Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

Articles 1 - 8 of 8

Full-Text Articles in Physical Sciences and Mathematics

A Domain Specific Language For Digital Forensics And Incident Response Analysis, Christopher D. Stelly Dec 2019

A Domain Specific Language For Digital Forensics And Incident Response Analysis, Christopher D. Stelly

University of New Orleans Theses and Dissertations

One of the longstanding conceptual problems in digital forensics is the dichotomy between the need for verifiable and reproducible forensic investigations, and the lack of practical mechanisms to accomplish them. With nearly four decades of professional digital forensic practice, investigator notes are still the primary source of reproducibility information, and much of it is tied to the functions of specific, often proprietary, tools.

The lack of a formal means of specification for digital forensic operations results in three major problems. Specifically, there is a critical lack of:

a) standardized and automated means to scientifically verify accuracy of digital forensic tools ...


Rhetsec_ | Rhetorical Security, Jennifer Mead Dec 2019

Rhetsec_ | Rhetorical Security, Jennifer Mead

Culminating Projects in English

Rhetsec_ examines the rhetorical situation, the rhetorical appeals, and how phishing emails simulate "real" emails in five categories of phishing emails. While the first focus of cybersecurity is security, you must also understand the language of computers to know how to secure them. Phishing is one way to compromise security using computers, and so the computer becomes a tool for malicious language (phishing emails and malware) to be transmitted. Therefore to be concerned with securing computers, then you must also be concerned with language. Language is rhetoric's domain, and the various rhetorical elements which create an identity of the ...


Context-Sensitive Auto-Sanitization For Php, Jared M. Smith, Richard J. Connor, David P. Cunningham, Kyle G. Bashour, Walter T. Work Dec 2016

Context-Sensitive Auto-Sanitization For Php, Jared M. Smith, Richard J. Connor, David P. Cunningham, Kyle G. Bashour, Walter T. Work

Chancellor’s Honors Program Projects

No abstract provided.


Techniques For Identifying Mobile Platform Vulnerabilities And Detecting Policy-Violating Applications, Mon Kywe Su Oct 2016

Techniques For Identifying Mobile Platform Vulnerabilities And Detecting Policy-Violating Applications, Mon Kywe Su

Dissertations and Theses Collection

Mobile systems are generally composed of three layers of software: application layer where third-party applications are installed, framework layer where Application Programming Interfaces (APIs) are exposed, and kernel layer where low-level system operations are executed. In this dissertation, we focus on security and vulnerability analysis of framework and application layers. Security mechanisms, such as Android’s sandbox and permission systems, exist in framework layer, while malware scanners protects application layer. However, there are rooms for improvement in both mechanisms. For instance, Android’s permission system is known to be implemented in ad-hoc manner and not well-tested for vulnerabilities. Application layer ...


Two-Bit Pattern Analysis For Quantitative Information Flow, Ziyuan Meng Mar 2014

Two-Bit Pattern Analysis For Quantitative Information Flow, Ziyuan Meng

FIU Electronic Theses and Dissertations

Protecting confidential information from improper disclosure is a fundamental security goal. While encryption and access control are important tools for ensuring confidentiality, they cannot prevent an authorized system from leaking confidential information to its publicly observable outputs, whether inadvertently or maliciously. Hence, secure information flow aims to provide end-to-end control of information flow. Unfortunately, the traditionally-adopted policy of noninterference, which forbids all improper leakage, is often too restrictive. Theories of quantitative information flow address this issue by quantifying the amount of confidential information leaked by a system, with the goal of showing that it is intuitively “small” enough to be ...


Defeating Sql Injection, Lwin Khin Shar, Hee Beng Kuan Tan Aug 2012

Defeating Sql Injection, Lwin Khin Shar, Hee Beng Kuan Tan

Research Collection School Of Information Systems

The best strategy for combating SQL injection, which has emerged as the most widespread website security risk, calls for integrating defensive coding practices with both vulnerability detection and runtime attack prevention methods.


Jess – A Java Security Scanner For Eclipse, Russell Spitler Jan 2005

Jess – A Java Security Scanner For Eclipse, Russell Spitler

Honors Theses

Secure software is the responsibility of every developer. In order to help a developer with this responsibility there are many automated source code security auditors. These tools perform a variety of functions, from finding calls to insecure functions to poorly generated random numbers. These programs have existed for years and perform the security audit with varying degrees of success.

Largely missing in the world of programming is such a security auditor for the Java programming language. Currently, Fortify Software produces the only Java source code security auditor; this is a commercially available package.

This void is what inspired JeSS, Java ...


Java’S Insecure Parallelism, Per Brinch Hansen Jan 1999

Java’S Insecure Parallelism, Per Brinch Hansen

College of Engineering and Computer Science - Former Departments, Centers, Institutes and Projects

The author examines the synchronization features of Java and finds that they are insecure variants of his earliest ideas in parallel programming published in 1972-73. The claim that Java supports monitors is shown to be false. The author concludes that Java ignores the last twenty-five years of research in parallel programming languages.