1 |
A balance model to discriminate information security in organizations in Singapore :Teo, Hock Weng. Unknown Date (has links)
Thesis (PhDBusinessandManagement)--University of South Australia, 2002.
|
2 |
Using the bootstrap concept to build an adaptable and compact subversion artifice /Lack, Lindsey A. January 2003 (has links) (PDF)
Thesis (M.S. in Computer Science)--Naval Postgraduate School, June 2003. / Thesis advisor(s): Cynthia E. Irvine, Roger R. Schell. Includes bibliographical references (p. 69-71). Also available online.
|
3 |
Data flow and heap analysis with application to privilege escalation vulnerability scanning and software theft detectionChan, Ping-fai., 陳秉暉. January 2013 (has links)
Static and dynamic program analysis techniques are important research areas in software security. Static analysis helps us locate vulnerabilities in a software by looking at the source code. Dynamic analysis helps us reason about the behavior of the software from information gathered at run-time. In this thesis, we are focusing on data flow analysis and heap analysis which are key static and dynamic program analysis techniques respectively.
In the first part of this thesis, we aim at detecting vulnerabilities in Android applications which have capability leaks. The security of the Android platform relies mainly on sandboxing applications and restricting their capabilities such that no application, by default, can perform any operations that would adversely impact other applications, the operating system, or the user. However, a recent research reported that a genuine but vulnerable application may leak its capabilities. When being leveraged, other applications can gain extra capabilities which they are not granted originally. We present DroidChecker, an Android application analyzing tool which searches for the aforementioned vulnerability in Android applications. DroidChecker uses interprocedural control flow graph searching and static taint checking to detect exploitable data paths in an Android application. We analyzed more than 1100 Android applications using DroidChecker and found 6 previously unknown vulnerable applications including the renowned Adobe Photoshop Express application. We also developed a malicious application that exploits the previously unknown vulnerability found in the Adobe Photoshop Express application. We showed that the malicious application, which is not granted any permissions, can access contacts on the phone with just a few lines of code.
In the second part of this thesis, we explore the use of heap analysis to extract software birthmarks. There are techniques like code obfuscation and watermarking which can make the source code of a program difficult to understand by humans and prove the ownership of the program. However, code obfuscation cannot avoid the source code being copied and a watermark can be defaced. A birthmark is a group of unique characteristics a program possesses that can be used to identify the program. We propose two novel dynamic birthmark systems based on the run-time heap. A dynamic birthmark is one that is extracted when the program is executing. Since it is based on the run-time behavior of the program, semantics-preserving transformations of the code like obfuscation cannot defeat dynamic birthmarks. In this regard, dynamic birthmarks are more robust compared with static birthmarks.
To the best of our knowledge, these are the first birthmark systems using heap analysis as the underlying technique. The basic idea is to take snapshots of the heap while the program is running. From the snapshots, heap graphs are constructed to model the referencing structure between objects. After going through some filtering and referencing processes, they become the birthmarks. The two birthmark systems have been devised to extract birthmarks for Java programs and JavaScript programs respectively. While the underlying ideas of the two birthmark systems are similar, the differences in nature of the two programming languages led to different implementation designs. / published_or_final_version / Computer Science / Doctoral / Doctor of Philosophy
|
4 |
Arguing security : a framework for analyzing security requirements.Haley, Charles B. January 2006 (has links)
Thesis (Ph. D.)--Open University. BLDSC no. DXN107767.
|
5 |
Policy-based architectural refinement techniques for the design of multi-level secure systems /Zhou, Jie. January 1900 (has links)
Thesis (Ph. D., Computer Science)--University of Idaho, December 7, 2008. / Major professor: Jim Alves-Foss. Also available online (PDF file) by subscription or by purchasing the individual file.
|
6 |
A Trusted Path design and implementation for Security Enhanced Linux /Hilchie, Allan T. January 2004 (has links) (PDF)
Thesis (M.S. in Computer Science)--Naval Postgraduate School, Sept. 2004. / Thesis advisor(s): Cynthia E. Irvine, David Shifflett. Includes bibliographical references (p. 119-121). Also available online.
|
7 |
A comparison of information security trends between formal and informal environmentsRyan, James Emory. Rainer, R. Kelly January 2006 (has links)
Dissertation (Ph.D.)--Auburn University, / Abstract. Includes bibliographic references (p.226-251).
|
8 |
Design and implementation of high-speed algorithms for public-key cryptosystemsJoseph, George. January 2005 (has links)
Thesis (M.Eng.)(Electronics)--University of Pretoria, 2005. / Summaries in English and Afrikaans. Includes bibliographical references.
|
9 |
Diskresionêre sekerheid in objek georiënteerde omgewingsJansen van Rensburg, Philipina Wilhelmina 20 November 2014 (has links)
M.Sc (Computer Science) / Please refer to full text to view abstract
|
10 |
The information security policy: an important information security management control.Hone, Karin 22 April 2008 (has links)
This study originated from the realisation that the information security industry has identified the information security policy as one of the most important information security management controls. Within the industry there are, however, differing views as to what constitutes an information security policy, what it should contain, how it should be developed and how it should best be disseminated and managed. Numerous organisations claim to have an information security policy, but admit that it is not an effective control. The principal aim of this study is to make a contribution to the information security discipline by defining what an information security policy is, where it fits into the broader information security management framework, what elements an effective policy should contain, how it should be disseminated and how the document is best kept relevant, practical, up-to-date and efficient. The study develops and documents various processes and methodologies needed to ensure the effectiveness of the information security policy, such as the dissemination process and the information security policy management lifecycle. The study consists of five parts, of which Part I serves as introduction to the research topic. It provides background information to the topic and lays the foundation for the rest of the dissertation. Chapter 1 specifically deals with the research topic, the motivation for it and the issues addressed by the dissertation. Chapter 2 looks at the concept of information security management and what it consists of, highlighting the role an information security policy has to play in the discipline. Chapter 3 introduces the various international information security standards and codes of practice that are referred to, examined and analysed in the dissertation. This chapter specifically highlights how and to what extent each of these address the topic of the information security policy. Part II introduces the concept of the information security policy. Chapter 4 provides the background to what an information security policy is and where it fits into the broader structure of an organisation’s governance framework. Chapter 5 specifies what an effective information security policy is and what components are needed to ensure its success as an information security control. Part III expands the components of an effective information security policy as introduced in Chapter 5. This part consists of Chapters 6 to 8, with each of these addressing a single component. Chapter 6 further investigated the development of the information security policy. The dissemination of the document is discussed in Chapter 7 and Chapter 8 expands the concept of the information security policy management lifecycle. Part IV consists of Chapter 9, which deals with a case study applying the various processes and methodologies defined in the previous part. The case study deals with a fictitious organisation and provides detailed background information to indicate how the organisation should approach the development and dissemination of the information security policy. Some of the examples constructed from the case study include a sample information security policy and a presentation to be used as introduction to the information security policy. The dissertation is concluded in Chapter 10. This chapter provides a summarised overview of the research and the issues addressed in it. / Prof. J.H.P. Ehlers
|
Page generated in 0.0317 seconds