Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Discipline
-
- Information Security (33)
- Engineering (12)
- Computer Engineering (6)
- Operations Research, Systems Engineering and Industrial Engineering (4)
- Digital Communications and Networking (3)
-
- Operational Research (3)
- Software Engineering (3)
- Electrical and Computer Engineering (2)
- Computer and Systems Architecture (1)
- Databases and Information Systems (1)
- Electrical and Electronics (1)
- Graphics and Human Computer Interfaces (1)
- Hardware Systems (1)
- Medical Biomathematics and Biometrics (1)
- Medical Sciences (1)
- Medicine and Health Sciences (1)
- OS and Networks (1)
- Other Operations Research, Systems Engineering and Industrial Engineering (1)
- Power and Energy (1)
- Theory and Algorithms (1)
Articles 1 - 30 of 43
Full-Text Articles in Physical Sciences and Mathematics
Self Organized Multi Agent Swarms (Somas) For Network Security Control, Eric M. Holloway
Self Organized Multi Agent Swarms (Somas) For Network Security Control, Eric M. Holloway
Theses and Dissertations
Computer network security is a very serious concern in many commercial, industrial, and military environments. This paper proposes a new computer network security approach defined by self-organized agent swarms (SOMAS) which provides a novel computer network security management framework based upon desired overall system behaviors. The SOMAS structure evolves based upon the partially observable Markov decision process (POMDP) formal model and the more complex Interactive-POMDP and Decentralized-POMDP models, which are augmented with a new F(*-POMDP) model. Example swarm specific and network based behaviors are formalized and simulated. This paper illustrates through various statistical testing techniques, the significance of this proposed …
A Framework For Incorporating Insurance Into Critical Infrastructure Cyber Risk Strategies, Derek R. Young
A Framework For Incorporating Insurance Into Critical Infrastructure Cyber Risk Strategies, Derek R. Young
Theses and Dissertations
Critical infrastructure owners and operators want to minimize their cyber risk and expenditures on cybersecurity. The insurance industry has been quantitatively assessing risk for hundreds of years in order to minimize risk and maximize profits. To achieve these goals, insurers continuously gather statistical data to improve their predictions, incentivize their clients' investment in self-protection and periodically refine their models to improve the accuracy of risk estimates. This paper presents a framework which incorporates the operating principles of the insurance industry in order to provide quantitative estimates of cyber risk. The framework implements optimization techniques to suggest levels of investment for …
Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel
Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel
Theses and Dissertations
Side-channel analysis (SCA) is a threat to many modern cryptosystems. Many countermeasures exist, but are costly to implement and still do not provide complete protection against SCA. A plausible alternative is to design the cryptosystem using architectures that are known to leak little information about the cryptosystem's operations. This research uses several common primitive architectures for the Advanced Encryption Standard (AES) and assesses the susceptibility of the full AES system to side-channel attack for various primitive configurations. A combined encryption/decryption core is also evaluated to determine if variation of high-level architectures affects leakage characteristics. These different configurations are evaluated under …
Vulnerability Analysis Of The Player Command And Control Protocol, John T. Hagen
Vulnerability Analysis Of The Player Command And Control Protocol, John T. Hagen
Theses and Dissertations
The Player project is an open-source effort providing a control interface specification and software framework for abstracting robot hardware. This research presents five exploits that compromise vulnerabilities in Player's command and control protocol. The attacks exploit weaknesses in the ARP, IP, TCP and Player protocols to compromise the confidentially, integrity, and availability of communication between a Player client and server. The attacks assume a laptop is connected in promiscuous mode to the same Ethernet hub as the client and server in order to sniff all network traffic between them. This work also demonstrates that Internet Protocol Security (IPsec) is capable …
The White-Hat Bot: A Novel Botnet Defense Strategy, Tyrone C. Gubler
The White-Hat Bot: A Novel Botnet Defense Strategy, Tyrone C. Gubler
Theses and Dissertations
