Information Security Commons^™

Library Writers Reward Project, Saravana Kumar Gajendran

Master's Projects

Open-source library development exploits the distributed intelligence of participants in Internet communities. Nowadays, contribution to the open-source community is fading [16] (Stackalytics, 2016) as there is not much recognition for library writers. They can start exploring ways to generate revenue as they actively contribute to the open-source community.

This project helps library writers to generate revenue in the form of bitcoins for their contribution. Our solution to generate revenue for library writers is to integrate bitcoin mining with existing JavaScript libraries, such as jQuery. More use of the library leads to more revenue for the library writers. It uses the …

Malicious Javascript Detection Using Statistical Language Model, Anumeha Shah

Master's Projects

The Internet has an immense importance in our day to day life, but at the same time, it has become the medium of infecting computers, attacking users, and distributing malicious code. As JavaScript is the principal language of client side pro- gramming, it is frequently used in conducting such attacks. Various approaches have been made to overcome the JavaScript security issues. Some advanced approaches utilize machine learning technology in combination with de-obfuscation and emula- tion. Many methods of analysis incorporate static analysis and dynamic analysis. Our solution is entirely based on static analysis, which avoids unnecessary runtime overhead.

The central …

Secure Declassification In Faceted Javascript, Tam Wing

Master's Projects

Information leaks currently represent a major security vulnerability. Malicious code, when injected into a trusted environment and executed in the context of the victim’s privileges, often results in the loss of sensitive information. To address this security issue, this paper focuses on the idea of information flow control using faceted execution [3]. This mechanism allows the interpreter to efficiently keep track of variables across multiple security levels, achieving termination-insensitive non-interference (TINI). With TINI, a program can only leak one bit of data, caused by the termination of a program. One key benefit of having faceted execution is that flow policy …

Analyzing Proactive Fraud Detection Software Tools And The Push For Quicker Solutions, Kerri Aiken

Economic Crime Forensics Capstones

This paper focuses on proactive fraud detection software tools and how these tools can help detect and prevent possible fraudulent schemes. In addition to relying on routine audits, companies are designing proactive methods that involve the inclusion of software tools to detect and deter instances of fraud and abuse. This paper discusses examples of companies using ACL and SAS software programs and how the software tools have positively changed their auditing systems.

Novelis Inc., an aluminum and recycling company, implemented ACL into their internal audit software system. Competitive Health Analytics (Division of Humana) implemented SAS in order to improve their …

The History Of Chinese Cybersecurity: Current Effects On Chinese Society Economy, And Foreign Relations, Vaughn C. Rogers

Seton Hall University Dissertations and Theses (ETDs)

Chinese cybersecurity has become an infamous topic in the field of cybersecurity today, causing a great deal of controversy. The controversy stems from whether or not censorship is hindering Chinese economy, society, and relationships with other countries. The White Papers (中国政府白皮书), the Constitution of the People’s Republic of China (中华人民共和国宪法), and The Internet in China (中国互联网状况) all suggest that there is a free flow of Internet both within and without China that promotes peaceful socioeconomic development which the Chinese government seeks to promote. But is China sacrificing lucrative business prospects to secure …

Taint And Information Flow Analysis Using Sweet.Js Macros, Prakasam Kannan

Master's Projects

JavaScript has been the primary language for application development in browsers and with the advent of JIT compilers, it is increasingly becoming popular on server side development as well. However, JavaScript suffers from vulnerabilities like cross site scripting and malicious advertisement code on the the client side and on the server side from SQL injection.

In this paper, we present a dynamic approach to efficiently track information flow and taint detection to aid in mitigation and prevention of such attacks using JavaScript based hygienic macros. We use Sweet.js and object proxies to override built-in JavaScript operators to track information flow …

Detecting Objective-C Malware Through Memory Forensics, Andrew Case

University of New Orleans Theses and Dissertations

Memory forensics is increasingly used to detect and analyze sophisticated malware. In the last decade, major advances in memory forensics have made analysis of kernel-level malware straightforward. Kernel-level malware has been favored by attackers because it essentially provides complete control over a machine. This has changed recently as operating systems vendors now routinely enforce driving signing and strategies for protecting kernel data, such as Patch Guard, have made userland attacks much more attractive to malware authors.

In this thesis, new techniques for detecting userland malware written in Objective-C on Mac OS X are presented. As the thesis illustrates, Objective-C provides …

Information Technology Proposal For The Town Of Spencer, Vijay Basava, Corey Kenyon, Mahdi Soltani

School of Professional Studies

The Town of Spencer came to us looking for a plan to build and maintain their own personal fiber network for connection between departments and to improve data security for important information. After assessing the existing landscape and determining the various paths forward, we created network diagrams and plans for the movement forward of this project.

