Global ETD Search

141	Assessment Of Two Pedagogical Tools For Cybersecurity Education Deshpande, Pranita 20 December 2018 (has links) Cybersecurity is an important strategic areas of computer science, and a difficult discipline to teach effectively. To enhance and provide effective teaching and meaningful learning, we develop and assess two pedagogical tools: Peer instruction, and Concept Maps. Peer instruction teaching methodology has shown promising results in core computer science courses by reducing failure rates and improving student retention in computer science major. Concept maps are well-known technique for improving student-learning experience in class. This thesis document presents the results of implementing and evaluating the peer instruction in a semester-long cybersecurity course, i.e., introduction to computer security. Development and evaluation of concept maps for two cybersecurity courses: SCADA security systems, and digital forensics. We assess the quality of the concept maps using two well-defined techniques: Waterloo rubric, and topological scoring. Results clearly shows that overall concept maps are of high-quality and there is significant improvement in student learning gain during group-discussion. Concept Map Peer Instruction Cybersecurity Computer Science Assessment Development Information Security
142	Utilizing a Game Theoretical Approach to Prevent Collusion and Incentivize Cooperation in Cybersecurity Contexts Unknown Date (has links) In this research, a new reputation-based model is utilized to disincentivize collusion of defenders and attackers in Software Defined Networks (SDN), and also, to disincentivize dishonest mining strategies in Blockchain. In the context of SDN, the model uses the reputation values assigned to each entity to disincentivize collusion with an attacker. Our analysis shows that not-colluding actions become Nash Equilibrium using the reputationbased model within a repeated game setting. In the context of Blockchain and mining, we illustrate that by using the same socio-rational model, miners not only are incentivized to conduct honest mining but also disincentivized to commit to any malicious activities against other mining pools. We therefore show that honest mining strategies become Nash Equilibrium in our setting. This thesis is laid out in the following manner. In chapter 2 an introduction to game theory is provided followed by a survey of previous works in game theoretic network security, in chapter 3 a new reputation-based model is introduced to be used within the context of a Software Defined Network (SDN), in chapter 4 a reputation-based solution concept is introduced to force cooperation by each mining entity in Blockchain, and finally, in chapter 5, the concluding remarks and future works are presented. / Includes bibliography. / Thesis (M.S.)--Florida Atlantic University, 2017. / FAU Electronic Theses and Dissertations Collection Blockchain Cybersecurity
143	Does Cybersecurity Law and Emergency Management Provide a Framework for National Electric Grid Protection? Ziska, Matthew Ryan 01 January 2018 (has links) The U.S. government is responsible for protecting the country's energy and technology infrastructure. Critics argue the United States has failed to prepare, protect and respond to incidents involving the national electric grid leaving communities vulnerable to prolonged power outages. Protection of investor owned utilities' critical infrastructure is vulnerable to cyber and physical harm from the absence of criminalizing the intrusion of private sector computer networks, the lack of cybersecurity threats in emergency management, and the absence of cyber-intelligent leadership supports this argument. The purpose of this study was to introduce an electric grid protection theoretical concept, while identifying whether cybersecurity law and emergency management, amongst the investor-owned utility community, has an optimized relationship for protecting the national electric grid from harm. Easton's political system input/output model, Sommestad's cybersecurity theory, and Mitroff's crisis management theory provided the theoretical foundations for this study. The study utilized a mixed method research design that incorporated a Likert collection survey and combined quantitative chi-square and qualitative analysis. The key findings identified that cybersecurity law and the use of emergency management in the electric grid protection theory were not optimized to protect the national electric grid from harm. The recommendations of this study included the optimization of the theory elements through educational outreach and amending administrative cybersecurity law to improve the protection of the national electric grid and positively impacting social change by safeguarding the delivery of reliable electric energy to the millions of Americans who depend upon it. Computer Fraud Cybersecurity Electric Grid Emergency Management Incident Command System Technology Law Public Administration Public Policy
