Open Access. Powered by Scholars. Published by Universities.®
- Discipline
-
- Computer Sciences (44)
- Physical Sciences and Mathematics (44)
- Information Security (33)
- Engineering (24)
- Computer Engineering (14)
-
- Digital Communications and Networking (7)
- Electrical and Computer Engineering (7)
- Operations Research, Systems Engineering and Industrial Engineering (4)
- Computer and Systems Architecture (3)
- Operational Research (3)
- Software Engineering (3)
- Electrical and Electronics (2)
- Hardware Systems (2)
- Systems and Communications (2)
- Databases and Information Systems (1)
- Defense and Security Studies (1)
- Graphics and Human Computer Interfaces (1)
- Medical Biomathematics and Biometrics (1)
- Medical Sciences (1)
- Medicine and Health Sciences (1)
- OS and Networks (1)
- Other Operations Research, Systems Engineering and Industrial Engineering (1)
- Power and Energy (1)
- Public Affairs, Public Policy and Public Administration (1)
- Risk Analysis (1)
- Social and Behavioral Sciences (1)
- Systems Architecture (1)
- Theory and Algorithms (1)
- VLSI and Circuits, Embedded and Hardware Systems (1)
Articles 1 - 30 of 56
Full-Text Articles in Entire DC Network
Analyzing Microarchitectural Residue In Various Privilege Strata To Identify Computing Tasks, Tor J. Langehaug
Analyzing Microarchitectural Residue In Various Privilege Strata To Identify Computing Tasks, Tor J. Langehaug
Theses and Dissertations
Modern multi-tasking computer systems run numerous applications simultaneously. These applications must share hardware resources including the Central Processing Unit (CPU) and memory while maximizing each application’s performance. Tasks executing in this shared environment leave residue which should not reveal information. This dissertation applies machine learning and statistical analysis to evaluate task residue as footprints which can be correlated to identify tasks. The concept of privilege strata, drawn from an analogy with physical geology, organizes the investigation into the User, Operating System, and Hardware privilege strata. In the User Stratum, an adversary perspective is taken to build an interrogator program that …
Self Organized Multi Agent Swarms (Somas) For Network Security Control, Eric M. Holloway
Self Organized Multi Agent Swarms (Somas) For Network Security Control, Eric M. Holloway
Theses and Dissertations
Computer network security is a very serious concern in many commercial, industrial, and military environments. This paper proposes a new computer network security approach defined by self-organized agent swarms (SOMAS) which provides a novel computer network security management framework based upon desired overall system behaviors. The SOMAS structure evolves based upon the partially observable Markov decision process (POMDP) formal model and the more complex Interactive-POMDP and Decentralized-POMDP models, which are augmented with a new F(*-POMDP) model. Example swarm specific and network based behaviors are formalized and simulated. This paper illustrates through various statistical testing techniques, the significance of this proposed …
Dynamic Network Security Control Using Software Defined Networking, Michael C. Todd
Dynamic Network Security Control Using Software Defined Networking, Michael C. Todd
Theses and Dissertations
This thesis develops and implements a process to rapidly respond to host level security events using a host agent, Software Defined Networking and OpenFlow updates, role based flow classes, and Advanced Messaging Queuing Protocol to automatically update configuration of switching devices and block malicious traffic. Results show flow table updates are made for all tested levels in less than 5.27 milliseconds and event completion time increased with treatment level as expected. As the number of events increases from 1,000 to 50,000, the design scales logarithmically caused mainly by message delivery time. Event processing throughput is limited primarily by the message …
A Framework For Incorporating Insurance Into Critical Infrastructure Cyber Risk Strategies, Derek R. Young
A Framework For Incorporating Insurance Into Critical Infrastructure Cyber Risk Strategies, Derek R. Young
Theses and Dissertations
Critical infrastructure owners and operators want to minimize their cyber risk and expenditures on cybersecurity. The insurance industry has been quantitatively assessing risk for hundreds of years in order to minimize risk and maximize profits. To achieve these goals, insurers continuously gather statistical data to improve their predictions, incentivize their clients' investment in self-protection and periodically refine their models to improve the accuracy of risk estimates. This paper presents a framework which incorporates the operating principles of the insurance industry in order to provide quantitative estimates of cyber risk. The framework implements optimization techniques to suggest levels of investment for …
Advances In Sca And Rf-Dna Fingerprinting Through Enhanced Linear Regression Attacks And Application Of Random Forest Classifiers, Hiren J. Patel
Advances In Sca And Rf-Dna Fingerprinting Through Enhanced Linear Regression Attacks And Application Of Random Forest Classifiers, Hiren J. Patel
Theses and Dissertations
