Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

3,816 Full-Text Articles 5,155 Authors 2,373,476 Downloads 161 Institutions

All Articles in Information Security

Faceted Search

3,816 full-text articles. Page 4 of 161.

Aligning The Transit Industry And Their Vendors In The Face Of Increasing Cyber Risk: Recommendations For Identifying And Addressing Cybersecurity Challenges, Scott Belcher, Terri Belcher, Kathryn Seckman, Brandon Thomas, Homayun Yaqub 2022 Mineta Transportation Institute

Aligning The Transit Industry And Their Vendors In The Face Of Increasing Cyber Risk: Recommendations For Identifying And Addressing Cybersecurity Challenges, Scott Belcher, Terri Belcher, Kathryn Seckman, Brandon Thomas, Homayun Yaqub

Mineta Transportation Institute Publications

Public transit agencies in the United States depend on external vendors to help deliver and maintain many essential services and to provide critical technologies, from ticket purchases to scheduling to email management. While the integration of new, advanced technologies into the public transit industry brings important advancements to U.S. critical transportation infrastructure, the application of digital technologies also brings with it a new assortment of digital risks. Transit agencies of all sizes are finding themselves subject to cyber incidents—most notably ransomware attacks—like those experienced by larger, more prominent companies and critical infrastructure providers. The findings in this report focus on …


Zero Trust Architecture: Framework And Case Study, Cody Shepherd 2022 Boise State University

Zero Trust Architecture: Framework And Case Study, Cody Shepherd

Cyber Operations and Resilience Program Graduate Projects

The world and business are connected and a business does not exist today that does not have potentially thousands of connections to the Internet in addition to the thousands of connections to other various parts of its own infrastructure. That is the nature of the digital world we live in and there is no chance the number of those interconnections will reduce in the future. Protecting from the “outside” world with a perimeter solution might have been enough to reduce risk to an acceptable level in an organization 20 years ago, but today’s threats are sophisticated, persistent, abundant, and can …


Test Mimicry To Assess The Exploitability Of Library Vulnerabilities, Hong Jin KANG, Truong Giang NGUYEN, Bach LE, Corina S. PASAREANU, David LO 2022 Singapore Management University

Test Mimicry To Assess The Exploitability Of Library Vulnerabilities, Hong Jin Kang, Truong Giang Nguyen, Bach Le, Corina S. Pasareanu, David Lo

Research Collection School Of Computing and Information Systems

Modern software engineering projects often depend on open-source software libraries, rendering them vulnerable to potential security issues in these libraries. Developers of client projects have to stay alert of security threats in the software dependencies. While there are existing tools that allow developers to assess if a library vulnerability is reachable from a project, they face limitations. Call graphonly approaches may produce false alarms as the client project may not use the vulnerable code in a way that triggers the vulnerability, while test generation-based approaches faces difficulties in overcoming the intrinsic complexity of exploiting a vulnerability, where extensive domain knowledge …


Enhancing Security Patch Identification By Capturing Structures In Commits, Bozhi WU, Shangqing LIU, Ruitao FENG, Xiaofei XIE, Jingkai SIOW, Shang-Wei LIN 2022 Singapore Management University

Enhancing Security Patch Identification By Capturing Structures In Commits, Bozhi Wu, Shangqing Liu, Ruitao Feng, Xiaofei Xie, Jingkai Siow, Shang-Wei Lin

Research Collection School Of Computing and Information Systems

With the rapid increasing number of open source software (OSS), the majority of the software vulnerabilities in the open source components are fixed silently, which leads to the deployed software that integrated them being unable to get a timely update. Hence, it is critical to design a security patch identification system to ensure the security of the utilized software. However, most of the existing works for security patch identification just consider the changed code and the commit message of a commit as a flat sequence of tokens with simple neural networks to learn its semantics, while the structure information is …


Xss For The Masses: Integrating Security In A Web Programming Course Using A Security Scanner, Lwin Khin SHAR, Christopher M. POSKITT, Kyong Jin SHIM, Li Ying Leonard WONG 2022 Singapore Management University

Xss For The Masses: Integrating Security In A Web Programming Course Using A Security Scanner, Lwin Khin Shar, Christopher M. Poskitt, Kyong Jin Shim, Li Ying Leonard Wong

Research Collection School Of Computing and Information Systems

Cybersecurity education is considered an important part of undergraduate computing curricula, but many institutions teach it only in dedicated courses or tracks. This optionality risks students graduating with limited exposure to secure coding practices that are expected in industry. An alternative approach is to integrate cybersecurity concepts across non-security courses, so as to expose students to the interplay between security and other sub-areas of computing. In this paper, we report on our experience of applying the security integration approach to an undergraduate web programming course. In particular, we added a practical introduction to secure coding, which highlighted the OWASP Top …


