Global ETD Search

111	A research in SQL injection. January 2005 (has links) Leung Siu Kuen. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 67-68). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iii / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivation --- p.1 / Chapter 1.1.1 --- A Story --- p.1 / Chapter 1.2 --- Overview --- p.2 / Chapter 1.2.1 --- Introduction of SQL Injection --- p.4 / Chapter 1.3 --- The importance of SQL Injection --- p.6 / Chapter 1.4 --- Thesis organization --- p.8 / Chapter 2 --- Background --- p.10 / Chapter 2.1 --- Flow of web applications using DBMS --- p.10 / Chapter 2.2 --- Structure of DBMS --- p.12 / Chapter 2.2.1 --- Tables --- p.12 / Chapter 2.2.2 --- Columns --- p.12 / Chapter 2.2.3 --- Rows --- p.12 / Chapter 2.3 --- SQL Syntax --- p.13 / Chapter 2.3.1 --- SELECT --- p.13 / Chapter 2.3.2 --- AND/OR --- p.14 / Chapter 2.3.3 --- INSERT --- p.15 / Chapter 2.3.4 --- UPDATE --- p.16 / Chapter 2.3.5 --- DELETE --- p.17 / Chapter 2.3.6 --- UNION --- p.18 / Chapter 3 --- Details of SQL Injection --- p.20 / Chapter 3.1 --- Basic SELECT Injection --- p.20 / Chapter 3.2 --- Advanced SELECT Injection --- p.23 / Chapter 3.2.1 --- Single Line Comment (--) --- p.23 / Chapter 3.2.2 --- Guessing the number of columns in a table --- p.23 / Chapter 3.2.3 --- Guessing the column name of a table (Easy one) --- p.26 / Chapter 3.2.4 --- Guessing the column name of a table (Difficult one) . --- p.27 / Chapter 3.3 --- UPDATE Injection --- p.29 / Chapter 3.4 --- Other Attacks --- p.30 / Chapter 4 --- Current Defenses --- p.32 / Chapter 4.1 --- Causes of SQL Injection attacks --- p.32 / Chapter 4.2 --- Defense Methods --- p.33 / Chapter 4.2.1 --- Defensive Programming --- p.34 / Chapter 4.2.2 --- hiding the error messages --- p.35 / Chapter 4.2.3 --- Filtering out the dangerous characters --- p.35 / Chapter 4.2.4 --- Using pre-complied SQL statements --- p.36 / Chapter 4.2.5 --- Checking for tautologies in SQL statements --- p.37 / Chapter 4.2.6 --- Instruction set randomization --- p.38 / Chapter 4.2.7 --- Building the query model --- p.40 / Chapter 5 --- Proposed Solution --- p.43 / Chapter 5.1 --- Introduction --- p.43 / Chapter 5.2 --- Natures of SQL Injection --- p.43 / Chapter 5.3 --- Our proposed system --- p.44 / Chapter 5.3.1 --- Features of the system --- p.44 / Chapter 5.3.2 --- Stage 1 - Checking with current signatures --- p.45 / Chapter 5.3.3 --- Stage 2 - SQL Server Query --- p.45 / Chapter 5.3.4 --- Stage 3 - Error Triggering --- p.46 / Chapter 5.3.5 --- Stage 4 - Alarm --- p.50 / Chapter 5.3.6 --- Stage 5 - Learning --- p.50 / Chapter 5.4 --- Examples --- p.51 / Chapter 5.4.1 --- Defensing BASIC SELECT Injection --- p.52 / Chapter 5.4.2 --- Defensing Advanced SELECT Injection --- p.52 / Chapter 5.4.3 --- Defensing UPDATE Injection --- p.57 / Chapter 5.5 --- Comparison --- p.59 / Chapter 6 --- Conclusion --- p.62 / Chapter A --- Commonly used table and column names --- p.64 / Chapter A.1 --- Commonly used table names for system management --- p.64 / Chapter A.2 --- Commonly used column names for password storage --- p.65 / Chapter A.3 --- Commonly used column names for username storage --- p.66 / Bibliography --- p.67 Computer security SQL (Computer program language) Application software--Security measures
112	Defending against low-rate TCP attack: dynamic detection and protection. January 2005 (has links) Sun Haibin. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 89-96). / Abstracts in English and Chinese. / Abstract --- p.i / Chinese Abstract --- p.iii / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Background Study and Related Work --- p.5 / Chapter 2.1 --- Victim Exhaustion DoS/DDoS Attacks --- p.6 / Chapter 2.1.1 --- Direct DoS/DDoS Attacks --- p.7 / Chapter 2.1.2 --- Reflector DoS/DDoS Attacks --- p.8 / Chapter 2.1.3 --- Spoofed Packet Filtering --- p.9 / Chapter 2.1.4 --- IP Traceback --- p.13 / Chapter 2.1.5 --- Location Hiding --- p.20 / Chapter 2.2 --- QoS Based DoS Attacks --- p.22 / Chapter 2.2.1 --- Introduction to the QoS Based DoS Attacks --- p.22 / Chapter 2.2.2 --- Countermeasures to the QoS Based DoS Attacks --- p.22 / Chapter 2.3 --- Worm based DoS Attacks --- p.24 / Chapter 2.3.1 --- Introduction to the Worm based DoS Attacks --- p.24 / Chapter 2.3.2 --- Countermeasures