Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

Theses/Dissertations

2010

Discipline
Institution
Keyword
Publication

Articles 1 - 20 of 20

Full-Text Articles in Information Security

Analysis Of A Database Insider Threat Model, Andrea Samuel Dec 2010

Analysis Of A Database Insider Threat Model, Andrea Samuel

Computer Science and Computer Engineering Undergraduate Honors Theses

According to Silicon.com's CIO Insight - Beware the Insider Security Threat, insiders are bigger threats to corporate security than external threats such as denial of service attacks or malware. Statistics show that 70% of fraud is perpetrated by staff and that the main data security threat comes from poorly trained or disgruntled employees who are authorized to have access to data and file stores [4]. This research project focuses specifically on the problem of insider threat in relational database systems. The project involves simulating research conducted in Qussai Yaseen and Brajendra Panda's research paper, Predicting and Preventing Insider Threat in …

Go to article

Reputation-Based Internet Protocol Security: A Multilayer Security Framework For Mobil Ad Hoc Networks, Timothy H. Lacey Sep 2010

Reputation-Based Internet Protocol Security: A Multilayer Security Framework For Mobil Ad Hoc Networks, Timothy H. Lacey

Theses and Dissertations

This research effort examines the theory, application, and results for a Reputation-based Internet Protocol Security (RIPSec) framework that provides security for an ad-hoc network operating in a hostile environment. In RIPSec, protection from external threats is provided in the form of encrypted communication links and encryption-wrapped nodes while internal threats are mitigated by behavior grading that assigns reputations to nodes based on their demonstrated participation in the routing process. Network availability is provided by behavior grading and round-robin multipath routing. If a node behaves faithfully, it earns a positive reputation over time. If a node misbehaves (for any number of …

Go to article

Cyber Situational Awareness Using Live Hypervisor-Based Virtual Machine Introspection, Dustyn A. Dodge Sep 2010

Cyber Situational Awareness Using Live Hypervisor-Based Virtual Machine Introspection, Dustyn A. Dodge

Theses and Dissertations

In this research, a compiled memory analysis tool for virtualization (CMAT-V) is developed as a virtual machine introspection (VMI) utility to conduct live analysis during cyber attacks. CMAT-V leverages static memory dump analysis techniques to provide live dynamic system state data. Unlike some VMI applications, CMAT-V bridges the semantic gap using derivation techniques. CMAT-V detects Windows-based operating systems and uses the Microsoft Symbol Server to provide this context to the user. This research demonstrates the usefulness of CMAT-V as a situational awareness tool during cyber attacks, tests the detection of CMAT-V from the guest system level and measures its impact …

Go to article

Code White: A Signed Code Protection Mechanism For Smartphones, Joseph M. Hinson Iv Sep 2010

Code White: A Signed Code Protection Mechanism For Smartphones, Joseph M. Hinson Iv

Theses and Dissertations

This research develops Code White, a hardware-implemented trusted execution mechanism for the Symbian mobile operating system. Code White combines a signed whitelist approach with the execution prevention technology offered by the ARM architecture. Testing shows that it prevents all untrusted user applications from executing while allowing all trusted applications to load and run. Performance testing in contrast with an unmodified Symbian system shows that the difference in load time increases linearly as the application file size increases. The predicted load time for an application with a one megabyte code section remains well below one second, ensuring uninterrupted experience for the …

Go to article

Accelerating Malware Detection Via A Graphics Processing Unit, Nicholas S. Kovach Sep 2010

Accelerating Malware Detection Via A Graphics Processing Unit, Nicholas S. Kovach

Theses and Dissertations

Real-time malware analysis requires processing large amounts of data storage to look for suspicious files. This is a time consuming process that (requires a large amount of processing power) often affecting other applications running on a personal computer. This research investigates the viability of using Graphic Processing Units (GPUs), present in many personal computers, to distribute the workload normally processed by the standard Central Processing Unit (CPU). Three experiments are conducted using an industry standard GPU, the NVIDIA GeForce 9500 GT card. The goal of the first experiment is to find the optimal number of threads per block for calculating …

Go to article

Hijacking User Uploads To Online Persistent Data Repositories For Covert Data Exfiltration, Curtis P. Barnard Sep 2010

Hijacking User Uploads To Online Persistent Data Repositories For Covert Data Exfiltration, Curtis P. Barnard

Theses and Dissertations

As malware has evolved over the years, it has gone from harmless programs that copy themselves into other executables to modern day botnets that perform bank fraud and identity theft. Modern malware often has a need to communicate back to the author, or other machines that are also infected. Several techniques for transmitting this data covertly have been developed over the years which vary significantly in their level of sophistication. This research creates a new covert channel technique for stealing information from a network by piggybacking on user-generated network traffic. Specifically, steganography drop boxes and passive covert channels are merged …

Go to article

A Comparative Analysis Of Ascii And Xml Logging Systems, Eric C. Hanington Sep 2010

