Engineering Commons^™

Nuclear Security Culture And Batan’S Assessment: Batan’S Experience, Anhar R. Antariksawan

International Journal of Nuclear Security

Organizations should increase safety to minimize the harmful effects of nuclear materials. Additionally, organizations should take measures to protect security culture within the organization itself. This paper covers the National Nuclear Energy Agency of Indonesia’s (BATAN’s) promotion of nuclear security culture and self- assessment projects, which is based on the International Atomic Energy Agency’s (IAEA) methodology.

On The Design And Analysis Of Secure Inference Networks, Venkata Sriram Siddhardh Nadendla

Dissertations - ALL

Parallel-topology inference networks consist of spatially-distributed sensing agents that collect and transmit observations to a central node called the fusion center (FC), so that a global inference is made regarding the phenomenon-of-interest (PoI). In this dissertation, we address two types of statistical inference, namely binary-hypothesis testing and scalar parameter estimation in parallel-topology inference networks. We address three different types of security threats in parallel-topology inference networks, namely Eavesdropping (Data-Confidentiality), Byzantine (Data-Integrity) or Jamming (Data-Availability) attacks. In an attempt to alleviate information leakage to the eavesdropper, we present optimal/near-optimal binary quantizers under two different frameworks, namely differential secrecy where the difference …

Understanding And Improving Security Of The Android Operating System, Edward Paul Ratazzi

Dissertations - ALL

Successful realization of practical computer security improvements requires an understanding and insight into the system's security architecture, combined with a consideration of end-users' needs as well as the system's design tenets. In the case of Android, a system with an open, modular architecture that emphasizes usability and performance, acquiring this knowledge and insight can be particularly challenging for several reasons. In spite of Android's open source philosophy, the system is extremely large and complex, documentation and reference materials are scarce, and the code base is rapidly evolving with new features and fixes. To make matters worse, the vast majority of …

Garage Door Security System, Trevor Lehr, Austin Williams

Electrical Engineering

This project focuses on the design and build of a low cost system that monitors garage doors and transmits their state to a receiver unit placed at a convenient location inside the user’s house. This provides the user with the ability to monitor their garage doors from the comfort of inside their home without having to go outside and look at the garage. The receiver unit includes a screen to display system information and LEDs to make it easy to view the garage door’s status from a distance. The system has great enough range to place the receiver at any …

Context-Sensitive Auto-Sanitization For Php, Jared M. Smith, Richard J. Connor, David P. Cunningham, Kyle G. Bashour, Walter T. Work

Chancellor’s Honors Program Projects

No abstract provided.

Selective Dynamic Analysis Of Virtualized Whole-System Guest Environments, Andrew William Henderson

Dissertations - ALL

Dynamic binary analysis is a prevalent and indispensable technique in program analysis. While several dynamic binary analysis tools and frameworks have been proposed, all suffer from one or more of: prohibitive performance degradation, a semantic gap between the analysis code and the execution under analysis, architecture/OS specificity, being user-mode only, and lacking flexibility and extendability. This dissertation describes the design of the Dynamic Executable Code Analysis Framework (DECAF), a virtual machine-based, multi-target, whole-system dynamic binary analysis framework. In short, DECAF seeks to address the shortcomings of existing whole-system dynamic analysis tools and extend the state of the art by utilizing …

Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Software repackaging is a common approach for creating malware. In this approach, malware authors inject malicious payloads into legitimate applications; then, to ren- der security analysis more difficult, they obfuscate most or all of the code. This forces analysts to spend a large amount of effort filtering out benign obfuscated methods in order to locate potentially malicious methods for further analysis. If an effective mechanism for filtering out benign obfuscated methods were available, the number of methods that must be analyzed could be reduced, allowing analysts to be more productive. In this thesis, we introduce SEMEO, a highly effective and …

A Secure, Reliable And Performance-Enhancing Storage Architecture Integrating Local And Cloud-Based Storage, Christopher Glenn Hansen

Theses and Dissertations

The constant evolution of new varieties of computing systems - cloud computing, mobile devices, and Internet of Things, to name a few - have necessitated a growing need for highly reliable, available, secure, and high-performing storage systems. While CPU performance has typically scaled with Moore's Law, data storage is much less consistent in how quickly performance increases over time. One method of improving storage performance is through the use of special storage architectures. Such architectures often include redundant arrays of independent disks (RAID). RAID provides a meaningful way to increase storage performance on a variety of levels, some higher-performing than …

