Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Discipline
-
- Information Security (13)
- Social and Behavioral Sciences (4)
- Software Engineering (4)
- Computer Engineering (3)
- Engineering (3)
-
- Communication (2)
- Artificial Intelligence and Robotics (1)
- Communication Technology and New Media (1)
- Databases and Information Systems (1)
- Digital Communications and Networking (1)
- Education (1)
- Gerontology (1)
- Medicine and Health Sciences (1)
- Other Computer Sciences (1)
- Public Affairs, Public Policy and Public Administration (1)
- Secondary Education and Teaching (1)
- Sociology (1)
- Systems Architecture (1)
- Teacher Education and Professional Development (1)
- Transportation (1)
- Institution
- Publication
Articles 1 - 19 of 19
Full-Text Articles in Physical Sciences and Mathematics
Teaching Android Security Through Examples: A Publicly Available Database Of Vulnerable Apps, Daniel E. Krutz, Samuel A. Malachowsky
Teaching Android Security Through Examples: A Publicly Available Database Of Vulnerable Apps, Daniel E. Krutz, Samuel A. Malachowsky
Articles
Security is hard, and teaching security can be even harder. Here we describe a public educational activity to assist in the instruction of both students and developers in creating secure Android apps. Our set of activities includes example vulnerable applications, information about each vulnerability, steps on how to repair the vulnerabilities, and information about how to confirm that the vulnerability has been properly repaired. Our primary goal is to make these activities available to other instructors for use in their classrooms ranging from the K-12 to university settings. A secondary goal of this project is to foster interest in security …
Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu
Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu
Department of Computer Science and Engineering: Dissertations, Theses, and Student Research
Software repackaging is a common approach for creating malware. In this approach, malware authors inject malicious payloads into legitimate applications; then, to ren- der security analysis more difficult, they obfuscate most or all of the code. This forces analysts to spend a large amount of effort filtering out benign obfuscated methods in order to locate potentially malicious methods for further analysis. If an effective mechanism for filtering out benign obfuscated methods were available, the number of methods that must be analyzed could be reduced, allowing analysts to be more productive. In this thesis, we introduce SEMEO, a highly effective and …
A System For Detecting Malicious Insider Data Theft In Iaas Cloud Environments, Jason Nikolai, Yong Wang
A System For Detecting Malicious Insider Data Theft In Iaas Cloud Environments, Jason Nikolai, Yong Wang
Research & Publications
The Cloud Security Alliance lists data theft and insider attacks as critical threats to cloud security. Our work puts forth an approach using a train, monitor, detect pattern which leverages a stateful rule based k-nearest neighbors anomaly detection technique and system state data to detect inside attacker data theft on Infrastructure as a Service (IaaS) nodes. We posit, instantiate, and demonstrate our approach using the Eucalyptus cloud computing infrastructure where we observe a 100 percent detection rate for abnormal login events and data copies to outside systems.
The Amulet Wearable Platform: Demo Abstract, Josiah Hester, Travis Peters, Tianlong Yun, Ronald Peterson, Joseph Skinner, Bhargav Golla, Kevin Storer, Steven Hearndon, Sarah Lord, Ryan Halter, David Kotz, Jacob Sorber
The Amulet Wearable Platform: Demo Abstract, Josiah Hester, Travis Peters, Tianlong Yun, Ronald Peterson, Joseph Skinner, Bhargav Golla, Kevin Storer, Steven Hearndon, Sarah Lord, Ryan Halter, David Kotz, Jacob Sorber
Dartmouth Scholarship
In this demonstration we present the Amulet Platform; a hardware and software platform for developing energy- and resource-efficient applications on multi-application wearable devices. This platform, which includes the Amulet Firmware Toolchain, the Amulet Runtime, the ARP-View graphical tool, and open reference hardware, efficiently protects applications from each other without MMU support, allows developers to interactively explore how their implementation decisions impact battery life without the need for hardware modeling and additional software development, and represents a new approach to developing long-lived wearable applications. We envision the Amulet Platform enabling long-duration experiments on human subjects in a wide variety of studies.
