• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 23
  • 17
  • 6
  • 4
  • 3
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 147
  • 147
  • 78
  • 28
  • 25
  • 25
  • 24
  • 22
  • 21
  • 21
  • 21
  • 21
  • 20
  • 17
  • 16
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
21

TOWARDS TRUSTWORTHY ON-DEVICE COMPUTATION

Heejin Park (12224933) 20 April 2022 (has links)
<div>Driven by breakthroughs in mobile and IoT devices, on-device computation becomes promising. Meanwhile, there is a growing concern over its security: it faces many threats</div><div>in the wild, while not supervised by security experts; the computation is highly likely to touch users’ privacy-sensitive information. Towards trustworthy on-device computation, we present novel system designs focusing on two key applications: stream analytics, and machine learning training and inference.</div><div><br></div><div>First, we introduce Streambox-TZ (SBT), a secure stream analytics engine for ARM-based edge platforms. SBT contributes a data plane that isolates only analytics’ data and</div><div>computation in a trusted execution environment (TEE). By design, SBT achieves a minimal trusted computing base (TCB) inside TEE, incurring modest security overhead.</div><div><br></div><div>Second, we design a minimal GPU software stack (50KB), called GPURip. GPURip allows developers to record GPU computation ahead of time, which will be replayed later</div><div>on client devices. In doing so, GPURip excludes the original GPU stack from run time eliminating its wide attack surface and exploitable vulnerabilities.</div><div><br></div><div>Finally, we propose CoDry, a novel approach for TEE to record GPU computation remotely. CoDry provides an online GPU recording in a safe and practical way; it hosts GPU stacks in the cloud that collaboratively perform a dryrun with client GPU models. To overcome frequent interactions over a wireless connection, CoDry implements a suite of key optimizations.</div>
22

Dependable Wearable Systems

Edgardo A Barsallo Yi (11656702) 09 December 2021 (has links)
<div>As wearable devices, like smartwatches and fitness monitors, gain popularity and are being touted for clinical purposes, evaluating the resilience and security of wearable operating systems (OSes) and their corresponding ecosystems becomes essential. One of the most dominant OSes for wearable devices is Wear OS, created by Google. Wear OS and Android (its counterpart OS for mobile devices) share similar features, but the unique characteristics and uses of wearable devices posses new challenges. For example, wearable applications are generally more dependent on device sensors, have complex communication patterns (both intra-device and inter-device), and are context-aware. Current research efforts on the Wear OS are more focused on the efficiency and performance of the OS itself, overlooking the resilience or security of the OS or its ecosystem.</div><div> </div><div>This dissertation introduces a systematic analysis to evaluate the Wear OS's resilience and security. The work is divided into two main parts. First, we focus our efforts on developing novel tools to evaluate the robustness of the wearable OS and uncover vulnerabilities and failures in the wearable ecosystem. We provide an assessment and propose techniques to improve the system's overall reliability. Second, we turn our attention to the security and privacy of smart devices. We assess the privacy and security of highly interconnected devices. We demonstrate the feasibility of privacy attacks under these scenarios and propose a defense mechanism to mitigate these attacks.</div><div> </div><div>For the resilience part, we evaluate the overall robustness of the Wear OS ecosystem using a fuzz testing-based tool [DSN2018]. We perform an extensive fault injection study by mutating inter-process communication messages and UI events on a set of popular wearable and mobile applications. The results of our study show similarities in the root cause of failures between Wear OS and Android; however, the distribution of exception differ in both OSes. Further, our study evidence that input validation has improved in the Android ecosystem with respect to prior studies. Then, we study the impact of the state of a wearable device on the overall reliability of the applications running in Wear OS [MobiSys2020]. We use distinguishable characteristics of wearable apps, such as sensor activation and mobile-wearable communication patterns, to derive a state model and use this model to target specific fuzz injection campaigns against a set of popular wearable apps. Our experiments revealed an abundance of improper exception handling on wearable applications and error propagation across mobile and wearable devices. Furthermore, our results unveiled a flawed design of the wearable OS, which caused the device to reboot due to excessive sensor use.</div><div><br></div><div>For the security and privacy part, we assess user awareness toward privacy risks under scenarios with multiple interconnected devices. Our results show that a significant majority of the users have no reservation while granting permission to their devices. Furthermore, users tend to be more conservative while granting permission on their wearables. Based on the results of our study, we demonstrate the practicability of leaking sensitive information inferred from the user by orchestrating an attack using multiple devices. Finally, we introduce a tool based on NLP (Natural Language Processing) techniques that can aid the user in detecting this type of attack.</div>
23