144	Exploring the Cybersecurity Hiring Gap Pierce, Adam O. 01 January 2016 (has links) Cybersecurity is one of the fastest growing segments of information technology. The Commonwealth of Virginia has 30,000 cyber-related jobs open because of the lack of skilled candidates. The study is necessary because some business managers lack strategies for hiring cybersecurity professionals for U.S. Department of Defense (DoD) contracts. The purpose of this case study was to explore strategies business managers in DoD contracting companies used to fill cybersecurity positions. The conceptual framework used for this study was the organizational learning theory. A purposeful sample of 8 successful business managers with cybersecurity responsibilities working for U.S. DoD contracting companies that successfully hired cybersecurity professionals in Hampton Roads, VA participated in the study. Data collection included semistructured interviews and a review of job postings from the companies represented by the participants. Coding, content, and thematic analysis were the methods used to analyze data. Within-methods triangulation was used to add accuracy to the analysis. At the conclusion of the data analysis, two main themes emerged: maintaining contractual requirements and a strong recruiting process. Contractual requirements guided how hiring managers hired cybersecurity personnel and executed the contract. A strong hiring process added efficiency to the hiring process. The findings of the study may contribute to positive social change by encouraging the recruitment and retention of cybersecurity professionals. Skilled cybersecurity professionals may safeguard businesses and society from Internet crime, thereby encouraging the safe exchange and containment of data. Contracting Cybersecurity Department of Defense Hiring Strategies Human Resources Information Security Business Databases and Information Systems
145	Cybersecurity Policy Development at the State Level: A Case Study of Middle Tennessee Scherr, Daniel Leslie 01 January 2019 (has links) Cybersecurity is a growing threat not only to nations, critical infrastructure, and major entities, but also to smaller organizations and individuals. The growing number of successful attacks on all manner of U.S. targets highlights the need for effective and comprehensive policy from the local to federal level, though most research focuses on federal policy issues, not state issues. The purpose of this study was to examine the effectiveness of the decision-making process within the current cybersecurity policy environment in a southern state of the United States. Sabatier's advocacy coalition framework served as the theoretical framework for the study. Data were collected through 5 semistructured interviews with individuals who were either elected or appointed officials, emergency managers, or subject matter experts. These data were transcribed, then coded and analyzed with McCracken's analytic categorization procedure. Participants recognized that the federal government provides some resources but acknowledged that action at the state level is largely funded through the state resulting in a network of dissimilar policies and protocols in states across the country. Findings also revealed that state leadership in some locations better grasps what resources are needed and is more likely to earmark in order to plan for unanticipated cybersecurity needs of the public. Analysis of study data also highlighted areas for future study and identified needed resources or areas of opportunity for creating a more comprehensive and effective cybersecurity policy environment. Implications for positive social change include recommendations for state and federal decision makers to engage in community partnerships in order to more effectively protect the public from cybersecurity threats. Cyber policy Cybersecurity Public Policy State and Local Policy Tennessee Computer Sciences Databases and Information Systems Public Administration
146	Efficient Secure E-Voting and its Application In Cybersecurity Education Nathan Robert Swearingen (12447549) 22 April 2022 (has links) <p>As the need for large elections increases and computer networking becomes more widely used, e-voting has become a major topic of interest in the field of cryptography. However, lack of cryptography knowledge among the general public is one obstacle to widespread deployment. In this paper, we present an e-voting scheme based on an existing scheme. Our scheme features an efficient location anonymization technique built on homomorphic encryption. This technique does not require any participation from the voter other than receiving and summing location shares. Moreover, our scheme is simplified and offers more protection against misbehaving parties. We also give an in-depth security analysis, present performance results, compare our scheme with existing schemes, and describe how our research can be used to enhance cybersecurity education.</p> Other education not elsewhere classified System and network security e-voting cybersecurity education Computer System Security Education
