Three Essays of Consumer Inference Making and Metacognitive Experience in Perceived Information Security

Park, Yong Wan

25 April 2013

The internet has served as the virtual world since the beginning of the digital era, and it has provided consumers the valuable source of information and become a fundamental basis of e-commerce by passing the limit of time and distance of offline stores. It is hard to imagine our life without the internet. Because consumers store and access their private and financial information on the internet, information security is even more important than ever. Although many studies demonstrate the importance of information security to consumers, researchers have paid little attention to consumers\' inference processing underlying their perceptions of information security. We investigate how consumers infer and evaluate online information security based on consumer inference making process and metacognitive experience. We argue that consumers\' perceived security could be enhanced by simply increasing complexity, even if that increased complexity is meaningless. It is because consumers have a belief that security is achieved by sacrificing convenience or increasing complexity. We demonstrated that consumers evaluated a website more secure when asked to enter redundant information in Chapter 1. Chapter 2 suggested that disfluency and difficulty of retrieval could increase perceived security because metacognitive experience makes consumers misattribute their feeling of difficulty to technical difficulty. We found that the positive effect of disfluency was held when a product was not security-related. In Chapter 3, we focused on how to improve the accuracy of security judgments. We found that perceived security enhanced by meaningless complexity would be adjusted by asking specific dimensions of security (Confidentiality, Integrity, and Availability), and the positive impact of a disfluency effect could be debiased by providing participants the true source of their subjective difficulty. Furthermore, we demonstrated that consumers\' interpretation about accessibility experience varied depending on what kind of naïve theory was activated. Through a series of experiments, we demonstrated our arguments were valid and these results provided useful insights and implications about consumers\' inference processing and perception of information security. / Ph. D.

Information Security

Perceived Security

Inference Making

Metacognitive Experience

Fluency

Debias

Shuffled Faster Than Nyquist Signaling For Spectrally Efficient And Secure Wireless Communication

Gharib, John

01 June 2024

This thesis investigates the implementation and performance of Shuffled Faster than Nyquist (SFTN) signaling, a communication method that enhances spectral efficiency and provides physical layer security (PLS) in wireless communications. In Faster than Nyquist signaling, the Nyquist inter-symbol interference (ISI) criterion is exceeded, thereby increasing spectral efficiency. By varying the transmission rate of symbols above the Nyquist rate, SFTN signaling is able to obfuscate the timing of transmitted symbols with ISI. The work in this thesis evaluates the performance of SFTN in Additive White Gaussian Noise (AWGN) channels and the MATLAB 802.11ax fading channels. Results show that while SFTN signaling offers the ability to introduce PLS, the sensitivity of the waveform is significantly influenced by the choice of symbol transmission rates and channel conditions.

Security

Spectral Efficiency

Digital Communication

Physical Layer Security

Systems and Communications

Analysis, detection, and modeling of attacks in computer communication networks

Allen, William H.

01 July 2003

No description available.

Electrical and Computer Engineering

Engineering

Intelligent quality performance assessment for e-banking security using fuzzy logic

Aburrous, Maher R., Hossain, M. Alamgir, Thabatah, F., Dahal, Keshav P.

January 2008

Yes / Security has been widely recognized as one of the main obstacles to the adoption of Internet banking and it is considered an important aspect in the debate over challenges facing internet banking. The performance evaluation of e-banking websites requires a model that enables us to analyze the various imperative factors and criteria related to the quality and performance of e-banking websites. Ebanking site evaluation is a complex and dynamic problem involving many factors, and because of the subjective considerations and the ambiguities involved in the assessment, Fuzzy Logic (FL) model can be an effective tool in assessing and evaluating of e-banking security performance and quality. In this paper, we propose an intelligent performance assessment model for evaluating e-banking security websites. The proposed model is based on FL operators and produces four measures of security risk attack dimensions: direct internal attack, communication tampering attack, code programming attack and denial of service attack with a hierarchical ring layer structure. Our experimental results show that direct internal attack risk has a large impact on e-banking security performance. The results also confirm that the risk of direct internal attack for e-banking dynamic websites is doubled that of all other attacks.

Internet banking

E-banking security

Internet security

Fuzzy logic

Hardware Control Unit For Trusted Program Verification System

Alt, Jake Owen

01 October 2024

Trust in the underlying hardware is the foundational step towards trusting the correctness and integrity of a software application. However, verifying that today's extremely complex processors work exactly as intended has not been feasible, as evidenced by several recent hardware bugs. Trustworthy, formally verified processors currently forego intricate performance enhancements such as out-of-order execution, hampering them substantially versus their less secure counterparts. The Containment Architecture with Verified Output (CAVO) system solves this problem by isolating the host system and requiring the result of each instruction to be validated by a small, trusted hardware module called the Sentry. Any transmissions to the outside world must be performed through the Sentry, which ensures all prior instructions have been computed correctly. The first version of CAVO was centered around a customized host CPU with hardware modifications to manage the Sentry with minimal overhead, while the second used compiler tooling and a software version of the Sentry controller, incurring a significant performance penalty on checked programs. This paper proposes a novel hardware-based Sentry control system that serves as a first step toward fast checking of native programs while greatly reducing modifications to the host, all without expanding the root of trust. We implement a proof-of-concept hardware design and verify its correctness using two SPECINT2006 benchmarks, demonstrating steady-state performance of 1 instruction per clock and an average overhead of 45 clocks per cache miss.

