Network Security Analysis

Hassan, Aamir, Mohammad, Fida

January 2010

<p>Security  is  the second step after  that a successful network has been deployed. There are many  types  of  attacks  that  could  potentially  harm  the  network  and  an  administrator should  carefully  document  and  plan  the  weak  areas,  where  the  network  could  be compromised. Attackers use special tools and techniques to find out all the possible ways of defeating the network security.  This  thesis  addresses  all  the  possible  tools  and  techniques  that  attackers  use  to compromise the network. The purpose for exploring these tools will help an administrator to find the security holes before an attacker can. All of these tools in this thesis are only for the forensic purpose. Securing routers and switches in the best possible way is another goal. We in this part try to identify important ways of securing these devices, along with their limitations, and then determine the best possible way. The solution will be checked with network vulnerable  tools  to get  the  results.  It  is  important  to note  that most  of  the attention  in  network  security  is  given  to  the  router,  but  far  less  attention  is  given  to securing a switch. This  thesis will also address some more ways of securing a switch, if there is no router in the network. </p> / The opponent for the thesis was Yan Wang and the presentation time was 60 minutes.

Network Security Analysis

The Role of U.S. Infrastructure Investment in Strategic Asset Allocation

Cahill, Michael A

01 January 2013

This paper investigates the role of U.S. infrastructure investments in a multi-asset portfolio, by using monthly return data for eight different asset classes from the period December 2002 to March 2013. Applying mean variance, as well as mean-downside risk, optimization models, I show that U.S. infrastructure plays an important role in delivering better risk/return trade-offs than more traditional portfolios. Infrastructure proves to be most beneficial to moderate-risk portfolios where the standard deviation ranges from 2% to 6% and the maximum allocation to infrastructure is 65.49%. Additionally, I show that infrastructure is more attractive to investors who are averse to variance, rather than downside risk.

Portfolio and Security Analysis

Network Security Analysis

Hassan, Aamir, Mohammad, Fida

January 2010

Security  is  the second step after  that a successful network has been deployed. There are many  types  of  attacks  that  could  potentially  harm  the  network  and  an  administrator should  carefully  document  and  plan  the  weak  areas,  where  the  network  could  be compromised. Attackers use special tools and techniques to find out all the possible ways of defeating the network security.  This  thesis  addresses  all  the  possible  tools  and  techniques  that  attackers  use  to compromise the network. The purpose for exploring these tools will help an administrator to find the security holes before an attacker can. All of these tools in this thesis are only for the forensic purpose. Securing routers and switches in the best possible way is another goal. We in this part try to identify important ways of securing these devices, along with their limitations, and then determine the best possible way. The solution will be checked with network vulnerable  tools  to get  the  results.  It  is  important  to note  that most  of  the attention  in  network  security  is  given  to  the  router,  but  far  less  attention  is  given  to securing a switch. This  thesis will also address some more ways of securing a switch, if there is no router in the network. / The opponent for the thesis was Yan Wang and the presentation time was 60 minutes.

Network Security Analysis

Risk-Return Dynamics Using Leveraged ETF Options

Wampler, Eliza

01 May 2022

This study uses barbell strategies on the S&P 500 and the NASDAQ 100 to explore if funds invested primarily in fixed income assets with a portion of the investment placed in in-the-money call options can participate in upside potential, while also reducing risk. This study examines call options on the underlying indexes as well as their leveraged, 2x and 3x, counterparts. The barbell strategy studied, 88% in fixed income bonds and 12% in call options, does not have a higher return than the underlying index, and adds additional risk. However, a weighted portfolio with combinations of a risk-free asset and leveraged ETF does provide a higher return on investment, with a decreased risk as compared to the underlying index.

Finance and Financial Management

Portfolio and Security Analysis

Security analysis of bytecode interpreters using Alloy

Reynolds, Mark Clifford

January 2012

Thesis (Ph.D.)--Boston University / Security of programming languages, particularly programming languages used for network applications, is a major issue at this time. Despite the best efforts of language designers and implementers, serious security vulnerabilities continue to be discovered at an alarming rate. Thus, development of analysis tools that can be used to uncover insecure or malicious code is an important area of research. This thesis focuses on the use of the lightweight formal method tool Alloy to perform static analysis on binary code, Byte-compiled languages that run on virtual machines are of particular interest because of their relatively small instruction sets, and also because they are well represented on the Internet. This thesis describes a static analysis methodology in which desired security properties of a language are expressed as constraints in Alloy, while the actual bytes being analyzed are expressed as Alloy model initializers. The combination of these two components yields a complete Alloy model in which any model counterexample represents a constraint violation, and hence a security vulnerability. The general method of expressing security requirements as constraints is studied, and results are presented for Java bytecodes running on the Java Virtual Machine, as well as for Adobe Flash SWF files containing ActionScript bytecodes running on the Action Script Virtual Machine. It is demonstrated that many examples of malware are detected by this technique. In addition, analysis of benign software is shown to not produce any counterexamples. This represents a significant departure from standard methods based on signatures or anomaly detection.

