Databases and Information Systems Commons^™

Trace Dna Detection Using Diamond Dye: A Recovery Technique To Yield More Dna, Leah Davis

Master's Theses

This study aspires to find a new screening approach to trace DNA recovery techniques to yield a higher quantity of trace DNA from larger items of evidence. It takes the path of visualizing trace DNA on items of evidence with potential DNA so analysts can swab a more localized area rather than attempting to recover trace DNA through the general swabbing technique currently used for trace DNA recovery. The first and second parts consisted of observing trace DNA interaction with Diamond Dye on porous and non-porous surfaces.

The third part involved applying the Diamond Dye solution by spraying it onto …

Rbac Attack Exposure Auditor. Tracking User Risk Exposure Per Role-Based Access Control Permissions, Adelaide Damrau

Undergraduate Honors Theses

Access control models and implementation guidelines for determining, provisioning, and de-provisioning user permissions are challenging due to the differing approaches, unique for each organization, the lack of information provided by case studies concerning the organization’s security policies, and no standard means of implementation procedures or best practices. Although there are multiple access control models, one stands out, role-based access control (RBAC). RBAC simplifies maintenance by enabling administrators to group users with similar permissions. This approach to managing user permissions supports the principle of least privilege and separation of duties, which are needed to ensure an organization maintains acceptable user access …

Colefunda: Explainable Silent Vulnerability Fix Identification, Jiayuan Zhou, Michael Pacheco, Jinfu Chen, Xing Hu, Xin Xia, David Lo, Ahmed E. Hassan

Research Collection School Of Computing and Information Systems

It is common practice for OSS users to leverage and monitor security advisories to discover newly disclosed OSS vulnerabilities and their corresponding patches for vulnerability remediation. It is common for vulnerability fixes to be publicly available one week earlier than their disclosure. This gap in time provides an opportunity for attackers to exploit the vulnerability. Hence, OSS users need to sense the fix as early as possible so that the vulnerability can be remediated before it is exploited. However, it is common for OSS to adopt a vulnerability disclosure policy which causes the majority of vulnerabilities to be fixed silently, …

An Analysis Of Successful Sqlia For Future Evolutionary Prediction, Andrew Pechin

Senior Honors Theses

Web applications are a fundamental component of the internet, many interact with backend databases. Securing web applications and their databases from hackers should be a top priority for cybersecurity researchers. Structured Query Language (SQL) injection attacks (SQLIA) constitute a significant threat to web applications. They can hijack the backend databases to steal personally identifiable information (PII), initiate scams, or launch more sophisticated cyberattacks. SQLIA has evolved since its conception in the early 2000s and will continue to do so in the coming years. This paper analyzes past literature and successful SQLIA from specific time periods to identify themes and methods …

Chatgpt As Metamorphosis Designer For The Future Of Artificial Intelligence (Ai): A Conceptual Investigation, Amarjit Kumar Singh (Library Assistant), Dr. Pankaj Mathur (Deputy Librarian)

Library Philosophy and Practice (e-journal)

Abstract

Purpose: The purpose of this research paper is to explore ChatGPT’s potential as an innovative designer tool for the future development of artificial intelligence. Specifically, this conceptual investigation aims to analyze ChatGPT’s capabilities as a tool for designing and developing near about human intelligent systems for futuristic used and developed in the field of Artificial Intelligence (AI). Also with the helps of this paper, researchers are analyzed the strengths and weaknesses of ChatGPT as a tool, and identify possible areas for improvement in its development and implementation. This investigation focused on the various features and functions of ChatGPT that …

Data Poisoning: A New Threat To Artificial Intelligence, Nary Simms

Mathematics and Computer Science Capstones

Artificial Intelligence (AI) adoption is rapidly being deployed in a number of fields, from banking and finance to healthcare, robotics, transportation, military, e-commerce and social networks. Grand View Research estimates that the global AI market was worth 93.5 billion in 2021 and that it will increase at a compound annual growth rate (CAGR) of 38.1% from 2022 to 2030. According to a 2020 MIT Sloan Management survey, 87% of multinational corporations believe that AI technology will provide a competitive edge. Artificial Intelligence relies heavily on datasets to train its models. The more data, the better it learns and predicts. However, …

