NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 269
  • 93
  • 86
  • 83
  • 15
  • 13
  • 9
  • 8
  • 8
  • 8
  • 7
  • 6
  • 3
  • 2
  • 2
  • Tagged with
  • 778
  • 778
  • 202
  • 198
  • 161
  • 132
  • 121
  • 121
  • 104
  • 96
  • 92
  • 90
  • 85
  • 83
  • 76
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 11 to 20 of 778 (0.023 seconds)

Spelling suggestions: "subject:"[een] INFORMATION SECURITY"" "subject:"[enn] INFORMATION SECURITY""

11

Improving the Security of Critical Infrastructure: Metrics, Measurements, and Analysis

Park, Jeman 01 January 2020 (has links) (PDF)
In this work, we propose three important contributions needed in the process of improving the security of the critical infrastructure: metrics, measurement, and analysis. To improve security, metrics are key to ensuring the accuracy of the assessment and evaluation. Measurements are the core of the process of identifying the causality and effectiveness of various behaviors, and accurate measurement with the right assumptions is a cornerstone for accurate analysis. Finally, contextualized analysis essential for understanding measurements. Different results can be derived for the same data according to the analysis method, and it can serve as a basis for understanding and improving systems security. In this dissertation, we look at whether these key concepts are well demonstrated in existing (networked) systems and research products. In the first thrust, we verified the validity of volume-based contribution evaluation metrics used in threat information sharing systems. Further, we proposed a qualitative evaluation as an alternative to supplement the shortcomings of the volume-based evaluation method. In the second thrust, we measured the effectiveness of the low-rate DDoS attacks in a realistic environment to highlight the importance of establishing assumptions grounded in reality for measurements. Moreover, we theoretically analyzed the low-rate DDoS attacks and conducted additional experiments to validate them. In the last thrust, we conducted a large-scale measurement and analyzed the behaviors of open resolvers, to estimate the potential threats of them. We then went beyond just figuring out the number of open resolvers and explored new implications that the behavioral analysis could provide. We also experimentally shown the existence of forwarding resolvers and their behavior by precisely analyzing DNS resolution packets.
Computer Sciences
Information Security
12

FPGA-Augmented Secure Crash-Consistent Non-Volatile Memory

Zou, Yu 01 January 2021 (has links) (PDF)
Emerging byte-addressable Non-Volatile Memory (NVM) technology, although promising superior memory density and ultra-low energy consumption, poses unique challenges to achieving persistent data privacy and computing security, both of which are critically important to the embedded and IoT applications. Specifically, to successfully restore NVMs to their working states after unexpected system crashes or power failure, maintaining and recovering all the necessary security-related metadata can severely increase memory traffic, degrade runtime performance, exacerbate write endurance problem, and demand costly hardware changes to off-the-shelf processors. In this thesis, we summarize and expand upon two of our innovative works, ARES and HERMES, to design a new FPGA-assisted processor-transparent security mechanism aiming at efficiently and effectively achieving all three aspects of a security triad—confidentiality, integrity, and recoverability—in modern embedded computing. Given the growing prominence of CPU-FPGA heterogeneous computing architectures, ARES leverages FPGA's hardware reconfigurability to offload performance-critical and security-related functions to the programmable hardware without microprocessors' involvement. In particular, recognizing that the traditional Merkle tree caching scheme cannot fully exploit FPGA's parallelism due to its sequential and recursive function calls, ARES proposed a new Merkle tree cache architecture and a novel Merkle tree scheme which flattened and reorganized the computation in the traditional Merkle tree verification and update processes to fully exploit the parallel cache ports and to fully pipeline time-consuming hashing operations. To further optimize the throughput of BMT operations, HERMES proposed an optimally efficient dataflow architecture by processing multiple outstanding counter requests simultaneously. Specifically, HERMES explored and addressed three technical challenges when exploiting task-level parallelism of BMT and proposed a speculative execution approach with both low latency and high throughput.
Computer Engineering
Information Security
13

Exploring the Privacy Dimension of Wearables Through Machine Learning-Enabled Inference