Radio Frequency (RF) emissions from electronic devices expose security vulnerabilities that can be used by an attacker to extract otherwise unobtainable information. Two realms of study were investigated here, including the exploitation of 1) unintentional RF emissions in the field of Side Channel Analysis (SCA), and 2) intentional RF emissions from physical devices in the field of RF-Distinct Native Attribute (RF-DNA) fingerprinting. Statistical analysis on the linear model fit to measured SCA data in Linear Regression Attacks (LRA) improved performance, achieving 98% success rate for AES key-byte identification from unintentional emissions. However, the presence of non-Gaussian noise required the use …
Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel
Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel
Theses and Dissertations
Side-channel analysis (SCA) is a threat to many modern cryptosystems. Many countermeasures exist, but are costly to implement and still do not provide complete protection against SCA. A plausible alternative is to design the cryptosystem using architectures that are known to leak little information about the cryptosystem's operations. This research uses several common primitive architectures for the Advanced Encryption Standard (AES) and assesses the susceptibility of the full AES system to side-channel attack for various primitive configurations. A combined encryption/decryption core is also evaluated to determine if variation of high-level architectures affects leakage characteristics. These different configurations are evaluated under …
The White-Hat Bot: A Novel Botnet Defense Strategy, Tyrone C. Gubler
The White-Hat Bot: A Novel Botnet Defense Strategy, Tyrone C. Gubler
Theses and Dissertations
Botnets are a threat to computer systems and users around the world. Botmasters can range from annoying spam email propagators to nefarious criminals. These criminals attempt to take down networks or web servers through distributed denial-of-service attacks, to steal corporate secrets, or to launder money from individuals or corporations. As the number and severity of successful botnet attacks rise, computer security experts need to develop better early-detection and removal techniques to protect computer networks and individual computer users from these very real threats. I will define botnets and describe some of their common purposes and current uses. Next, I will …
Vulnerability Analysis Of The Player Command And Control Protocol, John T. Hagen
Vulnerability Analysis Of The Player Command And Control Protocol, John T. Hagen
Theses and Dissertations
The Player project is an open-source effort providing a control interface specification and software framework for abstracting robot hardware. This research presents five exploits that compromise vulnerabilities in Player's command and control protocol. The attacks exploit weaknesses in the ARP, IP, TCP and Player protocols to compromise the confidentially, integrity, and availability of communication between a Player client and server. The attacks assume a laptop is connected in promiscuous mode to the same Ethernet hub as the client and server in order to sniff all network traffic between them. This work also demonstrates that Internet Protocol Security (IPsec) is capable …
Obfuscating Against Side-Channel Power Analysis Using Hiding Techniques For Aes, Austin W. Fritzke
Obfuscating Against Side-Channel Power Analysis Using Hiding Techniques For Aes, Austin W. Fritzke
Theses and Dissertations
The transfer of information has always been an integral part of military and civilian operations, and remains so today. Because not all information we share is public, it is important to secure our data from unwanted parties. Message encryption serves to prevent all but the sender and recipient from viewing any encrypted information as long as the key stays hidden. The Advanced Encryption Standard (AES) is the current industry and military standard for symmetric-key encryption. While AES remains computationally infeasible to break the encrypted message stream, it is susceptible to side-channel attacks if an adversary has access to the appropriate …
Magnesium Object Manager Sandbox, A More Effective Sandbox Method For Windows 7, Martin A. Gilligan
Magnesium Object Manager Sandbox, A More Effective Sandbox Method For Windows 7, Martin A. Gilligan
Theses and Dissertations
A major issue in computer security is limiting the affects a program can have on a computer. One way is to place the program into a sandbox, a limited environment. Many attempts have been made to create a sandbox that maintains the usability of a program and effectively limits the effects of the program. Sandboxes that limit the resources programs can access, have succeeded. To test the effectiveness of a sandbox that limits the resources a program can access on Windows 7, the Magnesium Object Manager Sandbox (MOMS) is created. MOMS uses a kernel mode Windows component to monitor and …
Binary Disassembly Block Coverage By Symbolic Execution Vs. Recursive Descent, Jonathan D. Miller
Binary Disassembly Block Coverage By Symbolic Execution Vs. Recursive Descent, Jonathan D. Miller
Theses and Dissertations
This research determines how appropriate symbolic execution is (given its current implementation) for binary analysis by measuring how much of an executable symbolic execution allows an analyst to reason about. Using the S2E Selective Symbolic Execution Engine with a built-in constraint solver (KLEE), this research measures the effectiveness of S2E on a sample of 27 Debian Linux binaries as compared to a traditional static disassembly tool, IDA Pro. Disassembly code coverage and path exploration is used as a metric for determining success. This research also explores the effectiveness of symbolic execution on packed or obfuscated samples of the same binaries …