An Empirical Assessment Of The Use Of Password Workarounds And The Cybersecurity Risk Of Data Breaches, Michael Joseph Rooney

CCE Theses and Dissertations

Passwords have been used for a long time to grant controlled access to classified spaces, electronics, networks, and more. However, the dramatic increase in user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure a high level of IS security; this leaves the end-users holding a critical role in protecting their organization and personal information. The increased use of IS as a working tool for employees increases the number of accounts and passwords required. Despite being more aware of password entropy, users still often participate in deviant password behaviors, known as ‘password workarounds’ …

Campus Safety Data Gathering, Classification, And Ranking Based On Clery-Act Reports, Walaa F. Abo Elenin

Electronic Theses and Dissertations

Most existing campus safety rankings are based on criminal incident history with minimal or no consideration of campus security conditions and standard safety measures. Campus safety information published by universities/colleges is usually conceptual/qualitative and not quantitative and are based-on criminal records of these campuses. Thus, no explicit and trusted ranking method for these campuses considers the level of compliance with the standard safety measures. A quantitative safety measure is important to compare different campuses easily and to learn about specific campus safety conditions.

In this thesis, we utilize Clery-Act reports of campuses to automatically analyze their safety conditions and generate …

Reks: Role-Based Encrypted Keyword Search With Enhanced Access Control For Outsourced Cloud Data, Yibin Miao, Feng Li, Xiaohua Jia, Huaxiong Wang, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng

Research Collection School Of Computing and Information Systems

Keyword-based search over encrypted data is an important technique to achieve both data confidentiality and utilization in cloud outsourcing services. While commonly used access control mechanisms, such as identity-based encryption and attribute-based encryption, do not generally scale well for hierarchical access permissions. To solve this problem, we propose a Role-based Encrypted Keyword Search (REKS) scheme by using the role-based access control and broadcast encryption. Specifically, REKS allows owners to deploy hierarchical access control by allowing users with parent roles to have access permissions from child roles. Using REKS, we further facilitate token generation preprocessing and efficient user management, thereby significantly …

T-Counter: Trustworthy And Efficient Cpu Resource Measurement Using Sgx In The Cloud, Chuntao Dong, Qingni Shen, Xuhua Ding, Daoqing Yu, Wu Luo, Pengfei Wu, Zhonghai Wu

Research Collection School Of Computing and Information Systems

As cloud services have become popular, and their adoption is growing, consumers are becoming more concerned about the cost of cloud services. Cloud Service Providers (CSPs) generally use a pay-per-use billing scheme in the cloud services model: consumers use resources as they needed and are billed for their resource usage. However, CSPs are untrusted and privileged; they have full control of the entire operating system (OS) and may tamper with bills to cheat consumers. So, how to provide a trusted solution that can keep track of and verify the consumers’ resource usage has been a challenging problem. In this paper, …

High Performance Distributed File System Based On Blockchain, Ajinkya Rajguru

Master's Projects

Distributed filesystem architectures use commodity hardware to store data on a large scale with maximum consistency and availability. Blockchain makes it possible to store information that can never be tampered with and incentivizes a traditional decentralized storage system. This project aimed to implement a decentralized filesystem that leverages the blockchain to keep a record of all the transactions on it. A conventional filesystem viz. GFS [1] or HDFS [2] uses designated servers owned by their organization to store the data and are governed by a master service. This project aimed at removing a single point of failure and makes use …

Software Supply Chain Security Attacks And Analysis Of Defense, Juanjose Rodriguez-Cardenas, Jobair Hossain Faruk, Masura Tansim, Asia Shavers, Corey Brookins, Shamar Lake, Ava Norouzi, Marie Nassif, Kenneth Burke, Miranda Dominguez

Symposium of Student Scholars

The Software Supply chain or SSC is the backbone of the logistics industry and is crucial to a business's success and operation. The surge of attacks and risks for the SSC has grown in coming years with each attack's impact becoming more significant. These attacks have led to the leaking of both client and company sensitive information, corruption of the data, and having it subject to malware and ransomware installation, despite new practices implemented and investments into SSC security and its branches that have not stopped attackers from developing new vulnerabilities and exploits. In our research, we have investigated Software …

Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore

Symposium of Student Scholars

Water quality refers to measurable water characteristics, including chemical, biological, physical, and radiological characteristics usually relative to human needs. Dumping waste and untreated sewage are the reasons for water pollution and several diseases to the living hood. The quality of water can also have a significant impact on animals and plant ecosystems. Therefore, keeping track of water quality is a substantial national interest. Much research has been done for measuring water quality using sensors to prevent water pollution. In summary, those systems are built based on online and reagent-free water monitoring SCADA systems in wired networks. However, centralized servers, transmission …

Soci: A Toolkit For Secure Outsourced Computation On Integers, Bowen Zhao, Jiaming Yuan, Ximeng Liu, Yongdong Wu, Hwee Hwa Pang, Robert H. Deng

Research Collection School Of Computing and Information Systems

Secure outsourced computation is a key technique for protecting data security and privacy in the cloud. Although fully homomorphic encryption (FHE) enables computations over encrypted data, it suffers from high computation costs in order to support an unlimited number of arithmetic operations. Recently, secure computations based on interactions of multiple computation servers and partially homomorphic encryption (PHE) were proposed in the literature, which enable an unbound number of addition and multiplication operations on encrypted data more efficiently than FHE and do not add any noise to encrypted data; however, these existing solutions are either limited in functionalities (e.g., computation on …

Secure Hierarchical Deterministic Wallet Supporting Stealth Address, Xin Yin, Zhen Liu, Guomin Yang, Guoxing Chen, Haojin Zhu

Research Collection School Of Computing and Information Systems

Over the past decade, cryptocurrency has been undergoing a rapid development. Digital wallet, as the tool to store and manage the cryptographic keys, is the primary entrance for the public to access cryptocurrency assets. Hierarchical Deterministic Wallet (HDW), proposed in Bitcoin Improvement Proposal 32 (BIP32), has attracted much attention and been widely used in the community, due to its virtues such as easy backup/recovery, convenient cold-address management, and supporting trust-less audits and applications in hierarchical organizations. While HDW allows the wallet owner to generate and manage his keys conveniently, Stealth Address (SA) allows a payer to generate fresh address (i.e., …

Secure Deterministic Wallet And Stealth Address: Key-Insulated And Privacy-Preserving Signature Scheme With Publicly Derived Public Key, Zhen Liu, Guomin Yang, Duncan S. Wong, Khoa Nguyen, Huaxiong Wang, Xiaorong Ke, Yining Liu

Research Collection School Of Computing and Information Systems

Deterministic Wallet (DW) and Stealth Address (SA) mechanisms have been widely adopted in the cryptocurrency community, due to their virtues on functionality and privacy protection, which come from a key derivation mechanism that allows an arbitrary number of derived keys to be generated from a master key. However, these algorithms suffer a vulnerability that, when one derived key is compromised somehow, the damage is not limited to the leaked derived key only, but to the master key and in consequence all derived keys are compromised. In this article, we introduce and formalize a new signature variant, called Key-Insulated and Privacy-Preserving …

Toward Intention Discovery For Early Malice Detection In Bitcoin, Ling Cheng, Feida Zhu, Yong Wang, Huiwen Liu

Research Collection School Of Computing and Information Systems

Bitcoin has been subject to illicit activities more often than probably any other financial assets, due to the pseudo-anonymous nature of its transacting entities. An ideal detection model is expected to achieve all the three properties of (I) early detection, (II) good interpretability, and (III) versatility for various illicit activities. However, existing solutions cannot meet all these requirements, as most of them heavily rely on deep learning without satisfying interpretability and are only available for retrospective analysis of a specific illicit type.First, we present asset transfer paths, which aim to describe addresses' early characteristics. Next, with a decision tree based …

Multimodal Private Signatures, Khoa Nguyen, Fuchun Guo, Willy Susilo, Guomin Yang