Meteriz Yildiran, Ulku 01 January 2022 (has links) (PDF)
Today's hyper-connected consumers demand convenient ways to tune into information without switching between devices, which led the industry leaders to the wearables. Wearables such as smartwatches, fitness trackers, and augmented reality (AR) glasses can be comfortably worn on the body. In addition, they offer limitless features, including activity tracking, authentication, navigation, and entertainment. Wearables that provide digestible information stimulate even higher consumer demand. However, to keep up with the ever-growing user expectations, developers keep adding new features and interaction methods to augment the use cases without considering their privacy impacts. In this dissertation, we explore the privacy dimension of wearables through inference attacks facilitated by machine learning approaches. We start our investigation by exploring the attack surface introduced by fitness trackers. We propose an inference attack that breaches location privacy through the elevation profiles collected by fitness trackers. Our attack highlights that adversaries can infer the location from elevation profiles collected via fitness trackers. Second, we investigated the attack surface introduced by the smartwatches. We introduce an inference attack that exploits the smartwatch microphone to capture the acoustic emanations of physical keyboards and successfully infers what the user has been typing. With this attack, we showed that smartwatches add yet another privacy dimension to be considered. Third, we examined the privacy of AR domain. We designed an inference attack exploiting the geometric projection of hand movements in air. The attack framework predicts the typed text on an in-air tapping keyboard, which is only visible to the user. Our studies uncover various attack surfaces introduced by wearables that have not been studied in literature before. For each attack, we propose possible countermeasures to diminish the ramifications of the risks. We hope that our findings shed light to the privacy risks of wearables and guide the research community to more aware solutions.
Computer Sciences
Information Security
14

A Value Sensitive Design Approach to Adolescent Mobile Online Safety

Ghosh, Arup Kumar 01 January 2018 (has links)
With the rise of adolescent smartphone use, concerns about teen online safety are also on the rise. A number of parental control apps are available for mobile devices, but adoption of these apps has been markedly low. To better understand these apps, their users, and design opportunities in the space of mobile online safety for adolescents, we have conducted four studies informed by the principles of Value Sensitive Design (VSD). In Study 1 (Chapter 2), we conducted a web-based survey of 215 parents and their teens (ages 13-17) using two separate logistic regression models (parent and teen) to examine the factors that predicted parental use of technical monitoring apps on their teens' mobile devices. Both parent and teen models confirmed that low autonomy granting (e.g., authoritarian) parents were the most likely to use parental control apps. The teen model revealed additional nuances, indicating that teens who were victimized online and had peer problems were more likely to be monitored by their parents. Overall, increased parental control was associated with more (not fewer) online risks. In Study 2 (Chapter 3), we conducted a structured, qualitative feature analysis of 75 Android mobile apps designed for promoting adolescent online safety. We found that the available apps overwhelmingly supported parental control through restriction and monitoring over teen self-regulation or parental active mediation. In Study 3 (Chapter 4), we conducted a qualitative analysis of 736 reviews of 37 mobile online safety apps from Google Play that were publicly posted and written by teens. Our results indicate that teen ratings were significantly lower than that of parents with 76% of the teen reviews giving apps a single star. Teens felt that the apps were overly restrictive and invasive of their personal privacy, negatively impacting their relationships with their parents. For our final study (Chapter 5), we developed a mobile app prototype suggesting alternative designs for keeping teens safe online and conducted a user study which showed that parents and children (ages 10-17) both significantly preferred our new app design over existing parental control apps. Both parents and children reported that our VSD informed design is less privacy-invasive for children and would improve communication and trust relationship between them. Yet, more work needs to be done to improve approaches for risk detection and mediation that support online safety. In summary, this research will enable researchers and designers to create more effective solutions for teen online safety that will help promote more positive parent-teen relationships.
Computer Sciences
Information Security
15

A Study of Perceptions on Incident Response Exercises, Information Sharing, Situational Awareness, and Incident Response Planning in Power Grid Utilities

Garmon, Joseph 01 January 2019 (has links)
The power grid is facing increasing risks from a cybersecurity attack. Attacks that shut off electricity in Ukraine have already occurred, and successful compromises of the power grid that did not shut off electricity to customers have been privately disclosed in North America. The objective of this study is to identify how perceptions of various factors emphasized in the electric sector affect incident response planning. Methods used include a survey of 229 power grid personnel and the use of partial least squares structural equation modeling to identify causal relationships. This study reveals the relationships between perceptions by personnel responsible for cybersecurity, regarding incident response exercises, information sharing, and situational awareness, and incident response planning. The results confirm that the efforts by the industry on these topics have advanced planning for a potential attack.
Industrial Engineering
Information Security
16