Mitigating Adversarial Attacks On Data-Driven Invariant Checkers For Cyber-Physical Systems, Rajib Ranjan MAITI, Cheah Huei YOONG, Venkata Reddy PALLETI, Arlindo SILVA, Christopher M. POSKITT 2022 Singapore Management University

Mitigating Adversarial Attacks On Data-Driven Invariant Checkers For Cyber-Physical Systems, Rajib Ranjan Maiti, Cheah Huei Yoong, Venkata Reddy Palleti, Arlindo Silva, Christopher M. Poskitt

Research Collection School Of Computing and Information Systems

The use of invariants in developing security mechanisms has become an attractive research area because of their potential to both prevent attacks and detect attacks in Cyber-Physical Systems (CPS). In general, an invariant is a property that is expressed using design parameters along with Boolean operators and which always holds in normal operation of a system, in particular, a CPS. Invariants can be derived by analysing operational data of various design parameters in a running CPS, or by analysing the system's requirements/design documents, with both of the approaches demonstrating significant potential to detect and prevent cyber-attacks on a CPS. While …


On Measuring Network Robustness For Weighted Networks, Jianbing ZHENG, Ming GAO, Ee-peng LIM, David LO, Cheqing JIN, Aoying ZHOU 2022 Singapore Management University

On Measuring Network Robustness For Weighted Networks, Jianbing Zheng, Ming Gao, Ee-Peng Lim, David Lo, Cheqing Jin, Aoying Zhou

Research Collection School Of Computing and Information Systems

Network robustness measures how well network structure is strong and healthy when it is under attack, such as vertices joining and leaving. It has been widely used in many applications, such as information diffusion, disease transmission, and network security. However, existing metrics, including node connectivity, edge connectivity, and graph expansion, can be suboptimal for measuring network robustness since they are inefficient to be computed and cannot directly apply to the weighted networks or disconnected networks. In this paper, we define the RR-energy as a new robustness measurement for weighted networks based on the method of spectral analysis. RR-energy can cope …


Cybersecurity Of Critical Infrastructures: Challenges And Solutions, Leandros Maglaras, Helge Janicke, Mohamed Amine Ferrag 2022 Edith Cowan University

Cybersecurity Of Critical Infrastructures: Challenges And Solutions, Leandros Maglaras, Helge Janicke, Mohamed Amine Ferrag

Research outputs 2022 to 2026

People’s lives are becoming more and more dependent on information and computer technology. This is accomplished by the enormous benefits that the ICT offers for everyday life. Digital technology creates an avenue for communication and networking, which is characterized by the exchange of data, some of which are considered sensitive or private. There have been many reports recently of data being hijacked or leaked, often for malicious purposes. Maintaining security and privacy of information and systems has become a herculean task. It is therefore imperative to understand how an individual’s or organization’s personal data can be protected. Moreover, critical infrastructures …


Fair, Equitable, And Just: A Socio-Technical Approach To Online Safety, Daricia Wilkinson 2022 Clemson University

Fair, Equitable, And Just: A Socio-Technical Approach To Online Safety, Daricia Wilkinson

All Dissertations

Socio-technical systems have been revolutionary in reshaping how people maintain relationships, learn about new opportunities, engage in meaningful discourse, and even express grief and frustrations. At the same time, these systems have been central in the proliferation of harmful behaviors online as internet users are confronted with serious and pervasive threats at alarming rates. Although researchers and companies have attempted to develop tools to mitigate threats, the perception of dominant (often Western) frameworks as the standard for the implementation of safety mechanisms fails to account for imbalances, inequalities, and injustices in non-Western civilizations like the Caribbean. Therefore, in this dissertation …


Online Privacy Challenges And Their Forensic Solutions, Bandr Fakiha 2022 Umm Al-Qura University, Saudi Arabia

Online Privacy Challenges And Their Forensic Solutions, Bandr Fakiha

Journal of the Arab American University مجلة الجامعة العربية الامريكية للبحوث

In the digital age, internet users are exposed to privacy issues online. Few rarely know when someone else is eavesdropping or about to scam them. Companies, governments, and individual internet users are all vulnerable to security breaches due to the challenges of online privacy ranging from trust and hierarchical control to financial losses. As systems advance, people are optimistic that forensic science will provide long-term interventions that surpass the current solutions, including setting stronger passwords and firewall protection. The future of online privacy is changing, and more practical interventions, such as email, malware, mobile, and network forensics, must be integrated, …