Measuring The Utility Of A Cyber Incident Mission Impact Assessment (Cimia) Process For Mission Assurance, Christy L. Peterson
Measuring The Utility Of A Cyber Incident Mission Impact Assessment (Cimia) Process For Mission Assurance, Christy L. Peterson
Theses and Dissertations
Information is a critical asset on which virtually all modern organizations depend upon to meet their operational mission objectives. Military organizations, in particular, have embedded Information and Communications Technologies (ICT) into their core mission processes as a means to increase their operational efficiency, exploit automation, improve decision quality, and shorten the kill chain. However, the extreme dependence upon ICT results in an environment where a cyber incident can result in severe mission degradation, or possibly failure, with catastrophic consequences to life, limb, and property. These consequences can be minimized by maintaining real-time situational awareness of mission critical resources so appropriate …
Accelerating Malware Detection Via A Graphics Processing Unit, Nicholas S. Kovach
Accelerating Malware Detection Via A Graphics Processing Unit, Nicholas S. Kovach
Theses and Dissertations
Real-time malware analysis requires processing large amounts of data storage to look for suspicious files. This is a time consuming process that (requires a large amount of processing power) often affecting other applications running on a personal computer. This research investigates the viability of using Graphic Processing Units (GPUs), present in many personal computers, to distribute the workload normally processed by the standard Central Processing Unit (CPU). Three experiments are conducted using an industry standard GPU, the NVIDIA GeForce 9500 GT card. The goal of the first experiment is to find the optimal number of threads per block for calculating …
An Application Of Automated Theorem Provers To Computer System Security: The Schematic Protection Model, Mitchell D.I. Hirschfeld
An Application Of Automated Theorem Provers To Computer System Security: The Schematic Protection Model, Mitchell D.I. Hirschfeld
Theses and Dissertations
The Schematic Protection Model is specified in SAL and theorems about Take-Grant and New Technology File System schemes are proven. Arbitrary systems can be specified in SPM and analyzed. This is the first known automated analysis of SPM specifications in a theorem prover. The SPM specification was created in such a way that new specifications share the underlying framework and are configurable within the specifications file alone. This allows new specifications to be created with ease as demonstrated by the four unique models included within this document. This also allows future users to more easily specify models without recreating the …
Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine
Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine
Theses and Dissertations
Current intrusion detection systems generate a large number of specific alerts, but do not provide actionable information. Many times, these alerts must be analyzed by a network defender, a time consuming and tedious task which can occur hours or days after an attack occurs. Improved understanding of the cyberspace domain can lead to great advancements in Cyberspace situational awareness research and development. This thesis applies the Cross Industry Standard Process for Data Mining (CRISP-DM) to develop an understanding about a host system under attack. Data is generated by launching scans and exploits at a machine outfitted with a set of …
Static And Dynamic Component Obfuscation On Reconfigurable Devices, Camdon R. Cady
Static And Dynamic Component Obfuscation On Reconfigurable Devices, Camdon R. Cady
Theses and Dissertations
Computing systems are used in virtually every aspect of our lives. Technology such as smart phones and electronically controlled subsystems in cars is becoming so commonly used that it is virtually ubiquitous. Sometimes, this technology can be exploited to perform functions that it was never intended to perform, or fail to provide information that it is supposed to protect. X-HIA was shown to be effective at identifying several circuit components in a significantly shorter time than previous identification methods. Instead of requiring a number of input/output pairings that grows factorially or exponentially as the circuit size grows, it requires only …
Large-Scale Distributed Coalition Formation, Daniel R. Karrels
Large-Scale Distributed Coalition Formation, Daniel R. Karrels
Theses and Dissertations
The CyberCraft project is an effort to construct a large scale Distributed Multi-Agent System (DMAS) to provide autonomous Cyberspace defense and mission assurance for the DoD. It employs a small but flexible agent structure that is dynamically reconfigurable to accommodate new tasks and policies. This document describes research into developing protocols and algorithms to ensure continued mission execution in a system of one million or more agents, focusing on protocols for coalition formation and Command and Control. It begins by building large-scale routing algorithms for a Hierarchical Peer to Peer structured overlay network, called Resource-Clustered Chord (RC-Chord). RC-Chord introduces the …
An Efficient And Effective Implementation Of The Trust System For Power Grid Compartmentalization, Juan M. Carlos Gonzalez
