Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

1596 Full-Text Articles 1926 Authors 488833 Downloads 87 Institutions

All Articles in Information Security

Faceted Search

1596 full-text articles. Page 1 of 61.

Vkse-Mo: Verifiable Keyword Search Over Encrypted Data In Multi-Owner Settings, Yinbin MIAO, Jianfeng MA, Ximeng LIU, Junwei ZHANG, Zhiquan LIU 2017 Xidian University

Vkse-Mo: Verifiable Keyword Search Over Encrypted Data In Multi-Owner Settings, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Junwei Zhang, Zhiquan Liu

Research Collection School Of Information Systems

Searchable encryption (SE) techniques allow cloud clients to easily store data and search encrypted data in a privacy-preserving manner, where most of SE schemes treat the cloud server as honest-but-curious. However, in practice, the cloud server is a semi-honest-but-curious third-party, which only executes a fraction of search operations and returns a fraction of false search results to save its computational and bandwidth resources. Thus, it is important to provide a results verification method to guarantee the correctness of the search results. Existing SE schemes allow multiple data owners to upload different records to the cloud server, but these schemes have ...


Investigation Into The Formation Of Information Security Influence: Network Analysis Of An Emerging Organisation, Duy Dang-Pham, Siddhi Pittayachawan, Vince Bruno 2017 RMIT University

Investigation Into The Formation Of Information Security Influence: Network Analysis Of An Emerging Organisation, Duy Dang-Pham, Siddhi Pittayachawan, Vince Bruno

Siddhi Pittayachawan

While prior research has been examining information security behaviours in mature environments with formal policies and practices, there is less attention paid to new or transforming environments that lack security controls. It is crucial to understand what factors affect the formation of an emerging information security environment, so that security managers can make use of the forming mechanisms to improve the security environment without relying too much on enforcement. This research adopts exponential random graph modeling to predict the occurrence of information security influence among 114 employees in a recently established construction organisation. Our empirical findings show that physically co-locating ...


Forensic State Acquisition From Internet Of Things (Fsaiot): A General Framework And Practical Approach For Iot Forensics Through Iot Device State Acquisition, Christopher S. Meffert, Devon R. Clark, Ibrahim Baggili, Frank Breitinger 2017 University of New Haven

Forensic State Acquisition From Internet Of Things (Fsaiot): A General Framework And Practical Approach For Iot Forensics Through Iot Device State Acquisition, Christopher S. Meffert, Devon R. Clark, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

IoT device forensics is a difficult problem given that manufactured IoT devices are not standardized, many store little to no historical data, and are always connected; making them extremely volatile. The goal of this paper was to address these challenges by presenting a primary account for a general framework and practical approach we term Forensic State Acquisition from Internet of Things (FSAIoT). We argue that by leveraging the acquisition of the state of IoT devices (e.g. if an IoT lock is open or locked), it becomes possible to paint a clear picture of events that have occurred. To this ...


Secure Integer Comparisons Using The Homomorphic Properties Of Prime Power Subgroups, Rhys A. Carlton 2017 The University of Western Ontario

Secure Integer Comparisons Using The Homomorphic Properties Of Prime Power Subgroups, Rhys A. Carlton

Electronic Thesis and Dissertation Repository

Secure multi party computation allows two or more parties to jointly compute a function under encryption without leaking information about their private inputs. These secure computations are vital in many fields including law enforcement, secure voting and bioinformatics because the privacy of the information is of paramount importance.

One common reference problem for secure multi party computation is the Millionaires' problem which was first introduced by Turing Award winner Yao in his paper "Protocols for secure computation". The Millionaires' problem considers two millionaires who want to know who is richer without disclosing their actual worth.

There are public-key cryptosystems that ...


Information Theoretic Study Of Gaussian Graphical Models And Their Applications, Ali Moharrer 2017 Louisiana State University and Agricultural and Mechanical College

Information Theoretic Study Of Gaussian Graphical Models And Their Applications, Ali Moharrer

LSU Doctoral Dissertations

In many problems we are dealing with characterizing a behavior of a complex stochastic system or its response to a set of particular inputs. Such problems span over several topics such as machine learning, complex networks, e.g., social or communication networks; biology, etc. Probabilistic graphical models (PGMs) are powerful tools that offer a compact modeling of complex systems. They are designed to capture the random behavior, i.e., the joint distribution of the system to the best possible accuracy. Our goal is to study certain algebraic and topological properties of a special class of graphical models, known as Gaussian ...


Efficiently Representing The Integer Factorization Problem Using Binary Decision Diagrams, David Skidmore 2017 Utah State University

Efficiently Representing The Integer Factorization Problem Using Binary Decision Diagrams, David Skidmore

All Graduate Plan B and other Reports

Let p be a prime positive integer and let α be a positive integer greater than 1. A method is given to reduce the problem of finding a nontrivial factorization of α to the problem of finding a solution to a system of modulo p polynomial congruences where each variable in the system is constrained to the set {0,...,p − 1}. In the case that p = 2 it is shown that each polynomial in the system can be represented by an ordered binary decision diagram with size less than 20.25log2(α)3 + 16.5log2(α)2 + 6log ...


