- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 11 to 20 of 66 (0.053 seconds)Spelling suggestions: "subject:"eomputer - atemsystem security"" "subject:"eomputer - systsystem security""
| 11 |
Privacy-Enhancing Techniques for Data AnalyticsFang-Yu Rao (6565679) 10 June 2019 (has links)
<div>
<div>
<div>
<p>Organizations today collect and aggregate huge amounts of data from individuals
under various scenarios and for different purposes. Such aggregation of individuals’
data when combined with techniques of data analytics allows organizations to make
informed decisions and predictions. But in many situations, different portions of the
data associated with individuals are collected and curated by different organizations.
To derive more accurate conclusions and predictions, those organization may want to
conduct the analysis based on their joint data, which cannot be simply accomplished
by each organization exchanging its own data with other organizations due to the
sensitive nature of data. Developing approaches for collaborative privacy-preserving
data analytics, however, is a nontrivial task. At least two major challenges have to be
addressed. The first challenge is that the security of the data possessed by each organization should always be properly protected during and after the collaborative analysis
process, whereas the second challenge is the high computational complexity usually
accompanied by cryptographic primitives used to build such privacy-preserving protocols.
</p><p><br></p><p>
</p><div>
<div>
<div>
<p>In this dissertation, based on widely adopted primitives in cryptography, we address the aforementioned challenges by developing techniques for data analytics that
not only allow multiple mutually distrustful parties to perform data analysis on their
joint data in a privacy-preserving manner, but also reduce the time required to complete the analysis. More specifically, using three common data analytics tasks as
concrete examples, we show how to construct the respective privacy-preserving protocols under two different scenarios: (1) the protocols are executed by a collaborative process only involving the participating parties; (2) the protocols are outsourced to
some service providers in the cloud. Two types of optimization for improving the
efficiency of those protocols are also investigated. The first type allows each participating party access to a statistically controlled leakage so as to reduce the amount
of required computation, while the second type utilizes the parallelism that could
be incorporated into the task and pushes some computation to the offline phase to
reduce the time needed for each participating party without any additional leakage.
Extensive experiments are also conducted on real-world datasets to demonstrate the
effectiveness of our proposed techniques.<br></p>
<p> </p>
</div>
</div>
</div>
</div>
</div>
</div>
|
| 12 |
Measuring the State of Indiana's CybersecurityJames E. Lerums (5929946) 16 January 2019 (has links)
<p>This dissertation introduces a scorecard to enable the State of Indiana to measure the cybersecurity of its public and private critical infrastructure and key resource sector organizations. The scorecard was designed to be non-threatening and understandable so that even small organizations without cybersecurity expertise can voluntarily self-asses their cybersecurity strength and weaknesses. The scorecard was also intended to enable organizations to learn, so that they may identify and self-correct their cybersecurity vulnerabilities. The scorecard provided quantifiable feedback to enable organizations to benchmark their initial status and measure their future progress.</p><p><br></p><p>Using the scorecard, the Indiana Executive Council for Cybersecurity launched a Pilot to measure cybersecurity of large, medium, and small organizations across eleven critical infrastructure and key resources sectors. This dissertation presents the analysis and results from scorecard data provided by the Pilot group of 56 organizations. The cybersecurity scorecard developed as part of this dissertation has been included in the Indiana Cybersecurity Strategy Plan published September 21, 2018.</p><p></p>
|
| 13 |
Taking Back Control: Closing the Gap Between C/C++ and Machine SemanticsNathan H. Burow (5929538) 03 January 2019 (has links)
