NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 180
  • 52
  • 31
  • 17
  • 8
  • 7
  • 4
  • 4
  • 1
  • Tagged with
  • 423
  • 423
  • 175
  • 85
  • 78
  • 75
  • 69
  • 66
  • 61
  • 56
  • 51
  • 50
  • 50
  • 46
  • 44
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 21 to 30 of 423 (0.046 seconds)

Spelling suggestions: "subject:"; anetwork security"" "subject:"; 5gnetwork security""

21

Blockchain and Distributed Consensus: From Security Analysis to Novel Applications

Xiao, Yang 13 May 2022 (has links)
Blockchain, the technology behind cryptocurrency, enables decentralized and distrustful parties to maintain a unique and consistent transaction history through consensus, without involving a central authority. The decentralization, transparency, and consensus-driven security promised by blockchain are unprecedented and can potentially enable a wide range of new applications that prevail in the decentralized zero-trust model. While blockchain represents a secure-by-design approach to building zero-trust applications, there still exist outstanding security bottlenecks that hinder the technology's wider adoption, represented by the following two challenges: (1) blockchain as a distributed networked system is multi-layered in nature which has complex security implications that are not yet fully understood or addressed; (2) when we use blockchain to construct new applications, especially those previously implemented in the centralized manner, there often lack effective paradigms to customize and augment blockchain's security offerings to realize domain-specific security goals. In this work, we provide answers to the above two challenges in two coordinated efforts. In the first effort, we target the fundamental security issues caused by blockchain's multi-layered nature and the consumption of external data. Existing analyses on blockchain consensus security overlooked an important cross-layer factor---the heterogeneity of the P2P network's connectivity. We first provide a comprehensive review on notable blockchain consensus protocols and their security properties. Then we focus one class of consensus protocol---the popular Nakamoto consensus---for which we propose a new analytical model from the networking perspective that quantifies the impact of heterogeneous network connectivity on key consensus security metrics, providing insights on the actual "51% attack" threshold (safety) and mining revenue distribution (fairness). The external data truthfulness challenge is another fundamental challenge concerning the decentralized applications running on top of blockchain. The validity of external data is key to the system's operational security but is out of the jurisdiction of blockchain consensus. We propose DecenTruth, a system that combines a data mining technique called truth discovery and Byzantine fault-tolerant consensus to enable decentralized nodes to collectively extract truthful information from data submitted by untrusted external sources. In the second effort, we harness the security offerings of blockchain's smart contract functionality along with external security tools to enable two domain-specific applications---data usage control and decentralized spectrum access system. First, we use blockchain to tackle a long-standing privacy challenge of data misuse. Individual data owners often lose control on how their data can be used once sharing the data with another party, epitomized by the Facebook-Cambridge Analytica data scandal. We propose PrivacyGuard, a security platform that combines blockchain smart contract and hardware trusted execution environment (TEE) to enable individual data owner's fine-grained control over the usage (e.g., which operation, who can use on what condition/price) of their private data. A core technical innovation of PrivacyGuard is the TEE-based execution and result commitment protocol, which extends blockchain's zero-trust security to the off-chain physical domain. Second, we employ blockchain to address the potential security and performance issues facing dynamic spectrum sharing in the 5G or next-G wireless networks. The current spectrum access system (SAS) designated by the FCC follows a centralized server-client service model which is vulnerable to single-point failures of SAS service providers and also lacks an efficient, automated inter-SAS synchronization mechanism. In response, we propose a blockchain-based decentralized SAS architecture dubbed BD-SAS to provide SAS service efficiently to spectrum users and enable automated inter-SAS synchronization, without assuming trust on individual SAS service providers. We hope this work can provide new insights into blockchain's fundamental security and applicability to new security domains. / Doctor of Philosophy / Blockchain, the technology behind cryptocurrency, enables decentralized and distrustful parties to maintain a unique and consistent transaction history through consensus, without involving a central authority. The decentralization, transparency, and consensus-driven security promised by blockchain are unprecedented and can potentially enable zero-trust applications in a wide range of domains. While blockchain's secure-by-design vision is truly inspiring, there still remain outstanding security challenges that hinder the technology's wider adoption. They originate from the blockchain system's complex multi-layer nature and the lack of effective paradigms to customize blockchain for domain-specific applications. In this work, we provide answers to the above two challenges in two coordinated efforts. In the first effort, we target the fundamental security issues caused by blockchain's multi-layered nature and the consumption of external data. We first provide a comprehensive review on existing notable consensus protocols and their security issues. Then we propose a new analytical model from a novel networking perspective that quantifies the impact of heterogeneous network connectivity on key consensus security metrics. Then we address the external data truthfulness challenge concerning the decentralized applications running on top of blockchain which consume the real-world data, by proposing DecenTruth, a system that combines data mining and consensus to allow decentralized blockchain nodes to collectively extract truthful information from untrusted external sources. In the second effort, we harness the security offerings of blockchain's smart contract functionality along with external security tools to enable two domain-specific applications. First, eyeing on our society's data misuse challenge where data owners often lose control on how their data can be used once sharing the data with another party, we propose PrivacyGuard, a security platform that combines blockchain smart contract and hardware security tools to give individual data owner's fine-grained control over the usage over their private data. Second, targeting the lack of a fault-tolerant spectrum access system in the domain of wireless networking, we propose a blockchain-based decentralized spectrum access system dubbed BD-SAS to provide spectrum management service efficiently to users without assuming trust on individual SAS service providers. We hope this work can provide new insights into blockchain's fundamental security and applicability to new security domains.
Blockchain
distributed consensus
network security
22

