Formal specification and verification of safety interlock systems : a comparative case study /

Seotsanyana, Motlatsi.

January 2007

Thesis (MSc)--University of Stellenbosch, 2007. / Bibliography. Also available via the Internet.

Secure distribution of open source information /

Rogers, Jason Lee.

January 2004

Thesis (M.S. in Computer Science)--Naval Postgraduate School, December 2004. / Thesis advisor(s): George Dinolt. Includes bibliographical references (p. 57-59). Also available online.

Xor based optical encryption with noise performance modeling and application to image transmission over wireless IP lan /

Zhang, Bo.

January 1900

Thesis (MTech (Information Technology))--Peninsula Technikon, 2004. / Word processed copy. Summary in English. Includes bibliographical references (leaves 117-120). Also available online.

On the security and efficiency of encryption

Cash, Charles David.

January 2009

Thesis (Ph.D)--Computing, Georgia Institute of Technology, 2010. / Committee Chair: Boldreva, Alexandra; Committee Member: Ahamad, Mustaque; Committee Member: Randall, Dana; Committee Member: Tetali, Prasad; Committee Member: Traynor, Patrick. Part of the SMARTech Electronic Thesis and Dissertation Collection.

Access control model and labelling scheme for efficient querying and updating XML data

Duong, Maggie.

January 2010

Thesis (Ph.D.)--Victoria University (Melbourne, Vic.), 2010.

Security for the processor-to-memory interface using field programmable gate arrays

Sewell, George E.

January 2007

Thesis (M.S. in Electrical Engineering)--Vanderbilt University, Aug. 2007. / Title from title screen. Includes bibliographical references.

Strategic framework to minimise information security risks in the UAE

Alkaabi, Ahmed

January 2014

The transition process to ICT (Information and Communication Technology) has had significant influence on different aspects of society. Although the computerisation process has motivated the alignment of different technical and human factors with the expansion process, the technical pace of the transition surpasses the human adaptation to change. Much research on ICT development has shown that ICT security is essentially a political and a managerial act that must not disregard the importance of the relevant cultural characteristics of a society. Information sharing is a necessary action in society to exchange knowledge and to enable and facilitate communication. However, certain information should be shared only with selected parties or even kept private. Information sharing by humans forms the main obstacle to security measure undertaken by organisations to protect their assets. Moreover, certain cultural traits play a major role in thwarting information security measures. Arab culture of the United Arab Emirates is one of those cultures with strong collectivism featuring strong ties among individuals. Sharing sensitive information including passwords of online accounts can be found in some settings in some cultures, but with reason and generally on a small scale. However, this research includes a study on 3 main Gulf Cooperation Council (GCC) countries, namely, Saudi Arabia (KSA), United Arab Emirates (UAE) and Oman, showing that there is similar a significant level of sensitive information sharing among employees in the region. This is proven to highly contribute to compromising user digital authentication, eventually, putting users’ accounts at risk. The research continued by carrying out a comparison between the United Kingdom (UK) and the Gulf Cooperation Council (GCC) countries in terms of attitudes and behaviour towards information sharing. It was evident that there is a significant difference between GCC Arab culture and the UK culture in terms of information sharing. Respondents from the GCC countries were more inclined to share sensitive information with their families and friends than the UK respondents were. However, UK respondents still revealed behaviour in some contexts, which may lead potential threats to the authentication mechanism and consequently to other digital accounts that require a credential pass. It was shown that the lack of awareness and the cultural impact are the main issues for sensitive information sharing among family members and friends in the GCC. The research hence investigated channels and measures of reducing the prevalence of social engineering attacks, such as legislative measures, technological measures, and education and awareness. The found out that cultural change is necessary to remedy sensitive information sharing as a cultural trait. Education and awareness are perhaps the best defence to cultural change and should be designed effectively. Accordingly, the work critically analysed three national cybersecurity strategies of the United Kingdom (UK), the United States (U.S.) and Australia (AUS) in order to identify any information security awareness education designed to educate online users about the risk of sharing sensitive information including passwords. The analysis aimed to assess possible adoption of certain elements, if any, of these strategies by the UAE. The strategies discussed only user awareness to reduce information sharing. However, awareness in itself may not achieve the required result of reducing information sharing among family members and friends. Rather, computer users should be educated about the risks of such behaviour in order to realise and change. As a result, the research conducted an intervention study that proposed a UAE-focused strategy designed to promote information security education for the younger generation to mitigate the risk of sensitive information sharing. The results obtained from the intervention study of school children formed a basis for the information security education framework also proposed in this work.