147	Improving the Security of Building Automation Systems Through an seL4-based Communication Framework Habeeb, Richard 22 March 2018 (has links) Existing Building Automation Systems (BASs) and Building Automation Networks (BANs) have been shown to have serious cybersecurity problems. Due to the safety-critical and interconnected nature of building subsystems, local and network access control needs to be finer grained, taking into consideration the varying criticality of applications running on heterogeneous devices. In this paper, we present a secure communication framework for BASs that 1) enforces rich access control policy for operating system services and objects, leveraging a microkernel-based architecture; 2) supports fine-grained network access control on a per-process basis; 3) unifies the security control of inter-device and intra-device communication using proxy processes; 4) tunnels legacy insecure communication protocols (e.g., BACnet) through a secure channel, such as SSL, in a manner transparent to legacy applications. We implemented the framework on seL4, a formally verified microkernel. We conducted extensive experiments and analysis to compare the performance and effectiveness of our communication systems against a traditional Linux-based implementation of the same control scenario. Our experiments show that the communication performance of our system is faster or comparable to the Linux-based architecture in embedded systems. Cyber Physical Systems Cybersecurity of Smart Buildings High-Assurance Systems Microkernel Access Control Mechanisms Computer Sciences
148	SDN-based Proactive Defense Mechanism in a Cloud System January 2015 (has links) abstract: Cloud computing is known as a new and powerful computing paradigm. This new generation of network computing model delivers both software and hardware as on-demand resources and various services over the Internet. However, the security concerns prevent users from adopting the cloud-based solutions to fulfill the IT requirement for many business critical computing. Due to the resource-sharing and multi-tenant nature of cloud-based solutions, cloud security is especially the most concern in the Infrastructure as a Service (IaaS). It has been attracting a lot of research and development effort in the past few years. Virtualization is the main technology of cloud computing to enable multi-tenancy. Computing power, storage, and network are all virtualizable to be shared in an IaaS system. This important technology makes abstract infrastructure and resources available to users as isolated virtual machines (VMs) and virtual networks (VNs). However, it also increases vulnerabilities and possible attack surfaces in the system, since all users in a cloud share these resources with others or even the attackers. The promising protection mechanism is required to ensure strong isolation, mediated sharing, and secure communications between VMs. Technologies for detecting anomalous traffic and protecting normal traffic in VNs are also needed. Therefore, how to secure and protect the private traffic in VNs and how to prevent the malicious traffic from shared resources are major security research challenges in a cloud system. This dissertation proposes four novel frameworks to address challenges mentioned above. The first work is a new multi-phase distributed vulnerability, measurement, and countermeasure selection mechanism based on the attack graph analytical model. The second work is a hybrid intrusion detection and prevention system to protect VN and VM using virtual machines introspection (VMI) and software defined networking (SDN) technologies. The third work further improves the previous works by introducing a VM profiler and VM Security Index (VSI) to keep track the security status of each VM and suggest the optimal countermeasure to mitigate potential threats. The final work is a SDN-based proactive defense mechanism for a cloud system using a reconfiguration model and moving target defense approaches to actively and dynamically change the virtual network configuration of a cloud system. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2015 Computer science Attack Graph Cloud Computing Cloud Security Cybersecurity Network security Software Defined Networking
149	Um big brother global? os programas de vigilância da NSA à luz da securitização dos espaços sociotecnológicos / A global big brother? The NSA surveillance programs in light of the securitization of socio-technological spaces Frazão, Pedro Henrique Oliveira 19 May 2016 (has links) Submitted by Elesbão Santiago Neto (neto10uepb@cche.uepb.edu.br) on 2016-11-28T19:41:12Z No. of bitstreams: 1 PDF - Pedro Henrique Oliveira Frazão.pdf: 4658431 bytes, checksum: 260a8a4c2c26522f583a576972d4ce10 (MD5) / Made available in DSpace on 2016-11-28T19:41:12Z (GMT). No. of bitstreams: 1 PDF - Pedro Henrique Oliveira Frazão.pdf: 4658431 bytes, checksum: 260a8a4c2c26522f583a576972d4ce10 (MD5) Previous issue date: 2016-05-19 / CAPES / The increasing use of cyberspace in International Relations is providing a new scenario for world politics. The evolution of digital media has provided a data flow never before seen in human history, which eventually expanded the role of information as a bargaining chip in the power relations of the current international scenario. One of the changes observed from this process was the strengthening of surveillance – which gains new tools in the cyber environment – as