Towards a Holistic and Comparative Analysis of the Free Content Web: Security, Privacy, and Performance

Alabduljabbar, Abdulrahman 01 January 2023 (has links) (PDF)
Free content websites that provide free books, music, games, movies, etc., have existed on the Internet for many years. While it is a common belief that such websites might be different from premium websites providing the same content types in terms of their security, a rigorous analysis that supports this belief is lacking from the literature. In particular, it is unclear if those websites are as safe as their premium counterparts. In this dissertation, we set out to investigate the similarities and differences between free content and premium websites, including their risk profiles. Moreover, we analyze and quantify through measurements the potential vulnerability of free content websites. For this purpose, we compiled a dataset of free content websites offering books, games, movies, music, and software. For comparison purposes, we also sampled a dataset of premium content websites, where users need to pay for using the service for the same type of content. For our modality of analysis, we use the SSL certificate's public information, HTTP header information, reported privacy and data sharing practices, top-level domain information, and website files and loaded scripts. The analysis is not straightforward, and en route, we address various challenges, including labeling and annotation, privacy policy understanding through a highly accurate pre-trained language model using advanced ensemble-based classification technique at the sentence and paragraph level, and data augmentation through various sources. This dissertation delivers various significant findings and conclusions concerning the security of free content websites. Our findings raise several concerns, including that the reported privacy policies may not reflect the data collection practices used by service providers, and pronounced biases across privacy policy categories. Overall, our study highlights that while there are no explicit costs associated with those websites, the cost is often implicit, in the form of compromised security and privacy.
Computer Sciences
Information Security
17

Discovering Vulnerabilities and Designing Trustworthy Defenses in IoT Systems and Devices

Pearson, Bryan 01 January 2023 (has links) (PDF)
Internet of Things (IoT) dominates many functions in the modern world, from sensing and reporting temperature, humidity, and air quality, to controlling and automating homes, commercial buildings, and equipment. However, IoT systems have received scrutiny in recent years due to countless security incidents, which can have physical and even deadly consequences. This research provides a comprehensive assessment of the security of IoT systems and devices, including low-cost microcontroller (MCU) based sensors, cloud services, and Building Automation Systems (BAS). We begin by exploring the current landscape of vulnerabilities and defenses in modern IoT applications. We show that many security needs can be satisfied by modern low-cost MCUs. We discuss how to implement crucial security features in IoT and illustrate use cases through ESP32 MCUs. Next, we investigate vulnerabilities against popular IoT systems and devices. We present a systematic attack model against Message Queuing Telemetry Transport (MQTT) software implementations. We design, implement, and evaluate a fuzz testing framework for MQTT using Markov chain modeling to rigorously exhaust the protocol and identify vulnerabilities. We then demonstrate the plausibility of well-known software attacks on IoT devices. These attacks can be used to remotely steal private keys that are hard coded in the firmware. We also expand our fuzzing research to Building Automation Systems (BAS) devices and software, which are susceptible to similar vulnerabilities as conventional IoT systems and devices. We use dynamic instrumentation and packet analysis to probe the communications between BAS clients and BAS IP interfaces to extract an annotated corpus for mutational fuzzing. Our fuzzer discovered vulnerabilities in various KNX and BACnet devices and software. After exploring these attacks, we discuss how to protect sensitive data in IoT applications using crypto coprocessors. We present a framework for secure key provisioning that protects end users' private keys from software attacks and untrustworthy manufacturers.
Computer Sciences
Information Security
18

