Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

Security

Software Engineering

Institution
Publication Year
Publication
Publication Type

Articles 1 - 26 of 26

Full-Text Articles in Physical Sciences and Mathematics

Iot-Hass: A Framework For Protecting Smart Home Environment, Tarig Mudawi Mar 2020

Iot-Hass: A Framework For Protecting Smart Home Environment, Tarig Mudawi

Masters Theses & Doctoral Dissertations

While many solutions have been proposed for smart home security, the problem that no single solution fully protects the smart home environment still exists. In this research we propose a security framework to protect the smart home environment. The proposed framework includes three engines that complement each other to protect the smart home IoT devices. The first engine is an IDS/IPS module that monitors all traffic in the home network and then detects, alerts users, and/or blocks packets using anomaly-based detection. The second engine works as a device management module that scans and verifies IoT devices in the ...


Advanced Security Analysis For Emergent Software Platforms, Mohannad Alhanahnah Dec 2019

Advanced Security Analysis For Emergent Software Platforms, Mohannad Alhanahnah

Computer Science and Engineering: Theses, Dissertations, and Student Research

Emergent software ecosystems, boomed by the advent of smartphones and the Internet of Things (IoT) platforms, are perpetually sophisticated, deployed into highly dynamic environments, and facilitating interactions across heterogeneous domains. Accordingly, assessing the security thereof is a pressing need, yet requires high levels of scalability and reliability to handle the dynamism involved in such volatile ecosystems.

This dissertation seeks to enhance conventional security detection methods to cope with the emergent features of contemporary software ecosystems. In particular, it analyzes the security of Android and IoT ecosystems by developing rigorous vulnerability detection methods. A critical aspect of this work is the ...


Scalable Containerized Security Training Environment, Robert Sauer Apr 2019

Scalable Containerized Security Training Environment, Robert Sauer

Mahurin Honors College Capstone Experience/Thesis Projects

The purpose of this project is to develop a portable application which is hosted on a server that provides an environment to safely conduct security training procedures and protocols. The project will be scalable to handle from a few to a multitude of users concurrently using a single server. For many users to perform security training simultaneously, each user must be directed to a sandbox environment, a container, where one user’s actions do not affect the website or database of other users. Furthermore, such an application should be readily deployable into any environment to provide the widest range of ...


A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt Jun 2018

A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt

FIU Electronic Theses and Dissertations

The emerging Internet of Things (IoT) revolution has introduced many useful applications that are utilized in our daily lives. Users can program these devices in order to develop their own IoT applications; however, the platforms and languages that are used during development are abounding, complicated, and time-consuming. The software solution provided in this thesis, PROVIZ+, is a secure sensor application development software suite that helps users create sophisticated and secure IoT applications with little software and hardware experience. Moreover, a simple and efficient domain-specific programming language, namely Panther language, was designed for IoT application development to unify existing programming languages ...


Advanced Malware Detection For Android Platform, Ke Xu Jun 2018

Advanced Malware Detection For Android Platform, Ke Xu

Dissertations and Theses Collection (Open Access)

In the first quarter of 2018, 75.66% of smartphones sales were devices running An- droid. Due to its popularity, cyber-criminals have increasingly targeted this ecosys- tem. Malware running on Android severely violates end users security and privacy, allowing many attacks such as defeating two factor authentication of mobile bank- ing applications, capturing real-time voice calls and leaking sensitive information. In this dissertation, I describe the pieces of work that I have done to effectively de- tect malware on Android platform, i.e., ICC-based malware detection system (IC- CDetector), multi-layer malware detection system (DeepRefiner), and self-evolving and scalable malware detection ...


