Programming Languages and Compilers Commons^™

Ensuring Non-Repudiation In Long-Distance Constrained Devices, Ethan Blum

Undergraduate Honors Theses

Satellite communication is essential for the exploration and study of space. Satellites allow communications with many devices and systems residing in space and on the surface of celestial bodies from ground stations on Earth. However, with the rise of Ground Station as a Service (GsaaS), the ability to efficiently send action commands to distant satellites must ensure non-repudiation such that an attacker is unable to send malicious commands to distant satellites. Distant satellites are also constrained devices and rely on limited power, meaning security on these devices is minimal. Therefore, this study attempted to propose a novel algorithm to allow …

Effective Knowledge Graph Aggregation For Malware-Related Cybersecurity Text, Phillip Ryan Boudreau

Graduate Theses and Dissertations

With the rate at which malware spreads in the modern age, it is extremely important that cyber security analysts are able to extract relevant information pertaining to new and active threats in a timely and effective manner. Having to manually read through articles and blog posts on the internet is time consuming and usually involves sifting through much repeated information. Knowledge graphs, a structured representation of relationship information, are an effective way to visually condense information presented in large amounts of unstructured text for human readers. Thusly, they are useful for sifting through the abundance of cyber security information that …

Demonstration Of Cyberattacks And Mitigation Of Vulnerabilities In A Webserver Interface For A Cybersecure Power Router, Benjamin Allen

Computer Science and Computer Engineering Undergraduate Honors Theses

Cyberattacks are a threat to critical infrastructure, which must be secured against them to ensure continued operation. A defense-in-depth approach is necessary to secure all layers of a smart-grid system and contain the impact of any exploited vulnerabilities. In this undergraduate thesis a webserver interface for smart-grid devices communicating over Modbus TCP was developed and exposed to SQL Injection attacks and Cross-Site Scripting attacks. Analysis was performed on Supply-Chain attacks and a mitigation developed for attacks stemming from compromised Content Delivery Networks. All attempted attacks were unable to exploit vulnerabilities in the webserver due to its use of input sanitization …

Using A Bert-Based Ensemble Network For Abusive Language Detection, Noah Ballinger

Computer Science and Computer Engineering Undergraduate Honors Theses

Over the past two decades, online discussion has skyrocketed in scope and scale. However, so has the amount of toxicity and offensive posts on social media and other discussion sites. Despite this rise in prevalence, the ability to automatically moderate online discussion platforms has seen minimal development. Recently, though, as the capabilities of artificial intelligence (AI) continue to improve, the potential of AI-based detection of harmful internet content has become a real possibility. In the past couple years, there has been a surge in performance on tasks in the field of natural language processing, mainly due to the development of …

Side-Channel Analysis On Post-Quantum Cryptography Algorithms, Tristen Teague

Computer Science and Computer Engineering Undergraduate Honors Theses

The advancements of quantum computers brings us closer to the threat of our current asymmetric cryptography algorithms being broken by Shor's Algorithm. NIST proposed a standardization effort in creating a new class of asymmetric cryptography named Post-Quantum Cryptography (PQC). These new algorithms will be resistant against both classical computers and sufficiently powerful quantum computers. Although the new algorithms seem mathematically secure, they can possibly be broken by a class of attacks known as side-channels attacks (SCA). Side-channel attacks involve exploiting the hardware that the algorithm runs on to figure out secret values that could break the security of the system. …

Privacy-Preserving Cloud-Assisted Data Analytics, Wei Bao

Graduate Theses and Dissertations

Nowadays industries are collecting a massive and exponentially growing amount of data that can be utilized to extract useful insights for improving various aspects of our life. Data analytics (e.g., via the use of machine learning) has been extensively applied to make important decisions in various real world applications. However, it is challenging for resource-limited clients to analyze their data in an efficient way when its scale is large. Additionally, the data resources are increasingly distributed among different owners. Nonetheless, users' data may contain private information that needs to be protected.

Cloud computing has become more and more popular in …

A Multi-Input Deep Learning Model For C/C++ Source Code Attribution, Richard J. Tindell Ii

Masters Theses, 2020-current

Code stylometry is applying analysis techniques to a collection of source code or binaries to determine variations in style. The variations extracted are often used to identify the author of the text or to differentiate one piece from another.

In this research, we were able to create a multi-input deep learning model that could accurately categorize and group code from multiple projects. The deep learning model took as input word-based tokenization for code comments, character-based tokenization for the source code text, and the metadata features described by A. Caliskan-Islam et al. Using these three inputs, we were able to achieve …

A Domain Specific Language For Digital Forensics And Incident Response Analysis, Christopher D. Stelly

University of New Orleans Theses and Dissertations

One of the longstanding conceptual problems in digital forensics is the dichotomy between the need for verifiable and reproducible forensic investigations, and the lack of practical mechanisms to accomplish them. With nearly four decades of professional digital forensic practice, investigator notes are still the primary source of reproducibility information, and much of it is tied to the functions of specific, often proprietary, tools.