A Comparative Analysis Of Ascii And Xml Logging Systems, Eric C. Hanington

Theses and Dissertations

This research compares XML and ASCII based event logging systems in terms of their storage and processing efficiency. XML has been an emerging technology, even for security. Therefore, it is researched as a logging system with the mitigation of its verbosity. Each system consists of source content, the network transmission, database storage, and querying which are all studied as individual parts. The ASCII logging system consists of the text file as source, FTP as transport, and a relational database system for storage and querying. The XML system has the XML files and XML files in binary form using Efficient XML …

Go to article

Deterministic, Efficient Variation Of Circuit Components To Improve Resistance To Reverse Engineering, Daniel F. Koranek Jun 2010

Deterministic, Efficient Variation Of Circuit Components To Improve Resistance To Reverse Engineering, Daniel F. Koranek

Theses and Dissertations

This research proposes two alternative methods for generating semantically equivalent circuit variants which leave the circuit's internal structure pseudo-randomly determined. Component fusion deterministically selects subcircuits using a component identification algorithm and replaces them using a deterministic algorithm that generates canonical logic forms. Component encryption seeks to alter the semantics of individual circuit components using an encoding function, but preserves the overall circuit semantics by decoding signal values later in the circuit. Experiments were conducted to examine the performance of component fusion and component encryption against representative trials of subcircuit selection-and-replacement and Boundary Blurring, two previously defined methods for circuit obfuscation. …

Go to article

Developing A Hybrid Virtualization Platform Design For Cyber Warfare And Simulation, Kyle E. Stewart Jun 2010

Developing A Hybrid Virtualization Platform Design For Cyber Warfare And Simulation, Kyle E. Stewart

Theses and Dissertations

Virtualization is a technique used to model and simulate the cyber domain, as well as train and educate. Different types of virtualization techniques exist that each support a unique set of benefits and requirements. This research proposes a novel design that incorporates host and network virtualization concepts for a cyber warfare training platform. At the host level, hybrid virtualization combines full and operating system virtualization techniques in order to leverage the benefits and minimize the drawbacks of each individual technique. Network virtualization allows virtual machines to connect in flexible topologies, but it also incurs additional processing overhead. Quantitative analysis falls …

Go to article

An Application Of Automated Theorem Provers To Computer System Security: The Schematic Protection Model, Mitchell D.I. Hirschfeld Jun 2010

An Application Of Automated Theorem Provers To Computer System Security: The Schematic Protection Model, Mitchell D.I. Hirschfeld

Theses and Dissertations

The Schematic Protection Model is specified in SAL and theorems about Take-Grant and New Technology File System schemes are proven. Arbitrary systems can be specified in SPM and analyzed. This is the first known automated analysis of SPM specifications in a theorem prover. The SPM specification was created in such a way that new specifications share the underlying framework and are configurable within the specifications file alone. This allows new specifications to be created with ease as demonstrated by the four unique models included within this document. This also allows future users to more easily specify models without recreating the …

Go to article

Detecting Malicious Javascript, Matthew F. Der Apr 2010

Detecting Malicious Javascript, Matthew F. Der

Honors Theses

The increased use of the World Wide Web and JavaScript as a scripting language for Web pages have made JavaScript a popular attack vector for infecting users' machines with malware. Additionally, attackers often obfuscate their code to avoid detection, which heightens the challenge and complexity of automated defense systems. We present two analyses of malicious scripts and suggest how they could be extended into intrusion detection systems. For our analyses we use a sample of deobfuscated malicious and benign scripts collected from actual Web sites. First, using our malicious sample, we perform a manual analysis of attack signatures, identifying four …

Go to article

Performance Characteristics Of A Kernel-Space Packet Capture Module, Samuel W. Birch Mar 2010

Performance Characteristics Of A Kernel-Space Packet Capture Module, Samuel W. Birch

Theses and Dissertations

Defending networks, network-connected assets, and the information they both carry and store is an operational challenge and a significant drain on resources. A plethora of historical and ongoing research efforts are focused on increasing the effectiveness of the defenses or reducing the costs of existing defenses. One valuable facet in defense is the ability to perform post mortem analysis of incidents that have occurred, and this tactic requires accurate storage and rapid retrieval of vast quantities of historical network data. This research improves the efficiency of capturing network packets to disk using commodity, general-purpose hardware and operating systems. It examines …

Go to article

Utilizing The Digital Fingerprint Method For Secure Key Generation, Jennifer C. Anilao Mar 2010

Utilizing The Digital Fingerprint Method For Secure Key Generation, Jennifer C. Anilao

Theses and Dissertations

This research examines a new way to generate an uncloneable secure key by taking advantage of the delay characteristics of individual transistors. The user profiles the circuit to deduce the glitch count of each output line for each number of selectable buffers added to the circuit. The user can then use this information to generate a specific glitch count on each output line, which is passed to an encryption algorithm as its key. The results detail tests of two configurations for adding a selectable amount of buffers into each glitch circuit in order to induce additional delay. One configuration adds …

Go to article

Multi-Objective Constraint Satisfaction For Mobile Robot Area Defense, Kenneth W. Mayo Mar 2010