What Security Questions Do Developers Ask? A Large-Scale Study Of Stack Overflow Posts, Xinli Yang, David Lo, Xin Xia, Zhi-Yuan Wan, Jian-Ling Sun
What Security Questions Do Developers Ask? A Large-Scale Study Of Stack Overflow Posts, Xinli Yang, David Lo, Xin Xia, Zhi-Yuan Wan, Jian-Ling Sun
Research Collection School Of Computing and Information Systems
Security has always been a popular and critical topic. With the rapid development of information technology, it is always attracting people’s attention. However, since security has a long history, it covers a wide range of topics which change a lot, from classic cryptography to recently popular mobile security. There is a need to investigate security-related topics and trends, which can be a guide for security researchers, security educators and security practitioners. To address the above-mentioned need, in this paper, we conduct a large-scale study on security-related questions on Stack Overflow. Stack Overflow is a popular on-line question and answer site …
Significant Permission Identification For Android Malware Detection, Lichao Sun
Significant Permission Identification For Android Malware Detection, Lichao Sun
Department of Computer Science and Engineering: Dissertations, Theses, and Student Research
A recent report indicates that a newly developed malicious app for Android is introduced every 11 seconds. To combat this alarming rate of malware creation, we need a scalable malware detection approach that is effective and efficient. In this thesis, we introduce SigPID, a malware detection system based on permission analysis to cope with the rapid increase in the number of Android malware. Instead of analyzing all 135 Android permissions, our approach applies 3-level pruning by mining the permission data to identify only significant permissions that can be effective in distinguishing benign and malicious apps. Based on the identified significant …
A Survey On Future Internet Security Architectures, Wenxiu Ding, Zheng Yan, Robert H. Deng
A Survey On Future Internet Security Architectures, Wenxiu Ding, Zheng Yan, Robert H. Deng
Research Collection School Of Computing and Information Systems
Current host-centric Internet Protocol (IP) networks are facing unprecedented challenges, such as network attacks and the exhaustion of IP addresses. Motivated by emerging demands for security, mobility, and distributed networking, many research projects have been initiated to design the future Internet from a clean slate. In order to obtain a thorough knowledge of security in future Internet architecture, we review a number of well-known projects, including named data networking, Content Aware Searching Retrieval and sTreaming, MobilityFirst Future Internet Architecture Project (MobilityFirst), eXpressive Internet Architecture, and scalability, control, and isolation on next-generation network. These projects aim to move away from the …
Design And Validation For Fpga Trust Under Hardware Trojan Attacks, Sanchita Mal-Sarkar, Robert Karam, Seetharam Narasimhan, Anandaroop Ghosh, Aswin Krishna, Swarup Bhunia
Design And Validation For Fpga Trust Under Hardware Trojan Attacks, Sanchita Mal-Sarkar, Robert Karam, Seetharam Narasimhan, Anandaroop Ghosh, Aswin Krishna, Swarup Bhunia
Electrical and Computer Engineering Faculty Publications
Field programmable gate arrays (FPGAs) are being increasingly used in a wide range of critical applications, including industrial, automotive, medical, and military systems. Since FPGA vendors are typically fabless, it is more economical to outsource device production to off-shore facilities. This introduces many opportunities for the insertion of malicious alterations of FPGA devices in the foundry, referred to as hardware Trojan attacks, that can cause logical and physical malfunctions during field operation. The vulnerability of these devices to hardware attacks raises serious security concerns regarding hardware and design assurance. In this paper, we present a taxonomy of FPGA-specific hardware Trojan …
Privacy And Security In Mobile Health – A Research Agenda, David Kotz, Carl A. Gunter, Santosh Kumar, Jonathan P. Weiner
Privacy And Security In Mobile Health – A Research Agenda, David Kotz, Carl A. Gunter, Santosh Kumar, Jonathan P. Weiner
Dartmouth Scholarship
Mobile health technology has great potential to increase healthcare quality, expand access to services, reduce costs, and improve personal wellness and public health. However, mHealth also raises significant privacy and security challenges.