Botnets are a threat to computer systems and users around the world. Botmasters can range from annoying spam email propagators to nefarious criminals. These criminals attempt to take down networks or web servers through distributed denial-of-service attacks, to steal corporate secrets, or to launder money from individuals or corporations. As the number and severity of successful botnet attacks rise, computer security experts need to develop better early-detection and removal techniques to protect computer networks and individual computer users from these very real threats. I will define botnets and describe some of their common purposes and current uses. Next, I will …
Magnesium Object Manager Sandbox, A More Effective Sandbox Method For Windows 7, Martin A. Gilligan
Magnesium Object Manager Sandbox, A More Effective Sandbox Method For Windows 7, Martin A. Gilligan
Theses and Dissertations
A major issue in computer security is limiting the affects a program can have on a computer. One way is to place the program into a sandbox, a limited environment. Many attempts have been made to create a sandbox that maintains the usability of a program and effectively limits the effects of the program. Sandboxes that limit the resources programs can access, have succeeded. To test the effectiveness of a sandbox that limits the resources a program can access on Windows 7, the Magnesium Object Manager Sandbox (MOMS) is created. MOMS uses a kernel mode Windows component to monitor and …
Obfuscating Against Side-Channel Power Analysis Using Hiding Techniques For Aes, Austin W. Fritzke
Obfuscating Against Side-Channel Power Analysis Using Hiding Techniques For Aes, Austin W. Fritzke
Theses and Dissertations
The transfer of information has always been an integral part of military and civilian operations, and remains so today. Because not all information we share is public, it is important to secure our data from unwanted parties. Message encryption serves to prevent all but the sender and recipient from viewing any encrypted information as long as the key stays hidden. The Advanced Encryption Standard (AES) is the current industry and military standard for symmetric-key encryption. While AES remains computationally infeasible to break the encrypted message stream, it is susceptible to side-channel attacks if an adversary has access to the appropriate …
Binary Disassembly Block Coverage By Symbolic Execution Vs. Recursive Descent, Jonathan D. Miller
Binary Disassembly Block Coverage By Symbolic Execution Vs. Recursive Descent, Jonathan D. Miller
Theses and Dissertations
This research determines how appropriate symbolic execution is (given its current implementation) for binary analysis by measuring how much of an executable symbolic execution allows an analyst to reason about. Using the S2E Selective Symbolic Execution Engine with a built-in constraint solver (KLEE), this research measures the effectiveness of S2E on a sample of 27 Debian Linux binaries as compared to a traditional static disassembly tool, IDA Pro. Disassembly code coverage and path exploration is used as a metric for determining success. This research also explores the effectiveness of symbolic execution on packed or obfuscated samples of the same binaries …
Measuring The Utility Of A Cyber Incident Mission Impact Assessment (Cimia) Process For Mission Assurance, Christy L. Peterson
Measuring The Utility Of A Cyber Incident Mission Impact Assessment (Cimia) Process For Mission Assurance, Christy L. Peterson
Theses and Dissertations
Information is a critical asset on which virtually all modern organizations depend upon to meet their operational mission objectives. Military organizations, in particular, have embedded Information and Communications Technologies (ICT) into their core mission processes as a means to increase their operational efficiency, exploit automation, improve decision quality, and shorten the kill chain. However, the extreme dependence upon ICT results in an environment where a cyber incident can result in severe mission degradation, or possibly failure, with catastrophic consequences to life, limb, and property. These consequences can be minimized by maintaining real-time situational awareness of mission critical resources so appropriate …
Accelerating Malware Detection Via A Graphics Processing Unit, Nicholas S. Kovach
Accelerating Malware Detection Via A Graphics Processing Unit, Nicholas S. Kovach
Theses and Dissertations
Real-time malware analysis requires processing large amounts of data storage to look for suspicious files. This is a time consuming process that (requires a large amount of processing power) often affecting other applications running on a personal computer. This research investigates the viability of using Graphic Processing Units (GPUs), present in many personal computers, to distribute the workload normally processed by the standard Central Processing Unit (CPU). Three experiments are conducted using an industry standard GPU, the NVIDIA GeForce 9500 GT card. The goal of the first experiment is to find the optimal number of threads per block for calculating …
An Application Of Automated Theorem Provers To Computer System Security: The Schematic Protection Model, Mitchell D.I. Hirschfeld
