Information Security Commons^™

Demonstration Of Cyberattacks And Mitigation Of Vulnerabilities In A Webserver Interface For A Cybersecure Power Router, Benjamin Allen

Computer Science and Computer Engineering Undergraduate Honors Theses

Cyberattacks are a threat to critical infrastructure, which must be secured against them to ensure continued operation. A defense-in-depth approach is necessary to secure all layers of a smart-grid system and contain the impact of any exploited vulnerabilities. In this undergraduate thesis a webserver interface for smart-grid devices communicating over Modbus TCP was developed and exposed to SQL Injection attacks and Cross-Site Scripting attacks. Analysis was performed on Supply-Chain attacks and a mitigation developed for attacks stemming from compromised Content Delivery Networks. All attempted attacks were unable to exploit vulnerabilities in the webserver due to its use of input sanitization …

Maritime Cybersecurity: Comparing Practices Between Developing Countries : The Case Study Of Kenya And Spain, Bibian Turyahumura

World Maritime University Dissertations

No abstract provided.

Information Security Maturity Model For Healthcare Organizations In The United States, Bridget Joan Barnes Page

Dissertations and Theses

This research provides a maturity model for information security for healthcare organizations in the United States. Healthcare organizations are faced with increasing threats to the security of their information systems. The maturity model identifies specific performance metrics, with relative importance measures, that can be used to enhance information security at healthcare organizations allowing them to focus scarce resources on mitigating the most important information security threat vectors. This generalizable, hierarchical decision model uses both qualitative and quantitative metrics based on objective goals. This model may be used as a baseline by which to measure individual organizational performance, to measure performance …

Security Fatigue And Its Effects On Perceived Password Strength Among University Students, Chase Carroll

Honors Theses

This study was performed with the goal of observing the effect, if any, that security fatigue has on students’ perceived strength of passwords. In doing so, it was hoped to find some correlation between the two that would help in establishing a measurable effect of the phenomenon in students. This could potentially aid organizational decision-makers, such as security policy writers and system admins, to make more informed decisions about implementing security measures. To achieve the goal of observing this fatigue and attempting to measure it, a survey was distributed to numerous students on the University of Tennessee at Chattanooga campus. …

Cyber Security In The Healthcare Industry, Giovanni Ordonez

Honor Scholar Theses

No abstract provided.

Self Organized Multi Agent Swarms (Somas) For Network Security Control, Eric M. Holloway

Theses and Dissertations

Computer network security is a very serious concern in many commercial, industrial, and military environments. This paper proposes a new computer network security approach defined by self-organized agent swarms (SOMAS) which provides a novel computer network security management framework based upon desired overall system behaviors. The SOMAS structure evolves based upon the partially observable Markov decision process (POMDP) formal model and the more complex Interactive-POMDP and Decentralized-POMDP models, which are augmented with a new F(*-POMDP) model. Example swarm specific and network based behaviors are formalized and simulated. This paper illustrates through various statistical testing techniques, the significance of this proposed …

Impact Of Framing And Base Size Of Computer Security Risk Information On User Behavior, Xinhui Zhan

Masters Theses

"This research examines the impact of framing and base size of computer security risk information on users' risk perceptions and behavior (i.e., download intention and download decision). It also examines individual differences (i.e., demographic factors, computer security awareness, Internet structural assurance, self-efficacy, and general risk-taking tendencies) associated with users' computer security risk perceptions. This research draws on Prospect Theory, which is a theory in behavioral economics that addresses risky decision-making, to generate hypotheses related to users' decision-making in the computer security context. A 2 x 3 mixed factorial experimental design (N = 178) was conducted to assess the effect of …

A Framework For Incorporating Insurance Into Critical Infrastructure Cyber Risk Strategies, Derek R. Young

Theses and Dissertations

Critical infrastructure owners and operators want to minimize their cyber risk and expenditures on cybersecurity. The insurance industry has been quantitatively assessing risk for hundreds of years in order to minimize risk and maximize profits. To achieve these goals, insurers continuously gather statistical data to improve their predictions, incentivize their clients' investment in self-protection and periodically refine their models to improve the accuracy of risk estimates. This paper presents a framework which incorporates the operating principles of the insurance industry in order to provide quantitative estimates of cyber risk. The framework implements optimization techniques to suggest levels of investment for …

Maia And Mandos: Tools For Integrity Protection On Arbitrary Files, Paul J. Bonamy

Dissertations, Master's Theses and Master's Reports

We present the results of our dissertation research, which focuses on practical means of protecting system data integrity. In particular, we present Maia, a language for describing integrity constraints on arbitrary file types, and Mandos, a Linux Security Module which uses verify-on-close to enforce mandatory integrity guarantees. We also provide details of a Maia-based verifier generator, demonstrate that Maia and Mandos introduce minimal delay in performing their tasks, and include a selection of sample Maia specifications.

