Engineering Commons^™

Using Offline Activities To Enhance Online Cybersecurity Education, Sarah Padlipsky

Master's Theses

Since the beginning of the 21st century, the United States has experienced the impact of a technological revolution. One effect of this technological revolution is the creation of entirely new careers related to the field of technology, including cybersecurity. Continued growth in the cybersecurity industry means a greater number of jobs will be created, adding to the existing number of jobs that are challenging an under-educated and under-trained workforce. The goal of this thesis is to increase the effectiveness of cybersecurity education. This thesis studies whether an online course in cybersecurity can be enhanced by offline, in-person activities that mirror …

Assessing Risk In Iot Devices, David Levitsky

Master's Theses

The explosive growth of the Internet of Things ecosystem has thrust these devices into the center of our lives. Unfortunately, the desire to create these devices has been stronger than the one to secure them. Recent attacks have shown us ignoring security in Internet of Things devices can cause severe harm in both a digital and physical sense. This thesis outlines a framework for developers and managers to assess the risk of IoT devices using a weighted scoring system across five different categories. Our case studies suggest that devices with higher security considerations have a better security posture and lower …

Correlating Easily And Unobtrusively Queried Computer Characteristics To Number And Severity Of Vulnerabilities, Jonathan M. Mercado

Theses and Dissertations

Cybersecurity has become a top-of-mind concern as the threat landscape expands and organizations continue to undergo digital transformation. As the industry confronts this growth, tools designed to evaluate the security posture of a network must improve to provide better value. Current agent-based and network scanning tools are resource intensive, expensive, and require thorough testing before implementation in order to ensure seamless integration. While surfacing specific vulnerability information is imperative to securing network assets, there are ways to predict the security status of a network without taking exact measurements. These methods may inform security professionals as to where the weakest points …

Hybrid Black-Box Solar Analytics And Their Privacy Implications, Dong Chen

Doctoral Dissertations

The aggregate solar capacity in the U.S. is rising rapidly due to continuing decreases in the cost of solar modules. For example, the installed cost per Watt (W) for residential photovoltaics (PVs) decreased by 6X from 2009 to 2018 (from $8/W to $1.2/W), resulting in the installed aggregate solar capacity increasing 128X from 2009 to 2018 (from 435 megawatts to 55.9 gigawatts). This increasing solar capacity is imposing operational challenges on utilities in balancing electricity's real-time supply and demand, as solar generation is more stochastic and less predictable than aggregate demand. To address this problem, both academia and utilities have …

A Framework And Exploration Of A Cybersecurity Education Escape Room, Justin Charles Snyder

Theses and Dissertations

This thesis presents a review of educational-escape-room literature followed by a design-oriented framework (the Snyder Escape Room Framework or SERF) and demonstrates the potential efficacy of escape-rooms in cybersecurity education. Several authors have proposed frameworks and guidelines for game and educational design regarding escape rooms. This work coalesces some of those ideas into a more substantial and comprehensive framework (SERF) that designers can use when developing educational escape rooms. The Snyder Escape Room Framework provides heuristics for goals and objectives, players, activities, context, trajectory design, and evaluation. Additionally, this work describes and analyzes the novel prototyped BYU GCC escape room …

User's Manual For Tardigrade Risk Assessment, Alexis M. Shook

University of New Orleans Theses and Dissertations

This user-guide provides instructions for operating Tardigrade 1.1.3, a cybersecurity software for Nollysoft, LLC. This guide instructs users step-by-step on how to set security controls, risk assessments, and administrative maintenance. Tardigrade 1.1.3 is a Risk Assessment Enterprise that evaluates the risk level of corporations and offers solutions to any security gaps within an organization. Tardigrade 1.1.3 is a role-based software that operates through three modules, Cybersecurity Assessment, Internal Control, and Security Requirement Traceability Matrix.

Low Latency Intrusion Detection In Smart Grids, Israel Zairi Akingeneye

Graduate Theses and Dissertations

The transformation of traditional power grids into smart grids has seen more new technologies such as communication networks and smart meters (sensors) being integrated into the physical infrastructure of the power grids. However, these technologies pose new vulnerabilities to the cybersecurity of power grids as malicious attacks can be launched by adversaries to attack the smart meters and modify the measurement data collected by these meters. If not timely detected and removed, these attacks may lead to inaccurate system state estimation, which is critical to the system operators for control decisions such as economic dispatch and other related functions.