Information System Security Commitment: A Study of External Influences on Senior Management

Barton, Kevin Andrew 12 November 2014 (has links)
This dissertation investigated how senior management is motivated to commit to information system security (ISS). Research shows senior management participation is critical to successful ISS, but has not explained how senior managers are motivated to participate in ISS. Information systems research shows pressures external to the organization have greater influence on senior managers than internal pressures. However, research has not fully examined how external pressures motivate senior management participation in ISS. This study addressed that gap by examining how external pressures motivate senior management participation in ISS through the lens of neo-institutional theory. The research design was survey research. Data collection was through an online survey, and PLS was used for data analysis. Sample size was 167 from a study population of small- and medium-sized organizations in a mix of industries in the south-central United States. Results supported three of six hypotheses. Mimetic mechanisms were found to influence senior management belief in ISS, and senior management belief in ISS was found to increase senior management participation in ISS. Greater senior management participation in ISS led to greater ISS assimilation in organizations. Three hypotheses were not supported. Correlation was not found between normative influences and senior management belief, normative influences and senior management participation, and coercive influences and senior management participation. Limitations with the study included a high occurrence of weak effect sizes on relationships within the model and heterogeneity based on industry, organization size, and regulatory requirements in the sample. This study contributes to ISS research by providing a theoretical model to explain how external influences contribute to senior management belief and participation in ISS, and ultimately ISS assimilation in organizations. Empirical evidence supports the mediating role by senior management between external influences and ISS assimilation. The findings also suggest some limitations that may exist with survey research in this area. This study benefits practitioners in three ways. First, it reinforces the argument that senior management support is critical to ISS success. Second, it extends understanding of senior management's role with ISS by explaining how IS and ISS management might nurture senior management belief and participation in ISS through industry groups and business partnerships. Third, the results inform government regulators and industry groups how they can supplement regulatory pressures with educational and awareness campaigns targeted at senior management to improve senior management commitment to ISS.
24

Data security aspects of a debit card system

Botha, Jacobus Theron 17 August 2016 (has links)
A project report submitted to the Faculty of Engineering, University of the Witwatersrand, Johannesburg in partial fulfilment of the requirements for the degree of Master of Science in Engineering. Johannesburg 1990 / A debit-card is a form of payment, The card is pre-charged with a value, monetary or otherwise, before distribution to the user, and is therefore a pre-payment card . It is then 'used up, its value being decremented until it is valueless. At this point, it is either discarded or re-charged by the administration authority, It is distinct from a credit card, which provides a post-payment facility. The aim of this project is to investigate the security aspects of a debit-card reader system for use as an unattended fee-collecting subsystem in such applications as public telephones, parking meters and vending machines. Card technology and attributes of debit card systems are discussed, an overview of cryptology is given, and an implementation of a magnetic card system is described.
25

Retrowrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization

Sushant Dinesh (6640856) 10 June 2019 (has links)
<div>End users of closed-source software currently cannot easily analyze the security</div><div>of programs or patch them if flaws are found. Notably, end users can include devel</div><div>opers who use third party libraries. The current state of the art for coverage-guided</div><div>binary fuzzing or binary sanitization is dynamic binary translation, which results</div><div>in prohibitive overhead. Existing static rewriting techniques cannot fully recover</div><div>symbolization information, and so have difficulty modifying binaries to track code</div><div>coverage for fuzzing or add security checks for sanitizers.</div><div>The ideal solution for adding instrumentation is a static rewriter that can intel</div><div>ligently add in the required instrumentation as if it were inserted at compile time.</div><div>This requires analysis to statically disambiguate between references and scalars, a</div><div>problem known to be undecidable in the general case. We show that recovering this</div><div>information is possible in practice for the most common class of software and li</div><div>braries: 64 bit, position independent code. Based on our observation, we design a</div><div>binary-rewriting instrumentation to support American Fuzzy Lop (AFL) and Address</div><div>Sanitizer (ASan), and show that we achieve compiler levels of performance, while re</div><div>taining precision. Binaries rewritten for coverage-guided fuzzing using RetroWrite</div><div>are identical in performance to compiler-instrumented binaries and outperforms the</div><div>default QEMU-based instrumentation by 7.5x while triggering more bugs. Our im</div><div>plementation of binary-only Address Sanitizer is 3x faster than Valgrind memcheck,</div><div>the state-of-the-art binary-only memory checker, and detects 80% more bugs in our</div><div>security evaluation.</div>
26