Lightweight Environment For Cyber Security Education, Vivek Oliparambil Shanmughan 2017 Vivek Oliparambil Shanmughan

Lightweight Environment For Cyber Security Education, Vivek Oliparambil Shanmughan

University of New Orleans Theses and Dissertations

The use of physical systems and Virtual Machines has become inefficient and expensive for creating tailored, hands-on exercises for providing cyber security training. The main purpose of this project is to directly address these issues faced in cyber security education with the help of Docker containers. Using Docker, a lightweight and automated platform was developed for creating, sharing, and managing hands-on exercises. With the help of orchestration tools, this platform provides a centralized point to monitor and control the systems and exercises with a high degree of automation. In a classroom/lab environment, this infrastructure enables instructors and students not ...


Forensic Analysis Of G Suite Collaborative Protocols, Shane McCulley 2017 University of New Orleans

Forensic Analysis Of G Suite Collaborative Protocols, Shane Mcculley

University of New Orleans Theses and Dissertations

Widespread adoption of cloud services is fundamentally changing the way IT services are delivered and how data is stored. Current forensic tools and techniques have been slow to adapt to new challenges and demands of collecting and analyzing cloud artifacts. Traditional methods focusing only on client data collection are incomplete, as the client may have only a (partial) snapshot and misses cloud-native artifacts that may contain valuable historical information.

In this work, we demonstrate the importance of recovering and analyzing cloud-native artifacts using G Suite as a case study. We develop a tool that extracts and processes the history of ...


Automatic Forensic Analysis Of Pccc Network Traffic Log, Saranyan Senthivel 2017 Saranyan Senthivel

Automatic Forensic Analysis Of Pccc Network Traffic Log, Saranyan Senthivel

University of New Orleans Theses and Dissertations

Most SCADA devices have a few built-in self-defence mechanisms and tend to implicitly trust communications received over the network. Therefore, monitoring and forensic analysis of network traffic is a critical prerequisite for building an effective defense around SCADA units. In this thesis work, We provide a comprehensive forensic analysis of network traffic generated by the PCCC(Programmable Controller Communication Commands) protocol and present a prototype tool capable of extracting both updates to programmable logic and crucial configuration information. The results of our analysis shows that more than 30 files are transferred to/from the PLC when downloading/uplloading a ladder ...


Marketing Strategy Of School Of Professional Studies In China, Jiahui Liu, Jing Wang, Shuo An, Wengxing Wang, Yiwei Wang 2017 Clark University

Marketing Strategy Of School Of Professional Studies In China, Jiahui Liu, Jing Wang, Shuo An, Wengxing Wang, Yiwei Wang

School of Professional Studies

Chinese students are the most visible international presence at many universities across the United States, and the number continues to grow. Since 2010, The number of graduate students studying abroad has entered the period in which the increase has been declining. Under the circumstance of the weak global economy and high cost of education, the administration needs to attract the attention of Chinese students. In the process of competing for applicants, how to develop marketing strategies to attract students’ eyeballs has become an important means of trying to increase school income through Chinese students. The marketing strategy mentioned in this ...


Designing Secure Access Control Model In Cyber Social Networks, Katanosh Morovat 2017 University of Arkansas, Fayetteville

Designing Secure Access Control Model In Cyber Social Networks, Katanosh Morovat

Theses and Dissertations

Nowadays, information security in online communication has become an indisputable topic. People prefer pursuing their connection and public relations due to the greater flexibility and affordability of online communication. Recently, organizations have established online networking sites concerned with sharing assets among their employees. As more people engage in social network, requirements for protecting information and resources becomes vital. Over the years, many access control methods have been proposed. Although these methods cover various information security aspects, they have not provided an appropriate approach for securing information within distributed online networking sites. Moreover, none of the previous research provides an access ...


Enforcing Database Security On Cloud Using A Trusted Third Party Based Model, Victor Fuentes Tello 2017 University of Arkansas, Fayetteville

Enforcing Database Security On Cloud Using A Trusted Third Party Based Model, Victor Fuentes Tello

Theses and Dissertations

Cloud computing offers a considerable number of advantages to clients and organizations that use several capabilities to store sensitive data, interact with applications, or use technology infrastructure to perform daily activities. The development of new models in cloud computing brings with it a series of elements that must be considered by companies, particularly when the sensitive data needs to be protected. There are some concerns related to security that need to be taken into consideration when a service provider manage and store the data in a location outside the company. In this research, a model that uses a trusted third ...


Research Paper.Docx, donald caudill 2017 University of West Florida

Research Paper.Docx, Donald Caudill

donald caudill

No abstract provided.


Data Insertion In Bitcoin's Blockchain, Andrew Sward, Vecna OP_0, Forrest Stonedahl 2017 Augustana College, Rock Island

Data Insertion In Bitcoin's Blockchain, Andrew Sward, Vecna Op_0, Forrest Stonedahl

Computer Science: Faculty Scholarship & Creative Works

This paper provides the first comprehensive survey of methods for inserting arbitrary data into Bitcoin's blockchain. Historical methods of data insertion are described, along with lesser-known techniques that are optimized for efficiency. Insertion methods are compared on the basis of efficiency, cost, convenience of data reconstruction, permanence, and potentially negative impact on the Bitcoin ecosystem.