After assessing a variety of plans, we found that a full single-mode fiber network would be the best system for the implementation in Spencer. While it was the highest cost, it also scored the highest in our assessment.

Charlton Fire Department Resident Expectations: Survey And Analysis, Natalie Omary, Jingxin Wen, Junchen Chen, Denis Kornev

School of Professional Studies

The Town of Charlton is located in the heart of the Massachusetts with a resident population of just under 14,000 people. The Charlton Fire Department serves the town for needs related to fire fighting, fire prevention, burning permits and inspection services along with emergency medical services. The Department has requested the assistance of the Clark University COPACE Capstone students in creating and conducting survey in order to get a sense of what the resident of the town know about the fire department and to better gauge their expectations about what the department can provide for them. The survey was formulated …

Cybersecurity Awareness Shrewsbury Public Schools, Brittany Crompton, David Thompson, Manuel Reyes, Xueyan Zhao, Xueke Zou

School of Professional Studies

In the 21st Century, technology reaches every aspect of our lives. As “digital citizens” we must be aware of the dangers both to our technological equipment and our personal information stored, transmitted, and processed on this equipment. The Cybersecurity Awareness curriculum developed for the Shrewsbury Public School district is designed to meet this need, as well as foster an interest in technology and ethical computer use.

Analysis Of The Point Of Sales System At Tower Hill Botanical Garden And Suggested Courses Of Action, Brian Dunn, Keerthi Bandi, Chantal Kopwa Epse Kassa, F.N.U Shelly

School of Professional Studies

As Tower Hill Botanic Garden continues to improve on its operations and enhance the experience of its visitors and members, they are on a quest for a new Point-Of-Sale (POS) system that not only works with its existing hardware and interface with Raiser’s Edge, a smartcloud fundraising and relationship management software central to the garden’s operations but also, have a restaurant module and the capability of operating both in a wireless and hard-wired environment.

Alternatives Unlimited Inc. Property Service Application, Jalpa Dave, Pennie Nataliya, Neelakshi Bali

School of Professional Studies

The purpose of this project is to propose Property service application to be enforced for documenting and managing the work orders raised throughout the residencies. The company is looking into an application that would facilitate to track and monitor the maintenance request received in a systematic order and ensuring priority work request is resolved within the set time frame. The project is to enhance the property service's work more efficiently as this will provide a high level of charge for the occupants by providing quicker response to their requests. The Objectives set to achieve for this project are realistic and …

Towards Secure Online Distribution Of Multimedia Codestreams, Swee Won Lo

Dissertations and Theses Collection (Open Access)

Multimedia codestreams distributed through open and insecure networks are subjected to attacks such as malicious content tampering and unauthorized accesses. This dissertation first addresses the issue of authentication as a mean to integrity - protect multimedia codestreams against malicious tampering. Two cryptographic-based authentication schemes are proposed to authenticate generic scalable video codestreams with a multi-layered structure. The first scheme combines the salient features of hash-chaining and double error correction coding to achieve loss resiliency with low communication overhead and proxy-transparency. The second scheme further improves computation cost by replacing digital signature with a hash-based message authentication code to achieve packet-level …

Developing An Online Database Of Experts For The Worcester Regional Chamber Of Commerce, Zikan Chen, Douglas Grey, Pranjal Shah

School of Professional Studies

The Worcester Regional Chamber of Commerce as part of their mission to attract business to the Worcester area, want to create an online searchable database of industry experts made up of faculty members of the Colleges and Universities in the Worcester area. This online database will be placed on the Worcester Regional Chamber of Commerce Higher Education – Business Partnership page on their website. The limitations placed on this request are that the Regional Chamber as of this moment have no monetary or Information Technologies resources to provide for the realization of this request.

The proliferation of as A Service …

Hardware Trojan Detection Via Golden Reference Library Matching, Lucas Weaver

Graduate Theses and Dissertations

Due to the proliferation of hardware Trojans in third party Intellectual Property (IP) designs, the issue of hardware security has risen to the forefront of computer engineering. Because of the miniscule size yet devastating effects of hardware Trojans, few detection methods have been presented that adequately address this problem facing the hardware industry. One such method with the ability to detect hardware Trojans is Structural Checking. This methodology analyzes a soft IP at the register-transfer level to discover malicious inclusions. An extension of this methodology is presented that expands the list of signal functionalities, termed assets, in addition to introducing …

Exploring Privacy Leakage From The Resource Usage Patterns Of Mobile Apps, Amin Rois Sinung Nugroho

