber Information Mission Impact Assessment (Cimia), Denzil L. Hellesen

Theses and Dissertations

The purpose of this research is to develop a standardized Information Asset Valuation (IAV) methodology. The IAV methodology proposes that accurate valuation for an Information Asset (InfoA) is the convergence of information tangible, intangible, and flow attributes to form a functional entity that enhances mission capability. The IAV model attempts to quantify an InfoA to a single value through the summation of weighted criteria. Standardizing the InfoA value criteria will enable decision makers to comparatively analyze dissimilar InfoAs across the tactical, operational, and strategic domains. This research develops the IAV methodology through a review of existing military and non-military valuation …

Dod Role For Securing United States Cyberspace, Jane J. Griffin

Theses and Dissertations

The cyber attacks on Estonia in late April and the early weeks of May 2007 significantly crippled the country, preventing it from performing banking, communications, news reporting, government transactions and command and control activities. Estonia is considered a “Wired Society”, much like the United States. Both countries rely on the cyberspace infrastructure economically and politically. Estonia sought assistance outside the country to recover from and to address the attacks. The cyber attacks on Estonia focused world-wide attention on the effects that cyberspace attacks could have on countries. If a cyber attack of national significance occurred against the United States, what …

Dynamic Protocol Reverse Engineering A Grammatical Inference Approach, Mark E. Deyoung

Theses and Dissertations

Round trip engineering of software from source code and reverse engineering of software from binary files have both been extensively studied and the state-of-practice have documented tools and techniques. Forward engineering of protocols has also been extensively studied and there are firmly established techniques for generating correct protocols. While observation of protocol behavior for performance testing has been studied and techniques established, reverse engineering of protocol control flow from observations of protocol behavior has not received the same level of attention. State-of-practice in reverse engineering the control flow of computer network protocols is comprised of mostly ad hoc approaches. We …

Creating An Agent Based Framework To Maximize Information Utility, John M. Pecarina

Theses and Dissertations

With increased reliance on communications to conduct military operations, information centric network management becomes vital. A Defense department study of information management for net-centric operations lists the need for tools for information triage (based on relevance, priority, and quality) to counter information overload, semi-automated mechanisms for assessment of quality and relevance of information, and advances to enhance cognition and information understanding in the context of missions [30]. Maximizing information utility to match mission objectives is a complex problem that requires a comprehensive solution in information classification, in scheduling, in resource allocation, and in QoS support. Of these research areas, the …

Identification Of Command And Control Information Requirements For The Cyberspace Domain, Brian D. Aschenbrenner

Theses and Dissertations

The purpose of this research was to develop an information requirements analysis method that would provide the Director of Cyberspace Forces with the information required to support effective command and control of cyberspace. This research investigates the role of information in command and control, information in the traditional war fighting domains, cyberspace as a war fighting domain, and various methods of determining information requirements of organizations. This research produced an information requirements analysis method that is suitable for identifying the command and control information requirements of the Director of Cyberspace Forces.

Complex Adaptive Systems Based Data Integration : Theory And Applications, Eliahu Rohn

Dissertations

Data Definition Languages (DDLs) have been created and used to represent data in programming languages and in database dictionaries. This representation includes descriptions in the form of data fields and relations in the form of a hierarchy, with the common exception of relational databases where relations are flat. Network computing created an environment that enables relatively easy and inexpensive exchange of data. What followed was the creation of new DDLs claiming better support for automatic data integration. It is uncertain from the literature if any real progress has been made toward achieving an ideal state or limit condition of automatic …

Information Sharing Solutions For Nato Headquarters, Wade Alarie

Regis University Student Publications (comprehensive collection)

NATO is an Alliance of 26 nations that operates on a consensus basis, not a majority basis. Thorough and timely information exchange between nations is fundamental to the Business Process. Current technology and practices at NATO HQ are inadequate to meet modern-day requirements despite the availability of demonstrated and accredited Cross-Domain technology solutions. This lack of integration between networks is getting more complicated with time, as nations continue to invest in IT and ignore the requirements for inter-networked gateways. This contributes to inefficiencies, fostering an atmosphere where shortcuts are taken in order to get the job done. The author recommends …