005.8

"All conflict is local" : an empirical analysis of local factors in violent civil conflict

Haring-Smith, Whitney

January 2011

Previous civil war analyses have approached conflict as a single category with limited exceptions, and this thesis project assesses whether differentiating conflicts by their type and intensity using a local-level geo-referenced analytical approach produces differing results for sub-groups of conflicts. The conflicts are divided into 1) governmental hostilities, where the aim of the armed non-state group is to capture the state, and 2) territorial hostilities, where the aim of the armed non-state group is to capture increased autonomy or secession for a territorial claim. The conflicts are also differentiated by intensity into 1) low-intensity conflicts, with fewer than 1000 battle-related deaths per year, and 2) civil wars, with 1000 or more battle-related deaths per year. The results demonstrate that conflicts with differing insurgent goals and intensities of battle are correlated with markedly different factors. There are three factors – local population density, change in local rainfall, and statewide GDP growth – that are significant to both governmental and territorial hostilities but have opposite signs for the two sets. Only one variable – Polity IV scores – showed a consistently significant correlation for governmental and territorial hostilities. There are no factors that are significant to both low-intensity conflict and higher-intensity civil war. These findings suggest that approaching all conflicts as a single class, particularly at the local level, may not reveal significant differences in factors correlated with conflict. Modeling of local conflict will require differentiation of conflicts into salient sub-groups. For policymakers and practitioners, this research suggests that there is not a one-size-fits-all approach for conflict prevention but that strategies need to be targeted to specific types of conflict.

320

Security in next generation air traffic communication networks

Strohmeier, Martin

January 2016

A multitude of wireless technologies are used by air traffic communication systems during different flight phases. From a conceptual perspective, all of them are insecure as security was never part of their design and the evolution of wireless security in aviation did not keep up with the state of the art. Recent contributions from academic and hacking communities have exploited this inherent vulnerability and demonstrated attacks on some of these technologies. However, these inputs revealed that a large discrepancy between the security perspective and the point of view of the aviation community exists. In this thesis, we aim to bridge this gap and combine wireless security knowledge with the perspective of aviation professionals to improve the safety of air traffic communication networks. To achieve this, we develop a comprehensive new threat model and analyse potential vulnerabilities, attacks, and countermeasures. Since not all of the required aviation knowledge is codified in academic publications, we examine the relevant aviation standards and also survey 242 international aviation experts. Besides extracting their domain knowledge, we analyse the awareness of the aviation community concerning the security of their wireless systems and collect expert opinions on the potential impact of concrete attack scenarios using insecure technologies. Based on our analysis, we propose countermeasures to secure air traffic communication that work transparently alongside existing technologies. We discuss, implement, and evaluate three different approaches based on physical and data link layer information obtained from live aircraft. We show that our countermeasures are able to defend against the injection of false data into air traffic control systems and can significantly and immediately improve the security of air traffic communication networks under the existing real-world constraints. Finally, we analyse the privacy consequences of open air traffic control protocols. We examine sensitive aircraft movements to detect large-scale events in the real world and illustrate the futility of current attempts to maintain privacy for aircraft owners.

004

Assessing the Global Cyber and Biological Threat

Mezzour, Ghita

01 April 2015

In today’s inter-connected world, threats from anywhere in the world can have serious global repercussions. In particular, two types of threats have a global impact: 1) cyber crime and 2) cyber and biological weapons. If a country’s environment is conducive to cyber criminal activities, cyber criminals will use that country as a basis to attack end-users around the world. Cyber weapons and biological weapons can now allow a small actor to inflict major damage on a major military power. If cyber and biological weapons are used in combination, the damage can be amplified significantly. Given that the cyber and biological threat is global, it is important to identify countries that pose the greatest threat and design action plans to reduce the threat from these countries. However, prior work on cyber crime lacks empirical substantiation for reasons why some countries’ environments are conducive to cyber crime. Prior work on cyber and biological weapon capabilities mainly consists of case studies which only focus on select countries and thus are not generalizeable. To sum up, assessing the global cyber and biological threat currently lacks a systematic empirical approach. In this thesis, I take an empirical and systematic approach towards assessing the global cyber and biological threat. The first part of the thesis focuses on cyber crime. I examine international variation in cyber crime infrastructure hosting and cyber crime exposure. I also empirically test hypotheses about factors behind such variation. In that work, I use Symantec’s telemetry data, collected from 10 million Symantec customer computers worldwide and accessed through the Symantec’s Worldwide Intelligence Network Environment (WINE). I find that addressing corruption in Eastern Europe or computer piracy in Sub-Saharan Africa has the potential to reduce the global cyber crime. The second part of the thesis focuses on cyber and biological weapon capabilities. I develop two computational methodologies: one to assess countries’ biological capabilities and one to assess countries’ cyber capabilities. The methodologies examine all countries in the world and can be used by non-experts that only have access to publicly available data. I validate the biological weapon assessment methodology by comparing the methodology’s assessment to historical data. This work has the potential to proactively reduce the global cyber and biological weapon threat.

Cyber security

Science of security

Computers and Society

Public Policy Issues

Abuse and Crime Involving Computers

Global Cyber Security