Automatically Locating Malicious Packages In Piggybacked Android Apps, Li LI, Daoyuan LI, Tegawende BISSYANDE, Jacques KLEIN, Haipeng CAI, David LO, Yves LE TRAON 2017 Singapore Management University

Automatically Locating Malicious Packages In Piggybacked Android Apps, Li Li, Daoyuan Li, Tegawende Bissyande, Jacques Klein, Haipeng Cai, David Lo, Yves Le Traon

Research Collection School Of Information Systems

To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth set of piggybacked apps, we are able to ...


Jfix: Semantics-Based Repair Of Java Programs Via Symbolic Pathfinder, Xuan Bach D. LE, Duc-Hiep CHU, David LO, GOUES LE, Willem VISSER 2017 Singapore Management University

Jfix: Semantics-Based Repair Of Java Programs Via Symbolic Pathfinder, Xuan Bach D. Le, Duc-Hiep Chu, David Lo, Goues Le, Willem Visser

Research Collection School Of Information Systems

Recently there has been a proliferation of automated program repair (APR) techniques, targeting various programming languages. Such techniques can be generally classified into two families: syntactic- and semantics-based. Semantics-based APR, on which we focus, typically uses symbolic execution to infer semantic constraints and then program synthesis to construct repairs conforming to them. While syntactic-based APR techniques have been shown success- ful on bugs in real-world programs written in both C and Java, semantics-based APR techniques mostly target C programs. This leaves empirical comparisons of the APR families not fully explored, and developers without a Java-based semantics APR technique. We present ...


A Secure, Usable, And Transparent Middleware For Permission Managers On Android, Daibin WANG, Haixia YAO, Yingjiu LI, Hai JIN, Deqing ZOU, Robert H. DENG 2017 Huazhong University of Science and Technology

A Secure, Usable, And Transparent Middleware For Permission Managers On Android, Daibin Wang, Haixia Yao, Yingjiu Li, Hai Jin, Deqing Zou, Robert H. Deng

Research Collection School Of Information Systems

Android’s permission system offers an all-or-nothing choice when installing an app. To make it more flexible and fine-grained, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app’s permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks, in which an unprivileged app can exercise certain permissions which are revoked or not-granted through communicating with a privileged app. To address this problem, we propose ...


Tlel: A Two-Layer Ensemble Learning Approach For Just-In-Time Defect Prediction, Xinli YANG, David LO, Xin XIA, Jianling SUN 2017 Singapore Management University

Tlel: A Two-Layer Ensemble Learning Approach For Just-In-Time Defect Prediction, Xinli Yang, David Lo, Xin Xia, Jianling Sun

Research Collection School Of Information Systems

Context:Defect prediction is a very meaningful topic, particularly at change-level. Change-level defectprediction, which is also referred as just-in-time defect prediction, could not only ensure software qualityin the development process, but also make the developers check and fix the defects in time [1].Objective: Ensemble learning becomes a hot topic in recent years. There have been several studies aboutapplying ensemble learning to defect prediction [2–5]. Traditional ensemble learning approaches onlyhave one layer, i.e., they use ensemble learning once. There are few studies that leverages ensemblelearning twice or more. To bridge this research gap, we try to hybridize various ...


Applications Of Social Network Analysis In Behavioural Information Security Research: Concepts And Empirical Analysis, Duy Dang-Pham, Siddhi Pittayachawan, Vince Bruno 2017 RMIT University

Applications Of Social Network Analysis In Behavioural Information Security Research: Concepts And Empirical Analysis, Duy Dang-Pham, Siddhi Pittayachawan, Vince Bruno

Siddhi Pittayachawan

The rapid digital transformation and technological disruption in modern organisations demand the development of people-centric security workplaces, whereby the employees can build up their security awareness and accountability for their actions via participation in the organisation's social networks. The social network analysis approach offers a wide array of analytical capabilities to examine in-depth the interactions and relations within an organisation, which assists the development of such security workplaces. This paper proposes the novel and practical adoption of social network analysis methods in behavioural information security field. To this end, we discuss the core features of the social network analysis ...


How Much Should We Teach The Enigma Machine?, Jeffrey A. Livermore 2017 University of Michigan-Flint

How Much Should We Teach The Enigma Machine?, Jeffrey A. Livermore

Journal of Cybersecurity Education, Research and Practice

Developing courses and programs in Information Assurance can feel like trying to force ten pounds of flour into a five pound sack. We want to pack more into our courses than we have time to teach. As new technologies develop, we often find it necessary to drop old technologies out of the curriculum and our students miss out on the historical impacts the old technologies had. The discipline is so broad and deep that we have to carefully choose what concepts and technologies we study in depth, what we mention in passing, and what we leave out. Leaving out important ...


Digital Commons powered by bepress