Physical Sciences and Mathematics Commons^™

Analyzing Microarchitectural Residue In Various Privilege Strata To Identify Computing Tasks, Tor J. Langehaug

Theses and Dissertations

Modern multi-tasking computer systems run numerous applications simultaneously. These applications must share hardware resources including the Central Processing Unit (CPU) and memory while maximizing each application’s performance. Tasks executing in this shared environment leave residue which should not reveal information. This dissertation applies machine learning and statistical analysis to evaluate task residue as footprints which can be correlated to identify tasks. The concept of privilege strata, drawn from an analogy with physical geology, organizes the investigation into the User, Operating System, and Hardware privilege strata. In the User Stratum, an adversary perspective is taken to build an interrogator program that …

Demonstration Of Cyberattacks And Mitigation Of Vulnerabilities In A Webserver Interface For A Cybersecure Power Router, Benjamin Allen

Computer Science and Computer Engineering Undergraduate Honors Theses

Cyberattacks are a threat to critical infrastructure, which must be secured against them to ensure continued operation. A defense-in-depth approach is necessary to secure all layers of a smart-grid system and contain the impact of any exploited vulnerabilities. In this undergraduate thesis a webserver interface for smart-grid devices communicating over Modbus TCP was developed and exposed to SQL Injection attacks and Cross-Site Scripting attacks. Analysis was performed on Supply-Chain attacks and a mitigation developed for attacks stemming from compromised Content Delivery Networks. All attempted attacks were unable to exploit vulnerabilities in the webserver due to its use of input sanitization …

Maritime Cybersecurity: Comparing Practices Between Developing Countries : The Case Study Of Kenya And Spain, Bibian Turyahumura

World Maritime University Dissertations

No abstract provided.

Information Security Maturity Model For Healthcare Organizations In The United States, Bridget Joan Barnes Page

Dissertations and Theses

This research provides a maturity model for information security for healthcare organizations in the United States. Healthcare organizations are faced with increasing threats to the security of their information systems. The maturity model identifies specific performance metrics, with relative importance measures, that can be used to enhance information security at healthcare organizations allowing them to focus scarce resources on mitigating the most important information security threat vectors. This generalizable, hierarchical decision model uses both qualitative and quantitative metrics based on objective goals. This model may be used as a baseline by which to measure individual organizational performance, to measure performance …

Security Fatigue And Its Effects On Perceived Password Strength Among University Students, Chase Carroll

Honors Theses

This study was performed with the goal of observing the effect, if any, that security fatigue has on students’ perceived strength of passwords. In doing so, it was hoped to find some correlation between the two that would help in establishing a measurable effect of the phenomenon in students. This could potentially aid organizational decision-makers, such as security policy writers and system admins, to make more informed decisions about implementing security measures. To achieve the goal of observing this fatigue and attempting to measure it, a survey was distributed to numerous students on the University of Tennessee at Chattanooga campus. …

Feature Selection On Permissions, Intents And Apis For Android Malware Detection, Fred Guyton

CCE Theses and Dissertations

Malicious applications pose an enormous security threat to mobile computing devices. Currently 85% of all smartphones run Android, Google’s open-source operating system, making that platform the primary threat vector for malware attacks. Android is a platform that hosts roughly 99% of known malware to date, and is the focus of most research efforts in mobile malware detection due to its open source nature. One of the main tools used in this effort is supervised machine learning. While a decade of work has made a lot of progress in detection accuracy, there is an obstacle that each stream of research is …

The Empirical Study Of The Factors That Influence Threat Avoidance Behavior In Ransomware Security Incidents, Heriberto Aurelio Acosta Maestre

CCE Theses and Dissertations

Ransomware security incidents have become one of the biggest threats to general computer users who are oblivious to the ease of infection, severity, and cost of the damage it causes. University networks and their students are susceptible to ransomware security incidents. College students have vast technical skills and knowledge, however they risk ransomware security incidents because of their lack of mitigating actions to the threats and the belief that it would not happen to them. Interaction with peers may play a part in college students’ perception of the threats and behavior to secure their computers. Identifying what influences students’ threat …

Cyber Security In The Healthcare Industry, Giovanni Ordonez 20

Honor Scholar Theses

No abstract provided.