Security techniques for drones

Jongho Won (5930405) 10 June 2019 (has links)
<div>Unmanned Aerial Vehicles (UAVs), commonly known as drones, are aircrafts without a human pilot aboard. The flight of drones can be controlled with a remote control by an operator located at the ground station, or fully autonomously by onboard computers. Drones are mostly found in the military. However, over the recent years, they have attracted the interest of industry and civilian sectors. <br></div><div>With the recent advance of sensor and embedded device technologies, various sensors will be embedded in city infrastructure to monitor various city-related information. In this context, drones can be effectively utilized in many safety-critical applications for collecting data from sensors on the ground and transmitting configuration instructions or task requests to these sensors.</div><div> <br></div><div>However, drones, like many networked devices, are vulnerable to cyber and physical attacks.<br></div><div>Challenges for secure drone applications can be divided in four aspects: 1) securing communication between drones and sensors, 2) securing sensor localization when drones locate sensors, 3) providing secure drone platforms to protect sensitive data against physical capture attacks and detect modifications to drone software, and 4) protecting secret keys in drones under white-box attack environments.<br></div><div> <br></div><div>To address the first challenge, a suite of cryptographic protocols is proposed. The protocols are based on certificateless cryptography and support authenticated key agreement, non-repudiation and user revocation. To minimize the energy required by a drone, a dual channel strategy is introduced.<br></div><div>To address the second challenge, a drone positioning strategy and a technique that can filter out malicious location references are proposed.<br></div><div>The third challenge is addressed by a solution integrating techniques for software-based attestation and data encryption.<br></div><div>For attestation, free memory spaces are filled with pseudo-random numbers, which are also utilized to encrypt data collected by the drone like a stream cipher.<br></div>A dynamic white-box encryption scheme is proposed to address the fourth challenge. Short secret key are converted into large look-up tables and the tables are periodically shuffled by a shuffling mechanism which is secure against white-box attackers.
27

Privacy-Enhancing Techniques for Data Analytics

Fang-Yu Rao (6565679) 10 June 2019 (has links)
<div> <div> <div> <p>Organizations today collect and aggregate huge amounts of data from individuals under various scenarios and for different purposes. Such aggregation of individuals’ data when combined with techniques of data analytics allows organizations to make informed decisions and predictions. But in many situations, different portions of the data associated with individuals are collected and curated by different organizations. To derive more accurate conclusions and predictions, those organization may want to conduct the analysis based on their joint data, which cannot be simply accomplished by each organization exchanging its own data with other organizations due to the sensitive nature of data. Developing approaches for collaborative privacy-preserving data analytics, however, is a nontrivial task. At least two major challenges have to be addressed. The first challenge is that the security of the data possessed by each organization should always be properly protected during and after the collaborative analysis process, whereas the second challenge is the high computational complexity usually accompanied by cryptographic primitives used to build such privacy-preserving protocols. </p><p><br></p><p> </p><div> <div> <div> <p>In this dissertation, based on widely adopted primitives in cryptography, we address the aforementioned challenges by developing techniques for data analytics that not only allow multiple mutually distrustful parties to perform data analysis on their joint data in a privacy-preserving manner, but also reduce the time required to complete the analysis. More specifically, using three common data analytics tasks as concrete examples, we show how to construct the respective privacy-preserving protocols under two different scenarios: (1) the protocols are executed by a collaborative process only involving the participating parties; (2) the protocols are outsourced to some service providers in the cloud. Two types of optimization for improving the efficiency of those protocols are also investigated. The first type allows each participating party access to a statistically controlled leakage so as to reduce the amount of required computation, while the second type utilizes the parallelism that could be incorporated into the task and pushes some computation to the offline phase to reduce the time needed for each participating party without any additional leakage. Extensive experiments are also conducted on real-world datasets to demonstrate the effectiveness of our proposed techniques.<br></p> <p> </p> </div> </div> </div> </div> </div> </div>
28