Mobipot: Understanding Mobile Telephony Threats With Honeycards, Marco Balduzzi, Payas Gupta, Lion Gu, Debin Gao, Mustaque Ahamad
Mobipot: Understanding Mobile Telephony Threats With Honeycards, Marco Balduzzi, Payas Gupta, Lion Gu, Debin Gao, Mustaque Ahamad
Research Collection School Of Computing and Information Systems
Over the past decade, the number of mobile phones has increased dramatically, overtaking the world population in October 2014. In developing countries like India and China, mobile subscribers outnumber traditional landline users and account for over 90% of the active population. At the same time, convergence of telephony with the Internet with technologies like VoIP makes it possible to reach a large number of telephone users at a low or no cost via voice calls or SMS (short message service) messages. As a consequence, cybercriminals are abusing the telephony channel to launch attacks, e.g., scams that offer fraudulent services and …
Value-Inspired Service Design In Elderly Home-Monitoring Systems, Na Liu, Sandeep Purao, Hwee-Pink Tan
Value-Inspired Service Design In Elderly Home-Monitoring Systems, Na Liu, Sandeep Purao, Hwee-Pink Tan
Research Collection School Of Computing and Information Systems
The provision of elderly home-monitoring systems to enhance aging-in-place requires the service to meet the needs of both the elderly and their caregivers. The design of such IT services requires interdisciplinary efforts to look beyond the technical requirements. Taking a value-inspired design perspective, the study argues that service design for promoting aging-in-place needs to reconcile the values of both the elderly and caregivers. Drawn from the framework of basic human values and the unique experience of the SHINESeniors project, the study extracts the core values for elderly and caregivers using a multi-method case analysis. We suggest that both system and …
A Survey Of Social Media Users Privacy Settings & Information Disclosure, Mashael Aljohani, Alastair Nisbet, Kelly Blincoe
A Survey Of Social Media Users Privacy Settings & Information Disclosure, Mashael Aljohani, Alastair Nisbet, Kelly Blincoe
Australian Information Security Management Conference
This research utilises a comprehensive survey to ascertain the level of social networking site personal information disclosure by members at the time of joining the membership and their subsequent postings to the sites. Areas examined are the type of information they reveal, their level of knowledge and awareness regarding how their information is protected by SNSs and the awareness of risks that over-sharing may pose. Additionally, this research studies the effect of gender, age, education, and level of privacy concern on the amount and kind of personal information disclosure and privacy settings applied. A social experiment was then run for …
A Privacy Gap Around The Internet Of Things For Open-Source Projects, Brian Cusack, Reza Khaleghparast
A Privacy Gap Around The Internet Of Things For Open-Source Projects, Brian Cusack, Reza Khaleghparast
Australian Information Security Management Conference
The Internet of Things (IoT) is having a more important role in the everyday lives of people. The distribution of connectivity across social and personal interaction discloses personalised information and gives access to a sphere of sensitivities that were previously masked. Privacy measures and security to protect personal sensitivities are weak and in their infancy. In this paper we review the issue of privacy in the context of IoT open-source projects, and the IoT security concerns. A proposal is made to create a privacy bubble around the interoperability of devices and systems and a filter layer to mitigate the exploitation …
A Forensic Examination Of Several Mobile Device Faraday Bags & Materials To Test Their Effectiveness, Ashleigh Lennox-Steele, Alastair Nisbet
A Forensic Examination Of Several Mobile Device Faraday Bags & Materials To Test Their Effectiveness, Ashleigh Lennox-Steele, Alastair Nisbet
Australian Digital Forensics Conference
A Faraday bag is designed to shield a mobile phone or small digital device from radio waves entering the bag and reaching the device, or to stop radio waves escaping through the bag from the device. The effectiveness of these shields is vital for security professionals and forensic investigators who seize devices and wish to ensure that their contents are not read, modified or deleted prior to a forensic examination. This research tests the effectiveness of several readily available Faraday bags. The Faraday bags tested are all available through online means and promise complete blocking of all signals through the …
An Analysis Of Chosen Alarm Code Pin Numbers & Their Weakness Against A Modified Brute Force Attack, Alastair Nisbet, Maria Kim