This …

Scada And Plc Systems Configuration For The Ncrept Test Facility, Arman Ahmed

Electrical Engineering Undergraduate Honors Theses

This thesis details the project to update the control and interface system of the National Center for Reliable Electric Power Transmission (NCREPT) testing facility. The need for this project arose from the 2017-2018 expansion of the facility, which included some modifications in the layout of electrical equipment used for testing purposes. These modifications necessitated the update of the control and interface system. Additionally, the old system was implemented a decade ago and is nearing obsolescence, so the facility’s expansion served as an opportune time for an upgrade.

There were two main parts to the scope of this project, which were …

Command Validation For Cybersecure Power Router, Isaac M. Kroger

Electrical Engineering Undergraduate Honors Theses

For grid-connected homes equipped with solar panels, power electronics are necessary to manage and convert power between the solar panels, battery storage, grid, and residential load. A power router can be used to manage these power electronics and govern power generation, storage, and distribution within the household. This level of control makes power routers that do not employ cybersecurity a target for external attacks. The use of command validation is an effective way to prevent unauthorized commands from maliciously altering the state of a home’s power router. The purpose of this thesis is to describe the development of the command …

Cybersecurity Assessment And Mitigation Stochastic Model, Matthew W. Davis

Theses and Dissertations

With numerous cybersecurity incidents and vulnerability concerns in an increasingly contested cyber warfighting environment, the Department of Defense (DoD) has mandated cybersecurity assessment and authorization of all major weapon systems (MWS) before their use. In response to this direction, the Air Force Life Cycle Management Center (AFLCMC) created the Platform Information Technology Assessment and Authorization (PIT A&A) Process. Modeled after the NIST Risk Management Framework (RMF), this process applies a risk-based approach to cybersecurity with the goal of identifying risks and mitigating vulnerabilities in MWS. Within this work, a stochastic model of the PIT A&A Process is presented with an …

Conceptual Systems Security Analysis Aerial Refueling Case Study, Martin Trae Span Iii

Theses and Dissertations

In today’s highly interconnected and technology reliant environment, systems security is rapidly growing in importance to complex systems such as automobiles, airplanes, and defense-oriented weapon systems. While systems security analysis approaches are critical to improving the security of these advanced cyber-physical systems-of-systems, such approaches are often poorly understood and applied in ad hoc fashion. To address these gaps, first a study of key architectural analysis concepts and definitions is provided with an assessment of their applicability towards complex cyber-physical systems. From this initial work, a definition of cybersecurity architectural analysis for cyber-physical systems is proposed. Next, the System Theory Theoretic …

Perceptions Of Female Cybersecurity Professionals Toward Factors That Encourage Females To The Cybersecurity Field, Kembley Kay Lingelbach

CCE Theses and Dissertations

Despite multiple national, educational, and industry initiatives, women continue to be underrepresented in the cybersecurity field. Only 11% of cybersecurity professionals, globally, are female. This contributes to the growing overall shortage of workers in the field. This research addressed the significant underrepresentation of females in the cybersecurity workforce. There are many practitioner and industry studies that suggest self-efficacy, discrimination and organizational culture play important roles in the low rate of women in the cybersecurity field. A limited number of scholarly studies identify causal factors; however, there is not a general consensus or framework to explain the problem thoroughly. Moreover, there …

Malware Analysis Skills Taught In University Courses, Swetha Gorugantu

Browse all Theses and Dissertations

Career opportunities for malware analysts are growing at a fast pace due to the evolving nature of cyber threats as well as the necessity to counter them. However, employers are often unable to hire analysts fast though due to a lack of the required skillset. Hence, the primary purpose of the thesis is to conduct a gap analysis between the binary analysis skills taught in universities with those that the recruiters are looking for. Malware can be analyzed using three main types of tools and techniques: high-level profiling, static analysis, and dynamic analysis. These methods provide detailed information about the …