to the Worm Based DoS Attacks --- p.24 / Chapter 2.4 --- Low-rate TCP Attack and RoQ Attacks --- p.26 / Chapter 2.4.1 --- General Introduction of Low-rate Attack --- p.26 / Chapter 2.4.2 --- Introduction of RoQ Attack --- p.27 / Chapter 3 --- Formal Description of Low-rate TCP Attacks --- p.28 / Chapter 3.1 --- Mathematical Model of Low-rate TCP Attacks --- p.28 / Chapter 3 2 --- Other forms of Low-rate TCP Attacks --- p.31 / Chapter 4 --- Distributed Detection Mechanism --- p.34 / Chapter 4.1 --- General Consideration of Distributed Detection . --- p.34 / Chapter 4.2 --- Design of Low-rate Attack Detection Algorithm . --- p.36 / Chapter 4.3 --- Statistical Sampling of Incoming Traffic --- p.37 / Chapter 4.4 --- Noise Filtering --- p.38 / Chapter 4.5 --- Feature Extraction --- p.39 / Chapter 4.6 --- Pattern Matching via the Dynamic Time Warping (DTW) Method --- p.41 / Chapter 4.7 --- Robustness and Accuracy of DTW --- p.45 / Chapter 4.7.1 --- DTW values for low-rate attack: --- p.46 / Chapter 4.7.2 --- DTW values for legitimate traffic (Gaussian): --- p.47 / Chapter 4.7.3 --- DTW values for legitimate traffic (Self-similar): --- p.48 / Chapter 5 --- Low-Rate Attack Defense Mechanism --- p.52 / Chapter 5.1 --- Design of Defense Mechanism --- p.52 / Chapter 5.2 --- Analysis of Deficit Round Robin Algorithm --- p.54 / Chapter 6 --- Fluid Model of TCP Flows --- p.56 / Chapter 6.1 --- Fluid Math. Model of TCP under DRR --- p.56 / Chapter 6.1.1 --- Model of TCP on a Droptail Router --- p.56 / Chapter 6.1.2 --- Model of TCP on a DRR Router --- p.60 / Chapter 6.2 --- Simulation of TCP Fluid Model --- p.62 / Chapter 6.2.1 --- Simulation of Attack with Single TCP Flow --- p.62 / Chapter 6.2.2 --- Simulation of Attack with Multiple TCP flows --- p.64 / Chapter 7 --- Experiments --- p.69 / Chapter 7.1 --- Experiment 1 (Single TCP flow vs. single source attack) --- p.69 / Chapter 7.2 --- Experiment 2 (Multiple TCP flows vs. single source attack) --- p.72 / Chapter 7.3 --- Experiment 3 (Multiple TCP flows vs. synchro- nized distributed low-rate attack) --- p.74 / Chapter 7.4 --- Experiment 4 (Network model of low-rate attack vs. Multiple TCP flows) --- p.77 / Chapter 8 --- Conclusion --- p.83 / Chapter A --- Lemmas and Theorem Derivation --- p.85 / Bibliography --- p.89 Computer networks--Security measures Computer security
113	Network coding for security and error correction. / CUHK electronic theses & dissertations collection January 2008 (has links) In this work, we consider the possibility and the effectiveness of implementing secure network coding and error-correcting network coding at the same time. Upon achieving this goal, information can be multicast securely to the sink nodes through a noisy network. Toward this end, we propose constructions of such codes and prove their optimality. After that, we extend the idea of generalized Hamming Weight [54] for the classical point-to-point communication channel to linear network coding. We also extend the idea of generalized Singleton bound to linear network coding. We further show that the generalized Hamming weight can completely characterize the security performance of linear code at the source node on a given linear network code. We then introduce the idea of Network Maximum Distance Separable code (NMDS code), which can be shown to play an important role in minimizing the information that an eavesdropper can obtain from the network. The problem of obtaining the optimal security performance is in fact equivalent to the problem of obtaining a Network Maximum Distance Separable code. / Network coding is one of the most important breakthroughs in information theory in recent years. The theory gives rise to a new concept regarding the role of nodes in a communication network. Unlike in existing networks where the nodes act as switches, in the paradigm of network coding, every node in the network can act as an encoder for the incoming information. With this new infrastructure, it is possible to utilize the full capacity of the network where it is impossible to do so without network coding. In the seminar paper by Ahlswede et al. [1] where network coding was introduced, the achievability of the maxflow bound for every single source multicast network by using network coding was also proved. By further exploring the possibility of linear network coding, Cai and Yeung introduced the idea of error-correcting network coding and secure network coding in [7] and [8] respectively. These papers launched another two important research areas in the field of network coding. / Ngai, Chi Kin. / Adviser: Yqung Wai Ho. / Source: Dissertation Abstracts International, Volume: 70-06, Section: B, page: 3696. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2008. / Includes bibliographical references (leaves 122-128). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts in English and Chinese. / School code: 1307. Coding theory Computer networks--Security measures Information networks--Security measures
114	FADE: secure overlay cloud storage with access control and file assured deletion. / Secure overlay cloud storage with access control and file assured deletion January 2011 (has links) Tang, Yang. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2011. / Includes bibliographical references (p. 60-65). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Policy-based File Assured Deletion --- p.7 / Chapter 2.1 --- Background --- p.7 / Chapter 2.2 --- Policy-based Deletion --- p.9 / Chapter 3 --- Basic Design of FADE --- p.13 / Chapter 3.1 --- Entities --- p.13 / Chapter 3.2 --- Deployment --- p.15 / Chapter 3.3 --- "Security Goals, Threat Models, and Assumptions" --- p.16 / Chapter 3.4 --- The Basics - File Upload/Download --- p.18 / Chapter 3.5 --- Policy Revocation for File Assured Deletion --- p.23 / Chapter 3.6 --- Multiple Policies --- p.23 / Chapter 3.7 --- Policy Renewal --- p.25 / Chapter 4 --- Extensions of FADE --- p.27 / Chapter 4.1 --- Access Control with ABE --- p.27 / Chapter 4.2 --- Multiple Key Managers --- p.31 / Chapter 5 --- Implementation --- p.35 / Chapter 5.1 --- Representation of Metadata --- p.36 / Chapter 5.2 --- Client --- p.37 / Chapter 5.3 --- Key Managers --- p.38 / Chapter 6 --- Evaluation --- p.40 / Chapter 6.1 --- Experimental Results on Time Performance of FADE --- p.41 / Chapter 6.1.1 --- Evaluation of Basic Design --- p.42 / Chapter 6.1.2 --- Evaluation of Extensions --- p.46 / Chapter 6.2 --- Space Utilization of FADE --- p.49 / Chapter 6.3 --- Cost Model --- p.51 / Chapter 6.4 --- Lessons Learned --- p.53 / Chapter 7 --- Related Work --- p.54 / Chapter 8 --- Conclusions --- p.58 / Bibliography --- p.60 Cloud computing--Security measures File organization (Computer science) Computer networks--Security measures
115	On web security: a trusted notification system. January 2011 (has links) Tse, Kai Shun Scottie. / "December 2010." / Thesis (M.Phil.)--Chinese University of Hong Kong, 2011. / Includes bibliographical references (p. 52-54). / Abstracts in English and Chinese. / Abstract --- p.ii / Acknowledgements --- p.iii / List of Figures --- p.vi / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Web 2.0 --- p.2 / Chapter 1.2 --- Research Motivation --- p.2 / Chapter 2 --- Background Study on Web Attacks --- p.4 / Chapter 2.1 --- Cross Site Scripting (XSS) --- p.5 / Chapter 2.2 --- Cross Channel Scripting (XCS) --- p.6 / Chapter 2.3 --- Cross Site Request Forgery (CSRF) --- p.6 / Chapter 2.4 --- Click Jacking --- p.7 / Chapter 2.5 --- Extension and plugins vulnerabilities --- p.8 / Chapter 2.6 --- Privacy Issue --- p.10 / Chapter 2.7 --- Network security --- p.12 / Chapter 2.8 --- Developer implementation flaw --- p.13 / Chapter 2.9 --- Chapter Summary --- p.15 / Chapter 3 --- Defenses on Web Attacks --- p.17 / Chapter 3.1 --- Same Origin Policy --- p.17 / Chapter 3.2 --- Filtering mechanism --- p.18 / Chapter 3.2.1 --- Client-side filtering --- p.18 / Chapter 3.2.2 --- Server-side filtering --- p.19 / Chapter 3.3 --- XSS Defenses --- p.20 / Chapter 3.4 --- CSRF Defenses --- p.22 / Chapter 3.5 --- Browser warnings --- p.23 / Chapter 3.6 --- Chapter Summary --- p.24 / Chapter 4 --- On web communication --- p.26 / Chapter 4.1 --- On cross domain communication --- p.26 / Chapter 4.1.1 --- HTML5 --- p.26 / Chapter 4.1.2 --- Flash 10 --- p.28 / Chapter 4.1.3 --- Extended studys crossdomain.xml of Flash --- p.29 / Chapter 4.2 --- On cross frame communication --- p.32 / Chapter 4.3 --- Trusted Notification System --- p.35 / Chapter 4.3.1 --- Assumptions --- p.35 / Chapter 4.3.2 --- Implementation Issues --- p.35 / Chapter 4.3.3 --- Information