An Analysis Of Chosen Alarm Code Pin Numbers & Their Weakness Against A Modified Brute Force Attack, Alastair Nisbet, Maria Kim
Australian Information Security Management Conference
Home and commercial alarms are an integral physical security measure that have become so commonplace that little thought is given to the security that they may or may not provide. Whilst the focus has shifted from physical security in the past to cyber security in the present, physical security for protecting assets may be just as important for many business organisations. This research looks at 700 genuine alarm PIN codes chosen by users to arm and disarm alarm systems in a commercial environment. A comparison is made with a study of millions of PIN numbers unrelated to alarms to compare …
Using Graphic Methods To Challenge Cryptographic Performance, Brian Cusack, Erin Chapman
Using Graphic Methods To Challenge Cryptographic Performance, Brian Cusack, Erin Chapman
Australian Information Security Management Conference
Block and stream ciphers have formed the traditional basis for the standardisation of commercial ciphers in the DES, AES, RC4, and so on. More recently alternative graphic methods such as Elliptic Curve Cryptography (ECC) have been adopted for performance gains. In this research we reviewed a range of graphic and non-graphic methods and then designed our own cipher system based on several graphic methods, including Visual Cryptography (VC). We then tested our cipher against RC4 and the AES algorithms for performance and security. The results showed that a graphics based construct may deliver comparable or improved security and performance in …
Establishing Effective And Economical Traffic Surveillance In Tonga, Brian Cusack, George Maeakafa
Establishing Effective And Economical Traffic Surveillance In Tonga, Brian Cusack, George Maeakafa
Australian Digital Forensics Conference
The Pacific Islands are seriously challenged by the growth in wealth and the expansion of international material possessions. On the roads traffic has grown dramatically and the types of vehicles now using Island roads has greatly changed. With the importation of cheap second hand vehicles designed for freeway speeds serious safety issues have grown proportionally with the increasing numbers. In this research we consider the prohibitive costs of traditional traffic controls to economy and propose a light weight highly mobile aerial surveillance system that integrates with ground policing capability. Our research question was: How can road safety and security be …
An Extended Study On Addressing Defender Teamwork While Accounting For Uncertainty In Attacker Defender Games Using Iterative Dec-Mdps, Eric Shieh, Albert Xin Jiang, Amulya Yadav, Pradeep Varakantham, Milind Tambe
An Extended Study On Addressing Defender Teamwork While Accounting For Uncertainty In Attacker Defender Games Using Iterative Dec-Mdps, Eric Shieh, Albert Xin Jiang, Amulya Yadav, Pradeep Varakantham, Milind Tambe
Research Collection School Of Computing and Information Systems
Multi-agent teamwork and defender-attacker security games are two areas that are currently receiving significant attention within multi-agent systems research. Unfortunately, despite the need for effective teamwork among multiple defenders, little has been done to harness the teamwork research in security games. The problem that this paper seeks to solve is the coordination of decentralized defender agents in the presence of uncertainty while securing targets against an observing adversary. To address this problem, we offer the following novel contributions in this paper: (i) New model of security games with defender teams that coordinate under uncertainty; (ii) New algorithm based on column …
Optical Fiber Sensors In Physical Intrusion Detection Systems: A Review, Gary Andrew Allwood, Graham Wild, Steven Hinkley
Optical Fiber Sensors In Physical Intrusion Detection Systems: A Review, Gary Andrew Allwood, Graham Wild, Steven Hinkley
Research outputs 2014 to 2021
Fiber optic sensors have become a mainstream sensing technology within a large array of applications due to their inherent benefits. They are now used significantly in structural health monitoring, and are an essential solution for monitoring harsh environments. Since their first development over 30 years ago, they have also found promise in security applications. This paper reviews all of the optical fiber-based techniques used in physical intrusion detection systems. It details the different approaches used for sensing, interrogation, and networking, by research groups, attempting to secure both commercial and residential premises from physical security breaches. The advantages and the disadvantages …