Real-Time Detection System For Suspicious Urls, Krishna Prasad Chouty, Anup Chandra Thogiti, Kranthi Sudha Vudatha

All Capstone Projects

Twitter is prone to malicious tweets containing URLs for spam, phishing, and malware distribution. Conventional Twitter spam detection schemes utilize account features such as the ratio of tweets containing URLs and the account creation date, or relation features in the Twitter graph. These detection schemes are ineffective against feature fabrications or consume much time and resources. Conventional suspicious URL detection schemes utilize several features including lexical features of URLs, URL redirection, HTML content, and dynamic behavior. However, evading techniques such as time-based evasion and crawler evasion exist. In this paper, we propose WARNINGBIRD, a suspicious Real-Time URL detection system for …

A Survey On Detection And Defense Of Application Layer Ddos Attacks, Naga Shalini Vadlamani

UNLV Theses, Dissertations, Professional Papers, and Capstones

As the time is passing on, the effect of DDoS attacks on Internet security is growing tremendously. Within a very little span there is a huge increase in the size and frequency of DDoS attacks. With the new technologies and new techniques, the attackers are finding more sophisticated ways to attack the servers. In this situation, it is necessary to come up with various mechanisms to detect and defend these DDoS attacks and protect the servers from the attackers. Many researches have been carried out to detect the DDoS attack traffic in transport layer, which is more vulnerable to DDoS …

Application Of Ntru Cryptographic Algorithm For Securing Scada Communication, Amritha Puliadi Premnath

UNLV Theses, Dissertations, Professional Papers, and Capstones

Supervisory Control and Data Acquisition (SCADA) system is a control system which is widely used in Critical Infrastructure System to monitor and control industrial processes autonomously. Most of the SCADA communication protocols are vulnerable to various types of cyber-related attacks. The currently used security standards for SCADA communication specify the use of asymmetric cryptographic algorithms like RSA or ECC for securing SCADA communications. There are certain performance issues with cryptographic solutions of these specifications when applied to SCADA system with real-time constraints and hardware limitations. To overcome this issue, in this thesis we propose the use of a faster and …

Simulation And Analysis Of Insider Attacks, Christopher Blake Clark

UNLV Theses, Dissertations, Professional Papers, and Capstones

An insider is an individual (usually an employee, contractor, or business partner) that has been trusted with access to an organization's systems and sensitive data for legitimate purposes. A malicious insider abuses this access in a way that negatively impacts the company, such as exposing, modifying, or defacing software and data.

Many algorithms, strategies, and analyses have been developed with the intent of detecting and/or preventing insider attacks. In an academic setting, these tools and approaches show great promise. To be sure of their effectiveness, however, these analyses need to be tested. While real data is available on insider attacks …

Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel

Theses and Dissertations

Side-channel analysis (SCA) is a threat to many modern cryptosystems. Many countermeasures exist, but are costly to implement and still do not provide complete protection against SCA. A plausible alternative is to design the cryptosystem using architectures that are known to leak little information about the cryptosystem's operations. This research uses several common primitive architectures for the Advanced Encryption Standard (AES) and assesses the susceptibility of the full AES system to side-channel attack for various primitive configurations. A combined encryption/decryption core is also evaluated to determine if variation of high-level architectures affects leakage characteristics. These different configurations are evaluated under …

Obfuscating Against Side-Channel Power Analysis Using Hiding Techniques For Aes, Austin W. Fritzke

Theses and Dissertations

The transfer of information has always been an integral part of military and civilian operations, and remains so today. Because not all information we share is public, it is important to secure our data from unwanted parties. Message encryption serves to prevent all but the sender and recipient from viewing any encrypted information as long as the key stays hidden. The Advanced Encryption Standard (AES) is the current industry and military standard for symmetric-key encryption. While AES remains computationally infeasible to break the encrypted message stream, it is susceptible to side-channel attacks if an adversary has access to the appropriate …