Detecting And Protecting Against Ai-Synthesized Faces, Yuezun Li

Legacy Theses & Dissertations (2009 - 2024)

The recent advances in deep learning and the availability of vast volume of online personal images and videos have drastically improved the reality of synthesized faces in images and videos. While there are interesting and creative applications of the AI face synthesis systems, they can also be weaponized, as it can create the illusions of a person's presence and activities that do not occur in reality, which results in serious political, social, financial, and legal consequences. Therefore, it is of great importance to develop effective method to expose the AI-synthesized faces. In this thesis, a set of our recent efforts …

Self Organized Multi Agent Swarms (Somas) For Network Security Control, Eric M. Holloway

Theses and Dissertations

Computer network security is a very serious concern in many commercial, industrial, and military environments. This paper proposes a new computer network security approach defined by self-organized agent swarms (SOMAS) which provides a novel computer network security management framework based upon desired overall system behaviors. The SOMAS structure evolves based upon the partially observable Markov decision process (POMDP) formal model and the more complex Interactive-POMDP and Decentralized-POMDP models, which are augmented with a new F(*-POMDP) model. Example swarm specific and network based behaviors are formalized and simulated. This paper illustrates through various statistical testing techniques, the significance of this proposed …

Impact Of Framing And Base Size Of Computer Security Risk Information On User Behavior, Xinhui Zhan

Masters Theses

"This research examines the impact of framing and base size of computer security risk information on users' risk perceptions and behavior (i.e., download intention and download decision). It also examines individual differences (i.e., demographic factors, computer security awareness, Internet structural assurance, self-efficacy, and general risk-taking tendencies) associated with users' computer security risk perceptions. This research draws on Prospect Theory, which is a theory in behavioral economics that addresses risky decision-making, to generate hypotheses related to users' decision-making in the computer security context. A 2 x 3 mixed factorial experimental design (N = 178) was conducted to assess the effect of …

Cybersecurity In The Classroom: Bridging The Gap Between Computer Access And Online Safety, Andrew Malecki

Cyber Security Capstone Research Project Reports

According to ISACA, there will be a global shortage of 2 million cybersecurity professionals worldwide by 2019. Additionally, according to Experian Data Breach Resolution, as much as 80% of all network breaches can be traced to employee negligence. These problems will not solve themselves, and they likewise won’t improve without drastic action. An effort needs to be made to help direct interested and qualified individuals to the field of cybersecurity to move toward closing this gap. Moreover, steps need to be made to better inform the public of general safety measures while online, including the safeguarding of sensitive information.

A …

A Framework For Incorporating Insurance Into Critical Infrastructure Cyber Risk Strategies, Derek R. Young

Theses and Dissertations

Critical infrastructure owners and operators want to minimize their cyber risk and expenditures on cybersecurity. The insurance industry has been quantitatively assessing risk for hundreds of years in order to minimize risk and maximize profits. To achieve these goals, insurers continuously gather statistical data to improve their predictions, incentivize their clients' investment in self-protection and periodically refine their models to improve the accuracy of risk estimates. This paper presents a framework which incorporates the operating principles of the insurance industry in order to provide quantitative estimates of cyber risk. The framework implements optimization techniques to suggest levels of investment for …

Maia And Mandos: Tools For Integrity Protection On Arbitrary Files, Paul J. Bonamy

Dissertations, Master's Theses and Master's Reports

We present the results of our dissertation research, which focuses on practical means of protecting system data integrity. In particular, we present Maia, a language for describing integrity constraints on arbitrary file types, and Mandos, a Linux Security Module which uses verify-on-close to enforce mandatory integrity guarantees. We also provide details of a Maia-based verifier generator, demonstrate that Maia and Mandos introduce minimal delay in performing their tasks, and include a selection of sample Maia specifications.

Real-Time Detection System For Suspicious Urls, Krishna Prasad Chouty, Anup Chandra Thogiti, Kranthi Sudha Vudatha

All Capstone Projects

Twitter is prone to malicious tweets containing URLs for spam, phishing, and malware distribution. Conventional Twitter spam detection schemes utilize account features such as the ratio of tweets containing URLs and the account creation date, or relation features in the Twitter graph. These detection schemes are ineffective against feature fabrications or consume much time and resources. Conventional suspicious URL detection schemes utilize several features including lexical features of URLs, URL redirection, HTML content, and dynamic behavior. However, evading techniques such as time-based evasion and crawler evasion exist. In this paper, we propose WARNINGBIRD, a suspicious Real-Time URL detection system for …