Computer Architecture

Security

Semory Integrity

Hardware Security

Computer and Systems Architecture

Threats To The United States

Barna, Elyssa R

01 January 2024

This research goes over various threats that the United States may deal with in the future, how severe they may be, and what policy implications and further research could be done. This research is done by case studies, looking into different previous threats to the United States including the Cold War, the September 11th, 2001, attacks, the anti-western or jihadist terrorist groups, and the usage of biological and chemical weapons in terrorist attacks. After detailing the changes that have occurred in recent times, such as the evolution of technology and social media, it is explained how this can influence terrorism and conflict in years to come. Next, the paper goes over whether current threats to the United States, drugs, terrorist weapons, terrorist groups, and specific countries will continue to be a threat to the United States. This is done by using qualitative and quantitative data and researching scholarly articles to see if the trends and number of attacks or incidents that occurred within recent years can give an indicator of how likely these attacks are going to maintain or increase in frequency. After that, there are recommendations for policies and programs to help prevent these threats from resulting in catastrophic damage or loss of life.

security

terrorism

counterterrorism

weapons

crime

Defense and Security Studies

Terrorism Studies

Autonomic Zero Trust Framework for Network Protection

Durflinger, James

05 1900

With the technological improvements, the number of Internet connected devices is increasing tremendously. We also observe an increase in cyberattacks since the attackers want to use all these interconnected devices for malicious intention. Even though there exist many proactive security solutions, it is not practical to run all the security solutions on them as they have limited computational resources and even battery operated. As an alternative, Zero Trust Architecture (ZTA) has become popular is because it defines boundaries and requires to monitor all events, configurations, and connections and evaluate them to enforce rejecting by default and accepting only if they are known and accepted as well as applies a continuous trust evaluation. In addition, we need to be able to respond as quickly as possible, which cannot be managed by human interaction but through autonomous computing paradigm. Therefore, in this work, we propose a framework that would implement ZTA using autonomous computing paradigm. The proposed solution, Autonomic ZTA Management Engine (AZME) framework, focusing on enforcing ZTA on network, uses a set of sensors to monitor a network, a set of user-defined policies to define which actions to be taken (through controller). We have implemented a Python prototype as a proof-of-concept that checks network packets and enforce ZTA by checking the individual source and destination based on the given policies and continuously evaluate the trust of connections. If an unaccepted connection is made, it can block the connection by creating firewall rule at runtime.

Zero Trust

Autonomous Computing

IoT

Network Security

Cyber Security

Secure and Trusted Execution Framework for Virtualized Workloads

Kotikela, Srujan D

08 1900

In this dissertation, we have analyzed various security and trustworthy solutions for modern computing systems and proposed a framework that will provide holistic security and trust for the entire lifecycle of a virtualized workload. The framework consists of 3 novel techniques and a set of guidelines. These 3 techniques provide necessary elements for secure and trusted execution environment while the guidelines ensure that the virtualized workload remains in a secure and trusted state throughout its lifecycle. We have successfully implemented and demonstrated that the framework provides security and trust guarantees at the time of launch, any time during the execution, and during an update of the virtualized workload. Given the proliferation of virtualization from cloud servers to embedded systems, techniques presented in this dissertation can be implemented on most computing systems.

virtualization

security

trusted

computing

ontology

vulnerabilities

Computer Science

Computer security.

SIMON: A Domain-Agnostic Framework for Secure Design and Validation of Cyber Physical Systems

Yanambaka Venkata, Rohith

12 1900

Cyber physical systems (CPS) are an integration of computational and physical processes, where the cyber components monitor and control physical processes. Cyber-attacks largely target the cyber components with the intention of disrupting the functionality of the components in the physical domain. This dissertation explores the role of semantic inference in understanding such attacks and building resilient CPS systems. To that end, we present SIMON, an ontological design and verification framework that captures the intricate relationship(s) between cyber and physical components in CPS by leveraging several standard ontologies and extending the NIST CPS framework for the purpose of eliciting trustworthy requirements, assigning responsibilities and roles to CPS functionalities, and validating that the trustworthy requirements are met by the designed system. We demonstrate the capabilities of SIMON using two case studies – a vehicle to infrastructure (V2I) safety application and an additive manufacturing (AM) printer. In addition, we also present a taxonomy to capture threat feeds specific to the AM domain.

CPS

Cyber Physical Systems

Security

Additive manufacturing security

threat feeds

Network Security Tool for a Novice

Ganduri, Rajasekhar

08 1900

Network security is a complex field that is handled by security professionals who need certain expertise and experience to configure security systems. With the ever increasing size of the networks, managing them is going to be a daunting task. What kind of solution can be used to generate effective security configurations by both security professionals and nonprofessionals alike? In this thesis, a web tool is developed to simplify the process of configuring security systems by translating direct human language input into meaningful, working security rules. These human language inputs yield the security rules that the individual wants to implement in their network. The human language input can be as simple as, "Block Facebook to my son's PC". This tool will translate these inputs into specific security rules and install the translated rules into security equipment such as virtualized Cisco FWSM network firewall, Netfilter host-based firewall, and Snort Network Intrusion Detection. This tool is implemented and tested in both a traditional network and a cloud environment. One thousand input policies were collected from various users such as staff from UNT departments' and health science, including individuals with network security background as well as students with a non-computer science background to analyze the tool's performance. The tool is tested for its accuracy (91%) in generating a security rule. It is also tested for accuracy of the translated rule (86%) compared to a standard rule written by security professionals. Nevertheless, the network security tool built has shown promise to both experienced and inexperienced people in network security field by simplifying the provisioning process to result in accurate and effective network security rules.

Network Security

Cloud Computing

OpenStack

Network Security Functions