UnityFS: A File System for the Unity Block Store

Huang, Wei

27 November 2013

A large number of personal cloud storage systems have emerged in recent years, such as Dropbox, iCloud, Google Drive etc. A common limitation of these system is that the users have to trust the cloud provider not to be malicious. Now we have a Unity block store, which can solve the problem and provide a secure and durable cloud-based block store. However, the base Unity system does not have the concept of file on top of its block device, thus the concurrent operations to different files can cause false sharing problem. In this thesis, we propose UnityFS, a file system built on top of the base Unity system. We design and implement the file system that maintains a mapping between files and a group of data blocks, such that the whole Unity system can support concurrent file operations to different files from multiple user devices in the personal cloud.

Distributed File System

Cloud Computing

Computer Security

0984

Data encryption using RSA public-key cryptosystem / Data encryption using Rivest-Shamir-Adleman public-key cryptosystem

Clevenger, Mark Allen

January 1996

The RSA data encryption algorithm was developed by Ronald Rivest, Adi Shamir and Leonard Adelman in 1978 and is considered a de facto standard for public-key encryption. This computer science thesis demonstrates the author's ability to engineer a software system based on the RSA algorithm. This adaptation of the RSA encryption process was devised to be used on any type of data file, binary as well as text. In the process of developing this computer system, software tools were constructed that allow the exploration of the components of the RSA encryption algorithm. The RSA algorithm was further interpolated as a method of providing software licensing, that is, a manner in which authorization to execute a particular piece of software can be determined at execution time. This document summarizes the RSA encryption process and describes the tools utilized to construct a computer system based on this algorithm. / Department of Computer Science

Data encryption (Computer science)

Computer security.

Telecommunication -- Security measures.

Computer security : data control and protection

Neophytou, Andonis

January 1992

Computer security is a crucial area for any organization based on electronic devices that process data. The security of the devices themselves and the data they process are the backbone of the organization. Until today there have been no completely secure systems or procedures until and a lot of research is being done in this area. It impossible for a machine or a mechanical procedure to "guess" all possible events and lead to conclusive, cohesive and comprehensive secure systems, because of: 1) the human factor, and 2) acts of nature (fire, flood etc). However, proper managerial control can alleviate the extent of the damage caused by those factors.The purpose of this study is to examine the different frameworks of computer security. Emphasis is given to data/database security and the various kinds of attacks on the data. Controls over these attacks and preventative measures will be discussed, and high level language programs will demonstrate the protection issues. The Oracle, SOL query language will be used to demonstrate these controls and prevention measures. In addition the FORTRAN high level language will be used in conjunction with SOL (Only the FORTRAN and COBOL compilers are available for embedded SOL). The C language will be used to show attacks on password files and also as an encryption/decryption program.This study was based mainly on research. An investigation of literature spanning the past decade, was examined to produce the ideas and methods of prevention and control discussed in the study. / Department of Computer Science

Computer security.

Data protection.

Database security.

Computer crimes.

Improving Computer Security Dialogs: An Exploration of Attention and Habituation

Bravo-Lillo, Cristian Antonio

01 February 2014

Computer dialogs communicate important security messages, but their excessive use has produced habituation: a strong tendency by computer users to ignore security dialogs. Unlike physical warnings, whose design and use is regulated by law and based on years of research, computer security dialogs are often designed in an arbitrary manner. We need scientific solutions to produce dialogs that users will heed and understand. Currently, we lack an understanding of the factors that drive users’ attention to security dialogs, and how to counteract habituation. Studying computer security behavior is difficult because a) users are more likely to expose themselves to risk in a lab experiment than in daily life, b) the size of observed effects is usually very small, which makes it necessary to collect many observations, and c) it is complex to balance research interests and the ethical duty not to harm. My thesis makes two contributions: a novel methodology to study behavioral responses to security dialogs in a realistic, ethical way with high levels of ecological validity, and a novel technique to increase and retain attention to security dialogs, even in the presence of habituation.

usable security

computer security dialogs

attractors

habituation

attention

Intrusion and Fraud Detection using Multiple Machine Learning Algorithms

Peters, Chad

22 August 2013

New methods of attacking networks are being invented at an alarming rate, and pure signature detection cannot keep up. The ability of intrusion detection systems to generalize to new attacks based on behavior is of increasing value. Machine Learning algorithms have been successfully applied to intrusion and fraud detection; however the time and accuracy tradeoffs between algorithms are not always considered when faced with such a broad range of choices. This thesis explores the time and accuracy metrics of a wide variety of machine learning algorithms, using a purpose-built supervised learning dataset. Topics covered include dataset dimensionality reduction through pre-processing techniques, training and testing times, classification accuracy, and performance tradeoffs. Further, ensemble learning and meta-classification are used to explore combinations of the algorithms and derived data sets, to examine the effects of homogeneous and heterogeneous aggregations. The results of this research are presented with observations and guidelines for choosing learning schemes in this domain.