Performance Characterization Of Deep Learning Models For Breathing-Based Authentication On Resource-Constrained Devices, Jagmohan Chauhan, Jathusan Rajasegaran, Surang Seneviratne, Archan Misra, Aruan Seneviratne, Youngki Lee Apr 2018

Performance Characterization Of Deep Learning Models For Breathing-Based Authentication On Resource-Constrained Devices, Jagmohan Chauhan, Jathusan Rajasegaran, Surang Seneviratne, Archan Misra, Aruan Seneviratne, Youngki Lee

Research Collection School Of Information Systems

Providing secure access to smart devices such as mobiles, wearables and various other IoT devices is becoming increasinglyimportant, especially as these devices store a range of sensitive personal information. Breathing acoustics-based authentication offers a highly usable and possibly a secondary authentication mechanism for such authorized access, especially as it canbe readily applied to small form-factor devices. Executing sophisticated machine learning pipelines for such authenticationon such devices remains an open problem, given their resource limitations in terms of storage, memory and computational power. To investigate this possibility, we compare the performance of an end-to-end system for both user identification anduser verification ...


Performance Analysis Of Security Aspects In Uml Models, Dorin Bogdan Petriu, Dorina C. Petriu, C Murray Woodside, Jing Xiu, Toqeer A. Israr, Geri Georg, Robert B. France, James M. Bieman, Siv Holde Houmb, Jan Jurjens Sep 2017

Performance Analysis Of Security Aspects In Uml Models, Dorin Bogdan Petriu, Dorina C. Petriu, C Murray Woodside, Jing Xiu, Toqeer A. Israr, Geri Georg, Robert B. France, James M. Bieman, Siv Holde Houmb, Jan Jurjens

Toqeer A Israr

The focus of the paper is on the analysis of performance effects of different security solutions modeled as aspects in UML. Aspect oriented modeling (AOM) allows software designers to isolate and separately address solutions for crosscutting concerns, which are defined as distinct UML aspect models, then are composed with the primary UML model of the system under development. For performance analysis we use techniques developed previously in the PUMA project, which take as input UML models annotated with the standard UML Profile for Schedulability, Performance and Time (SPT), and transform them first into Core Scenario Model (CSM) and then into ...


Breathprint: Breathing Acoustics-Based User Authentication, Jagmohan Chauhan, Yining Hu, Suranga Sereviratne, Archan Misra, Aruna Sereviratne, Youngki Lee Jun 2017

Breathprint: Breathing Acoustics-Based User Authentication, Jagmohan Chauhan, Yining Hu, Suranga Sereviratne, Archan Misra, Aruna Sereviratne, Youngki Lee

Research Collection School Of Information Systems

We propose BreathPrint, a new behavioural biometric signature based on audio features derived from an individual's commonplace breathing gestures. Specifically, BreathPrint uses the audio signatures associated with the three individual gestures: sniff, normal, and deep breathing, which are sufficiently different across individuals. Using these three breathing gestures, we develop the processing pipeline that identifies users via the microphone sensor on smartphones and wearable devices. In BreathPrint, a user performs breathing gestures while holding the device very close to their nose. Using off-the-shelf hardware, we experimentally evaluate the BreathPrint prototype with 10 users, observed over seven days. We show that ...


Practical Attacks On Cryptographically End-To-End Verifiable Internet Voting Systems, Nicholas Chang-Fong Apr 2017

Practical Attacks On Cryptographically End-To-End Verifiable Internet Voting Systems, Nicholas Chang-Fong

Electronic Thesis and Dissertation Repository

Cryptographic end-to-end verifiable voting technologies concern themselves with the provision of a more trustworthy, transparent, and robust elections. To provide voting systems with more transparency and accountability throughout the process while preserving privacy which allows voters to express their true intent.

Helios Voting is one of these systems---an online platform where anyone can easily host their own cryptographically end-to-end verifiable election, aiming to bring verifiable voting to the masses. Helios does this by providing explicit cryptographic checks that an election was counted correctly, checks that any member of the public can independently verify. All of this while still protecting one ...


Context-Sensitive Auto-Sanitization For Php, Jared M. Smith, Richard J. Connor, David P. Cunningham, Kyle G. Bashour, Walter T. Work Dec 2016

Context-Sensitive Auto-Sanitization For Php, Jared M. Smith, Richard J. Connor, David P. Cunningham, Kyle G. Bashour, Walter T. Work

Chancellor’s Honors Program Projects

No abstract provided.