An Efficient And Effective Implementation Of The Trust System For Power Grid Compartmentalization, Juan M. Carlos Gonzalez
Theses and Dissertations
As utility companies develop and incorporate new technologies, such as moving to utility Internet technology based architecture and standard; it is crucial that we do so with history in mind. We know that traditional utility protection and control systems were not designed with security in their top priorities. This presents a danger in an environment where near real-time responses are required to ensure safe operations. As a consequence, system security becomes a burden to the system rather than necessary protection. Unfortunately, technology implementation is not the only concern. The number of utility privately-owned companies has multiplied as the market has …
Removing Redundant Logic Pathways In Polymorphic Circuits, Hanseok Kim
Removing Redundant Logic Pathways In Polymorphic Circuits, Hanseok Kim
Theses and Dissertations
Evaluating the quality of software and circuit obfuscators is a research goal of great interest. However, there exists little research about evaluation of obfuscation effectiveness through analyzing and investigating redundancies found in the obfuscated variants. In this research, we consider programs represented as structural combinational circuits and then analyze obfuscated variants of those circuits through a tool that produces functionally equivalent variants based on subcircuit selection and replacement. We then consider how Boolean logic and reduction affects the size and levelization of circuit variants, giving us a concrete metric by which to consider obfuscation effectiveness. To accomplish these goals, we …
The Development Of It Suspicion As A Construct And Subsequent Measure, Matthew T. Olson
The Development Of It Suspicion As A Construct And Subsequent Measure, Matthew T. Olson
Theses and Dissertations
Suspicion has not been studied in great depth; however, a conceptual understanding of suspicion is no less important than many of the other highly studied constructs related to healthy working relationships. Information technology (IT) is one area where suspicion study is lacking, and this research effort was a study into the specific domain of IT suspicion. An extensive study of the suspicion literature and the suspicion nomological net as well as informal surveys of the general populous and subject matter experts were used to create an IT suspicion conceptual definition and measure. In order to test IT suspicion’s relationships with …
Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (Paids), Glen R. Shilland
Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (Paids), Glen R. Shilland
Theses and Dissertations
No abstract provided.
The Evaluation Of Rekeying Protocols Within The Hubenko Architecture As Applied To Wireless Sensor Networks, Cory J. Antosh
The Evaluation Of Rekeying Protocols Within The Hubenko Architecture As Applied To Wireless Sensor Networks, Cory J. Antosh
Theses and Dissertations
This thesis investigates the impact of using three different rekeying protocols–pair-wise, hierarchical, and Secure Lock within a wireless sensor network (WSN) under the Hubenko architecture. Using a Matlab computer simulation, the impact of the three rekeying protocols on the number of bits transmitted across the network and the amount of battery power consumed in WSN nodes during rekey operations is investigated. Baseline pair-wise rekeying performance can be improved by using either Secure Lock or hierarchical rekeying. The best choice depends on the size of the WSN and the size of the key used. Hierarchical rekeying is the best choice for …
Automated Virtual Machine Introspection For Host-Based Intrusion Detection, Brett A. Pagel
Automated Virtual Machine Introspection For Host-Based Intrusion Detection, Brett A. Pagel
Theses and Dissertations
This thesis examines techniques to automate configuration of an intrusion detection system utilizing hardware-assisted virtualization. These techniques are used to detect the version of a running guest operating system, automatically configure version-specific operating system information needed by the introspection library, and to locate and monitor important operating system data structures. This research simplifies introspection library configuration and is a step toward operating system independent introspection. An operating system detection algorithm and Windows virtual machine system service dispatch table monitor are implemented using the Xen hypervisor and a modified version of the XenAccess library. All detection and monitoring is implemented from …
Sub-Circuit Selection And Replacement Algorithms Modeled As Term Rewriting Systems, Eric D. Simonaire
Sub-Circuit Selection And Replacement Algorithms Modeled As Term Rewriting Systems, Eric D. Simonaire
Theses and Dissertations
Intent protection is a model of software obfuscation which, among other criteria, prevents an adversary from understanding the program’s function for use with contextual information. Relating this framework for obfuscation to malware detection, if a malware detector can perfectly normalize a program P and any obfuscation (variant) of the program O(P), the program is not intent protected. The problem of intent protection on programs can also be modeled as intent protection on combinational logic circuits. If a malware detector can perfectly normalize a circuit C and any obfuscation (variant) O(C) of the circuit, the circuit is not intent protected. In …