Qualitative Collective Case Study Of Targeted Violence Preparedness At Institutions Of Higher Education, Tim Gunter

Doctoral Dissertations and Projects

An increase in targeted violence incidents (TVIs), primarily active shooter events, at institutions of higher education (IHEs) has exposed gaps in campus security plan preparation and exercises. The purpose of this qualitative collective case study was to discover barriers to and best practices of universities and colleges conducting security preparedness activities for TVIs. The theory that guided this study was vested interest theory which predicts how attitudes will influence behavior in a commitment to preparedness fundamentals. The setting for this study was two institutions of higher education along the East Coast of the United States. Data collection techniques included site …

Router Security Effect On Performance Of A Network, David L. Leal

Theses and Dissertations

Recently many of the devices that create a computer network offer security to help protect networks from hackers, such as computers, servers, firewalls and even routers. In most cases when protecting a network from hackers having more security is not always the best, because the more resources of the device is used by the security in inspecting connections, and it can compromise performance of the network.

This thesis investigates performance benefit of having security on a router and its impact on the connection rate of the network when it is under security attacks. In this thesis, different security features and …

Vulnerability Analysis And Security Framework For Zigbee Communication In Iot, Charbel Azzi

UNLV Theses, Dissertations, Professional Papers, and Capstones

Securing IoT (Internet of Things) systems in general, regardless of the communication technology used, has been the concern of many researchers and private companies. As for ZigBee security concerns, much research and many experiments have been conducted to better predict the nature of potential security threats. In this research we are addressing several ZigBee vulnerabilities by performing first hand experiments and attack simulations on ZigBee protocol. This will allow us to better understand the security issues surveyed and find ways to mitigate them. Based on the attack simulations performed and the survey conducted, we have developed a ZigBee IoT framework …

The Utility Of Table-Top Exercises In Teaching Nuclear Security, Christopher Hobbs, Luca Lentini, Matthew Moran

International Journal of Nuclear Security

In the emerging field of nuclear security, those responsible for education and training are constantly seeking to identify and engage with tools and approaches that provide for a constructive learning environment. In this context, this paper explores the nature and value of Tabletop exercises (TTX) and how they can be applied in the nuclear security context. On the one hand, the paper dissects the key components of the TTX and considers the broader pedagogical benefits of this teaching method. On the other hand, the paper draws lessons from the authors’ experience of running TTXs as part of nuclear security professional …

Flight Emergency Advice Works Just As Well Back On The Ground, Carolyn Massiah

UCF Forum

Save yourself first!

This one sentence is a valuable piece of advice I wish I had received and fully embraced so much earlier in life. In fact, it is still a notion that I struggle with because it is one that sounds selfish in nature. However, now more than at any other point in my life, I realize that in order to be selfless and to be able to assist others, you must first truly work on thinking of your own self first.

Protecting Controllers Against Denial-Of-Service Attacks In Software-Defined Networks, Jingrui Li

Masters Theses

Connection setup in software-defined networks (SDN) requires considerable amounts of processing, communication, and memory resources. Attackers can target SDN controllers defense mechanism based on a proof-of-work protocol. This thesis proposes a new protocol to protect controllers against such attacks, shows implementation of the system and analyze the its performance. The key characteristics of this protocol, namely its one-way operation, its requirement for freshness in proofs of work, its adjustable difficulty, its ability to work withmultiple network providers, and its use of existing TCP/IP header fields, ensure that this approach can be used in practice.

A Security Analysis Of Cyber-Physical Systems Architecture For Healthcare, Darren Seifert, Hassan Reza

Computer Science Faculty Publications

This paper surveys the available system architectures for cyber-physical systems. Several candidate architectures are examined using a series of essential qualities for cyber-physical systems for healthcare. Next, diagrams detailing the expected functionality of infusion pumps in two of the architectures are analyzed. The STRIDE Threat Model is then used to decompose each to determine possible security issues and how they can be addressed. Finally, a comparison of the major security issues in each architecture is presented to help determine which is most adaptable to meet the security needs of cyber-physical systems in healthcare.