Teaching Android Security Through Examples: A Publicly Available Database Of Vulnerable Apps, Daniel E. Krutz, Samuel A. Malachowsky Dec 2016

Teaching Android Security Through Examples: A Publicly Available Database Of Vulnerable Apps, Daniel E. Krutz, Samuel A. Malachowsky

Articles

Security is hard, and teaching security can be even harder. Here we describe a public educational activity to assist in the instruction of both students and developers in creating secure Android apps. Our set of activities includes example vulnerable applications, information about each vulnerability, steps on how to repair the vulnerabilities, and information about how to confirm that the vulnerability has been properly repaired. Our primary goal is to make these activities available to other instructors for use in their classrooms ranging from the K-12 to university settings. A secondary goal of this project is to foster interest in security ...


Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu Dec 2016

Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu

Computer Science and Engineering: Theses, Dissertations, and Student Research

Software repackaging is a common approach for creating malware. In this approach, malware authors inject malicious payloads into legitimate applications; then, to ren- der security analysis more difficult, they obfuscate most or all of the code. This forces analysts to spend a large amount of effort filtering out benign obfuscated methods in order to locate potentially malicious methods for further analysis. If an effective mechanism for filtering out benign obfuscated methods were available, the number of methods that must be analyzed could be reduced, allowing analysts to be more productive. In this thesis, we introduce SEMEO, a highly effective and ...


Integration Of Lightweight & Energy Efficient Cipher In Wireless Body Area Network Fore-Health Monitoring, Azza Zayed Sultan Ai Shamsi Nov 2016

Integration Of Lightweight & Energy Efficient Cipher In Wireless Body Area Network Fore-Health Monitoring, Azza Zayed Sultan Ai Shamsi

Theses

There is an increase in the diseases of the circulatory system in United Arab Emirates, which makes it the first leading cause of death. This led to a high demand for a continuous care that can be achieved by adopting an emerging technology of e- Health monitoring system using Wireless Body Area Network (WBAN) that can collect patient’s data. Since patient’s data is private, securing the communication within WBAN becomes highly essential. In this research thesis, we propose an architecture to secure the data transmission within the Wireless Body Area Network (WBAN) in e-Health monitoring. More specifically, our ...


Techniques For Identifying Mobile Platform Vulnerabilities And Detecting Policy-Violating Applications, Mon Kywe Su Oct 2016

Techniques For Identifying Mobile Platform Vulnerabilities And Detecting Policy-Violating Applications, Mon Kywe Su

Dissertations and Theses Collection

Mobile systems are generally composed of three layers of software: application layer where third-party applications are installed, framework layer where Application Programming Interfaces (APIs) are exposed, and kernel layer where low-level system operations are executed. In this dissertation, we focus on security and vulnerability analysis of framework and application layers. Security mechanisms, such as Android’s sandbox and permission systems, exist in framework layer, while malware scanners protects application layer. However, there are rooms for improvement in both mechanisms. For instance, Android’s permission system is known to be implemented in ad-hoc manner and not well-tested for vulnerabilities. Application layer ...


What Security Questions Do Developers Ask? A Large-Scale Study Of Stack Overflow Posts, Xinli Yang, David Lo, Xin Xia, Zhi-Yuan Wan, Jian-Ling Sun Sep 2016

What Security Questions Do Developers Ask? A Large-Scale Study Of Stack Overflow Posts, Xinli Yang, David Lo, Xin Xia, Zhi-Yuan Wan, Jian-Ling Sun

Research Collection School Of Information Systems

Security has always been a popular and critical topic. With the rapid development of information technology, it is always attracting people’s attention. However, since security has a long history, it covers a wide range of topics which change a lot, from classic cryptography to recently popular mobile security. There is a need to investigate security-related topics and trends, which can be a guide for security researchers, security educators and security practitioners. To address the above-mentioned need, in this paper, we conduct a large-scale study on security-related questions on Stack Overflow. Stack Overflow is a popular on-line question and answer ...