Programming languages

Security analysis

Digital security

The Growth of Socially Responsible Investing Practices in U.S. Equity Markets and Abnormal Sin Stock Returns

Lori, Jack

01 January 2019

In my Senior Thesis, I explore the growth of socially responsible investing (SRI) practices in U.S. equity markets and abnormal sin stocks returns. I analyze the historical performance of socially responsible ETFs and portfolios of current sin stocks—alcohol, tobacco, gaming, and aerospace & defense stocks. I propose that as socially responsible investing practices continue to grow in U.S. equity markets, more industries will eventually be deemed sinful—such as sugary beverages, fast food/sugary food, biotech & pharmaceuticals, and tech/social media. I examine two sinful industries—alcohol and tobacco—by comparing the performance of these sinful portfolios before and after their industries were widely perceived as sinful. I explored these topics for a few key reasons. First, socially responsible investing practices in U.S. equity markets have exploded in popularity over the last decade. Every year, we see increasing amounts of money screened for environmental, social and governance (ESG) factors. Despite its increase in popularity, many people have claimed that socially responsible investing isn’t financially responsible investing—it underperforms as compared to common benchmarks such as the S&P 500. On the other hand, existing literature has supported the claim that investing in sin stocks generates abnormal returns for investors. I hypothesize that these two areas of portfolio management are connected—as socially responsible investing practices continue to grow, more industries will eventually be widely perceived as sinful. If the sin stock anomaly does exist and portfolios of sin stocks do generate abnormal returns, individuals and institutions can benefit from an immediate and long term investment strategy by investing in these “future” sinful industries now. Using three distinct capital asset pricing models—the Fama-French 3 Factor Model, the Fama-French 3 Factor Model plus Momentum, and the Fama-French 5 Factor Model—I come to four main conclusions. First, investing in socially responsible ETFs does not generate positive abnormal returns; in some instances, it generates statistically significant negative abnormal returns. Second, across the Fama-French 3 Factor Model, the Fama-French 3 Factor Model plus Momentum, and the Fama-French 5 Factor Model, portfolios of sin stocks from 1977-2018 generate statistically significant positive abnormal returns. Third, during the same time horizon, portfolios of future sin stocks exhibit similar levels of abnormal returns, especially portfolios of biotech & pharmaceutical stocks and portfolios of tech/social media stocks. Finally, portfolios of alcohol and tobacco stocks generated statistically significant abnormal returns after being widely perceived as sinful as compared to before they were widely perceived as sinful. My research has implications for practicing portfolio managers. First, socially responsible investing isn’t financially responsible investing. Second, portfolio managers should consider how the growth of socially responsible investing practices will impact perceptions of what is sinful. Anticipating which industries will become sinful can yield a profitable investment strategy. Third, I promote a profitable investment strategy in the short- and long-term time horizon. The results are clear: go long on sin and short on SRI.

Sin

ETF

Fama-French

Tobacco

SRI

VICEX

Portfolio and Security Analysis

Precise, General, and Efficient Data-flow Analysis for Security Vetting of Android Apps

Wei, Fengguo

18 June 2018

This dissertation presents a new approach to static analysis for security vetting of Android apps, and a general framework called Argus-SAF. Argus-SAF determines points-to information for all objects in an Android app component in a flow and context-sensitive (user-configurable) way and performs data-flow and data dependence analysis for the component. Argus-SAF also tracks inter-component communication activities. It can stitch the component-level information into the app- level information to perform intra-app or inter-app analysis. Moreover, Argus-SAF is NDK/JNI- aware and can efficiently track precise data-flow across language boundary. This dissertation shows that, (a) the aforementioned type of comprehensive app analysis is utterly feasible in terms of computing resources with modern hardware, (b) one can easily leverage the results from this general analysis to build various types of specialized security analyses – in many cases the amount of additional coding needed is around 100 lines of code, and (c) the result of those specialized analyses leveraging Argus-SAF is at least on par and often exceeds prior works designed for the specific problems, which this dissertation demonstrate by comparing Argus-SAF’s results with those of prior works whenever the tool can be obtained. Since Argus-SAF’s analysis directly handles intercomponent and inter-language control and data flows, it can be used to address security problems that result from interactions among multiple components from either the same or different apps and among java code and native code. Argus-SAF’s analysis is sound in that it can assure the absence of the specified security problems in an app with well-specified and reasonable assumptions on Android runtime system and its library.