Threshold Voltage Defined Switches And Gates To Prevent Reverse Engineering, Ithihasa Reddy Nirmala

USF Tampa Graduate Theses and Dissertations

¹Semiconductor supply chain is increasingly getting exposed to variety of security attacks such as Trojan insertion, cloning, counterfeiting, reverse engineering (RE), piracy of Intellectual Property (IP) or Integrated Circuit (IC) and side-channel analysis due to involvement of untrusted parties. In this thesis, we use threshold voltage-defined switches to design a logic gate that will camouflage the conventional logic gates both logically and physically to resist RE and IP piracy. The proposed gate can function as NAND, AND, NOR, OR, XOR, and XNOR robustly using threshold defined switches. We also propose a flavor of camouflaged gate that represents reduced functionality …

An Exploration Of Mobile Device Security Artifacts At Institutions Of Higher Education, Amita Goyal Chin, Diania Mcrae, Beth H. Jones, Mark A. Harris

Journal of International Technology and Information Management

The explosive growth and rapid proliferation of smartphones and other mobile

devices that access data over communication networks has necessitated advocating

and implementing security constraints for the purpose of abetting safe computing.

Remote data access using mobile devices is particularly popular among students at

institutions of higher education. To ensure safe harbor for constituents, it is

imperative for colleges and universities to establish, disseminate, and enforce

mobile device security artifacts, where artifacts is defined as policies, procedures,

guidelines or other documented or undocumented protocols. The purpose of this

study is to explore the existence of, specific content of, and the …

Development Of A National Human Reliability Program (Hrp) Model For An Emerging Nuclear Country: Nigerian Case Study, Stephen Olumuyiwa Ariyo Dahunsi

Masters Theses

The current demand for electricity and concern of the climate change in emerging countries has led to the rise in the number of nations adopting nuclear technology options. Besides this, the global rise in terrorism and the existence of credible threats in Nigeria and other emerging countries embarking on nuclear program for peaceful application may pose a critical challenge in implementation of this technology. Furthermore, the dual threat issue of providing electricity, while inadvertently producing weapon and radiological material that could similarly undermine international security must be mitigated. In order to achieve the mitigation target, it is highly important to …

Systematic Discovery Of Android Customization Hazards, Yousra Aafer

Dissertations - ALL

The open nature of Android ecosystem has naturally laid the foundation for a highly fragmented operating system. In fact, the official AOSP versions have been aggressively customized into thousands of system images by everyone in the customization chain, such as device manufacturers, vendors, carriers, etc. If not well thought-out, the customization process could result in serious security problems. This dissertation performs a systematic investigation of Android customization’ inconsistencies with regards to security aspects at various Android layers.

It brings to light new vulnerabilities, never investigated before, caused by the under-regulated and complex Android customization. It first describes a novel vulnerability …

Significant Permission Identification For Android Malware Detection, Lichao Sun

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

A recent report indicates that a newly developed malicious app for Android is introduced every 11 seconds. To combat this alarming rate of malware creation, we need a scalable malware detection approach that is effective and efficient. In this thesis, we introduce SigPID, a malware detection system based on permission analysis to cope with the rapid increase in the number of Android malware. Instead of analyzing all 135 Android permissions, our approach applies 3-level pruning by mining the permission data to identify only significant permissions that can be effective in distinguishing benign and malicious apps. Based on the identified significant …

Improving The Security Of Wireless Sensor Networks, Mauricio Tellez Nava

Masters Theses, 2010-2019

With the rapid technological advancements of sensors, Wireless Sensor Networks (WSNs) have become the main technology for the Internet of Things (IoT). We investigated the security of WSNs in an environmental monitoring system with the goal to improve the overall security. We implemented a Secure Temperature Monitoring System (STMS), which served as our investigational environment. Our results revealed a security flaw found in the bootstrap loader (BSL) password used to protect firmware in the MSP430 MCU chips. We demonstrated how the BSL password could be brute forced in a matter of days. Furthermore, we illustrate how an attacker can reverse …

Intentio Ex Machina: Android Intent Access Control Via An Extensible Application Hook, Carter Yagemann

Dissertations - ALL

Android's intent framework facilitates binder based interprocess communication (IPC) and encourages application developers to utilize IPC in their applications with a frequency unseen in traditional desktop environments. The increased volume of IPC present in Android devices, coupled with intent's ability to implicitly find valid receivers for IPC, bring about new security challenges to the computing security landscape.