<div>Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web browser, and cause it to perform malicious actions, i.e., grant attackers a shell on</div><div>a system. Such control-flow hijacking attacks exploit a gap between high level language semantics and the machine language that they are compiled to. In particular, systems</div><div>software such as web browsers and servers are implemented in C/C++ which provide no runtime safety guarantees, leaving memory and type safety exclusively to programmers. Compilers are ideally situated to perform the required analysis and close the semantic gap between C/C++ and machine languages by adding instrumentation to enforce full or partial memory safety.</div><div><br></div><div><div>In unprotected C/C++, adversaries must be assumed to be able to control to the contents of any writeable memory location (arbitrary writes), and to read the contents of any readable memory location (arbitrary reads). Defenses against such attacks range from enforcing full memory safety to protecting only select information, normally code pointers to prevent control-flow hijacking attacks. We advance the state of the art for control-flow hijacking</div><div>defenses by improving the enforcement of full memory safety, as well as partial memory safety schemes for protecting code pointers.</div></div><div><br></div><div><div>We demonstrate a novel mechanism for enforcing full memory safety, which denies attackers both arbitrary reads and arbitrary writes at half the performance overhead of the</div><div>prior state of the art mechanism. Our mechanism relies on a novel metadata scheme for maintaining bounds information about memory objects. Further, we maintain the application</div><div>binary interface (ABI), support all C/C++ language features, and are mature enough to protect all of user space, and in particular libc.</div></div><div><br></div><div><div>Backwards control-flow transfers, i.e., returns, are a common target for attackers. In particular, return-oriented-programming (ROP) is a code-reuse attack technique built around corrupting return addresses. Shadow stacks prevent ROP attacks by providing partial memory safety for programs, namely integrity protecting the return address. We provide a full taxonomy of shadow stack designs, including two previously unexplored designs, and demonstrate that with compiler support shadow stacks can be deployed in practice. Further we examine the state of hardware support for integrity protected memory regions within a process’ address space. Control-Flow Integrity (CFI) is a popular technique for securing forward edges, e.g., indirect function calls, from being used for control-flow hijacking attacks. CFI is a form of partial memory safety that provides weak integrity for function pointers by restricting them to a statically determined set of values based on the program’s control-flow graph. We survey existing techniques, and quantify the protection they provide on a per callsite basis.</div><div>Building off this work, we propose a new security policy, Object Type Integrity, which provides full integrity protection for virtual table pointers on a per object basis for C++</div><div>polymorphic objects.</div></div>
|
| 14 |
Managing IT Security In Organizations : A look at Physical and Administrative ControlsAsmah, Gilbert Yaw, Baruwa, Adebola Abdulrafiu January 2005 (has links)
Introduction Information technology security or computing system security is one of the most impor-tant issues that businesses all over the world strive to deal with. However, the world has now changed and in essential ways. The desk-top computer and workstation have appeared and proliferated widely. The net effect of all this has been to expose the computer-based information system, i.e. its hardware, its software, its software processes, its databases, its communications to an environment over which no one—not end user, not network admin-istrator or system owner, not even government—has control. Purpose Since IT security has a very broad spectrum and encompasses a lot of issues, we want to focus our research by taking a critical look at how business organizations manage IT secu-rity with specific emphasis on administrative and physical controls. Methods When the authors of this paper approached the topic to be studied it soon became evident that the most relevant and interesting task was not merely to investigate how business and non business organizations manage their IT security, but in fact try to understand what lies behind them. The purpose of this paper demands a deeper insight of how organizations address the issue of computer security; the authors wanted to gain a deeper understanding of how security issues have been addressed or being tackled by the organizations. Thus, the qualitative method was most suitable for this study. Conclusion Based on the chosen approach, the result of this study has shown that both business and non-business organizations located in Jönköping recognize the importance of IT security, and are willing to protect their systems from threats such as unauthorized access, theft, fire, power outage and other threats to ensure the smooth running of their systems at all times.