Graduate Theses and Dissertations

Due to the popularity of smart phones and mobile apps, a potential privacy risk with the usage of mobile apps is that, from the usage information of mobile apps (e.g., how many hours a user plays mobile games in each day), private information about a user’s living habits and personal activities can be inferred. To assess this risk, this thesis answers the following research question: can the type of a mobile app (e.g., email, web browsing, mobile game, music streaming, etc.) used by a user be inferred from the resource (e.g., CPU, memory, network, etc.) usage patterns of the mobile …

Dueling-Hmm Analysis On Masquerade Detection, Peter Chou

Master's Projects

Masquerade detection is the ability to detect attackers known as masqueraders that intrude on another user’s system and pose as legitimate users. Once a masquerader obtains access to a user’s system, the masquerader has free reign over whatever data is on that system. In this research, we focus on masquerade detection and user classi cation using the following two di erent approaches: the heavy hitter approach and 2 di erent approaches based on hidden Markov models (HMMs), the dueling-HMM and threshold-HMM strategies.

The heavy hitter approach computes the frequent elements seen in the training data sequence and test data sequence …

Doc Wayne Youth Services, Inc. Capstone Project Youth Employment And Mentoring, Bongani T. Jeranyama, Zhengjun Liu, Sarah Parsons

School of Professional Studies

In Boston, Massachusetts, young adults age 16-19 who have dropped out of high school have a very high unemployment rate of 43.8%. Additionally, in the United States of America the difference between a young adult with a high school diploma as opposed to a young adult without a high school diploma in terms of weekly income is $180 USD; between a young adult with a high school diploma versus a young professional with a bachelor’s degree is $433 USD. These numbers demonstrate the need for services that improve academic achievement, job readiness and preparedness, and youth mentorship for struggling young …

A Nonprofit Model In A For-Profit World: A Closer Look At Sheltered Workshops And Sustainability As An Employee Run Business, Bing Jang, Mitchell Perry, Nikolin Vangjeli, Laura Ducharme

School of Professional Studies

Historically, society has tended to isolate and segregate individuals with intellectual and developmental disabilities. Despite improvements such forms of discrimination continue to be a serious social problem. On October 11, 2011, the Department of Justice began an investigation into several state’s systems of providing vocational services to individuals with intellectual and developmental disabilities. This action came about due to several states being out of compliance around Title II of the Americans with Disabilities Act (ADA). Title II of the ADA prohibits discrimination on the basis of disability for all services, programs and activities provided to the public by state and …

Analyzing Shared Value And Social Business Principles: A Case Study Of Honeydrop Beverages And Seven Hills Foundation, Sarah Dys, Maya Grevatt, Brianna Mirabile

School of Professional Studies

Can the business world come together with the nonprofit world to create systems to lift low income women, children, and families out of poverty? The following report aims to show how the changing principles of business have the potential to serve international populations living on less than $2USD per day. For-profit organizations working with citizen sector organizations instead of giving charity provides a sustainable model to connect profit maximization with social good.

Honeydrop Beverages is a company based out of New York that produces lemonade sweetened with honey. Their products do not contain any refined products, only using fresh and …

Biometrics-Based Dynamic Authentication For Secure Services, Saif Mohammed Saeed Abdulla Al Aryani

Theses

This thesis proposes a secure authentication protocol against physical session hijacking attacks. In client/server technology, users establish sessions to access the services offered by the servers. However, using physical session hijacking attacks, malicious users may physically take control of ongoing sessions. Malicious users also can establish sessions with servers using stolen passwords. In both cases, the server will be communicating with the wrong user who pretends to be the real user. The goal of this authentication protocol is to continuously and dynamically ensure that during an ongoing session the current session’s user is himself the real person that is known …

Evaluating The Gasday Security Policy Through Penetration Testing And Application Of The Nist Cybersecurity Framework, Andrew Nicholas Kirkham

Master's Theses (2009 -)

This thesis explores cybersecurity from the perspective of the Marquette University GasDay lab. We analyze three different areas of cybersecurity in three independent chapters. Our goal is to improve the cybersecurity capabilities of GasDay, Marquette University, and the natural gas industry. We present network penetration testing as a process of attempting to gain access to resources of GasDay without prior knowledge of any valid credentials. We discuss our method of identifying potential targets using industry standard reconnaissance methods. We outline the process of attempting to gain access to these targets using automated tools and manual exploit creation. We propose several …

Statistic Whitelisting For Enterprise Network Incident Response, Nathan E. Grunzweig