Research Collection School Of Computing and Information Systems

We introduce Multimodal Private Signature (MPS) - an anonymous signature system that offers a novel accountability feature: it allows a designated opening authority to learn some partial information op about the signer’s identity id, and nothing beyond. Such partial information can flexibly be defined as op = id (as in group signatures), or as op = 0 (like in ring signatures), or more generally, as op = Gj (id), where Gj (·) is a certain disclosing function. Importantly, the value of op is known in advance by the signer, and hence, the latter can decide whether she/he wants to disclose …

Strategic Signaling For Utility Control In Audit Games, Jianan Chen, Qin Hu, Honglu Jiang

Informatics and Engineering Systems Faculty Publications and Presentations

As an effective method to protect the daily access to sensitive data against malicious attacks, the audit mechanism has been widely deployed in various practical fields. In order to examine security vulnerabilities and prevent the leakage of sensitive data in a timely manner, the database logging system usually employs an online signaling scheme to issue an alert when suspicious access is detected. Defenders can audit alerts to reduce potential damage. This interaction process between a defender and an attacker can be modeled as an audit game. In previous studies, it was found that sending real-time signals in the audit …

Test Mimicry To Assess The Exploitability Of Library Vulnerabilities, Hong Jin Kang, Truong Giang Nguyen, Bach Le, Corina S. Pasareanu, David Lo

Research Collection School Of Computing and Information Systems

Modern software engineering projects often depend on open-source software libraries, rendering them vulnerable to potential security issues in these libraries. Developers of client projects have to stay alert of security threats in the software dependencies. While there are existing tools that allow developers to assess if a library vulnerability is reachable from a project, they face limitations. Call graphonly approaches may produce false alarms as the client project may not use the vulnerable code in a way that triggers the vulnerability, while test generation-based approaches faces difficulties in overcoming the intrinsic complexity of exploiting a vulnerability, where extensive domain knowledge …

On Measuring Network Robustness For Weighted Networks, Jianbing Zheng, Ming Gao, Ee-Peng Lim, David Lo, Cheqing Jin, Aoying Zhou

Research Collection School Of Computing and Information Systems

Network robustness measures how well network structure is strong and healthy when it is under attack, such as vertices joining and leaving. It has been widely used in many applications, such as information diffusion, disease transmission, and network security. However, existing metrics, including node connectivity, edge connectivity, and graph expansion, can be suboptimal for measuring network robustness since they are inefficient to be computed and cannot directly apply to the weighted networks or disconnected networks. In this paper, we define the RR-energy as a new robustness measurement for weighted networks based on the method of spectral analysis. RR-energy can cope …

Using Graph Theoretical Methods And Traceroute To Visually Represent Hidden Networks, Jordan M. Sahs

UNO Student Research and Creative Activity Fair

Within the scope of a Wide Area Network (WAN), a large geographical communication network in which a collection of networking devices communicate data to each other, an example being the spanning communication network, known as the Internet, around continents. Within WANs exists a collection of Routers that transfer network packets to other devices. An issue pertinent to WANs is their immeasurable size and density, as we are not sure of the amount, or the scope, of all the devices that exists within the network. By tracing the routes and transits of data that traverses within the WAN, we can identify …

Shunted Self-Attention Via Multi-Scale Token Aggregation, Sucheng Ren, Daquan Zhou, Shengfeng He, Jiashi Feng, Xinchao Wang

Research Collection School Of Computing and Information Systems

Recent Vision Transformer (ViT) models have demonstrated encouraging results across various computer vision tasks, thanks to its competence in modeling long-range dependencies of image patches or tokens via self-attention. These models, however, usually designate the similar receptive fields of each token feature within each layer. Such a constraint inevitably limits the ability of each self-attention layer in capturing multi-scale features, thereby leading to performance degradation in handling images with multiple objects of different scales. To address this issue, we propose a novel and generic strategy, termed shunted selfattention (SSA), that allows ViTs to model the attentions at hybrid scales per …

Information Provenance For Mobile Health Data, Taylor A. Hardin

Dartmouth College Ph.D Dissertations

Mobile health (mHealth) apps and devices are increasingly popular for health research, clinical treatment and personal wellness, as they offer the ability to continuously monitor aspects of individuals' health as they go about their everyday activities. Many believe that combining the data produced by these mHealth apps and devices may give healthcare-related service providers and researchers a more holistic view of an individual's health, increase the quality of service, and reduce operating costs. For such mHealth data to be considered useful though, data consumers need to be assured that the authenticity and the integrity of the data has remained intact---especially …