Secureqemu: Emulation-Based Software Protection Providing Encrypted Code Execution And Page Granularity Code Signing, William B. Kimball
Secureqemu: Emulation-Based Software Protection Providing Encrypted Code Execution And Page Granularity Code Signing, William B. Kimball
Theses and Dissertations
This research presents an original emulation-based software protection scheme providing protection from reverse code engineering (RCE) and software exploitation using encrypted code execution and page-granularity code signing, respectively. Protection mechanisms execute in trusted emulators while remaining out-of-band of untrusted systems being emulated. This protection scheme is called SecureQEMU and is based on a modified version of Quick Emulator (QEMU) [5]. RCE is a process that uncovers the internal workings of a program. It is used during vulnerability and intellectual property (IP) discovery. To protect from RCE program code may have anti-disassembly, anti-debugging, and obfuscation techniques incorporated. These techniques slow the …
Multi-Class Classification For Identifying Jpeg Steganography Embedding Methods, Benjamin M. Rodriguez Ii
Multi-Class Classification For Identifying Jpeg Steganography Embedding Methods, Benjamin M. Rodriguez Ii
Theses and Dissertations
Over 725 steganography tools are available over the Internet, each providing a method for covert transmission of secret messages. This research presents four steganalysis advancements that result in an algorithm that identifies the steganalysis tool used to embed a secret message in a JPEG image file. The algorithm includes feature generation, feature preprocessing, multi-class classification and classifier fusion. The first contribution is a new feature generation method which is based on the decomposition of discrete cosine transform (DCT) coefficients used in the JPEG image encoder. The generated features are better suited to identifying discrepancies in each area of the decomposed …
Developing Network Situational Awareness Through Visualization Of Fused Intrusion Detection System Alerts, Serafin A. Avitia V
Developing Network Situational Awareness Through Visualization Of Fused Intrusion Detection System Alerts, Serafin A. Avitia V
Theses and Dissertations
With networks increasing in physical size, bandwidth, traffic volume, and malicious activity, network analysts are experiencing greater difficulty in developing network situational awareness. Traditionally, network analysts have used Intrusion Detection Systems to gain awareness but this method is outdated when analysts are unable to process the alerts at the rate they are being generated. Analysts are unwittingly placing the computer assets they are charged to protect at risk when they are unable to detect these network attacks. This research effort examines the theory, application, and results of using visualizations of fused alert data to develop network situational awareness. The fused …
An Analysis Of Botnet Vulnerabilities, Sean W. Hudson
An Analysis Of Botnet Vulnerabilities, Sean W. Hudson
Theses and Dissertations
Botnets are a significant threat to computer networks and data stored on networked computers. The ability to inhibit communication between servers controlling the botnet and individual hosts would be an effective countermeasure. The objective of this research was to find vulnerabilities in Unreal IRCd that could be used to shut down the server. Analysis revealed that Unreal IRCd is a very mature and stable IRC server and no significant vulnerabilities were found. While this research does not eliminate the possibility that a critical vulnerability is present in the Unreal IRCd software, none were identified during this effort.
Using Hierarchical Temporal Memory For Detecting Anomalous Network Activity, Gerod M. Bonhoff
Using Hierarchical Temporal Memory For Detecting Anomalous Network Activity, Gerod M. Bonhoff
Theses and Dissertations
This thesis explores the nature of cyberspace and forms an argument for it as an intangible world. This research is motivated by the notion of creating intelligently autonomous cybercraft to reside in that environment and maintain domain superiority. Specifically, this paper offers 7 challenges associated with development of intelligent, autonomous cybercraft. The primary focus is an analysis of the claims of a machine learning language called Hierarchical Temporal Memory (HTM). In particular, HTM theory claims to facilitate intelligence in machines via accurate predictions. It further claims to be able to make accurate predictions of unusual worlds, like cyberspace. The research …
Comparing Information Assurance Awareness Training For End-Users: A Content Analysis Examination Of Air Force And Defense Information Systems Agency User Training Modules, John W. Frugé
Theses and Dissertations
Today, the threats to information security and assurance are great. While there are many avenues for IT professionals to safeguard against these threats, many times these defenses prove useless against typical system users. Mandated by laws and regulations, all government agencies and most private companies have established information assurance (IA) awareness programs, most of which include user training. Much has been given in the existing literature to laying out the guidance for the roles and responsibilities of IT professionals and higher level managers, but less is specified for "everyday" users of information systems. This thesis attempts to determine the content …