Value-Inspired Service Design In Elderly Home-Monitoring Systems, Na Liu, Sandeep Purao, Hwee-Pink Tan Mar 2016

Value-Inspired Service Design In Elderly Home-Monitoring Systems, Na Liu, Sandeep Purao, Hwee-Pink Tan

Research Collection School Of Information Systems

The provision of elderly home-monitoring systems to enhance aging-in-place requires the service to meet the needs of both the elderly and their caregivers. The design of such IT services requires interdisciplinary efforts to look beyond the technical requirements. Taking a value-inspired design perspective, the study argues that service design for promoting aging-in-place needs to reconcile the values of both the elderly and caregivers. Drawn from the framework of basic human values and the unique experience of the SHINESeniors project, the study extracts the core values for elderly and caregivers using a multi-method case analysis. We suggest that both system and ...


Integrating Security Into The Undergraduate Software Engineering Curriculum, Robert Evans Jan 2015

Integrating Security Into The Undergraduate Software Engineering Curriculum, Robert Evans

UNF Graduate Theses and Dissertations

This research included a thorough examination of the existing software assurance or what is commonly called software security knowledge, methodologies and what information security technologies is currently being recommended by the information technology community. Finally it is demonstrated how this security knowledge could be incorporated into the curriculum for undergraduate software engineering.


Challenges For Mapreduce In Big Data, Katarina Grolinger, Michael Hayes, Wilson Higashino, Alexandra L'Heureux, David Allison, Miriam Capretz May 2014

Challenges For Mapreduce In Big Data, Katarina Grolinger, Michael Hayes, Wilson Higashino, Alexandra L'Heureux, David Allison, Miriam Capretz

Wilson A Higashino

In the Big Data community, MapReduce has been seen as one of the key enabling approaches for meeting continuously increasing demands on computing resources imposed by massive data sets. The reason for this is the high scalability of the MapReduce paradigm which allows for massively parallel and distributed execution over a large number of computing nodes. This paper identifies MapReduce issues and challenges in handling Big Data with the objective of providing an overview of the field, facilitating better planning and management of Big Data projects, and identifying opportunities for future research in this field. The identified challenges are grouped ...


Machine Learning In Wireless Sensor Networks: Algorithms, Strategies, And Applications, Mohammad Abu Alsheikh, Shaowei Lin, Dusit Niyato, Hwee-Pink Tan Apr 2014

Machine Learning In Wireless Sensor Networks: Algorithms, Strategies, And Applications, Mohammad Abu Alsheikh, Shaowei Lin, Dusit Niyato, Hwee-Pink Tan

Research Collection School Of Information Systems

Wireless sensor networks (WSNs) monitor dynamic environments that change rapidly over time. This dynamic behavior is either caused by external factors or initiated by the system designers themselves. To adapt to such conditions, sensor networks often adopt machine learning techniques to eliminate the need for unnecessary redesign. Machine learning also inspires many practical solutions that maximize resource utilization and prolong the lifespan of the network. In this paper, we present an extensive literature review over the period 2002-2013 of machine learning methods that were used to address common issues in WSNs. The advantages and disadvantages of each proposed algorithm are ...


Challenges For Mapreduce In Big Data, Katarina Grolinger, Michael Hayes, Wilson A. Higashino, Alexandra L'Heureux, David S. Allison, Miriam A.M. Capretz Jan 2014

Challenges For Mapreduce In Big Data, Katarina Grolinger, Michael Hayes, Wilson A. Higashino, Alexandra L'Heureux, David S. Allison, Miriam A.M. Capretz

Electrical and Computer Engineering Publications

In the Big Data community, MapReduce has been seen as one of the key enabling approaches for meeting continuously increasing demands on computing resources imposed by massive data sets. The reason for this is the high scalability of the MapReduce paradigm which allows for massively parallel and distributed execution over a large number of computing nodes. This paper identifies MapReduce issues and challenges in handling Big Data with the objective of providing an overview of the field, facilitating better planning and management of Big Data projects, and identifying opportunities for future research in this field. The identified challenges are grouped ...