Natural Attack For Pre-Trained Models Of Code, Zhou Yang, Jieke Shi, Junda He, David Lo

Research Collection School Of Computing and Information Systems

Pre-trained models of code have achieved success in many important software engineering tasks. However, these powerful models are vulnerable to adversarial attacks that slightly perturb model inputs to make a victim model produce wrong outputs. Current works mainly attack models of code with examples that preserve operational program semantics but ignore a fundamental requirement for adversarial example generation: perturbations should be natural to human judges, which we refer to as naturalness requirement. In this paper, we propose ALERT (Naturalness Aware Attack), a black-box attack that adversarially transforms inputs to make victim models produce wrong outputs. Different from prior works, this …

Optimized Damage Assessment And Recovery Through Data Categorization In Critical Infrastructure System., Shruthi Ramakrishnan

Graduate Theses and Dissertations

Critical infrastructures (CI) play a vital role in majority of the fields and sectors worldwide. It contributes a lot towards the economy of nations and towards the wellbeing of the society. They are highly coupled, interconnected and their interdependencies make them more complex systems. Thus, when a damage occurs in a CI system, its complex interdependencies make it get subjected to cascading effects which propagates faster from one infrastructure to another resulting in wide service degradations which in turn causes economic and societal effects. The propagation of cascading effects of disruptive events could be handled efficiently if the assessment and …

Structure-Aware Visualization Retrieval, Haotian Li, Yong Wang, Aoyu Wu, Huan Wei, Huamin. Qu

Research Collection School Of Computing and Information Systems

With the wide usage of data visualizations, a huge number of Scalable Vector Graphic (SVG)-based visualizations have been created and shared online. Accordingly, there has been an increasing interest in exploring how to retrieve perceptually similar visualizations from a large corpus, since it can benefit various downstream applications such as visualization recommendation. Existing methods mainly focus on the visual appearance of visualizations by regarding them as bitmap images. However, the structural information intrinsically existing in SVG-based visualizations is ignored. Such structural information can delineate the spatial and hierarchical relationship among visual elements, and characterize visualizations thoroughly from a new perspective. …

Using A Bert-Based Ensemble Network For Abusive Language Detection, Noah Ballinger

Computer Science and Computer Engineering Undergraduate Honors Theses

Over the past two decades, online discussion has skyrocketed in scope and scale. However, so has the amount of toxicity and offensive posts on social media and other discussion sites. Despite this rise in prevalence, the ability to automatically moderate online discussion platforms has seen minimal development. Recently, though, as the capabilities of artificial intelligence (AI) continue to improve, the potential of AI-based detection of harmful internet content has become a real possibility. In the past couple years, there has been a surge in performance on tasks in the field of natural language processing, mainly due to the development of …

College Of Education Filemaker Extraction And End-User Database Development, Andrew Tran

Electronic Theses, Projects, and Dissertations

The College of Education (CoE) at the California State University San Bernardino (CSUSB) developed a system to keep track of both state and national accreditation requirements using FileMaker 5, a database system. This accreditation data is crucial for reporting and record-keeping for the CSU Chancellor’s Office as well as the State of California. However, the database system was developed several decades ago, and software support has long since been dropped, causing the CoE’s legacy accreditation data to be at risk of being lost should the software or hardware suffer permanent failure. The purpose of this project was to perform extraction …

A False Sense Of Security - Organizations Need A Paradigm Shift On Protecting Themselves Against Apts, Srinivasulu R. Vuggumudi

Masters Theses & Doctoral Dissertations

Organizations Advanced persistent threats (APTs) are the most complex cyberattacks and are generally executed by cyber attackers linked to nation-states. The motivation behind APT attacks is political intelligence and cyber espionage. Despite all the awareness, technological advancements, and massive investment, the fight against APTs is a losing battle for organizations. An organization may implement a security strategy to prevent APTs. However, the benefits to the security posture might be negligible if the measurement of the strategy’s effectiveness is not part of the plan. A false sense of security exists when the focus is on implementing a security strategy but not …