Security risk prioritization for logical attack graphs

Almohri, Hussain January 1900 (has links)
Master of Science / Department of Computing and Information Sciences / William H. Hsu / Xinming (Simon) Ou / To prevent large networks from potential security threats, network administrators need to know in advance what components of their networks are under high security risk. One way to obtain this knowledge is via attack graphs. Various types of attack graphs based on miscellaneous techniques has been proposed. However, attack graphs can only make assertion about different paths that an attacker can take to compromise the network. This information is just half the solution in securing a particular network. Network administrators need to analyze an attack graph to be able to identify the associated risk. Provided that attack graphs can get very large in size, it would be very difficult for them to perform the task. In this thesis, I provide a security risk prioritization algorithm to rank logical attack graphs produced by MulVAL (A vulnerability analysis system) . My proposed method (called StepRank) is based on a previously published algorithm called AssetRank that generalizes over Google's PageRank algorithm. StepRank considers a forward attack graph that is a reversed version of the original MulVAL attack graph used by AssetRank. The result of the ranking algorithm is a rank value for each node that is relative to every other rank value and shows how difficult it is for an attacker to satisfy a node.
Computer Security
Network Security
Computer Science (0984)
23

A host-based security assessment architecture for effective leveraging of shared knowledge

Rakshit, Abhishek January 1900 (has links)
Master of Science / Department of Computing and Information Sciences / Xinming (Simon) Ou / Security scanning performed on computer systems is an important step to identify and assess potential vulnerabilities in an enterprise network, before they are exploited by malicious intruders. An effective vulnerability assessment architecture should assimilate knowledge from multiple security knowledge sources to discover all the security problems present on a host. Legitimate concerns arise since host-based security scanners typically need to run at administrative privileges, and takes input from external knowledge sources for the analysis. Intentionally or otherwise, ill-formed input may compromise the scanner and the whole system if the scanner is susceptible to, or carries one or more vulnerability itself. It is not easy to incorporate new security analysis tools and/or various security knowlege- bases in the conventional approach, since this would entail installing new agents on every host in the enterprise network. This report presents an architecture where a host-based security scanner's code base can be minimized to an extent where its correctness can be verified by adequate vetting. At the same time, the architecture also allows for leveraging third-party security knowledge more efficiently and makes it easier to incorporate new security tools. In our work, we implemented the scanning architecture in the context of an enterprise-level security analyzer. The analyzer finds security vulnerabilities present on a host according to the third-party security knowledge specified in Open Vulnerability Assessment Language(OVAL). We empirically show that the proposed architecture is potent in its ability to comprehensively leverage third-party security knowledge, and is flexible to support various higher-level security analysis.
Vulnerability analysis
Network security
Computer Science (0984)
24

Proposed iNET Network Security Architecture

Dukes, Renata 10 1900 (has links)
ITC/USA 2009 Conference Proceedings / The Forty-Fifth Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2009 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Morgan State University's iNET effort is aimed at improving existing telemetry networks by developing more efficient operation and cost effectiveness. This paper develops an enhanced security architecture for the iNET environment in order to protect the network from both inside and outside adversaries. This proposed architecture addresses the key security components of confidentiality, integrity and authentication. The security design for iNET is complicated by the unique features of the telemetry application. The addition of encryption is complicated by the need for robust synchronization needed for real time operation in a high error environment.
iNET
Authentication
Confidentiality
Integrity
Network Security Architecture
25

Requirements for a secure and efficientAuthentication System for a large organizationJuan Carlos

Crespo, Juan Carlos January 2010 (has links)
<p>In this thesis, a full review on what are the minimum requirements needed to perform an Authentication System is explained. While building the system we have in consideration the users of it, the security needed for each of the resources that must be accessed by the users and what methods can be applied to access to these resources.</p><p>In basics, an Authentication System is built when we need to keep track to who is entering on an organization, the bigger the organization is and the more information must be keep  safe the more complex the system will be.</p><p>Although there are other methods, I tried to keep it easy and understandable for all the possible readers. With this, the reader will understand the basics that he need to keep in mind when implementing such a system like this. The organization in mind for the system is a University that consist between twenty two thousand (22.000) and twenty five thousand (25.000) users.</p>
Authentication
Authorization
Accounting
AAA
Identification
Network Security
26