Android App Security Analysis

Mobile Security

Static Analysis

Computer Sciences

Privacy preservation in data mining through noise addition

Islam, Md Zahidul

January 2008

Research Doctorate - Doctor of Philosophy (PhD) / Due to advances in information processing technology and storage capacity, nowadays huge amount of data is being collected for various data analyses. Data mining techniques, such as classification, are often applied on these data to extract hidden information. During the whole process of data mining the data get exposed to several parties and such an exposure potentially leads to breaches of individual privacy. This thesis presents a comprehensive noise addition technique for protecting individual privacy in a data set used for classification, while maintaining the data quality. We add noise to all attributes, both numerical and categorical, and both to class and non-class, in such a way so that the original patterns are preserved in a perturbed data set. Our technique is also capable of incorporating previously proposed noise addition techniques that maintain the statistical parameters of the data set, including correlations among attributes. Thus the perturbed data set may be used not only for classification but also for statistical analysis. Our proposal has two main advantages. Firstly, as also suggested by our experimental results the perturbed data set maintains the same or very similar patterns as the original data set, as well as the correlations among attributes. While there are some noise addition techniques that maintain the statistical parameters of the data set, to the best of our knowledge this is the first comprehensive technique that preserves the patterns and thus removes the so called Data Mining Bias from the perturbed data set. Secondly, re-identification of the original records directly depends on the amount of noise added, and in general can be made arbitrarily hard, while still preserving the original patterns in the data set. The only exception to this is the case when an intruder knows enough about the record to learn the confidential class value by applying the classifier. However, this is always possible, even when the original record has not been used in the training data set. In other words, providing that enough noise is added, our technique makes the records from the training set as safe as any other previously unseen records of the same kind. In addition to the above contribution, this thesis also explores the suitability of pre-diction accuracy as a sole indicator of data quality, and proposes technique for clustering both categorical values and records containing such values.

privacy

data mining

noise addition

clustering

security analysis

data quality

Approaches to the Regional Security Analysis of Southeast Asia

Khoo, How San, xiaosan@starhub.net.sg

January 1999

The purpose of this study is to critically evaluate three scholarly perspectives -- balance of power, institutional, and security complex -- to examine the evolving dynamics of security interdependence and inter-state relations among Southeast Asian states and external powers since 1945. This study is thus a comparative evaluation of the strengths and weaknesses of the three methods in their empirical analysis of the regional security dynamics of Southeast Asia.¶ There is much merit in the balance of power approach. It tracked the consequences of the bipolar Cold War rivalry on Southeast Asia. Its logical construction led it to be concerned with alliances, coalitions and alignments. But it has not satisfactorily explained the relatively benign conditions after the Cold War. The institutional approach similarly emphasizes material explanatory factors (although, in its case, not exclusively so). It identifies the emergence of institutions when groups of countries find it in their mutual interest to cooperate through rules and norms. But the approach may prove to be incomplete in assessing ASEAN's post-Cold War behaviour. As an analytical device, the security complex is deployed to provide a corrective to the over-emphasis (of the other two approaches) on the systemic dynamics. By identifying regional and local dynamics interacting with systemic dynamics via patterns of amity and enmity, it offers explanatory accounts of the behaviour of regional states in situations where the other two approaches fail to do satisfactorily. Moreover, it provides a framework for the deployment of constructivism, which identifies the ideational process whereby interdependent regional states respond to changes in both the power and amity-enmity attributes.¶ This study concludes that security relations among Southeast Asian states and in their relations with external powers after the Cold War, are better examined using the three approaches in a complementary manner. In this way, the influence of local amity-enmity patterns is seen to impact on balance of power and institutional situations.

balance of power

institutional

security complex

Southeast Asia

regional security analysis

Congressional Insider Trading: An Analysis of the Personal Common Stock Transactions of U.S. Senators

Yingling, Scott T

01 January 2011

I have examined the common stock investments made by members of the U.S. Senate between 2006 and 2009. I find that the average stock portfolio in the Senate exhibits one and two year cumulative abnormal returns (CARs) of -0.15 % and 0.43%, respectively. This suggests that members of the Senate are not trading on insider knowledge as indicated by one previous researcher who calculated a one year CAR of 25%. However, my findings are in line with another previous researcher who found a one year CAR of about -2% and concluded that Congressmen are not trading on inside information. I also examine election-year trades made by senators who lose a reelection bid. This cashing out effect amounts to a CAR of 0.43% during the first year post loss, but after two years these trades exhibit a CAR of -0.03%. The cashing out group performs no better than the group as a whole, indicating that this group did not use their informational advantage to profit during the lame duck session.

Portfolio and Security Analysis