Actuator Cyberattack Handling Using Lyapunov-Based Economic Model Predictive Control, Keshav Kasturi Rangan, Henrique Oyama, Helen Durand 2022 Department of Chemical Engineering and Materials Science, Wayne State University, Detroit, MI

Actuator Cyberattack Handling Using Lyapunov-Based Economic Model Predictive Control, Keshav Kasturi Rangan, Henrique Oyama, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Cybersecurity has gained increasing interest as a consequence of the potential impacts of cyberattacks on profits and safety. While attacks can affect various components of a plant, prior work from our group has focused on the impact of cyberattacks on control components such as process sensors and actuators and the development of detection strategies for cybersecurity derived from control theory. In this work, we provide greater focus on actuator attacks; specifically, we extend a detection and control strategy previously applied for sensor attacks and based on an optimization-based control technique called Lyapunov-based economic model predictive control (LEMPC) to detect attacks …


Test Methods For Image-Based Information In Next-Generation Manufacturing, Henrique Oyama, Dominic Messina, Renee O'Neill, Samantha Cherney, Minhazur Rahman, Keshav Kasturi Rangan, Govanni Gjonaj, Helen Durand 2022 Department of Chemical Engineering and Materials Science, Wayne State University, Detroit, MI

Test Methods For Image-Based Information In Next-Generation Manufacturing, Henrique Oyama, Dominic Messina, Renee O'Neill, Samantha Cherney, Minhazur Rahman, Keshav Kasturi Rangan, Govanni Gjonaj, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Typical control designs in the process systems engineering literature have assumed that the primary sensing methodologies are traditional instruments such as thermocouples. Dig- italization is changing the landscape for manufacturing, and data-based sensing modalities (e.g., image-based sensing) are becoming of greater interest for plant control. These considerations require novel test/evaluation solutions. For example, process systems engineering researchers may wish to test image-based sensors in simulation. In this work, we provide preliminary thoughts on how image-based technologies might be evaluated via simulation for process systems.


Challenges And Opportunities For Next-Generation Manufacturing In Space, Kip Nieman, A. F. Leonard, Katie Tyrell, Dominic Messina, Rebecca Lopez, Helen Durand 2022 Department of Chemical Engineering and Materials Science, Wayne State University, Detroit, MI

Challenges And Opportunities For Next-Generation Manufacturing In Space, Kip Nieman, A. F. Leonard, Katie Tyrell, Dominic Messina, Rebecca Lopez, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

With commercial space travel now a reality, the idea that people might spend time on other planets in the future seems to have greater potential. To make this possible, however, there needs to be flexible means for manufacturing in space to enable tooling or resources to be created when needed to handle unexpected situations. Next-generation manufacturing paradigms offer significant potential for the kind of flexibility that might be needed; however, they can result in increases in computation time compared to traditional control methods that could make many of the computing resources already available on earth attractive for use. Furthermore, resilience …


Quantum Computing And Resilient Design Perspectives For Cybersecurity Of Feedback Systems, Keshav Kasturi Rangan, Jihan Abou Halloun, Henrique Oyama, Samantha Cherney, Ilham Azali Assoumani, Nazir Jairazbhoy, Helen Durand, Simon Ka Ng 2022 Department of Chemical Engineering and Materials Science, Wayne State University, Detroit, MI

Quantum Computing And Resilient Design Perspectives For Cybersecurity Of Feedback Systems, Keshav Kasturi Rangan, Jihan Abou Halloun, Henrique Oyama, Samantha Cherney, Ilham Azali Assoumani, Nazir Jairazbhoy, Helen Durand, Simon Ka Ng

Chemical Engineering and Materials Science Faculty Research Publications

Cybersecurity of control systems is an important issue in next-generation manufac- turing that can impact both operational objectives (safety and performance) as well as process designs (via hazard analysis). Cyberattacks differ from faults in that they can be coordinated efforts to exploit system vulnerabilities to create otherwise unlikely hazard scenarios. Because coordination and targeted process manipulation can be characteristics of attacks, some of the tactics previously analyzed in our group from a control system cybersecurity perspective have incorporated randomness to attempt to thwart attacks. The underlying assumption for the generation of this randomness has been that it can be achieved …


Editorial, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar 2022 Kennesaw State University