An Application Of Automated Theorem Provers To Computer System Security: The Schematic Protection Model, Mitchell D.I. Hirschfeld
Theses and Dissertations
The Schematic Protection Model is specified in SAL and theorems about Take-Grant and New Technology File System schemes are proven. Arbitrary systems can be specified in SPM and analyzed. This is the first known automated analysis of SPM specifications in a theorem prover. The SPM specification was created in such a way that new specifications share the underlying framework and are configurable within the specifications file alone. This allows new specifications to be created with ease as demonstrated by the four unique models included within this document. This also allows future users to more easily specify models without recreating the …
Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine
Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine
Theses and Dissertations
Current intrusion detection systems generate a large number of specific alerts, but do not provide actionable information. Many times, these alerts must be analyzed by a network defender, a time consuming and tedious task which can occur hours or days after an attack occurs. Improved understanding of the cyberspace domain can lead to great advancements in Cyberspace situational awareness research and development. This thesis applies the Cross Industry Standard Process for Data Mining (CRISP-DM) to develop an understanding about a host system under attack. Data is generated by launching scans and exploits at a machine outfitted with a set of …
Large-Scale Distributed Coalition Formation, Daniel R. Karrels
Large-Scale Distributed Coalition Formation, Daniel R. Karrels
Theses and Dissertations
The CyberCraft project is an effort to construct a large scale Distributed Multi-Agent System (DMAS) to provide autonomous Cyberspace defense and mission assurance for the DoD. It employs a small but flexible agent structure that is dynamically reconfigurable to accommodate new tasks and policies. This document describes research into developing protocols and algorithms to ensure continued mission execution in a system of one million or more agents, focusing on protocols for coalition formation and Command and Control. It begins by building large-scale routing algorithms for a Hierarchical Peer to Peer structured overlay network, called Resource-Clustered Chord (RC-Chord). RC-Chord introduces the …
An Efficient And Effective Implementation Of The Trust System For Power Grid Compartmentalization, Juan M. Carlos Gonzalez
An Efficient And Effective Implementation Of The Trust System For Power Grid Compartmentalization, Juan M. Carlos Gonzalez
Theses and Dissertations
As utility companies develop and incorporate new technologies, such as moving to utility Internet technology based architecture and standard; it is crucial that we do so with history in mind. We know that traditional utility protection and control systems were not designed with security in their top priorities. This presents a danger in an environment where near real-time responses are required to ensure safe operations. As a consequence, system security becomes a burden to the system rather than necessary protection. Unfortunately, technology implementation is not the only concern. The number of utility privately-owned companies has multiplied as the market has …
Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (Paids), Glen R. Shilland
Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (Paids), Glen R. Shilland
Theses and Dissertations
No abstract provided.
The Development Of It Suspicion As A Construct And Subsequent Measure, Matthew T. Olson
The Development Of It Suspicion As A Construct And Subsequent Measure, Matthew T. Olson
Theses and Dissertations
Suspicion has not been studied in great depth; however, a conceptual understanding of suspicion is no less important than many of the other highly studied constructs related to healthy working relationships. Information technology (IT) is one area where suspicion study is lacking, and this research effort was a study into the specific domain of IT suspicion. An extensive study of the suspicion literature and the suspicion nomological net as well as informal surveys of the general populous and subject matter experts were used to create an IT suspicion conceptual definition and measure. In order to test IT suspicion’s relationships with …
Automated Virtual Machine Introspection For Host-Based Intrusion Detection, Brett A. Pagel
Automated Virtual Machine Introspection For Host-Based Intrusion Detection, Brett A. Pagel
Theses and Dissertations
