Ismailova, Rita

01 September 2012

The subject of this thesis is the study of cryptographic hash functions, which utilize block ciphers as underlying chain functions. It is mainly concerned with the analysis of the three hash algorithms, the Whirlpool, Gr&oslash / stl and Grindahl. All these hash functions have underlying block ciphers that are modified versions of the Advance Encryption Standard and we investigate the behavior of these block ciphers under the integral attack. Statistical tests, such as the avalanche test and the collision test, are the regular tools for examining the hash function security. In this work, we inspect the statistical behavior the three hash functions and search for collisions. Although it is very difficult to obtain collisions for the actual algorithms, we find some collisions under slight modifications of the original constructions. The ease or difficulty of finding a collision for a modified version also shows the respective importance of the specific hash function branch, missing in the modified version.

stl, Grindahl

The Case of Weapons of Mass Destruction at the Outset of the Iraq War

Spiller, David C.

01 January 2010

My thesis looks into the events leading up to the 2003 U.S. invasion of Iraq. In particular I investigate the intelligence regarding the presence of weapons of mass destruction in Iraq and how that intelligence was interpreted by the Bush administration. Furthermore, I look at how the case for war was presented by the Bush administration to the rest of the world and whether or not the administration’s reasoning was justified. In conclusion I assess the underlying motive for the war in Iraq and whether or not it was in the best interest of the United States of America.

Preemptive attack (Military science)

Weapons of mass destruction

Bush Doctrine

National Intelligence Estimate (NIE)

Intelligence Community (IC)

Central Intelligence Agency (CIA)

Towards evaluating security implementations using the Information Security Maturity Model (ISMM)

Alaboodi, Saad Saleh

January 2007

Information security is a common and ever-present concern for both private and public sector organizations. Information security protects information from a wide range of threats, risks, and vulnerabilities in order to ensure information availability, integrity and confidentiality, and hence business continuity. This research seeks to use a heuristic-based investigation of the Information Security Maturity Model (ISMM), developed by the author, combined with a thorough review of existing models, to suggest considerable extensions. This shall merit various applications leading to establish a connective body of knowledge and bridge a gap in existing literature and industry regarding the information security implementation in light of use of international standards and models. The ISMM model is neither based on a specific technology/protocol (e.g. PKI, IPSec, SSL) nor a certain system/product (e.g. Firewall, Antivirus, IDS), but rather an engineering approach towards a structured and efficient implementation of those technologies. The ISMM is a security-centric model that consists of five distinctive and ordered security layers, each of which has its own definition, scope, and characteristics. The model reflects the three key security processes (prevention, detection and recovery) and captures effects of people (visibility and sophistication) on every layer. It aims essentially to assess the maturity of any security implementation of any size and type (i.e. device, system, or environment). New extensions of the ISMM work are put forward. Literature review is augmented by introducing a new classification of information security models. Additionally, new abstractions are introduced, first: the abstraction of security conceptual boundaries, which signifies rational priorities and captures the unavoidable interferences between information and physical security in any security context, second: the abstraction of ratios of resources utilization (i.e. computational power, energy, memory, and other costs). Further extensions include a new attack model that classifies attacks in terms of their impact. This leads to a new approach for analyzing attacks and study adversary’s capabilities at different layers of both the ISMM and network models in the whole system, as one integrated entity against both single and hybrid attacks. As an example of one possible mapping and compatibility of the ISMM with other security-related models, the ISMM layers are mapped to their pertinent peers in network models (i.e. ISO/OSI and TCP/IP), which offers more information about security controls at each layer and its contribution to the actual overall security posture. The ISMM offers a prompt and structured approach to identify the current security state of small communication devices, computing platforms, and large computing environments in a consistent manner. A cost-effective realization is achieved through the optimization of IT and security expenditure. Therefore, the model assists to minimize deficiencies in security implementation. Also, the identification of needs and goals of the following level in the ISMM hierarchy allows a strategic approach proportional to allowable resources to take place, as a result, both goals are reached and cost is reduced much faster. This work is believed to facilitate grounds for future research endeavors such as applying these propositions on simulated examples, real life case studies, and developing a formula for the optimized distribution of security resources in a consistent manner with the best possible security level.

maturity model

information security

IT security

security processes

attack model

optimal security

cost of information security

Electrical and Computer Engineering

HOV to the MD? A Multilevel Analysis of Urban Sprawl and the Risk for Negative Health Outcomes

Sweatman, William Mark, Ph.D.