The lack of a formal means of specification for digital forensic operations results in three major problems. Specifically, there is a critical lack of:

a) standardized and automated means to scientifically verify accuracy of digital forensic tools; …

Rhetsec_ | Rhetorical Security, Jennifer Mead

Culminating Projects in English

Rhetsec_ examines the rhetorical situation, the rhetorical appeals, and how phishing emails simulate "real" emails in five categories of phishing emails. While the first focus of cybersecurity is security, you must also understand the language of computers to know how to secure them. Phishing is one way to compromise security using computers, and so the computer becomes a tool for malicious language (phishing emails and malware) to be transmitted. Therefore to be concerned with securing computers, then you must also be concerned with language. Language is rhetoric's domain, and the various rhetorical elements which create an identity of the phisher …

Towards Secure And Fair Iiot-Enabled Supply Chain Management Via Blockchain-Based Smart Contracts, Amal Eid Alahmadi

Theses and Dissertations (Comprehensive)

Integrating the Industrial Internet of Things (IIoT) into supply chain management enables flexible and efficient on-demand exchange of goods between merchants and suppliers. However, realizing a fair and transparent supply chain system remains a very challenging issue due to the lack of mutual trust among the suppliers and merchants. Furthermore, the current system often lacks the ability to transmit trade information to all participants in a timely manner, which is the most important element in supply chain management for the effective supply of goods between suppliers and the merchants. This thesis presents a blockchain-based supply chain management system in the …

Policy-Agnostic Programming On The Client-Side, Kushal Palesha

Master's Projects

Browser security has become a major concern especially due to web pages becoming more complex. These web applications handle a lot of information, including sensitive data that may be vulnerable to attacks like data exfiltration, cross-site scripting (XSS), etc. Most modern browsers have security mechanisms in place to prevent such attacks but they still fall short in preventing more advanced attacks like evolved variants of data exfiltration. Moreover, there is no standard that is followed to implement security into the browser.

A lot of research has been done in the field of information flow security that could prove to be …

Dynamic Information Flow Analysis In Ruby, Vigneshwari Chandrasekaran

Master's Projects

With the rapid increase in usage of the internet and online applications, there is a huge demand for applications to handle data privacy and integrity. Applications are already complex with business logic; adding the data safety logic would make them more complicated. The more complex the code becomes, the more possibilities it opens for security-critical bugs. To solve this conundrum, we can push this data safety handling feature to the language level rather than the application level. With a secure language, developers can write their application without having to worry about data security.

This project introduces dynamic information flow analysis …

Implementing Dynamic Coarse & Fine Grained Taint Analysis For Rhino Javascript, Tejas Saoji

Master's Projects

Web application systems today are at great risk from attackers. They use methods like cross-site scripting, SQL injection, and format string attacks to exploit vulnerabilities in an application. Standard techniques like static analysis, code audits seem to be inadequate in successfully combating attacks like these. Both the techniques point out the vulnerabilities before an application is run. However, static analysis may result in a higher rate of false positives, and code audits are time-consuming and costly. Hence, there is a need for reliable detection mechanisms.

Dynamic taint analysis offers an alternate solution — it marks the incoming data from the …

Context-Sensitive Auto-Sanitization For Php, Jared M. Smith, Richard J. Connor, David P. Cunningham, Kyle G. Bashour, Walter T. Work

Chancellor’s Honors Program Projects

No abstract provided.

Secure Declassification In Faceted Javascript, Tam Wing

Master's Projects

Information leaks currently represent a major security vulnerability. Malicious code, when injected into a trusted environment and executed in the context of the victim’s privileges, often results in the loss of sensitive information. To address this security issue, this paper focuses on the idea of information flow control using faceted execution [3]. This mechanism allows the interpreter to efficiently keep track of variables across multiple security levels, achieving termination-insensitive non-interference (TINI). With TINI, a program can only leak one bit of data, caused by the termination of a program. One key benefit of having faceted execution is that flow policy …

Taint And Information Flow Analysis Using Sweet.Js Macros, Prakasam Kannan

Master's Projects

JavaScript has been the primary language for application development in browsers and with the advent of JIT compilers, it is increasingly becoming popular on server side development as well. However, JavaScript suffers from vulnerabilities like cross site scripting and malicious advertisement code on the the client side and on the server side from SQL injection.

In this paper, we present a dynamic approach to efficiently track information flow and taint detection to aid in mitigation and prevention of such attacks using JavaScript based hygienic macros. We use Sweet.js and object proxies to override built-in JavaScript operators to track information flow …

Distortion Tolerant Source Code Using Viterbi Algorithm, Christopher Hankins

Electrical Engineering Undergraduate Honors Theses

Convolutional codes are used in digital communication systems in order to protect information from distortion and increase system reliability. One of the most efficient methods for decoding convolutional codes is based on the Viterbi Algorithm. Considering the fundamental similarities between these channel codes and source codes, it is logical to postulate that the Viterbi Algorithm may also provide a basis for the implementation of an efficient lossy source code. In this thesis, the Viterbi Algorithm is used to used to compress digital data from a symmetric Bernoulli source. The Viterbi source code is simulated and shown to produce results which …

A Comparative Analysis Of Ascii And Xml Logging Systems, Eric C. Hanington

Theses and Dissertations

This research compares XML and ASCII based event logging systems in terms of their storage and processing efficiency. XML has been an emerging technology, even for security. Therefore, it is researched as a logging system with the mitigation of its verbosity. Each system consists of source content, the network transmission, database storage, and querying which are all studied as individual parts. The ASCII logging system consists of the text file as source, FTP as transport, and a relational database system for storage and querying. The XML system has the XML files and XML files in binary form using Efficient XML …

Detecting Malicious Javascript, Matthew F. Der

Honors Theses

The increased use of the World Wide Web and JavaScript as a scripting language for Web pages have made JavaScript a popular attack vector for infecting users' machines with malware. Additionally, attackers often obfuscate their code to avoid detection, which heightens the challenge and complexity of automated defense systems. We present two analyses of malicious scripts and suggest how they could be extended into intrusion detection systems. For our analyses we use a sample of deobfuscated malicious and benign scripts collected from actual Web sites. First, using our malicious sample, we perform a manual analysis of attack signatures, identifying four …