This thesis examines techniques to automate configuration of an intrusion detection system utilizing hardware-assisted virtualization. These techniques are used to detect the version of a running guest operating system, automatically configure version-specific operating system information needed by the introspection library, and to locate and monitor important operating system data structures. This research simplifies introspection library configuration and is a step toward operating system independent introspection. An operating system detection algorithm and Windows virtual machine system service dispatch table monitor are implemented using the Xen hypervisor and a modified version of the XenAccess library. All detection and monitoring is implemented from …
Sub-Circuit Selection And Replacement Algorithms Modeled As Term Rewriting Systems, Eric D. Simonaire
Sub-Circuit Selection And Replacement Algorithms Modeled As Term Rewriting Systems, Eric D. Simonaire
Theses and Dissertations
Intent protection is a model of software obfuscation which, among other criteria, prevents an adversary from understanding the program’s function for use with contextual information. Relating this framework for obfuscation to malware detection, if a malware detector can perfectly normalize a program P and any obfuscation (variant) of the program O(P), the program is not intent protected. The problem of intent protection on programs can also be modeled as intent protection on combinational logic circuits. If a malware detector can perfectly normalize a circuit C and any obfuscation (variant) O(C) of the circuit, the circuit is not intent protected. In …
Secureqemu: Emulation-Based Software Protection Providing Encrypted Code Execution And Page Granularity Code Signing, William B. Kimball
Secureqemu: Emulation-Based Software Protection Providing Encrypted Code Execution And Page Granularity Code Signing, William B. Kimball
Theses and Dissertations
This research presents an original emulation-based software protection scheme providing protection from reverse code engineering (RCE) and software exploitation using encrypted code execution and page-granularity code signing, respectively. Protection mechanisms execute in trusted emulators while remaining out-of-band of untrusted systems being emulated. This protection scheme is called SecureQEMU and is based on a modified version of Quick Emulator (QEMU) [5]. RCE is a process that uncovers the internal workings of a program. It is used during vulnerability and intellectual property (IP) discovery. To protect from RCE program code may have anti-disassembly, anti-debugging, and obfuscation techniques incorporated. These techniques slow the …
Multi-Class Classification For Identifying Jpeg Steganography Embedding Methods, Benjamin M. Rodriguez Ii
Multi-Class Classification For Identifying Jpeg Steganography Embedding Methods, Benjamin M. Rodriguez Ii
Theses and Dissertations
Over 725 steganography tools are available over the Internet, each providing a method for covert transmission of secret messages. This research presents four steganalysis advancements that result in an algorithm that identifies the steganalysis tool used to embed a secret message in a JPEG image file. The algorithm includes feature generation, feature preprocessing, multi-class classification and classifier fusion. The first contribution is a new feature generation method which is based on the decomposition of discrete cosine transform (DCT) coefficients used in the JPEG image encoder. The generated features are better suited to identifying discrepancies in each area of the decomposed …
Developing Network Situational Awareness Through Visualization Of Fused Intrusion Detection System Alerts, Serafin A. Avitia V
Developing Network Situational Awareness Through Visualization Of Fused Intrusion Detection System Alerts, Serafin A. Avitia V
Theses and Dissertations
With networks increasing in physical size, bandwidth, traffic volume, and malicious activity, network analysts are experiencing greater difficulty in developing network situational awareness. Traditionally, network analysts have used Intrusion Detection Systems to gain awareness but this method is outdated when analysts are unable to process the alerts at the rate they are being generated. Analysts are unwittingly placing the computer assets they are charged to protect at risk when they are unable to detect these network attacks. This research effort examines the theory, application, and results of using visualizations of fused alert data to develop network situational awareness. The fused …
An Analysis Of Botnet Vulnerabilities, Sean W. Hudson
An Analysis Of Botnet Vulnerabilities, Sean W. Hudson
Theses and Dissertations
Botnets are a significant threat to computer networks and data stored on networked computers. The ability to inhibit communication between servers controlling the botnet and individual hosts would be an effective countermeasure. The objective of this research was to find vulnerabilities in Unreal IRCd that could be used to shut down the server. Analysis revealed that Unreal IRCd is a very mature and stable IRC server and no significant vulnerabilities were found. While this research does not eliminate the possibility that a critical vulnerability is present in the Unreal IRCd software, none were identified during this effort.