Multi-Objective Constraint Satisfaction For Mobile Robot Area Defense, Kenneth W. Mayo

Theses and Dissertations

In developing multi-robot cooperative systems, there are often competing objectives that need to be met. For example in automating area defense systems, multiple robots must work together to explore the entire area, and maintain consistent communications to alert the other agents and ensure trust in the system. This research presents an algorithm that tasks robots to meet the two specific goals of exploration and communication maintenance in an uncoordinated environment reducing the need for a user to pre-balance the objectives. This multi-objective problem is defined as a constraint satisfaction problem solved using the Non-dominated Sorting Genetic Algorithm II (NSGA-II). Both …

Go to article

Development Of A Methodology For Customizing Insider Threat Auditing On A Linux Operating System, William T. Bai Mar 2010

Development Of A Methodology For Customizing Insider Threat Auditing On A Linux Operating System, William T. Bai

Theses and Dissertations

Insider threats can pose a great risk to organizations and by their very nature are difficult to protect against. Auditing and system logging are capabilities present in most operating systems and can be used for detecting insider activity. However, current auditing methods are typically applied in a haphazard way, if at all, and are not conducive to contributing to an effective insider threat security policy. This research develops a methodology for designing a customized auditing and logging template for a Linux operating system. An intent-based insider threat risk assessment methodology is presented to create use case scenarios tailored to address …

Go to article

Visually Managing Ipsec, Peter J. Dell'accio Mar 2010

Visually Managing Ipsec, Peter J. Dell'accio

Theses and Dissertations

The United States Air Force relies heavily on computer networks to transmit vast amounts of information throughout its organizations and with agencies throughout the Department of Defense. The data take many forms, utilize different protocols, and originate from various platforms and applications. It is not practical to apply security measures specific to individual applications, platforms, and protocols. Internet Protocol Security (IPsec) is a set of protocols designed to secure data traveling over IP networks, including the Internet. By applying security at the network layer of communications, data packets can be secured regardless of what application generated the data or which …

Go to article

Codifying Information Assurance Controls For Department Of Defense (Dod) Supervisory Control And Data Acquisition (Scada) Systems (U), Eddie A. Mendezllovet Mar 2010

Codifying Information Assurance Controls For Department Of Defense (Dod) Supervisory Control And Data Acquisition (Scada) Systems (U), Eddie A. Mendezllovet

Theses and Dissertations

Protecting DoD critical infrastructure resources and Supervisory Control and Data Acquisition (SCADA) systems from cyber attacks is becoming an increasingly challenging task. DoD Information Assurance controls provide a sound framework to achieve an appropriate level of confidentiality, integrity, and availability. However, these controls have not been updated since 2003 and currently do not adequately address the security of DoD SCADA systems. This research sampled U.S. Air Force Civil Engineering subject matter experts representing eight Major Commands that manage and operate SCADA systems. They ranked 30 IA controls in three categories, and evaluated eight SCADA specific IA controls for inclusion into …

Go to article

Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine Mar 2010

Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine

Theses and Dissertations

Current intrusion detection systems generate a large number of specific alerts, but do not provide actionable information. Many times, these alerts must be analyzed by a network defender, a time consuming and tedious task which can occur hours or days after an attack occurs. Improved understanding of the cyberspace domain can lead to great advancements in Cyberspace situational awareness research and development. This thesis applies the Cross Industry Standard Process for Data Mining (CRISP-DM) to develop an understanding about a host system under attack. Data is generated by launching scans and exploits at a machine outfitted with a set of …

Go to article

Security And Performance Analysis For Rfid Protocols, Bing Liang Jan 2010

Security And Performance Analysis For Rfid Protocols, Bing Liang

Dissertations and Theses Collection (Open Access)

Radio Frequency Identification (RFID) is an advanced object identification technology that has already been applied in various industries. However, the insecure nature of the communication channel between readers and tags makes RFID systems vulnerable to various kinds of attacks. In recent years, many new methods have been proposed to improve the security of RFID systems, such as disabling tags, agent management and establishing cryptographic protocols. Among them, we focus on the last approach, which is more economic and convenient in certain cases. The first part of our work is to categorize typical existing RFID protocols according to their security levels. …

Go to article

Theory Of Entropic Security Decay: The Gradual Degradation In Effectiveness Of Commissioned Security Systems, Michael P. Coole Jan 2010

Theory Of Entropic Security Decay: The Gradual Degradation In Effectiveness Of Commissioned Security Systems, Michael P. Coole

Theses: Doctorates and Masters

As a quantitative auditing tool for Physical Protection Systems (PPS) the Estimated Adversary Sequence Interruption (EASI) model has been available for many years. Nevertheless, once a systems macro-state measure has been commissioned (Pi) against its defined threat using EASI, there must be a means of articulating its continued efficacy (steady state) or its degradation over time. The purpose of this multi-phase study was to develop the concept and define the term entropic security decay. Phase one presented documentary benchmarks for security decay. This phase was broken into three stages; stage one presented General Systems Theory (GST) as a systems benchmark …

Go to article