This work proposes Intentio Ex Machina (IEM), an access control solution for Android intent IPC security. IEM separates the logic for performing access control from where the intents are intercepted by placing an interface in the Android framework. This allows the access control …

Ground Vehicle Platooning Control And Sensing In An Adversarial Environment, Samuel A. Mitchell

All Graduate Theses and Dissertations, Spring 1920 to Summer 2023

In the past few years, automated cars have ceased to be part of science fiction, and have instead become a technology that has been implemented, with partially automated systems currently available to customers.

One benefit of automated vehicle technology is the consistent driving patterns due to automation, instead of the inconsistency of distractible humans. Passengers of automated vehicles will be exposed to much less danger than the passengers of human-driven vehicles.

These statements will only be true as automated vehicle systems are scrutinized by experts to find flaws in the system. Security enthusiasts have already hijacked control of an automated …

A Brief Review Of Security In Emerging Programmable Computer Networking Technologies, Egemen K. Çetinkaya

Electrical and Computer Engineering Faculty Research & Creative Works

Recent programmable networking paradigms, such as cloud computing, fog computing, software- defined networks, and network function virtualization gain significant traction in industry and academia. While these newly developed networking technologies open a pathway to new architectures and enable a faster innovation cycle, there exist many problems in this area. In this article, we provide a review of these programmable networking architectures for comparison. Second, we provide a survey of security attacks and defense mechanisms in these emerging programmable networking technologies.

Motion-Activated Infrared Security System, Christopher H. Skelton, Daniel Graves, Kenton Culbertson, Joseph B. Burke, Edward Hockaday

Chancellor’s Honors Program Projects

No abstract provided.

Enterprise Network Design And Implementation For Airports, Ashraf H. Ali

Information Technology Master Theses

The aim of this project was airports network design and implementation and the introduction of a suitable network for most airports around the world. The following project focused on three main parts: security, quality, and safety. The project has been provided with different utilities to introduce a network with a high security level for the airport. These utilities are hardware firewalls, an IP access control list, Mac address port security, a domain server and s proxy server. All of these utilities have been configured to provide a secure environment for the entire network and to prevent hackers from entering sensitive …

Bike Lock Combining Strength And Flexibility, Zachary Uhrich

All Undergraduate Projects

What can be done when someone is riding a bicycle in a large metropolitan area, and when they reach their destination they find that there either is no bike rack, or the rack is already full. For bikers who prefer the security of a standard U-lock, this means having to leave to find another rack elsewhere or leave your bike unlocked. This situation is the why there is a need for a bike lock which can combine the security of a U-lock, with the flexibility and size of a chain. This project solves the problem by using a hardened steel …

Application Intrusion Detection: Security For Cloud Deployments, Justin Murphy, Nick Harrison, John Taylor

Capstone Design Expo Posters

As servers move to the cloud, sources for security analysis become more limited. Security teams must make the most of the resources available to them. Our project attempts to fulfill this need by providing a template-based application to analyze and detect security events in logs that are available in cloud environments. We focus on authentication logs, but analysis modules can be added to flag anomalies in any log.

The deliverables include log analysis, including successive repeated failures, location-based anomalies, and excessive failed login attempts across multiple accounts. To present our findings we output the results to a web interface for …

Team Training In Safety And Security Via Simulation: A Practical Dimension Of Maritime Education And Training, Michael Baldauf, Dimitrios Dalaklis, Aditi Kataria

Conference Papers

In the rather extended maritime domain, a term that should be the epicentre of any successful careerbuilding path is tailor-made training via cutting-edge simulators. To cut a long story short, the breadth of operations on the various types of ships has expanded to such a large extent that extensive practical training drills are becoming a compelling need to contribute to competent seafarers. This type of training can guarantee the positive outcome in their decision-making process and help the seafarers often being under continuous pressure, to suitably respond to the various safety and security threats on-board a vessel. The several conventions …

Two-Factor Data Security Protection Mechanism For Cloud Storage System, Joseph K. Liu, Kaitai Liang, Willy Susilo, Jianghua Liu, Yang Xiang

Faculty of Engineering and Information Sciences - Papers: Part A

In this paper, we propose a two-factor data security protection mechanism with factor revocability for cloud storage system. Our system allows a sender to send an encrypted message to a receiver through a cloud storage server. The sender only needs to know the identity of the receiver but no other information (such as its public key or its certificate). The receiver needs to possess two things in order to decrypt the ciphertext. The first thing is his/her secret key stored in the computer. The second thing is a unique personal security device which connects to the computer. It is impossible …