a mechanism of monitoring, law enforcement, control and acquisition of information that makes international actors relevant in the new cyberpower relations. Thus, this dissertation analyzes this phenomenon from two main lines that complement each other: the evolution of surveillance as a key dimension of (cyber)security through a panoptic and post-panoptic approach and how these perspectives influence the current cyber surveillance phenomena. To do so, we present Foucault's studies of disciplinary society and its developments that have given rise to an information society of control, and Bauman’s analysis on liquid modernity and how its characteristics can influence contemporary surveillance. The second line of analysis, drawn from the data collected so far, deals with a vision of cyber surveillance as a tool of cyberspace securitization process. Following this logic, studies of the Copenhagen School, based on the constructivist theory of International Relations, point out a favorable path to understanding the role of cyber surveillance within the cybersecurity issues. As an example case, we examine how this process took place within NSA programs of global surveillance revealed in mid-2013 by Edward Snowden. In order to achieve these objectives, classical authors of surveillance and security studies will be reviewed, as well as new approaches; for the presentation and analysis of the proposed case, documentary analysis, reports and speeches relating to international responses in the face of revelations of the NSA programs will be used. / O crescente uso do ciberespaço nas Relações Internacionais vem propiciando um novo cenário para a política mundial. A evolução dos meios digitais proporcionou um fluxo de dados nunca antes visto na história da humanidade, o que acabou ampliando o papel da informação enquanto moeda de troca nas relações de poder do cenário internacional atual. Uma das transformações observadas a partir deste processo foi o fortalecimento da vigilância – que ganha novas ferramentas no ambiente cibernético – enquanto mecanismo de monitoramento, manutenção da ordem, controle e aquisição de informações que tornem os atores internacionais relevantes nas novas relações de poder cibernéticas. Sendo assim, a presente dissertação analisa este fenômeno a partir de duas linhas principais que se complementam: a evolução da vigilância enquanto dimensão-chave da (ciber)segurança, através de uma abordagem panóptica e pós-panóptica e como estas perspectivas influenciam nos fenômenos atuais de vigilância cibernética. Para tanto, apresentam-se os estudos de Foucault acerca da sociedade disciplinar e os seus desdobramentos que deram lugar a uma sociedade de controle informacional, e as análises de Bauman sobre a modernidade líquida e como tais características podem influenciar a vigilância contemporânea. A segunda linha de análise, elaborada a partir dos dados levantados até então, aborda uma visão da vigilância cibernética enquanto ferramenta do processo de securitização do ciberespaço. Seguindo esta lógica, os estudos da Escola de Copenhague, baseados na teoria construtivista das Relações Internacionais, apontam um caminho propício para a compreensão do papel da vigilância cibernética dentro das questões de cibersegurança. Como exemplo de caso, examina-se como esse processo se deu dentro dos programas de vigilância global da NSA, revelados em meados de 2013 por Edward Snowden. A fim de alcançar tais objetivos, serão revisados autores clássicos dos estudos de vigilância e segurança, bem como novas abordagens; para a apresentação e análise do caso proposto, serão utilizados análises documentais, reportagens e discursos referentes às respostas internacionais em face das revelações dos programas da NSA. Cibersegurança Securitização Vigilância cibernética Panóptico NSA Securitization Cyber surveillance Panopticon NSA Cybersecurity CIENCIAS HUMANAS
150	Blurred Lines : A Critical Inquiry into Power, Knowledge and (in)Security Duclos, Pascal January 2017 (has links) This paper seeks ways of understanding the new challenges of a rapidly changing world, and does so by attempting to resist the disciplinary power of orthodox research methodology, by critically and reflexively inquiring into the politics of (in)security, and ultimately, by seeking novelty. It begins by first declaring its ethical and methodological starting points, then draws out an assemblage of contemporary security problematics. This leads over and narrows down into an inquiry into how to understand the developing structure of information and cyber security in Sweden. Drawing from critical security studies and feminist research ethics, it sketches out an analytical story of power and knowledge in an age of boundless risk, security and information. It furthermore argues for the need of security scholars, practitioners and politicians alike to move beyond simplistic understandings of the world, and to revision it as shaped by more complex dynamics and flows of the global, digitalized and virtual reality of the world. (in)security International Political Sociology critical security studies cybersecurity intelligence power knowledge Political Science Statsvetenskap

Search results