Tweakable Ciphers: Constructions And Applications, Robert Seth Terashima

Dissertations and Theses

Tweakable ciphers are a building block used to construct a variety of cryptographic algorithms. Typically, one proves (via a reduction) that a tweakable-cipher-based algorithm is about as secure as the underlying tweakable cipher. Hence improving the security or performance of tweakable ciphers immediately provides corresponding benefits to the wide array of cryptographic algorithms that employ them. We introduce new tweakable ciphers, some of which have better security and others of which have better performance than previous designs. Moreover, we demonstrate that tweakable ciphers can be used directly (as opposed to as a building block) to provide authenticated encryption with associated …

Quantification Of Information Flow In Cyber Physical Systems, Li Feng

Doctoral Dissertations

"In Cyber Physical Systems (CPSs), traditional security mechanisms such as cryptography and access control are not enough to ensure the security of the system since complex interactions between the cyber portion and physical portion happen frequently. In particular, the physical infrastructure is inherently observable; aggregated physical observations can lead to unintended cyber information leakage. Information flow analysis, which aims to control the way information flows among different entities, is better suited for CPSs than the access control security mechanism. However, quantifying information leakage in CPSs can be challenging due to the flow of implicit information between the cyber portion, the …

Deciding Static Inclusion For Delta-Strong And Omega [Upside Down Triangle]-Strong Intruder Theories : Applications To Cryptographic Protocol Analysis, Kimberly Ann Gero

Legacy Theses & Dissertations (2009 - 2024)

In this dissertation we will be studying problems relating to indistinguishability. This topic

Bridging The Detection Gap: A Study On A Behavior-Based Approach Using Malware Techniques, Geancarlo Palavicini

EWU Masters Thesis Collection

"In recent years the intensity and complexity of cyber attacks have increased at a rapid rate. The cost of these attacks on U.S. based companies is in the billions of dollars, including the loss of intellectual property and reputation. Novel and diverse approaches are needed to mitigate the cost of a security breach, and bridge the gap between malware detection and a security breach. This thesis focuses on the short term need to mitigate the impact of undetected shellcodes that cause security breaches. The thesis's approach focuses on the agents driving the attacks, capturing their actions, in order to piece …

Application Of Ntru Cryptographic Algorithm For Securing Scada Communication, Amritha Puliadi Premnath

UNLV Theses, Dissertations, Professional Papers, and Capstones

Supervisory Control and Data Acquisition (SCADA) system is a control system which is widely used in Critical Infrastructure System to monitor and control industrial processes autonomously. Most of the SCADA communication protocols are vulnerable to various types of cyber-related attacks. The currently used security standards for SCADA communication specify the use of asymmetric cryptographic algorithms like RSA or ECC for securing SCADA communications. There are certain performance issues with cryptographic solutions of these specifications when applied to SCADA system with real-time constraints and hardware limitations. To overcome this issue, in this thesis we propose the use of a faster and …

A Survey On Detection And Defense Of Application Layer Ddos Attacks, Naga Shalini Vadlamani

UNLV Theses, Dissertations, Professional Papers, and Capstones

As the time is passing on, the effect of DDoS attacks on Internet security is growing tremendously. Within a very little span there is a huge increase in the size and frequency of DDoS attacks. With the new technologies and new techniques, the attackers are finding more sophisticated ways to attack the servers. In this situation, it is necessary to come up with various mechanisms to detect and defend these DDoS attacks and protect the servers from the attackers. Many researches have been carried out to detect the DDoS attack traffic in transport layer, which is more vulnerable to DDoS …

The Use Of Vulnerability Assessments: A Survey, Charles D. Lybrand

Regis University Student Publications (comprehensive collection)

One of the most significant challenges faced by senior business and technology managers is securing organizational data in light of rising threats and compliance requirements. The use of vulnerability assessments has stood out as one strategy to help protect against malicious computer attacks. Vulnerability assessments are conducted to identify security holes within information systems, including networks, servers, and applications. These assessments can be performed by an organization's internal staff or outsourced to a third-party vendor. Outsourcing is especially important for small organizations who typically do not have the resources or expertise to conduct their own vulnerability assessment. This thesis will …

Simulation And Analysis Of Insider Attacks, Christopher Blake Clark

UNLV Theses, Dissertations, Professional Papers, and Capstones

An insider is an individual (usually an employee, contractor, or business partner) that has been trusted with access to an organization's systems and sensitive data for legitimate purposes. A malicious insider abuses this access in a way that negatively impacts the company, such as exposing, modifying, or defacing software and data.