Binary Disassembly Block Coverage By Symbolic Execution Vs. Recursive Descent, Jonathan D. Miller

Theses and Dissertations

This research determines how appropriate symbolic execution is (given its current implementation) for binary analysis by measuring how much of an executable symbolic execution allows an analyst to reason about. Using the S2E Selective Symbolic Execution Engine with a built-in constraint solver (KLEE), this research measures the effectiveness of S2E on a sample of 27 Debian Linux binaries as compared to a traditional static disassembly tool, IDA Pro. Disassembly code coverage and path exploration is used as a metric for determining success. This research also explores the effectiveness of symbolic execution on packed or obfuscated samples of the same binaries …

Online Privacy Policy Of The Thirty Dow Jones Corporations: Compliance With Ftc Fair Information Practice Principles And Readability Assessment, Yuanxiang Li

Theses Digitization Project

This project conducted a statistical study of online privacy to examine how well corporations comply with FIPs and assess how easy their privacy was to read.

Measuring The Utility Of A Cyber Incident Mission Impact Assessment (Cimia) Process For Mission Assurance, Christy L. Peterson

Theses and Dissertations

Information is a critical asset on which virtually all modern organizations depend upon to meet their operational mission objectives. Military organizations, in particular, have embedded Information and Communications Technologies (ICT) into their core mission processes as a means to increase their operational efficiency, exploit automation, improve decision quality, and shorten the kill chain. However, the extreme dependence upon ICT results in an environment where a cyber incident can result in severe mission degradation, or possibly failure, with catastrophic consequences to life, limb, and property. These consequences can be minimized by maintaining real-time situational awareness of mission critical resources so appropriate …

Accelerating Malware Detection Via A Graphics Processing Unit, Nicholas S. Kovach

Theses and Dissertations

Real-time malware analysis requires processing large amounts of data storage to look for suspicious files. This is a time consuming process that (requires a large amount of processing power) often affecting other applications running on a personal computer. This research investigates the viability of using Graphic Processing Units (GPUs), present in many personal computers, to distribute the workload normally processed by the standard Central Processing Unit (CPU). Three experiments are conducted using an industry standard GPU, the NVIDIA GeForce 9500 GT card. The goal of the first experiment is to find the optimal number of threads per block for calculating …

An Application Of Automated Theorem Provers To Computer System Security: The Schematic Protection Model, Mitchell D.I. Hirschfeld

Theses and Dissertations

The Schematic Protection Model is specified in SAL and theorems about Take-Grant and New Technology File System schemes are proven. Arbitrary systems can be specified in SPM and analyzed. This is the first known automated analysis of SPM specifications in a theorem prover. The SPM specification was created in such a way that new specifications share the underlying framework and are configurable within the specifications file alone. This allows new specifications to be created with ease as demonstrated by the four unique models included within this document. This also allows future users to more easily specify models without recreating the …

Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine

Theses and Dissertations

Current intrusion detection systems generate a large number of specific alerts, but do not provide actionable information. Many times, these alerts must be analyzed by a network defender, a time consuming and tedious task which can occur hours or days after an attack occurs. Improved understanding of the cyberspace domain can lead to great advancements in Cyberspace situational awareness research and development. This thesis applies the Cross Industry Standard Process for Data Mining (CRISP-DM) to develop an understanding about a host system under attack. Data is generated by launching scans and exploits at a machine outfitted with a set of …

Theory Of Entropic Security Decay: The Gradual Degradation In Effectiveness Of Commissioned Security Systems, Michael P. Coole

Theses: Doctorates and Masters

As a quantitative auditing tool for Physical Protection Systems (PPS) the Estimated Adversary Sequence Interruption (EASI) model has been available for many years. Nevertheless, once a systems macro-state measure has been commissioned (Pi) against its defined threat using EASI, there must be a means of articulating its continued efficacy (steady state) or its degradation over time. The purpose of this multi-phase study was to develop the concept and define the term entropic security decay. Phase one presented documentary benchmarks for security decay. This phase was broken into three stages; stage one presented General Systems Theory (GST) as a systems benchmark …

Large-Scale Distributed Coalition Formation, Daniel R. Karrels

Theses and Dissertations

The CyberCraft project is an effort to construct a large scale Distributed Multi-Agent System (DMAS) to provide autonomous Cyberspace defense and mission assurance for the DoD. It employs a small but flexible agent structure that is dynamically reconfigurable to accommodate new tasks and policies. This document describes research into developing protocols and algorithms to ensure continued mission execution in a system of one million or more agents, focusing on protocols for coalition formation and Command and Control. It begins by building large-scale routing algorithms for a Hierarchical Peer to Peer structured overlay network, called Resource-Clustered Chord (RC-Chord). RC-Chord introduces the …

Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (Paids), Glen R. Shilland

Theses and Dissertations

No abstract provided.