The antecedents of information security policy compliance

Bulgurcu, Burcu 11 1900 (has links)
Information security is one of the major challenges for organizations that critically depend on information systems to conduct their businesses. Ensuring safety of information and technology resources has become the top priority for many organizations since the consequences of failure can be devastating. Many organizations recognize that their employees, who are often considered as the weakest link in information security, can be a great resource as well to fight against information security-related risks. The key, however, is to ensure that employees comply with information security related rules and regulations of the organization. Therefore, understanding of compliance behavior of an employee is crucial for organizations to effectively leverage their human capital to strengthen their information security. This research aims at identifying antecedences of an employee’s compliance with the information security policy (ISP) of his/her organization. Specifically, we address how employees without any malicious intent choose to comply with requirements of the ISP with regards to protecting the information and technology resources of their organizations. Drawing on the Theory of Planned Behavior, we show an employee’s attitude towards compliance results in his/her intention to comply with the ISP. Of those, Benefit of Compliance and Cost of Non-Compliance are shown to be shaped by positive and negative reinforcing factors; such as, Intrinsic Benefit, Safety of Resources, Rewards and Intrinsic Cost, Vulnerability of Resources, and Sanctions, respectively. We also investigate the role of information security awareness on an employee’s ISP compliance behavior. As expected, we show that information security awareness positively influences attitude towards compliance. We also show that information security awareness positively influences the perception of reinforcing factors and negatively increases perception of the Cost of Compliance. As organizations strive to get their employees to follow their information security rules and regulations, our study sheds light on the role of an employee’s information security awareness and his/her beliefs about the rationality of compliance and non-compliance with the ISP.
Information security awareness
Information security management
Information security behavioral Issues
19

The antecedents of information security policy compliance

Bulgurcu, Burcu 11 1900 (has links)
Information security is one of the major challenges for organizations that critically depend on information systems to conduct their businesses. Ensuring safety of information and technology resources has become the top priority for many organizations since the consequences of failure can be devastating. Many organizations recognize that their employees, who are often considered as the weakest link in information security, can be a great resource as well to fight against information security-related risks. The key, however, is to ensure that employees comply with information security related rules and regulations of the organization. Therefore, understanding of compliance behavior of an employee is crucial for organizations to effectively leverage their human capital to strengthen their information security. This research aims at identifying antecedences of an employee’s compliance with the information security policy (ISP) of his/her organization. Specifically, we address how employees without any malicious intent choose to comply with requirements of the ISP with regards to protecting the information and technology resources of their organizations. Drawing on the Theory of Planned Behavior, we show an employee’s attitude towards compliance results in his/her intention to comply with the ISP. Of those, Benefit of Compliance and Cost of Non-Compliance are shown to be shaped by positive and negative reinforcing factors; such as, Intrinsic Benefit, Safety of Resources, Rewards and Intrinsic Cost, Vulnerability of Resources, and Sanctions, respectively. We also investigate the role of information security awareness on an employee’s ISP compliance behavior. As expected, we show that information security awareness positively influences attitude towards compliance. We also show that information security awareness positively influences the perception of reinforcing factors and negatively increases perception of the Cost of Compliance. As organizations strive to get their employees to follow their information security rules and regulations, our study sheds light on the role of an employee’s information security awareness and his/her beliefs about the rationality of compliance and non-compliance with the ISP.
Information security awareness
Information security management
Information security behavioral Issues
20

The antecedents of information security policy compliance

Bulgurcu, Burcu 11 1900 (has links)
Information security is one of the major challenges for organizations that critically depend on information systems to conduct their businesses. Ensuring safety of information and technology resources has become the top priority for many organizations since the consequences of failure can be devastating. Many organizations recognize that their employees, who are often considered as the weakest link in information security, can be a great resource as well to fight against information security-related risks. The key, however, is to ensure that employees comply with information security related rules and regulations of the organization. Therefore, understanding of compliance behavior of an employee is crucial for organizations to effectively leverage their human capital to strengthen their information security. This research aims at identifying antecedences of an employee’s compliance with the information security policy (ISP) of his/her organization. Specifically, we address how employees without any malicious intent choose to comply with requirements of the ISP with regards to protecting the information and technology resources of their organizations. Drawing on the Theory of Planned Behavior, we show an employee’s attitude towards compliance results in his/her intention to comply with the ISP. Of those, Benefit of Compliance and Cost of Non-Compliance are shown to be shaped by positive and negative reinforcing factors; such as, Intrinsic Benefit, Safety of Resources, Rewards and Intrinsic Cost, Vulnerability of Resources, and Sanctions, respectively. We also investigate the role of information security awareness on an employee’s ISP compliance behavior. As expected, we show that information security awareness positively influences attitude towards compliance. We also show that information security awareness positively influences the perception of reinforcing factors and negatively increases perception of the Cost of Compliance. As organizations strive to get their employees to follow their information security rules and regulations, our study sheds light on the role of an employee’s information security awareness and his/her beliefs about the rationality of compliance and non-compliance with the ISP. / Business, Sauder School of / Graduate
Information security awareness
Information security management
Information security behavioral Issues

Page generated in 0.0394 seconds