Editorial, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar

Journal of Cybersecurity Education, Research and Practice

Since 2016, it has been the mission of the Journal of Cybersecurity Education, Research, and Practice (JCERP) to be a premier outlet for high-quality information security and cybersecurity-related articles of interest to teaching faculty and students. This is the 12th edition of the (JCERP) and, as ever, we are seeking authors who produce high-quality research and practice-oriented articles focused on the development and delivery of information security and cybersecurity curriculum, innovation in applied scholarship, and industry best practices in information security and cybersecurity in the enterprise for double-blind review and publication. The journal invites submissions on Information Security, Cybersecurity, …


On-Line Process Physics Tests Via Lyapunov-Based Economic Model Predictive Control And Simulation-Based Testing Of Image-Based Process Control, Henrique Oyama, A. F. Leonard, Minhazur Rahman, Govanni Gjonaj, Michael Williamson, Helen Durand 2022 Department of Chemical Engineering and Materials Science, Wayne State University, Detroit, MI

On-Line Process Physics Tests Via Lyapunov-Based Economic Model Predictive Control And Simulation-Based Testing Of Image-Based Process Control, Henrique Oyama, A. F. Leonard, Minhazur Rahman, Govanni Gjonaj, Michael Williamson, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Next-generation manufacturing involves increasing use of automation and data to enhance process efficiency. An important question for the chemical process industries, as new process systems (e.g., intensified processes) and new data modalities (e.g., images) are integrated with traditional plant automation concepts, will be how to best evaluate alternative strategies for data-driven modeling and synthesizing process data. Two methods which could be used to aid in this are those which aid in testing data-based techniques on-line, and those which enable various data-based techniques to be assessed in simulation. In this work, we discuss two techniques in this domain which can be …


Using Graph Theoretical Methods And Traceroute To Visually Represent Hidden Networks, Jordan M. Sahs 2022 University of Nebraska at Omaha

Using Graph Theoretical Methods And Traceroute To Visually Represent Hidden Networks, Jordan M. Sahs

UNO Student Research and Creative Activity Fair

Within the scope of a Wide Area Network (WAN), a large geographical communication network in which a collection of networking devices communicate data to each other, an example being the spanning communication network, known as the Internet, around continents. Within WANs exists a collection of Routers that transfer network packets to other devices. An issue pertinent to WANs is their immeasurable size and density, as we are not sure of the amount, or the scope, of all the devices that exists within the network. By tracing the routes and transits of data that traverses within the WAN, we can identify …


Analysis Of A Quantum Attack On The Blum-Micali Pseudorandom Number Generator, Tingfei Feng 2022 Rose-Hulman Institute of Technology

Analysis Of A Quantum Attack On The Blum-Micali Pseudorandom Number Generator, Tingfei Feng

Mathematical Sciences Technical Reports (MSTR)

In 2012, Guedes, Assis, and Lula proposed a quantum attack on a pseudorandom number generator named the Blum-Micali Pseudorandom number generator. They claimed that the quantum attack can outperform classical attacks super-polynomially. However, this paper shows that the quantum attack cannot get the correct seed and provides another corrected algorithm that is in exponential time but still faster than the classical attack. Since the original classical attacks are in exponential time, the Blum-Micali pseudorandom number generator would be still quantum resistant.


Torsh: Obfuscating Consumer Internet-Of-Things Traffic With A Collaborative Smart-Home Router Network, Adam Vandenbussche 2022 Dartmouth College

Torsh: Obfuscating Consumer Internet-Of-Things Traffic With A Collaborative Smart-Home Router Network, Adam Vandenbussche

Dartmouth College Undergraduate Theses

When consumers install Internet-connected "smart devices" in their homes, metadata arising from the communications between these devices and their cloud-based service providers enables adversaries privy to this traffic to profile users, even when adequate encryption is used. Internet service providers (ISPs) are one potential adversary privy to users’ incom- ing and outgoing Internet traffic and either currently use this insight to assemble and sell consumer advertising profiles or may in the future do so. With existing defenses against such profiling falling short of meeting user preferences and abilities, there is a need for a novel solution that empowers consumers to …


Quantum Key Distribution Simulation Using Entangled Bell States, Nayana Tiwari 2022 California Polytechnic State University, San Luis Obispo

Quantum Key Distribution Simulation Using Entangled Bell States, Nayana Tiwari

Physics

To communicate information securely, the sender and recipient of the information need to have a shared, secret key. Quantum key distribution (QKD) is a proposed method for this and takes advantage of the laws of quantum mechanics. The users, Alice and Bob, exchange quantum information in the form of entangled qubits over a quantum channel as well as exchanging measurement information over a classical channel. A successful QKD algorithm will ensure that when an eavesdropper has access to both the quantum and classical information channels, they cannot deduce the key, and they will be detected by the key generators. This …


Digital Commons powered by bepress