Economic analysis on information security and risk management

Zhao, Xia, 1977-

28 August 2008

This dissertation consists of three essays that explore economic issues on information security and risk management. In the first essay, we develop an economic mechanism which coordinates security strategies of Service Providers (SPs). SPs are best positioned to safeguard the Internet. However, they generally do not have incentives to take such a responsibility in the distributed computing environment. The proposed certification mechanism induces SPs to voluntarily accept the liability of Internet security. SPs who take the liability signal their capability in conducting secure computing and benefit from such recognition. We use a game-theoretic model to examine SPs' incentives and the social welfare. Our results show that the certification mechanism can generate a more secure Internet communication environment. The second essay studies the impact of cyberinsurance and alternative risk management solutions on firms' information security strategies. In the existing literature, cyberinsurance has been proposed as a solution to transfer information risks and reduce security spending. However, we show that cyberinsurance by itself is deficient in addressing the overinvestment issue. We find that the joint use of cyberinsurance and risk pooling arrangement optimizes firms' security investment. In the case with a large number of firms, we show that firms will invest at the socially optimal level. The third essay examines the information role of vendors' patching strategies. Patching after software release has become an important stage in the software development cycle. In the presence of quality uncertainty, we show that vendors can leverage the patch release times to signal the quality of their software products. We define a new belief profile and identify two types of separating equilibria in a dynamic setting.

Computer security

Risk management

Automatic validation of secure authentication protocols

Kim, Kyoil, 1964-

11 July 2011

Not available / text

Computer networks--Security measures

Computer network protocols

Computer security

Security models for authorization, delegation and accountability

Lui, W. C., 雷永祥.

January 2005

published_or_final_version / abstract / Computer Science / Doctoral / Doctor of Philosophy

Delegation of authority.

Computers - Access control.

Computer security.

Cryptography.

Delegation of rights using PKI-based components

Cheung, Lai-sze., 張麗詩.

January 2004

published_or_final_version / abstract / toc / Computer Science / Master / Master of Philosophy

Public key cryptography.

Internet - Security measures.

Computer security.

Forward security from bilinear pairings: signcryption and threshold signature

Chow, Sze-ming, Sherman., 周斯明.

January 2004

published_or_final_version / abstract / toc / Computer Science and Information Systems / Master / Master of Philosophy

Digital signatures.

Cryptography.

New approaches to operating system security extensibility

Watson, Robert Nicholas Maxwell

January 2011

No description available.

004

Design of a novel hybrid cryptographic processor

Li, Jianzhou, University of Lethbridge. Faculty of Arts and Science

January 2005

A new multiplier that supports fields GF(p) and GF (2n) for the public-key cryptography, and fields GF (28) for the secret-key cryptography is proposed in this thesis. Based on the core multiplier and other extracted common operations, a novel hybrid crypto-processor is built which processes both public-key and secret-key cryptosystems. The corresponding instruction set is also presented. Three cryptographic algorithms: the Elliptic Curve Cryptography (ECC), AES and RC5 are focused to run in the processor. To compute scalar multiplication kP efficiently, a blend of efficient algorthms on elliptic curves and coordinates selections and of hardware architecture that supports arithmetic operations on finite fields is requried. The Nonadjacent Form (NAF) of k is used in Jacobian projective coordinates over GF(p); Montgomery scalar multiplication is utilized in projective coordinates over GF(2n). The dual-field multiplier is used to support multiplications over GF(p) and GF(2n) according to multiple-precision Montgomery multiplications algorithms. The design ideas of AES and RC5 are also described. The proposed hybrid crypto-processor increases the flexibility of security schemes and reduces the total cost of cryptosystems. / viii, 87 leaves : ill. (some col.) ; 28 cm.

Dissertations, Academic

Data encryption (Computer science)

Cryptogaphy -- Mathematics

Computer security

Intrusion and Fraud Detection using Multiple Machine Learning Algorithms

Peters, Chad

22 August 2013

New methods of attacking networks are being invented at an alarming rate, and pure signature detection cannot keep up. The ability of intrusion detection systems to generalize to new attacks based on behavior is of increasing value. Machine Learning algorithms have been successfully applied to intrusion and fraud detection; however the time and accuracy tradeoffs between algorithms are not always considered when faced with such a broad range of choices. This thesis explores the time and accuracy metrics of a wide variety of machine learning algorithms, using a purpose-built supervised learning dataset. Topics covered include dataset dimensionality reduction through pre-processing techniques, training and testing times, classification accuracy, and performance tradeoffs. Further, ensemble learning and meta-classification are used to explore combinations of the algorithms and derived data sets, to examine the effects of homogeneous and heterogeneous aggregations. The results of this research are presented with observations and guidelines for choosing learning schemes in this domain.

computer security

artificial intelligence

machine learning

intrusion detection

performance evaluation

UnityFS: A File System for the Unity Block Store

Huang, Wei

27 November 2013

A large number of personal cloud storage systems have emerged in recent years, such as Dropbox, iCloud, Google Drive etc. A common limitation of these system is that the users have to trust the cloud provider not to be malicious. Now we have a Unity block store, which can solve the problem and provide a secure and durable cloud-based block store. However, the base Unity system does not have the concept of file on top of its block device, thus the concurrent operations to different files can cause false sharing problem. In this thesis, we propose UnityFS, a file system built on top of the base Unity system. We design and implement the file system that maintains a mapping between files and a group of data blocks, such that the whole Unity system can support concurrent file operations to different files from multiple user devices in the personal cloud.

Distributed File System

Cloud Computing

Computer Security

0984

UnityFS: A File System for the Unity Block Store

Huang, Wei

27 November 2013

A large number of personal cloud storage systems have emerged in recent years, such as Dropbox, iCloud, Google Drive etc. A common limitation of these system is that the users have to trust the cloud provider not to be malicious. Now we have a Unity block store, which can solve the problem and provide a secure and durable cloud-based block store. However, the base Unity system does not have the concept of file on top of its block device, thus the concurrent operations to different files can cause false sharing problem. In this thesis, we propose UnityFS, a file system built on top of the base Unity system. We design and implement the file system that maintains a mapping between files and a group of data blocks, such that the whole Unity system can support concurrent file operations to different files from multiple user devices in the personal cloud.

Distributed File System

Cloud Computing

Computer Security

0984