17 November 2011

Urban sprawl often has a negative connotation, used as a derogatory label for certain forms and consequences of land development that are seen as environmentally and socially unpleasant. Although sprawl may be seen as offensive, there may be other, far greater and more harmful consequences of sprawl. The literature indicates that rates of negative health outcomes, such as obesity, tend to be higher in more developed areas. However, aside from a few studies, little empirical research looks specifically at the influence of sprawl when it comes to individual health. This research project focuses on sprawl and examines the relationships it has with health behaviors and health outcomes. By analyzing data from the CDC’s 2003 Behavioral Risk Factor Surveillance System (BRFSS), an annual telephone survey of adults that include more than two-hundred self- reported and calculated variables, I investigate the associations between sprawl, physical activity, body weight, and health outcomes using Structural Equation Modeling (SEM). By employing SEM, my research differs from previous research in this field by adding not only additional layers to the evaluation of sprawl and health outcomes, but also allows for the evaluation of associations through various “paths” instead of looking at variables within simpler hierarchical regression models. In addition to direct effects, it also allows for the determination of indirect, or mediated, effects between variables within a path model. Even though no direct relationship between sprawl and health outcomes was revealed, sprawl did show to have a statistically significant indirect effect on health outcomes mediated by physical activity and body weight. Physical activity is also shown to mediate the relationship between sprawl and body weight. Additionally, physical activity reveals both a direct and indirect effect on health outcomes, with its indirect effect being mediated by body weight. Finally, physical activity and body weight are both shown to have statistically significant direct effects on health outcomes. In the concluding chapter I propose a new path model in light of the results of the analyses of data in order to represent the associations between sprawl, physical activity, body weight, and health outcomes more accurately.

Urban Sprawl

Health

Health behaviors

Health outcomes

Diabetes

Heart attack

Heart disease

High cholesterol

Hypertension

Stroke

Multilevel analysis

Sociology

Towards evaluating security implementations using the Information Security Maturity Model (ISMM)

Alaboodi, Saad Saleh

January 2007

Information security is a common and ever-present concern for both private and public sector organizations. Information security protects information from a wide range of threats, risks, and vulnerabilities in order to ensure information availability, integrity and confidentiality, and hence business continuity. This research seeks to use a heuristic-based investigation of the Information Security Maturity Model (ISMM), developed by the author, combined with a thorough review of existing models, to suggest considerable extensions. This shall merit various applications leading to establish a connective body of knowledge and bridge a gap in existing literature and industry regarding the information security implementation in light of use of international standards and models. The ISMM model is neither based on a specific technology/protocol (e.g. PKI, IPSec, SSL) nor a certain system/product (e.g. Firewall, Antivirus, IDS), but rather an engineering approach towards a structured and efficient implementation of those technologies. The ISMM is a security-centric model that consists of five distinctive and ordered security layers, each of which has its own definition, scope, and characteristics. The model reflects the three key security processes (prevention, detection and recovery) and captures effects of people (visibility and sophistication) on every layer. It aims essentially to assess the maturity of any security implementation of any size and type (i.e. device, system, or environment). New extensions of the ISMM work are put forward. Literature review is augmented by introducing a new classification of information security models. Additionally, new abstractions are introduced, first: the abstraction of security conceptual boundaries, which signifies rational priorities and captures the unavoidable interferences between information and physical security in any security context, second: the abstraction of ratios of resources utilization (i.e. computational power, energy, memory, and other costs). Further extensions include a new attack model that classifies attacks in terms of their impact. This leads to a new approach for analyzing attacks and study adversary’s capabilities at different layers of both the ISMM and network models in the whole system, as one integrated entity against both single and hybrid attacks. As an example of one possible mapping and compatibility of the ISMM with other security-related models, the ISMM layers are mapped to their pertinent peers in network models (i.e. ISO/OSI and TCP/IP), which offers more information about security controls at each layer and its contribution to the actual overall security posture. The ISMM offers a prompt and structured approach to identify the current security state of small communication devices, computing platforms, and large computing environments in a consistent manner. A cost-effective realization is achieved through the optimization of IT and security expenditure. Therefore, the model assists to minimize deficiencies in security implementation. Also, the identification of needs and goals of the following level in the ISMM hierarchy allows a strategic approach proportional to allowable resources to take place, as a result, both goals are reached and cost is reduced much faster. This work is believed to facilitate grounds for future research endeavors such as applying these propositions on simulated examples, real life case studies, and developing a formula for the optimized distribution of security resources in a consistent manner with the best possible security level.

maturity model

information security

IT security

security processes

attack model

optimal security

cost of information security

Electrical and Computer Engineering

Insjuknande och vårdförlopp vid hjärtinfarkt : ett genusperspektiv / Onset, treatment and care processes in cases of myocardial infarction : a gender perspective