|
| 15 |
Managing IT Security In Organizations : A look at Physical and Administrative ControlsAsmah, Gilbert Yaw, Baruwa, Adebola Abdulrafiu January 2005 (has links)
<p>Introduction</p><p>Information technology security or computing system security is one of the most impor-tant issues that businesses all over the world strive to deal with. However, the world has now changed and in essential ways. The desk-top computer and workstation have appeared and proliferated widely. The net effect of all this has been to expose the computer-based information system, i.e. its hardware, its software, its software processes, its databases, its communications to an environment over which no one—not end user, not network admin-istrator or system owner, not even government—has control.</p><p>Purpose</p><p>Since IT security has a very broad spectrum and encompasses a lot of issues, we want to focus our research by taking a critical look at how business organizations manage IT secu-rity with specific emphasis on administrative and physical controls.</p><p>Methods</p><p>When the authors of this paper approached the topic to be studied it soon became evident that the most relevant and interesting task was not merely to investigate how business and non business organizations manage their IT security, but in fact try to understand what lies behind them. The purpose of this paper demands a deeper insight of how organizations address the issue of computer security; the authors wanted to gain a deeper understanding of how security issues have been addressed or being tackled by the organizations. Thus, the qualitative method was most suitable for this study.</p><p>Conclusion</p><p>Based on the chosen approach, the result of this study has shown that both business and non-business organizations located in Jönköping recognize the importance of IT security, and are willing to protect their systems from threats such as unauthorized access, theft, fire, power outage and other threats to ensure the smooth running of their systems at all times.</p>
|
| 16 |
Efficient Secure E-Voting and its Application In Cybersecurity EducationNathan Robert Swearingen (12447549) 22 April 2022 (has links)
<p>As the need for large elections increases and computer networking becomes more widely used, e-voting has become a major topic of interest in the field of cryptography. However, lack of cryptography knowledge among the general public is one obstacle to widespread deployment. In this paper, we present an e-voting scheme based on an existing scheme. Our scheme features an efficient location anonymization technique built on homomorphic encryption. This technique does not require any participation from the voter other than receiving and summing location shares. Moreover, our scheme is simplified and offers more protection against misbehaving parties. We also give an in-depth security analysis, present performance results, compare our scheme with existing schemes, and describe how our research can be used to enhance cybersecurity education.</p>
|
| 17 |
REACTIONS TO RANSOMWARE VARIANTS AMONG INTERNET USERS: MEASURING PAYMENT EVOCATIONJason Cameron Bays (6613361) 15 May 2019 (has links)
<p>Ransomware,
a form of malicious software, takes users’ files hostage via encryption and
demands payment for their return. Since its inception, ransomware has branched
into many different variants, some of which threaten users with scare tactics
in order to evoke payment. For this study, four variants of ransomware were
examined by presenting vignettes via an anonymous online survey. No actual malware was installed on
any devices throughout this study. Their
emotional responses were captured as well as their level of familiarity with
information security. Responses to the survey after the simulated ransomware
vignette were recorded to gauge how users would react to a ransomware attack.
Data was analyzed to discover which types of ransomware evoked payment as well as if information security knowledge also
had an effect on likelihood to pay. This
data is intended to be used to develop better prevention methods and messaging, with an emphasis
on promoting training
on malware avoidance. The study found most
individuals did not choose to pay, and
this could be attributed to a distrust of the ransomware threat. Self-reported
information security behavior appeared to decrease payment evocation, however, peer information security
experience and prior exposure to malware appeared to increase payment evocation.</p>
|
| 18 |
Generation of cyber attack data using generative techniquesNidhi Nandkishor Sakhala (6636128) 15 May 2019 (has links)