flow --- p.37 / Chapter 4.3.4 --- Features --- p.38 / Chapter 4.3.4.1 --- Counter fake --- p.38 / Chapter 4.3.4.2 --- Plug and play --- p.38 / Chapter 4.3.4.3 --- Mitigate future attacks --- p.39 / Chapter 4.3.4.4 --- Session persist after logout --- p.39 / Chapter 4.3.4.5 --- Follow the standards --- p.40 / Chapter 4.3.5 --- Related works --- p.40 / Chapter 4.4 --- Chapter Summary --- p.41 / Chapter 5 --- Conclusion --- p.43 / Chapter 5.1 --- Contributions --- p.43 / Chapter 5.2 --- Discussions and future work --- p.44 / Chapter A --- Non-persistent XSS attack on Horde --- p.45 / Chapter B --- Data tampering attack on facebook application --- p.50 / Bibliography --- p.52 Web sites--Security measures World Wide Web--Security measures Computer security
116	Asymmetric reversible parametric sequences approach to design a multi-key secure multimedia proxy: theory, design and implementation. January 2003 (has links) Yeung Siu Fung. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2003. / Includes bibliographical references (leaves 52-53). / Abstracts in English and Chinese. / Abstract --- p.ii / Acknowledgement --- p.v / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Multi-Key Encryption Theory --- p.7 / Chapter 2.1 --- Reversible Parametric Sequence --- p.7 / Chapter 2.2 --- Implementation of ARPSf --- p.11 / Chapter 3 --- Multimedia Proxy: Architectures and Protocols --- p.16 / Chapter 3.1 --- Operations to Request and Cache Data from the Server --- p.16 / Chapter 3.2 --- Operations to Request Cached Data from the Multimedia Proxy --- p.18 / Chapter 3.3 --- Encryption Configuration Parameters (ECP) --- p.19 / Chapter 4 --- Extension to multi-level proxy --- p.24 / Chapter 5 --- Secure Multimedia Library (SML) --- p.27 / Chapter 5.1 --- Proxy Pre-fetches and Caches Data --- p.27 / Chapter 5.2 --- Client Requests Cached Data From the Proxy --- p.29 / Chapter 6 --- Implementation Results --- p.31 / Chapter 7 --- Related Work --- p.40 / Chapter 8 --- Conclusion --- p.42 / Chapter A --- Function Prototypes of Secure Multimedia Library (SML) --- p.44 / Chapter A.1 --- CONNECTION AND AUTHENTICATION --- p.44 / Chapter A.1.1 --- Create SML Session --- p.44 / Chapter A.1.2 --- Public Key Manipulation --- p.44 / Chapter A.1.3 --- Authentication --- p.45 / Chapter A.1.4 --- Connect and Accept --- p.46 / Chapter A.1.5 --- Close Connection --- p.47 / Chapter A.2 --- SECURE DATA TRANSMISSION --- p.47 / Chapter A.2.1 --- Asymmetric Reversible Parametric Sequence and En- cryption Configuration Parameters --- p.47 / Chapter A.2.2 --- Bulk Data Encryption and Decryption --- p.48 / Chapter A.2.3 --- Entire Data Encryption and Decryption --- p.49 / Chapter A.3 --- Secure Proxy Architecture --- p.49 / Chapter A.3.1 --- Proxy-Server Connection --- p.49 / Chapter A.3.2 --- ARPS and ECP --- p.49 / Chapter A.3.3 --- Initial Sever Encryption --- p.50 / Chapter A.3.4 --- Proxy Re-Encryption --- p.51 / Chapter A.3.5 --- Client Decryption --- p.51 / Bibliography --- p.52 Data encryption (Computer science) Computer networks--Security measures Web servers--Security measures Multimedia systems
117	The institutionalisation of an information security culture in a petroleum organisation in the Western Cape Michiel, Michael January 2018 (has links) Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2018. / In today’s world, organisations cannot exist without having information readily available. The protection of information relies not only on technology but also on the behaviour of employees. The failure to institutionalise an information security culture inside an organisation will cause the continued occurrence of security breaches. The aim of the research is to explore how an information security culture can be institutionalised within a petroleum organisation in the Western Cape. The primary research question is posed as follows: “What are the factors affecting the institutionalisation of an information security culture?” To answer the research question, a study was conducted at a petroleum organisation in the Western Cape. A subjectivist ontological and interpretivist epistemological stance has been adopted and an inductive research approach was followed. The research strategy was a case study. Data for this study were gathered through interviews (12 in total) using