Using Hierarchical Temporal Memory For Detecting Anomalous Network Activity, Gerod M. Bonhoff
Using Hierarchical Temporal Memory For Detecting Anomalous Network Activity, Gerod M. Bonhoff
Theses and Dissertations
This thesis explores the nature of cyberspace and forms an argument for it as an intangible world. This research is motivated by the notion of creating intelligently autonomous cybercraft to reside in that environment and maintain domain superiority. Specifically, this paper offers 7 challenges associated with development of intelligent, autonomous cybercraft. The primary focus is an analysis of the claims of a machine learning language called Hierarchical Temporal Memory (HTM). In particular, HTM theory claims to facilitate intelligence in machines via accurate predictions. It further claims to be able to make accurate predictions of unusual worlds, like cyberspace. The research …
Comparing Information Assurance Awareness Training For End-Users: A Content Analysis Examination Of Air Force And Defense Information Systems Agency User Training Modules, John W. Frugé
Theses and Dissertations
Today, the threats to information security and assurance are great. While there are many avenues for IT professionals to safeguard against these threats, many times these defenses prove useless against typical system users. Mandated by laws and regulations, all government agencies and most private companies have established information assurance (IA) awareness programs, most of which include user training. Much has been given in the existing literature to laying out the guidance for the roles and responsibilities of IT professionals and higher level managers, but less is specified for "everyday" users of information systems. This thesis attempts to determine the content …
Suspicion Modeling In Support Of Cyber-Influence Operations/Tactics, Henry G. Paguirigan
Suspicion Modeling In Support Of Cyber-Influence Operations/Tactics, Henry G. Paguirigan
Theses and Dissertations
Understanding the cognitive process of IT user suspicion may assist organizations in development of network protection plans, personnel training, and tools necessary to identify and mitigate nefarious intrusions of IT systems. Exploration of a conceptual common ground between psycho-social and technology-related concepts of suspicion are the heart of this investigation. The complexities involved in merging these perspectives led to the overall research question: What is the nature of user suspicion toward IT: The research problem/phenomenon was addressed via extensive literature review, and use of the Interactive Qualitative Analysis problem/phenomenon. Analysis of the system led to the development of a model …
A Formal Specification And Proof Of System Safety Using The Schematic Protection Model, Raymond S. Way
A Formal Specification And Proof Of System Safety Using The Schematic Protection Model, Raymond S. Way
Theses and Dissertations
This research formally specifies the Schematic Protection Model (SPM) and provides a sound, flexible tool for reasoning formally about systems that implement a security model like SPM, to prove its ability to provide security services such as confidentiality and integrity. The theory described by the resultant model was logically proved in the Prototype Verification System (PVS), an automated prover. Each component of SPM was tested, as were several anomalous conditions, and each test produced results consistent with the model. The model is internally modular, and therefore easily extensible, yet cohesive since the theory to be proved encompasses the entire specification. …
Applying Automated Theorem Proving To Computer Security, Kelly K. Mcelroy
Applying Automated Theorem Proving To Computer Security, Kelly K. Mcelroy
Theses and Dissertations
While more and more data is stored and accessed electronically, better access control methods need to be implemented for computer security. Formal modelling and analysis have been successfully used in certain areas of computer systems, such as verifying the security properties of cryptographic and authentication protocols. However, formal models for computer systems in cyberspace, like networks, have hardly advanced. A highly regarded graduate textbook cites the Take-Grant model created in 1977 as one of the \current" examples of security modelling and analysis techniques. This model is rarely used in practice though. This research implements the Take-Grant Protection model's four de …
Software Obfuscation With Symmetric Cryptography, Alan C. Lin
Software Obfuscation With Symmetric Cryptography, Alan C. Lin
Theses and Dissertations
Software protection is of great interest to commercial industry. Millions of dollars and years of research are invested in the development of proprietary algorithms used in software programs. A reverse engineer that successfully reverses another company‘s proprietary algorithms can develop a competing product to market in less time and with less money. The threat is even greater in military applications where adversarial reversers can use reverse engineering on unprotected military software to compromise capabilities on the field or develop their own capabilities with significantly less resources. Thus, it is vital to protect software, especially the software’s sensitive internal algorithms, from …
A Framework For Analyzing And Mitigating The Vulnerabilities Of Complex Systems Via Attack And Protection Trees, Kenneth S. Edge
A Framework For Analyzing And Mitigating The Vulnerabilities Of Complex Systems Via Attack And Protection Trees, Kenneth S. Edge
Theses and Dissertations
Attack trees have been developed to describe processes by which malicious users attempt to exploit or break complex systems. Attack trees offer a method of decomposing, visualizing, and determining the cost or likelihood of attacks. Attack trees by themselves do not provide enough decision support to system defenders. This research develops the concept of using protection trees to offer a detailed risk analysis of a system. In addition to developing protection trees, this research improves the existing concept of attack trees and develops rule sets for the manipulation of metrics used in the security of complex systems. This research specifically …
Hardware Virtualization Applied To Rootkit Defense, Douglas P. Medley
Hardware Virtualization Applied To Rootkit Defense, Douglas P. Medley
Theses and Dissertations
This research effort examines the idea of applying virtualization hardware to enhance operating system security against rootkits. Rootkits are sets of tools used to hide code and/or functionality from the user and operating system. Rootkits can accomplish this feat through using access to one part of an operating system to change another part that resides at the same privilege level. Hardware assisted virtualization (HAV) provides an opportunity to defeat this tactic through the introduction of a new operating mode. Created to aid operating system virtualization, HAV provides hardware support for managing and saving multiple states of the processor. This hardware …