The Development Of It Suspicion As A Construct And Subsequent Measure, Matthew T. Olson

Theses and Dissertations

Suspicion has not been studied in great depth; however, a conceptual understanding of suspicion is no less important than many of the other highly studied constructs related to healthy working relationships. Information technology (IT) is one area where suspicion study is lacking, and this research effort was a study into the specific domain of IT suspicion. An extensive study of the suspicion literature and the suspicion nomological net as well as informal surveys of the general populous and subject matter experts were used to create an IT suspicion conceptual definition and measure. In order to test IT suspicion’s relationships with …

Automated Virtual Machine Introspection For Host-Based Intrusion Detection, Brett A. Pagel

Theses and Dissertations

This thesis examines techniques to automate configuration of an intrusion detection system utilizing hardware-assisted virtualization. These techniques are used to detect the version of a running guest operating system, automatically configure version-specific operating system information needed by the introspection library, and to locate and monitor important operating system data structures. This research simplifies introspection library configuration and is a step toward operating system independent introspection. An operating system detection algorithm and Windows virtual machine system service dispatch table monitor are implemented using the Xen hypervisor and a modified version of the XenAccess library. All detection and monitoring is implemented from …

Sub-Circuit Selection And Replacement Algorithms Modeled As Term Rewriting Systems, Eric D. Simonaire

Theses and Dissertations

Intent protection is a model of software obfuscation which, among other criteria, prevents an adversary from understanding the program’s function for use with contextual information. Relating this framework for obfuscation to malware detection, if a malware detector can perfectly normalize a program P and any obfuscation (variant) of the program O(P), the program is not intent protected. The problem of intent protection on programs can also be modeled as intent protection on combinational logic circuits. If a malware detector can perfectly normalize a circuit C and any obfuscation (variant) O(C) of the circuit, the circuit is not intent protected. In …

Secureqemu: Emulation-Based Software Protection Providing Encrypted Code Execution And Page Granularity Code Signing, William B. Kimball

Theses and Dissertations

This research presents an original emulation-based software protection scheme providing protection from reverse code engineering (RCE) and software exploitation using encrypted code execution and page-granularity code signing, respectively. Protection mechanisms execute in trusted emulators while remaining out-of-band of untrusted systems being emulated. This protection scheme is called SecureQEMU and is based on a modified version of Quick Emulator (QEMU) [5]. RCE is a process that uncovers the internal workings of a program. It is used during vulnerability and intellectual property (IP) discovery. To protect from RCE program code may have anti-disassembly, anti-debugging, and obfuscation techniques incorporated. These techniques slow the …

Multi-Class Classification For Identifying Jpeg Steganography Embedding Methods, Benjamin M. Rodriguez Ii

Theses and Dissertations

Over 725 steganography tools are available over the Internet, each providing a method for covert transmission of secret messages. This research presents four steganalysis advancements that result in an algorithm that identifies the steganalysis tool used to embed a secret message in a JPEG image file. The algorithm includes feature generation, feature preprocessing, multi-class classification and classifier fusion. The first contribution is a new feature generation method which is based on the decomposition of discrete cosine transform (DCT) coefficients used in the JPEG image encoder. The generated features are better suited to identifying discrepancies in each area of the decomposed …

Developing Network Situational Awareness Through Visualization Of Fused Intrusion Detection System Alerts, Serafin A. Avitia V

Theses and Dissertations

With networks increasing in physical size, bandwidth, traffic volume, and malicious activity, network analysts are experiencing greater difficulty in developing network situational awareness. Traditionally, network analysts have used Intrusion Detection Systems to gain awareness but this method is outdated when analysts are unable to process the alerts at the rate they are being generated. Analysts are unwittingly placing the computer assets they are charged to protect at risk when they are unable to detect these network attacks. This research effort examines the theory, application, and results of using visualizations of fused alert data to develop network situational awareness. The fused …