The analysis of UWB radar system for microwave imaging application

Li, Lei January 2015 (has links)
Many research groups have conducted the investigation into UWB imaging radar system for various applications over the last decade. Due to the demanding security requirements, it is desirable to devise a convenient and reliable imaging system for concealed weapon detection. Therefore, this thesis presents my research into a low cost and compact UWB imaging radar system for security purpose. This research consists of two major parts: building the UWB imaging system and testing the imaging algorithms. Firstly, the time-domain UWB imaging radar system is developed based on a modulating scheme, achieving a receiver sensitivity of -78dBm and a receiver dynamic range of 69dB. A rotary UWB antenna linear array, comprising one central transmitting antenna and four side-by-side receiving antennas, is adopted to form 2D array in order to achieve a better cross-range resolution of the target. In operation, the rotation of the antenna array is automatically controlled through the computerised modules in LabVIEW. Two imaging algorithms have been extensively tested in the developed UWB radar system for a number of scenarios. In simulation, the “Delay and Sum (DAS)” method has been shown to be effective at mapping out the metallic targets in free space, but prone to errors in more complicated environments. However, the “Time Reversal (TR)” method can produce better images in more complex scenarios, where traditionally unfavorable multi-path interference becomes a valuable asset. These observations were verified in experiment in different testing environments, such as penetration through wooden boards, clutters and a stuffed sport bag. The detectable size of a single target is 8×8×1 cm3 with 30cm distance in a stuffed bag, while DAS can achieve the estimation of 7cm cross-range resolution and 15cm down-range resolution for two targets with sizes of 8×8×1 cm3 and 10×10×1 cm3, which fits within the theoretical prediction. In contrast, TR can distinguish them with a superior 4cm cross range resolution.
29

Side Channel Leakage Analysis - Detection, Exploitation and Quantification

Ye, Xin 27 January 2015 (has links)
Nearly twenty years ago the discovery of side channel attacks has warned the world that security is more than just a mathematical problem. Serious considerations need to be placed on the implementation and its physical media. Nowadays the ever-growing ubiquitous computing calls for in-pace development of security solutions. Although the physical security has attracted increasing public attention, side channel security remains as a problem that is far from being completely solved. An important problem is how much expertise is required by a side channel adversary. The essential interest is to explore whether detailed knowledge about implementation and leakage model are indispensable for a successful side channel attack. If such knowledge is not a prerequisite, attacks can be mounted by even inexperienced adversaries. Hence the threat from physical observables may be underestimated. Another urgent problem is how to secure a cryptographic system in the exposure of unavoidable leakage. Although many countermeasures have been developed, their effectiveness pends empirical verification and the side channel security needs to be evaluated systematically. The research in this dissertation focuses on two topics, leakage-model independent side channel analysis and security evaluation, which are described from three perspectives: leakage detection, exploitation and quantification. To free side channel analysis from the complicated procedure of leakage modeling, an observation to observation comparison approach is proposed. Several attacks presented in this work follow this approach. They exhibit efficient leakage detection and exploitation under various leakage models and implementations. More importantly, this achievement no longer relies on or even requires precise leakage modeling. For the security evaluation, a weak maximum likelihood approach is proposed. It provides a quantification of the loss of full key security due to the presence of side channel leakage. A constructive algorithm is developed following this approach. The algorithm can be used by security lab to measure the leakage resilience. It can also be used by a side channel adversary to determine whether limited side channel information suffices the full key recovery at affordable expense.
30

Measuring the State of Indiana's Cybersecurity

James E. Lerums (5929946) 16 January 2019 (has links)
<p>This dissertation introduces a scorecard to enable the State of Indiana to measure the cybersecurity of its public and private critical infrastructure and key resource sector organizations. The scorecard was designed to be non-threatening and understandable so that even small organizations without cybersecurity expertise can voluntarily self-asses their cybersecurity strength and weaknesses. The scorecard was also intended to enable organizations to learn, so that they may identify and self-correct their cybersecurity vulnerabilities. The scorecard provided quantifiable feedback to enable organizations to benchmark their initial status and measure their future progress.</p><p><br></p><p>Using the scorecard, the Indiana Executive Council for Cybersecurity launched a Pilot to measure cybersecurity of large, medium, and small organizations across eleven critical infrastructure and key resources sectors. This dissertation presents the analysis and results from scorecard data provided by the Pilot group of 56 organizations. The cybersecurity scorecard developed as part of this dissertation has been included in the Indiana Cybersecurity Strategy Plan published September 21, 2018.</p><p></p>

Page generated in 0.0912 seconds