Physical Sciences and Mathematics Commons^™

Convicted By Memory: Automatically Recovering Spatial-Temporal Evidence From Memory Images, Brendan D. Saltaformaggio

Open Access Dissertations

Memory forensics can reveal “up to the minute” evidence of a device’s usage, often without requiring a suspect’s password to unlock the device, and it is oblivious to any persistent storage encryption schemes, e.g., whole disk encryption. Prior to my work, researchers and investigators alike considered data-structure recovery the ultimate goal of memory image forensics. This, however, was far from sufficient, as investigators were still largely unable to understand the content of the recovered evidence, and hence efficiently locating and accurately analyzing such evidence locked in memory images remained an open research challenge.

In this dissertation, I propose breaking from …

A Study Of Security Issues Of Mobile Apps In The Android Platform Using Machine Learning Approaches, Lei Cen

Open Access Dissertations

Mobile app poses both traditional and new potential threats to system security and user privacy. There are malicious apps that may do harm to the system, and there are mis-behaviors of apps, which are reasonable and legal when not abused, yet may lead to real threats otherwise. Moreover, due to the nature of mobile apps, a running app in mobile devices may be only part of the software, and the server side behavior is usually not covered by analysis. Therefore, direct analysis on the app itself may be incomplete and additional sources of information are needed. In this dissertation, we …

Knowledge Modeling Of Phishing Emails, Courtney Falk

Open Access Dissertations

This dissertation investigates whether or not malicious phishing emails are detected better when a meaningful representation of the email bodies is available. The natural language processing theory of Ontological Semantics Technology is used for its ability to model the knowledge representation present in the email messages. Known good and phishing emails were analyzed and their meaning representations fed into machine learning binary classifiers. Unigram language models of the same emails were used as a baseline for comparing the performance of the meaningful data. The end results show how a binary classifier trained on meaningful data is better at detecting phishing …

End-To-End Security In Service-Oriented Architecture, Mehdi Azarmi

Open Access Dissertations

A service-oriented architecture (SOA)-based application is composed of a number of distributed and loosely-coupled web services, which are orchestrated to accomplish a more complex functionality. Any of these web services is able to invoke other web services to offload part of its functionality. The main security challenge in SOA is that we cannot trust the participating web services in a service composition to behave as expected all the time. In addition, the chain of services involved in an end-to-end service invocation may not be visible to the clients. As a result, any violation of client’s policies could remain undetected. To …

Bridging Statistical Learning And Formal Reasoning For Cyber Attack Detection, Kexin Pei

Open Access Theses

Current cyber-infrastructures are facing increasingly stealthy attacks that implant malicious payloads under the cover of benign programs. Current attack detection approaches based on statistical learning methods may generate misleading decision boundaries when processing noisy data with such a mixture of benign and malicious behaviors. On the other hand, attack detection based on formal program analysis may lack completeness or adaptivity when modeling attack behaviors. In light of these limitations, we have developed LEAPS, an attack detection system based on supervised statistical learning to classify benign and malicious system events. Furthermore, we leverage control flow graphs inferred from the system event …

Improved Kernel Security Through Code Validation, Diversification, And Minimization, Dannie Michael Stanley

Open Access Dissertations

The vast majority of hosts on the Internet, including mobile clients, are running one of three commodity, general-purpose operating system families. In such operating systems the kernel software executes at the highest processor privilege level. If an adversary is able to hijack the kernel software then by extension he has full control of the system. This control includes the ability to disable protection mechanisms and hide evidence of compromise.

The lack of diversity in commodity, general-purpose operating systems enables attackers to craft a single kernel exploit that has the potential to infect millions of hosts. If enough variants of the …

Privacy-Preserving Assessment Of Location Data Trustworthiness, Chenyun Dai, Fang-Yu Rao, Gabriel Ghinita, Elisa Bertino

Cyber Center Publications

Assessing the trustworthiness of location data corresponding to individuals is essential in several applications, such as forensic science and epidemic control. To obtain accurate and trustworthy location data, analysts must often gather and correlate information from several independent sources, e.g., physical observation, witness testimony, surveillance footage, etc. However, such information may be fraudulent, its accuracy may be low, and its vol-
ume may be insufficient to ensure highly trustworthy data. On the other hand, recent advancements in mobile computing and positioning systems, e.g., GPS-enabled cell phones, highway sensors, etc., bring new and effective technological means to track the location of …

Prox-Rbac: A Proximity-Based Spatially Aware Rbac, Michael Kirkpatrick, Maria Luisa Damiani, Elisa Bertino

Cyber Center Publications

As mobile computing devices are becoming increasingly dominant in enterprise and government organizations, the need for fine-grained access control in these environments continues to grow. Specifically, advanced forms of access control can be deployed to ensure authorized users can access sensitive resources only when in trusted locations. One technique that has been proposed is to augment role-based access control (RBAC) with spatial constraints. In such a system, an authorized user must be in a designated location in order to exercise the privileges associated with a role. In this work, we extend spatially aware RBAC systems by defining the notion of …

Beyond K-Anonymity: A Decision Theoretic Framework For Assessing Privacy Risk, Guy Lebanon, Monica Scannapieco, Mohamed Fouad, Elisa Bertino

Cyber Center Publications

An important issue any organization or individual has to face when managing data containing sensitive information, is the risk that can be incurred when releasing such data. Even though data may be sanitized before being released, it is still possible for an adversary to reconstruct the original data using additional information thus resulting in privacy violations. To date, however, a systematic approach to quantify such risks is not available. In this paper we develop a framework, based on statistical decision theory, that assesses the relationship between the disclosed data and the resulting privacy risk. We model the problem of deciding …