Theses and Dissertations

This research seeks to satisfy the need for the rapid evaluation of enterprise network hosts in order to identify items of significance through the introduction of a statistic whitelist based on the behavior of the processes on each host. By taking advantage of the repetition of processes and the resources they access, a whitelist can be generated using large quantities of host machines. For each process, the Modules and the TCP & UDP Connections are compared to identify which resources are most commonly accessed by each process. Results show 47% of processes receiving a whitelist score of 75% or greater …

Cyberspace And Organizational Structure: An Analysis Of The Critical Infrastructure Environment, Michael D. Quigg Ii

Theses and Dissertations

Now more than ever, organizations are being created to protect the cyberspace environment. The capability of cyber organizations tasked to defend critical infrastructure has been called into question by numerous cybersecurity experts. Organizational theory states that organizations should be constructed to fit their operating environment properly. Little research in this area links existing organizational theory to cyber organizational structure. Because of the cyberspace connection to critical infrastructure assets, the factors that influence the structure of cyber organizations designed to protect these assets warrant analysis to identify opportunities for improvement.

This thesis analyzes the cyber‐connected critical infrastructure environment using the dominant …

Whitelisting System State In Windows Forensic Memory Visualizations, Joshua A. Lapso

Theses and Dissertations

Examiners in the field of digital forensics regularly encounter enormous amounts of data and must identify the few artifacts of evidentiary value. The most pressing challenge these examiners face is manual reconstruction of complex datasets with both hierarchical and associative relationships. The complexity of this data requires significant knowledge, training, and experience to correctly and efficiently examine. Current methods provide primarily text-based representations or low-level visualizations, but levee the task of maintaining global context of system state on the examiner. This research presents a visualization tool that improves analysis methods through simultaneous representation of the hierarchical and associative relationships and …

Pointing Analysis And Design Drivers For Low Earth Orbit Satellite Quantum Key Distribution, Jeremiah A. Specht

Theses and Dissertations

The world relies on encryption to perform critical and sensitive tasks every day. If quantum computing matures, the capability to decode keys and decrypt messages becomes possible. Quantum key distribution (QKD) is a method of distributing secure cryptographic keys which relies on the laws of quantum mechanics. Current implementations of QKD use fiber-based channels which limit the number of users and the distance between users. Satellite-based QKD using free-space channels is proposed as a feasible secure global communication solution. Since a free-space link does not use a waveguide, pointing a transmitter to receiver is required to ensure signal arrival. In …

A Framework For Incorporating Insurance Into Critical Infrastructure Cyber Risk Strategies, Derek R. Young

Theses and Dissertations

Critical infrastructure owners and operators want to minimize their cyber risk and expenditures on cybersecurity. The insurance industry has been quantitatively assessing risk for hundreds of years in order to minimize risk and maximize profits. To achieve these goals, insurers continuously gather statistical data to improve their predictions, incentivize their clients' investment in self-protection and periodically refine their models to improve the accuracy of risk estimates. This paper presents a framework which incorporates the operating principles of the insurance industry in order to provide quantitative estimates of cyber risk. The framework implements optimization techniques to suggest levels of investment for …

Ultrasonic Data Transmission And Steganography, Hunter Young

KSU Journey Honors College Capstones and Theses

This project discusses the feasibility of using ultrasound to transmit data between computer systems, particularly computer systems that have been intentionally cut off from traditional networks for increased security. The goal of this project is to provide a synthesis of the current research that has been done into the use of ultrasonic data transmission, and to conduct a series of tests determining the validity of certain claims made in regards to ultrasonic data transmission within the information security community. All research, experiments, results, and inferences have been discussed in the context of how they relate to the realm of information …

Ultrasonic Data Steganography, Alexander Orosz Edwards

KSU Journey Honors College Capstones and Theses

What started off as a question on the possibly of data transmission via sound above the level of human hearing evolved into a project exploring the possibility of ultrasonic data infiltration and exfiltration in an information security context. It is well known that sound can be used to transmit data as this can be seen in many old technologies, most notably and simply DTMF tones for phone networks. But what if the sound used to transmit signals was in in the ultrasonic range? It would go generally unnoticed to anyone not looking for it with tools such as a spectrum …

Best Practices To Increase Efficacy Of Graduate School Admissions Communications At Clark University, Diana Curran, Nikki Feinberg, Mitchell Kelley, Ruiqi Li, Anning Zhou

School of Professional Studies

Within the period of time that a graduate student deposits and subsequently arrives at their academic institution, receiving timely information is important for their preparation. This process has been deemed by the Deans of the Enterprise Schools at Clark University as one that needs further investigation. As such, this Capstone looks at the array of communication that goes out to each graduate student during this four-month period. The purpose of examining this communication is to analyze its effectiveness in engaging students. To analyze the effectiveness of this communication, surveys were distributed to current students in these schools to gather data …