Quantitative risk assessment under multi-context environments

Zhang, Su

January 1900

Doctor of Philosophy / Department of Computing and Information Sciences / Xinming Ou / If you cannot measure it, you cannot improve it. Quantifying security with metrics is important not only because we want to have a scoring system to track our efforts in hardening cyber environments, but also because current labor resources cannot administrate the exponentially enlarged network without a feasible risk prioritization methodology. Unlike height, weight or temperature, risk from vulnerabilities is sophisticated to assess and the assessment is heavily context-dependent. Existing vulnerability assessment methodologies (e.g. CVSS scoring system, etc) mainly focus on the evaluation over intrinsic risk of individual vulnerabilities without taking their contexts into consideration. Vulnerability assessment over network usually output one aggregated metric indicating the security level of each host. However, none of these work captures the severity change of each individual vulnerabilities under different contexts. I have captured a number of such contexts for vulnerability assessment. For example, the correlation of vulnerabilities belonging to the same application should be considered while aggregating their risk scores. At system level, a vulnerability detected on a highly depended library code should be assigned with a higher risk metric than a vulnerability on a rarely used client side application, even when the two have the same intrinsic risk. Similarly at cloud environment, vulnerabilities with higher prevalences deserve more attention. Besides, zero-day vulnerabilities are largely utilized by attackers therefore should not be ignored while assessing the risks. Historical vulnerability information at application level can be used to predict underground risks. To assess vulnerability with a higher accuracy, feasibility, scalability and efficiency, I developed a systematic vulnerability assessment approach under each of these contexts. ​

Vulnerability assessment

Quantitative risk assessment

Cloud computing security

Zero-day vulnerability assessment

Software dependency risk assessment

Network security (attack graph)

Computer Science (0984)

Understanding and implementing different modes of pacemaker

Kurcheti, Krishna Kiran

January 1900

Master of Science / Department of Computing and Information Sciences / John Hatcliff / The Heart is a specialized muscle that contracts regularly and continuously, pumping blood to the body and the lungs. Heart’s natural Pacemaker, the SA node is responsible for this pumping action by causing a flow of electricity through the heart. These electrical impulses cause the atria and ventricles to contract and thereby pump the blood to different parts of the body. Malfunction of the SA node leads to a disturbance in the heart’s rhythm in which heart beats lower than 60 times a minute ending up with Bradycardia. It also leads to ventricular arrhythmia which disrupts the ability of the ventricles to pump blood effectively to the body. This can cause a loss of all blood pressure leading to cardiac arrest and eventually death. In order to restore the heart’s natural healthy rhythm, an artificial pacemaker is necessary. A Pacemaker adapts to the present condition of the heart and responds to the heart by either pacing or just sensing it. It paces whenever there is some problem in the heart’s electrical activity and inhibits the pace when there is a proper intrinsic beat. There are various modes in which Pacemaker can operate based on the condition of the heart. Ventricles and atria are individually paced in few modes such as VOO, VVT, VVI, AOO, AAT, and AAI and paced together in some modes such as DVI, DI, DDD, DDDR as per the requirement of the heart. The main goal of this report is to understand the various modes, their nomenclature, working strategy, developing the pseudo code and implementing different modes namely VOO, AOO, VVI, AAI, VVT and AAT modes using an academic, dual chamber pacemaker.

Pacemaker modes

Electrical system of heart

Heart beat

Atria ventricles

Timing cycles of pacemaker

Pacing and sensing

Biomedical Engineering (0541)

Computer Engineering (0464)

Computer Science (0984)

Attitudes toward, and awareness of, online privacy and security: a quantitative comparison of East Africa and U.S. internet users

Ruhwanya, Zainab Said

January 1900

Master of Science / Computing and Information Sciences / Eugene Vasserman / The increase in penetration of Internet technology throughout the world is bringing an increasing volume of user information online, and developing countries such as those of East Africa are included as contributors and consumers of this voluminous information. While we have seen concerns from other parts of the world regarding user privacy and security, very little is known of East African Internet users’ concern with their online information exposure. The aim of this study is to compare Internet user awareness and concerns regarding online privacy and security between East Africa (EA) and the United States (U.S.) and to determine any common attitudes and differences. The study followed a quantitative research approach, with the EA population sampled from the Open University of Tanzania, an open and distance-learning university in East Africa, and the U.S. population sampled from Kansas State University, a public university in the U.S. Online questionnaires were used as survey instruments. The results show no significant difference in awareness of online privacy between Internet users from East Africa and the U.S. There is however, significant difference in concerns about online privacy, which differ with the type of information shared. Moreover, the results have shown that the U.S. Internet users are more aware of online privacy concerns, and more likely to have taken measure to protect their online privacy and conceal their online presence, than the East African Internet users. This study has also shown that East Africans Internet users are more likely to be victims of online identity theft, security issues and reputation damage.

Privacy

Security

Data protection and privacy law

Online Privacy

Cyber security

Internet

Computer Science (0984)

Information Technology (0489)

Sub-Saharan Africa Studies (0639)