Physical Sciences and Mathematics Commons^™

Machine Learning Based Approaches Towards Robust Android Malware Detection, Jiayun Xu

Dissertations and Theses Collection (Open Access)

The Android platform is becoming increasingly popular and numerous applications (apps) have been developed by organizations to meet the ever increasing market demand over years. Naturally, security and privacy concerns on Android apps have grabbed considerable attention from both academic and industrial
communities. Many approaches have been proposed to detect Android malware in different ways so far, and most of them produce satisfactory performance under the given Android environment settings and labelled samples. However, existing approaches suffer the following robustness problems:

In many Android malware detection approaches, specific API calls are used to build the feature sets, and their feature …

Novel Techniques In Recovering, Embedding, And Enforcing Policies For Control-Flow Integrity, Yan Lin

Dissertations and Theses Collection (Open Access)

Control-Flow Integrity (CFI) is an attractive security property with which most injected and code-reuse attacks can be defeated, including advanced attacking techniques like Return-Oriented Programming (ROP). CFI extracts a control-flow graph (CFG) for a given program and instruments the program to respect the CFG. Specifically, checks are inserted before indirect branch instructions. Before these instructions are executed during runtime, the checks consult the CFG to ensure that the indirect branch is allowed to reach the intended target. Hence, any sort of controlflow hijacking would be prevented. There are three fundamental components in CFI enforcement. The first component is accurately recovering …

When Keystroke Meets Password: Attacks And Defenses, Ximing Liu

Dissertations and Theses Collection (Open Access)

Password is a prevalent means used for user authentication in pervasive computing environments since it is simple to be deployed and convenient to use. However, the use of password has intrinsic problems due to the involvement of keystroke. Keystroke behaviors may emit various side-channel information, including timing, acoustic, and visual information, which can be easily collected by an adversary and leveraged for the keystroke inference. On the other hand, those keystroke-related information can also be used to protect a user's credentials via two-factor authentication and biometrics authentication schemes. This dissertation focuses on investigating the PIN inference due to the side-channel …

On-The-Fly Android Static Analysis With Applications In Vulnerability Discovery, Daoyuan Wu

Dissertations and Theses Collection (Open Access)

Static analysis is a common program analysis technique extensively used in the software security field. Widely-used static analysis tools for Android, e.g., Amandroid and FlowDroid, perform the whole-app analysis which is comprehensive yet at the cost of huge overheads. In this dissertation, we make a first attempt to explore a novel on-demand analysis that creatively leverages bytecode search to guide inter-procedural analysis on the fly or just in time, and develop such on-the-fly analysis into a tool, called BackDroid, for Android apps. We further explore how the core technique of on-the-fly static analysis in BackDroid can enable different vulnerability studies …

Policy Analytics For Environmental Sustainability: Household Hazardous Waste And Water Impacts Of Carbon Pollution Standards, Kustini

Dissertations and Theses Collection (Open Access)

Policy analytics are essential in supporting more informed policy-making in environmental management. This dissertation employs a fusion of machine methods and explanatory empiricism that involves data analytics, math programming, optimization, econometrics, geospatial and spatiotemporal analysis, and other approaches for assessing and evaluating current and future environmental policies.
Essay 1 discusses household informedness and its impact on the collection and recycling of household hazardous waste (HHW). Household informedness is the degree to which households have the necessary information to make utility-maximizing decisions about the handling of their waste. Such informedness seems to be influenced by HHW public education and environmental quality …

Towards Secure Online Distribution Of Multimedia Codestreams, Swee Won Lo

Dissertations and Theses Collection (Open Access)

Multimedia codestreams distributed through open and insecure networks are subjected to attacks such as malicious content tampering and unauthorized accesses. This dissertation first addresses the issue of authentication as a mean to integrity - protect multimedia codestreams against malicious tampering. Two cryptographic-based authentication schemes are proposed to authenticate generic scalable video codestreams with a multi-layered structure. The first scheme combines the salient features of hash-chaining and double error correction coding to achieve loss resiliency with low communication overhead and proxy-transparency. The second scheme further improves computation cost by replacing digital signature with a hash-based message authentication code to achieve packet-level …

Virtualization-Based System Hardening Against Untrusted Kernels, Yueqiang Cheng

Dissertations and Theses Collection (Open Access)

Applications are integral to our daily lives to help us processing sensitive I/O data, such as individual passwords and camera streams, and private application data, such as financial information and medical reports. However, applications and sensitive data all surfer from the attacks from kernel rootkits in the traditional architecture, where the commodity OS that is supposed to be the secure foothold of the system is routinely compromised due to the large code base and the broad attack surface. Fortunately, the virtualization technology has significantly reshaped the landscape of the modern computer system, and provides a variety of new opportunities for …

Towards Secure And Usable Leakage-Resilient Password Entry, Qiang Yan

Dissertations and Theses Collection (Open Access)

Password leakage is one of the most common security threats for pervasive password based user authentication. The design of a secure and usable password entry against password leakage remains a challenge since twenty year ago when the first academic proposal attempted to address it. This dissertation focuses on investigating the difficulty in designing leakage-resilient password entry (LRPE) schemes and exploring the feasibility of constructing secure and usable LRPE schemes with the assistance of state-of-the-art technology. The first work in this dissertation reveals the infeasibility of designing practical LRPE schemes in the absence of trusted devices by investigating the inherent tradeoff …

Exploiting Human Factors In User Authentication, Payas Gupta

Dissertations and Theses Collection (Open Access)

Our overarching issue in security is the human factor – and dealing with it is perhaps one of the biggest challenges we face today. Human factor is often described as the weakest part of a security system and users are often described as the weakest link in the security chain. In this thesis, we focus on two problems which are caused by human factors in user authentication and propose respective solutions. a) Secrecy information inference attack – publicly available information can be used to infer some secrecy information about the user. b) Coercion attack – where an attacker forces a …

A Study Of The Imitation, Collection And Usability Issues Of Keystroke Biometrics, Chee Meng Tey

Dissertations and Theses Collection (Open Access)

The majority of authentication systems used today involves passwords, where a user is required to remember and key in the correct password to login. Keystroke biometrics is an alternative approach whereby users are identified by one or more features such as (a) the timing between keystrokes, (b) how long users hold each key and (c) how hard users press each key. It is being assumed in prior research that the way one user types a password/word is different from the way another user types the same password and this characteristic remains stable over time. Existing literature however left open three …

Novel Techniques Of Using Diversity In Software Security And Information Hiding, Jin Han

Dissertations and Theses Collection (Open Access)

Diversity is an important and valuable concept that has been adopted in many fields to reduce correlated risks and to increase survivability. In information security, diversity also helps to increase both defense capability and fault tolerance for information systems and communication networks, where diversity can be adopted from many different perspectives. This dissertation, in particular, focuses mainly on two aspects of diversity – the application software diversity and the diversity in data interpretation. Software diversity has many advantages over mono-culture in improving system security. A number of previous researches focused on utilizing existing off-theshelf diverse software for network protection and …

Security And Performance Analysis For Rfid Protocols, Bing Liang

Dissertations and Theses Collection (Open Access)

Radio Frequency Identification (RFID) is an advanced object identification technology that has already been applied in various industries. However, the insecure nature of the communication channel between readers and tags makes RFID systems vulnerable to various kinds of attacks. In recent years, many new methods have been proposed to improve the security of RFID systems, such as disabling tags, agent management and establishing cryptographic protocols. Among them, we focus on the last approach, which is more economic and convenient in certain cases. The first part of our work is to categorize typical existing RFID protocols according to their security levels. …