A new approach to dynamic internet risk analysis

18 August 2009 (has links)
D.Econ.
Internet security measures
Computer network security measures
27

Parameter assignment for improved connectivity and security in randomly deployed wireless sensor networks via hybrid omni/uni-directional antennas

Shankar, Sonu 15 May 2009 (has links)
Conguring a network system to operate at optimal levels of performance re-quires a comprehensive understanding of the eects of a variety of system parameterson crucial metrics like connectivity and resilience to network attacks. Traditionally,omni-directional antennas have been used for communication in wireless sensor net-works. In this thesis, a hybrid communication model is presented where-in, nodes ina network are capable of both omni-directional and uni-directional communication.The eect of such a model on performance in randomly deployed wireless sensor net-works is studied, specically looking at the eect of a variety of network parameterson network performance.The work in this thesis demonstrates that, when the hybrid communication modelis employed, the probability of 100% connectivity improves by almost 90% and thatof k-connectivity improves by almost 80% even at low node densities when comparedto the traditional omni-directional model. In terms of network security, it was foundthat the hybrid approach improves network resilience to the collision attack by almost85% and the cost of launching a successful network partition attack was increased byas high as 600%. The gains in connectivity and resilience were found to improve withincreasing node densities and decreasing antenna beamwidths.
Wireless Sensor Networks
Network Security
Network Connectivity
28

Requirements for a secure and efficientAuthentication System for a large organizationJuan Carlos

Crespo, Juan Carlos January 2010 (has links)
In this thesis, a full review on what are the minimum requirements needed to perform an Authentication System is explained. While building the system we have in consideration the users of it, the security needed for each of the resources that must be accessed by the users and what methods can be applied to access to these resources. In basics, an Authentication System is built when we need to keep track to who is entering on an organization, the bigger the organization is and the more information must be keep  safe the more complex the system will be. Although there are other methods, I tried to keep it easy and understandable for all the possible readers. With this, the reader will understand the basics that he need to keep in mind when implementing such a system like this. The organization in mind for the system is a University that consist between twenty two thousand (22.000) and twenty five thousand (25.000) users.
Authentication
Authorization
Accounting
AAA
Identification
Network Security
29

Parameter assignment for improved connectivity and security in randomly deployed wireless sensor networks via hybrid omni/uni-directional antennas

Shankar, Sonu 15 May 2009 (has links)
Conguring a network system to operate at optimal levels of performance re-quires a comprehensive understanding of the eects of a variety of system parameterson crucial metrics like connectivity and resilience to network attacks. Traditionally,omni-directional antennas have been used for communication in wireless sensor net-works. In this thesis, a hybrid communication model is presented where-in, nodes ina network are capable of both omni-directional and uni-directional communication.The eect of such a model on performance in randomly deployed wireless sensor net-works is studied, specically looking at the eect of a variety of network parameterson network performance.The work in this thesis demonstrates that, when the hybrid communication modelis employed, the probability of 100% connectivity improves by almost 90% and thatof k-connectivity improves by almost 80% even at low node densities when comparedto the traditional omni-directional model. In terms of network security, it was foundthat the hybrid approach improves network resilience to the collision attack by almost85% and the cost of launching a successful network partition attack was increased byas high as 600%. The gains in connectivity and resilience were found to improve withincreasing node densities and decreasing antenna beamwidths.
Wireless Sensor Networks
Network Security
Network Connectivity
30

Localization for Vulnerability Scanner

Lai, Kun-Ye 15 July 2004 (has links)
With the popularization of Internet, and the vulnerabilities found continuously, network hosts meet more and more risks of being attacked. If we don¡¦t secure them well, they will become the targets of the hackers. In addition to the protection of firewalls, vulnerability scanners can also help us to find out the weekness of our network hosts. Nessus is an open source freeware which has the capability of vulnerability assessment. Nessus has very powerful scanning ability and is very easy to use. Nessus provides detailed result reports from the messages in the plugins. However, like many other freeware and software, Nessus is an English software. For this reason, Nessus provides English result reports. For those who do not use English as their first language, it costs a lot of time to read a lot of English result reports. In this research, we develop a localizational system of the Nessus scanner and provide the result reports in users¡¦ local language. We develop an automatic mechanism to extract the messages and infomations in the plugins, and put them into the vulnerability databases. We also develop two subsystems, one of them makes translators translates the message in the vulnerability database into their local language, and the other replaces the English result with those translated messages. This research proposes the design above and actually implements a localizational system of the Nessus scanner. It attempts to reduce the time and labor consumption while translating, automate the update process of vulnerability database, and avoid the modification of source code as possible.
Localization
Vulnerability Scanner
Vulnerability Database
Network Security

Page generated in 0.0553 seconds