Bäck Reimerthi, Sanna, Svensson, Sandra

January 2012

Bakgrund: Hjärt- och kärlsjukdomar är den vanligaste dödsorsaken för både män och kvinnor i Sverige. Trots att lika många kvinnor som män insjuknar förekommer stora skillnader vid insjuknande och behandling. Syfte: Att ur ett genusperspektiv beskriva likheter och skillnader i samband med insjuknande och vårdförlopp hos personer som drabbats av en hjärtinfarkt. Metod: Studien genomfördes som en allmän litteraturstudie. Utifrån en litteratursökning valdes 12 artiklar, som svarade mot syftet. Artiklarna granskades enligt Röda Korsets Granskningsmall. Resultat: Flertalet artiklar påvisade att det fanns skillnader i symptom för män och kvinnor som drabbats av en hjärtinfarkt och att män sökte vård tidigare än kvinnor. Tre studier visade dock inga skillnader i symptom. Vår studie visar att män och kvinnor inte får samma bemötande eller behandling. Diskussion: Skillnad i symtom, okunskap hos både patient och sjukvårdspersonal om sjukdomsbilden samt synen på manligt och kvinnligt beteende var faktorer som bidrog till skillnader vid vård av hjärtinfarkt. Sjukvården i allmänhet och sjuksköterskan i synnerhet behöver bli medveten om och hur genus påverkar omvårdnaden. Alla patienter är unika och ska behandlas utifrån sina behov och villkor. Slutsats: Forskning behövs för att omvårdnad och behandling vid hjärtinfarkt ska kunna ske evidensbaserat till alla oavsett kön. / Background: Cardio-vascular diseases are the main cause of death for both men and women in Sweden. Although as many women as men are diagnosed there are large differences in onset and treatment. Aim: The aim was to describe similarities and differences in onset, treatment and care of myocardial infarction from a gender perspective. Method: The study was performed as a literature study. Twelve articles that matched the aim for this study were chosen. The articles were analyzed according to the Red Cross analysis model. Result: The majority of the articles pointed out differences in indications for men and women who suffered a myocardial infarction. Men sought medical assistance at an earlier stage. Three studies, however, indicated that there were no gender differences in indications. Our study shows that men and women do not receive the same treatment. Discussion: Differences in indications, ignorance concerning symptoms in both patients and in nursing staff, and also preconceived ideas about male and female behaviour were elements that contributed to differences in treatment. The nursing staff generally need enhanced awareness of how gender affects care. Conclusion: More studies will be needed to ensure that both genders receive evidence-based care.

Coronary

myocardial infarction

heart attack

gender

indications

onset

symptoms

treatment

care

Hjärtinfarkt

genus

insjukna

symptom

bemötande

behandling

Attack Tree Based Information Technology Security Metric Integrating Enterprise Objectives With Vulnerabilities

Karabey, Bugra

01 September 2011

Security is one of the key concerns in the domain of Information Technology systems. Maintaining the confidentiality, integrity and availability of such systems, mandates a rigorous prior analysis of the security risks that confront these systems. In order to analyze, mitigate and recover from these risks a metrics based methodology is essential in prioritizing the response strategies to these risks and also this approach is required for resource allocation schedules to mitigate such risks. In addition to that the Enterprise Objectives must be focally integrated in the definition, impact calculation and prioritization stages of this analysis to come up with metrics that are useful both for the technical and managerial communities within an organization. Also this inclusion will act as a preliminary filter to overcome the real life scalability issues inherent with such threat modeling efforts. Within this study an attack tree based approach will be utilized to offer an IT Security Risk Evaluation Method and Metric called TEOREM (Tree based Enterprise Objectives Risk Evaluation Method and Metric) that integrates the Enterprise Objectives with the Information Asset vulnerability analysis within an organization. Applicability of the method has been analyzed within a real life setting and the findings are discussed as well within this study.

Durability of precast prestressed concrete piles in marine environments

Holland, Robert Brett

05 July 2012

In this research, two phases of work were conducted. First, an investigation into the durability concerns for precast prestressed concrete piles exposed to marine environments was conducted. The investigation characterized the durability concerns of chemical, biological, and physical deterioration mechanisms. The results of this study were used to develop potential high performance marine concretes (HPMC) that would be capable of 100+ year service lives in marine environments. Extensive durability testing and service life modeling of the HPMC was performed. Chloride ingress resistance was investigated using accelerated and long-term test procedures and the results used to perform service life modeling to predict the time before corrosion initiation. Sulfate resistance characterization was performed using multiple techniques to characterize the physical and chemical behavior of binder compositions containing binary or ternary mixes containing cement and supplementary cementitious materials (SCM's) subjected to a sulfate-laden environment. Accelerated carbonation testing and material characterization led to the finding of relationships in the chemical composition of mix designs and the observed durability and the results used to perform corrosion initiation service life modeling. An investigation into the influence of self-healing of cracked concrete led to fundamental findings on the behavior of chloride ingress for cracked concrete structures in marine environments. The results of this research led to the development of concrete mix designs capable of providing service lives over 100 years in Georgia's marine environments, as well as the advancement of the current state of knowledge on the durability characteristics of ternary mix designs.

Self-healing concrete

High performance concrete

Carbonation

Sulfate attack

Chloride induced corrosion

Self-healing materials

Smart materials

Precast concrete

Reading John Ford's December 7th the influence of cultural context on the visual remembering of the Pearl Harbor attack /

Blanpied, Robyn Brown.

January 2004

Thesis (Ph. D.)--University of Hawaii at Manoa, 2004. / Includes bibliographical references (leaves 325-334).

Reading John Ford's December 7th : the influence of cultural context on the visual remembering of the Pearl Harbor attack /

Blanpied, Robyn Brown.

January 2004

Thesis (Ph. D.)--University of Hawaii at Manoa, 2004. / Includes bibliographical references (leaves 325-334). Also available via World Wide Web.