Securearray: Improving Wifi Security With Fine-Grained Physical-Layer, Jie Xiong, Kyle Jamieson Sep 2013

Securearray: Improving Wifi Security With Fine-Grained Physical-Layer, Jie Xiong, Kyle Jamieson

Research Collection School Of Information Systems

Despite the important role that WiFi networks play in home and enterprise networks they are relatively weak from a security standpoint. With easily available directional antennas, attackers can be physically located off-site, yet compromise WiFi security protocols such as WEP, WPA, and even to some extent WPA2 through a range of exploits specific to those protocols, or simply by running dictionary and human-factors attacks on users' poorly-chosen passwords. This presents a security risk to the entire home or enterprise network. To mitigate this ongoing problem, we propose SecureArray, a system designed to operate alongside existing wireless security protocols, adding defense ...


Forensic Analysis Of Whatsapp On Android Smartphones, Neha S. Thakur Aug 2013

Forensic Analysis Of Whatsapp On Android Smartphones, Neha S. Thakur

University of New Orleans Theses and Dissertations

Android forensics has evolved over time offering significant opportunities and exciting challenges. On one hand, being an open source platform Android is giving developers the freedom to contribute to the rapid growth of the Android market whereas on the other hand Android users may not be aware of the security and privacy implications of installing these applications on their phones. Users may assume that a password-locked device protects their personal information, but applications may retain private information on devices, in ways that users might not anticipate. In this thesis we will be concentrating on one such application called 'WhatsApp', a ...


Raising The Game: Applying Theory And Analytics To Real-World Threats, Singapore Management University Jan 2013

Raising The Game: Applying Theory And Analytics To Real-World Threats, Singapore Management University

Perspectives@SMU

Safety and security are, on many levels, essential priorities for governments, businesses and individuals. While an increase of defence and security budgets may bring some assurance of peaceful times to come, it seems the world has no lack of insane perpetrators who can still somehow evade, breach, ambush, assail and attack as they please. Enter the “Bayesian Stackelberg Game”, a game theory model that can, and has been applied rather successfully to the allocation of security resources in the United States by Prof Milind Tambe, University of Southern California.


Security On Medical Wireless Sensor Networks, Eric D. Southern Aug 2012

Security On Medical Wireless Sensor Networks, Eric D. Southern

Electronic Thesis and Dissertation Repository

Wireless technology is fast becoming a very important tool for all aspects of communication. An area that lacks a strong implementation for wireless communication is the medical field. Wireless systems could be used by clinicians to be better able to diagnose and monitor patients. The reason behind the lack of adoption in healthcare is due to the need to meet the legislated and perceived requirements of security and privacy when dealing with clinical information. The current methods of wireless authentication are investigated and an existing issue in mobile networks is described and solved with two novel solutions; one solution within ...


Performance Analysis Of Security Aspects In Uml Models, Dorin Bogdan Petriu, Dorina C. Petriu, C Murray Woodside, Jing Xiu, Toqeer A. Israr, Geri Georg, Robert B. France, James M. Bieman, Siv Holde Houmb, Jan Jurjens Jan 2007

Performance Analysis Of Security Aspects In Uml Models, Dorin Bogdan Petriu, Dorina C. Petriu, C Murray Woodside, Jing Xiu, Toqeer A. Israr, Geri Georg, Robert B. France, James M. Bieman, Siv Holde Houmb, Jan Jurjens

Faculty Research & Creative Activity

The focus of the paper is on the analysis of performance effects of different security solutions modeled as aspects in UML. Aspect oriented modeling (AOM) allows software designers to isolate and separately address solutions for crosscutting concerns, which are defined as distinct UML aspect models, then are composed with the primary UML model of the system under development. For performance analysis we use techniques developed previously in the PUMA project, which take as input UML models annotated with the standard UML Profile for Schedulability, Performance and Time (SPT), and transform them first into Core Scenario Model (CSM) and then into ...


Trends. An Encryption Paradox: Cracking The Groupe Speciale Mobile Standard (Gsm), Ibpp Editor Apr 1998

Trends. An Encryption Paradox: Cracking The Groupe Speciale Mobile Standard (Gsm), Ibpp Editor

International Bulletin of Political Psychology

The author discusses the vulnerability of encryption methods used with today's modern technology.