<div><div><div><p>The presence of attacks in day-to-day traffic flow in connected networks is considerably less compared to genuine traffic flow. Yet, the consequences of these attacks are disastrous. It is very important to identify if the network is being attacked and block these attempts to protect the network system. Failure to block these attacks can lead to loss of confidential information and reputation and can also lead to financial loss. One of the strategies to identify these attacks is to use machine learning algorithms that learn to identify attacks by looking at previous examples. But since the number of attacks is small, it is difficult to train these machine learning algorithms. This study aims to use generative techniques to create new attack samples that can be used to train the machine learning based intrusion detection systems to identify more attacks. Two metrics are used to verify that the training has improved and a binary classifier is used to perform a two-sample test for verifying the generated attacks.</p></div></div></div>
|
| 19 |
PERCEPTIONS OF PURPLE TEAMS AMONG CYBERSECURITY PROFESSIONALSSiddharth Chowdhury (6613439) 15 May 2019 (has links)
With constant technological advancements, the attacks against existing infrastructure is constantly increasing and causing more damage. The current Red and Blue team approach to cybersecurity assessments is used to test the effectiveness of security defenses and in identifying vulnerabilities before they are exploited. Due to a lack of collaboration and inherently contradicting natures of these teams, the credibility of audits is impacted. While this has led to the synergistic and collaborative Purple team, it is important to understand how cybersecurity professionals perceive this new concept and its function. Analyzing perceptions of self-reported cybersecurity professionals via an online survey showed most believed Purple teams were beneficial and should be created from and collaborate with Red and Blue teams. However, past Red team experience was negatively linked to perceived benefit. Those who had more years of experience or had been on Red teams were more likely to believe Purple teams may have ownership or learning issues. Furthermore, professionals identified active managerial involvement and project clarity as critical success factors for Purple teams. Alongside these, management could help find the right skillset, provide resources, and offer active direction in order to avoid issues and maximize outcomes. Based on assessment relevance, a collaborative agreed-upon methodology for Red, Blue, and Purple teams was provided.
|
| 20 |
Usage of Dynamic Analysis to Strengthen Control-Flow AnalysisPriyam Biswas (9761951) 14 December 2020 (has links)
<div>System programming languages such as C and C++ are ubiquitously used for systems software such as browsers and servers due to their flexibility and high performance. However, this flexibility comes with a price of lack of memory and type safety.</div><div><br></div><div>Control-Flow Hijacking (CFH), by taking advantage of the inherent lack of memory and type safety, has become one of the most common attack vectors against C/C++ programs. In such attacks, an attacker attempts to divert the normal control flow of the program to an attacker-controlled location. The most prominent defense against these kind of attacks is Control-Flow Integrity (CFI), which restricts the attack surface by limiting the set of possible targets for each indirect control-flow transfer. However, current analyses for the CFI target sets are highly conservative. Due to the ambiguity and imprecision in the analyses, CFI restricts adversaries to an over-approximation of the possible targets of individual indirect call sites. State-of-the-art CFI approaches fail to protect against special attack classes such as over-writing variadic function arguments. Furthermore, mitigation of control-flow attacks is not explored to its full potential in the context of language boundaries in current literature. Hence, we need effective solution to improve the precision of the CFI approaches as well as strong protection mechanisms against commonly abused corner cases.</div><div><br></div><div>We leverage the effectiveness of dynamic analysis in deriving a new approach to efficiently mitigate control-flow hijacking attacks. We present Ancile, a novel mechanism to improve the precision of the CFI mechanism by debloating any extraneous targets from the indirect control-flow transfers. We replaced the traditional static analysis approach for target discovery with seed demonstrated fuzzing. We have evaluated the effectiveness of our proposed mechanism with standard SPEC CPU benchmarks and other popular C and C++ applications.</div><div><br></div><div>To ensure complete security of C and C++ programs, we need to shield commonly exploited corners of C/C++ such as variadic functions. We performed extensive case studies to show the prevalence of such functions and their exploits. We also developed a sanitizer, HexVASAN, to effectively type-check and prevent any attack via variadic functions. CFH attacks, by abusing the difference of managed languages and their underlying system languages, are very frequent in client and server side programs. In order to safe-guard the control-flows in language boundaries, we propose a new mechanism, FitJit, to enforce type integrity. Finally, to understand the effectiveness of the dynamic analysis, we present Artemis, a comprehensive study of binary analysis on real world applications.</div>
|
Page generated in 0.1117 seconds