Many algorithms, strategies, and analyses have been developed with the intent of detecting and/or preventing insider attacks. In an academic setting, these tools and approaches show great promise. To be sure of their effectiveness, however, these analyses need to be tested. While real data is available on insider attacks …

Using Phishing To Test Social Engineering Awareness Of Financial Employees, Rebecca M. Long

EWU Masters Thesis Collection

"Social engineering is the biggest security threat to financial institutions because it exploits the weakest link in any security system: the human element. It is proposed here that combining specialized training on social engineering followed by repeated audit tests will be more effective at lowering employee vulnerability than standard security training alone. This research developed a training module specializing in social engineering with an extra emphasis on phishing, then used phishing trials on financial employees to audit their awareness and knowledge of social engineering to determine if it lowers the vulnerability level to phishing attacks"--Document.

Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel

Theses and Dissertations

Side-channel analysis (SCA) is a threat to many modern cryptosystems. Many countermeasures exist, but are costly to implement and still do not provide complete protection against SCA. A plausible alternative is to design the cryptosystem using architectures that are known to leak little information about the cryptosystem's operations. This research uses several common primitive architectures for the Advanced Encryption Standard (AES) and assesses the susceptibility of the full AES system to side-channel attack for various primitive configurations. A combined encryption/decryption core is also evaluated to determine if variation of high-level architectures affects leakage characteristics. These different configurations are evaluated under …

Vulnerability Analysis Of The Player Command And Control Protocol, John T. Hagen

Theses and Dissertations

The Player project is an open-source effort providing a control interface specification and software framework for abstracting robot hardware. This research presents five exploits that compromise vulnerabilities in Player's command and control protocol. The attacks exploit weaknesses in the ARP, IP, TCP and Player protocols to compromise the confidentially, integrity, and availability of communication between a Player client and server. The attacks assume a laptop is connected in promiscuous mode to the same Ethernet hub as the client and server in order to sniff all network traffic between them. This work also demonstrates that Internet Protocol Security (IPsec) is capable …

The White-Hat Bot: A Novel Botnet Defense Strategy, Tyrone C. Gubler

Theses and Dissertations

Botnets are a threat to computer systems and users around the world. Botmasters can range from annoying spam email propagators to nefarious criminals. These criminals attempt to take down networks or web servers through distributed denial-of-service attacks, to steal corporate secrets, or to launder money from individuals or corporations. As the number and severity of successful botnet attacks rise, computer security experts need to develop better early-detection and removal techniques to protect computer networks and individual computer users from these very real threats. I will define botnets and describe some of their common purposes and current uses. Next, I will …

Obfuscating Against Side-Channel Power Analysis Using Hiding Techniques For Aes, Austin W. Fritzke

Theses and Dissertations

The transfer of information has always been an integral part of military and civilian operations, and remains so today. Because not all information we share is public, it is important to secure our data from unwanted parties. Message encryption serves to prevent all but the sender and recipient from viewing any encrypted information as long as the key stays hidden. The Advanced Encryption Standard (AES) is the current industry and military standard for symmetric-key encryption. While AES remains computationally infeasible to break the encrypted message stream, it is susceptible to side-channel attacks if an adversary has access to the appropriate …

Magnesium Object Manager Sandbox, A More Effective Sandbox Method For Windows 7, Martin A. Gilligan

Theses and Dissertations

A major issue in computer security is limiting the affects a program can have on a computer. One way is to place the program into a sandbox, a limited environment. Many attempts have been made to create a sandbox that maintains the usability of a program and effectively limits the effects of the program. Sandboxes that limit the resources programs can access, have succeeded. To test the effectiveness of a sandbox that limits the resources a program can access on Windows 7, the Magnesium Object Manager Sandbox (MOMS) is created. MOMS uses a kernel mode Windows component to monitor and …

Binary Disassembly Block Coverage By Symbolic Execution Vs. Recursive Descent, Jonathan D. Miller

Theses and Dissertations

This research determines how appropriate symbolic execution is (given its current implementation) for binary analysis by measuring how much of an executable symbolic execution allows an analyst to reason about. Using the S2E Selective Symbolic Execution Engine with a built-in constraint solver (KLEE), this research measures the effectiveness of S2E on a sample of 27 Debian Linux binaries as compared to a traditional static disassembly tool, IDA Pro. Disassembly code coverage and path exploration is used as a metric for determining success. This research also explores the effectiveness of symbolic execution on packed or obfuscated samples of the same binaries …