semi-structured questionnaires. The data collected were transcribed, summarised, and categorised to provide a clear understanding of the data. For this study, twenty-four findings and seven themes were identified. The themes are: i) user awareness training and education; ii) user management; iii) compliance and monitoring; iv) change management; v) process simplification; vi) communication strategy; and vii) top management support. Guidelines are proposed, comprising four primary components. Ethical clearance to conduct the study was obtained from the Ethics committee of CPUT and permission to conduct the study was obtained from the Chief Information Officer (CIO) of the petroleum organisation. The findings point to collaboration between employees, the Information Security department, and management in order to institute a culture of security inside the organisation. Corporations -- Security measures Computer security Corporate culture Security systems
118	MODELING AND SECURITY IN CLOUD AND RELATED ECOSYSTEMS Unknown Date (has links) Software systems increasingly interact with each other, forming ecosystems. Cloud is one such ecosystem that has evolved and enabled other technologies like IoT and containers. Such systems are very complex and heterogeneous because their components can have diverse origins, functions, security policies, and communication protocols, which makes it difficult to comprehend, utilize and consequently secure them. Abstract architectural models can be used to handle this complexity and heterogeneity but there is lack of work on precise, implementation/vendor neutral and holistic models which represent ecosystem components and their mutual interactions. We attempted to find similarities in systems and generalize to create abstract models for adding security. We represented the ecosystem as a Reference architecture (RA) and the ecosystem units as patterns. We started with a pattern diagram which showed all the components involved along with their mutual interactions and dependencies. We added components to the already existent Cloud security RA (SRA). Containers, being relatively new virtualization technology, did not have a precise and holistic reference architecture. We have built a partial RA for containers by identifying and modeling components of the ecosystem. Container security issues were identified from the literature as well as analysis of our patterns. We added corresponding security countermeasures to container RA as security patterns to build a container SRA. Finally, using container SRA as an example, we demonstrated an approach for RA validation. We have also built a composite pattern for fog computing that is an intermediate platform between Cloud and IoT devices. We represented an attack, Distributed Denial of Service (DDoS) using IoT devices, in the form of a misuse pattern which explains it from the attacker’s perspective. We found this modelbased approach useful to build RAs in a flexible and incremental way as components can be identified and added as the ecosystems expand. This provided us better insight to analyze security issues across boundaries of individual ecosystems. A unified, precise and holistic view of the system is not just useful for adding or evaluating security, this approach can also be used to ensure compliance, privacy, safety, reliability and/or governance for cloud and related ecosystems. This is the first work we know of where patterns and RAs are used to represent ecosystems and analyze their security. / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2019. / FAU Electronic Theses and Dissertations Collection Software ecosystems Cloud computing--Security measures Internet of things Software architecture--Security measures Computer modeling
119	IEEE 802.11 wireless LAN traffic analysis: a cross-layer approach Na, Chen 28 August 2008 (has links) Not available / text IEEE 802.11 (Standard) Wireless LANs--Security measures
120	Investigation of a router-based approach to defense against Distributed Denial-of-Service (DDoS) attack Chan, Yik-Kwan, Eric., 陳奕鈞. January 2004 (has links) published_or_final_version / abstract / toc / Computer Science and Information Systems / Master / Master of Philosophy Internet - Security measures. Computer networks - Security measures.

Search results