computer security

artificial intelligence

machine learning

intrusion detection

performance evaluation

Rosie - A Recovery-oriented Security System

Chow, Shun Yee

11 July 2013

Recovery is a time-consuming and computationally expensive operation. If an attacker can affect heavily-shared objects on the machine, then many other processes and files can be compromised from accessing them. This would greatly increase the recovery effort. Since intrusions start with a network connection, we argue that the integrity of heavily-shared objects should be protected from the network, in order to minimize the recovery effort. We discuss our prototype Rosie, which is designed with incident response and post-intrusion recovery in mind. Rosie predicts how heavily-shared each file or process is, based on the previous system activities observed. Rosie enforces appropriate mandatory access control and uses techniques such as sandboxing, in order to protect heavily-shared objects’ integrity. Rosie provides an important recovery guarantee that the maximum number of files need to be recovered is at most equal to the dependency threshold, a value that can be adjusted by a system administrator.

computer system

dependency analysis

recovery

computer security

0984

0537

Rosie - A Recovery-oriented Security System

Chow, Shun Yee

11 July 2013

Recovery is a time-consuming and computationally expensive operation. If an attacker can affect heavily-shared objects on the machine, then many other processes and files can be compromised from accessing them. This would greatly increase the recovery effort. Since intrusions start with a network connection, we argue that the integrity of heavily-shared objects should be protected from the network, in order to minimize the recovery effort. We discuss our prototype Rosie, which is designed with incident response and post-intrusion recovery in mind. Rosie predicts how heavily-shared each file or process is, based on the previous system activities observed. Rosie enforces appropriate mandatory access control and uses techniques such as sandboxing, in order to protect heavily-shared objects’ integrity. Rosie provides an important recovery guarantee that the maximum number of files need to be recovered is at most equal to the dependency threshold, a value that can be adjusted by a system administrator.

computer system

dependency analysis

recovery

computer security

0984

0537

Establishing trust in encrypted programs

Xia, Ying Han

09 July 2008

Encryption is increasingly being used as deterrence for software piracy and vulnerability exploitation. Unencrypted or insecure programs can be the subject of intensive scrutiny by attackers in an attempt to disable protective features or to find buffer overflows as an avenue of attack of other systems. The application of encrypted programs, however, leads to other security concerns as users are no longer able to distinguish between malicious and benign behavior due to the secretive nature of encryption. Furthermore, should an attacker gain access to the software update process then malicious updates or modifications can be made to the system without the knowledge of the users. Therefore, system administrators running encrypted software now have a need for techniques that would allow such encrypted software to execute properly while minimizing the possibility of the system being compromised. The goal of this research is to develop a methodology that can enable users to trust encrypted software to allow their execution.

Trust

Monitoring

Encryption

Data encryption (Computer science)

Computer security

Wi-Fi as electronic evidence : policy, process and tools

Turnbull, Benjamin

January 2007

802.11-based wireless networking has invaded cities, offices, homes and coffee shops over the last five years, and has become a widely used and accepted technology. It has revolutionised computer networking and automation and added a social aspect to personal computing. Accompanying this widespread usage is the presence of crime; the more popular technology, the more opportunity exists for its misuse. / This dissertation studied 802.11-based wireless networking environment from a forensic computing perspective. It sought to understand the current state of wireless misuse: present misuses; potential forms of misuse involving 802.11-based wireless networks; and current tools and techniques used in its identification, containment and analysis. The research highlights the lack of current tools and procedures for forensic computing investigations that are able to effectively handle the presence of wireless devices and networks, and that there are forms of misuse that may escape detection by forensic investigation teams. This work was then developed into a taxonomy of wireless misuse. / Once the current state was known, this research sought to readdress the current state of forensic computing teams, through analysing the need for software tools and procedural changes to counter the misuses that this technology allows. Once software outcomes were developed, the legal and technical feasibility of their use was ascertained. Based on the outcomes of this work, a final set of software requirements was developed and the proposed methodology for their development was discussed. / A new series of procedures was also developed for forensic investigators to identify, contain and analyse sources of electronic evidence with 802.11-networking. Much of this work was based upon but extending current procedural guides for law enforcement. / The final outcome of this research was the development of a series of recommendations for forensic teams and research that incorporates short, medium and long term development for forensic teams as well as research and development. This work intended to provide mechanisms for future research that are jurisdictionally independent able to be adapted for each individual forensic team. The short term recommendations were primarily changes to procedure, whereas the medium and long terms changes sought to address the larger issues raised by wireless networking devices being the target of or involved in crime or misuse. / Much of this dissertation is exploratory in nature and much of its length is devoted to determining the current state of the misuse and current mechanisms employed to counter it. In such a rapidly developing field of study, this work will need constant revision as new technologies emerge and new forms of misuse take advantage of them. / Thesis (PhDInformationTechnology)--University of South Australia, 2007

Computer security

Computer crimes

Forensic sciences

Wireless LANs

Intelligent techniques in digital image watermarking /

Wang, Feng-Hsing.

Unknown Date

Thesis (PhDElectronicEngineering)--University of South Australia, 2005.

Computer security.

Data encryption (Computer science)

Digital watermarking.