Global ETD Search

61	A secure, payment-based email delivery system Deng, Ni 01 January 2005 (has links) The purpose of this project is to design, build and implement a secure, payment-based email delivery system that provides privacy and reduces spam. Electronic mail systems Design Electronic funds transfers Spam (Electronic mail) Web sites Design Electronic funds transfers Electronic mail systems Design Spam (Electronic mail) Web sites Design. Databases and Information Systems E-Commerce
62	Shaping Strategic Information Systems Security Initiatives in Organizations Tejay, Gurvirender 09 May 2008 (has links) Strategic information systems security initiatives have seldom been successful. The increasing complexity of the business environment in which organizational security must be operationalized presents challenges. There has also been a problem with understanding the patterns of interactions among stakeholders that lead to instituting such an initiative. The overall aim of this research is to enhance understanding of the issues and concerns in shaping strategic information systems security initiative. To be successful, a proper undertaking of the content, context and process of the formulation and institutionalization of a security initiative is essential. It is also important to align the interconnections between these three key components. In conducting the argument, this dissertation analyzes information systems security initiatives in two large government organizations – Information Technology Agency and Department of Transportation. The research methodology adopts an interpretive approach of inquiry. Findings from the case studies show that the strategic security initiative should be harmonious with the cultural continuity of an organization rather than significantly changing the existing opportunity and constraint structures. The development of security cultural resources like security policy may be used as a tool for propagating a secure view of the social world. For secure organizational transformation, one must consider the organizational security structure, knowledgeability of agents in perceiving secure organizational posture, and global security catalysts (such as establishing trust relations and security related institutional reflexivity). The inquiry indicates that strategic security change would be successful in an organization if developed and implemented in a brief yet quantum leap adopting an emergent security strategy in congruence with organizational security values. Information systems security Cultural analysis Contextualism Interpretive case study Structuration theory Action analysis Business Management Information Systems
63	Institutionalization of Information Security: Case of the Indonesian Banking Sector Nasution, Muhamad Faisal Fariduddin Attar 10 May 2012 (has links) This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information security governance and practices become institutionalized through social integration of routines and system integration of relevant technologies. The objective is to develop an understanding of how information security governance and practices in the Indonesian banking sector become institutionalized. Such objective is built on an argument that information security governance and practices become institutionalized through social integration of routines and system integration of relevant technologies. Pursuing this study is necessary to conceptualize the incorporation of security governance and practices as routines, the impact of security breaches on such routines, and the effects of a central governing body on such routines altogether. Accordingly, the concept of institutionalization is developed using Barley and Tolbert’s (1997) combination of institutional theory and structuration theory to explain the internalization of security governance and practices at an organizational level. Scott’s (2008) multilevel institutional processes based on institutional theory is needed to elaborate security governance and practices in an organization-to-organization context. The research design incorporates the interpretive case-study method to capture communicative interactions among respondents. Doing so provides answers to the following research questions: (1) how institutions internalize information security governance and practices, (2) how an external governing body affects the institutionalization of information security governance and practices in institutions, and (3) how security breaches re-institutionalize information security governance and practices in institutions. Several important findings include the habitualized security routines, information stewardship, and institutional relationship in information-security context. This study provides contributions to the body of literature, such as depicting how information security becomes internalized in an organization and the interaction among organizations engaged in implementing information security. Information Systems Security Information Security Governance Institutionalization Institutional Theory Structuration Theory Banking Sector Business Management Information Systems
64	INFERENCE OF RESIDUAL ATTACK SURFACE UNDER MITIGATIONS Kyriakos K Ispoglou (6632954) 14 May 2019 (has links) <div>Despite the broad diversity of attacks and the many different ways an adversary can exploit a system, each attack can be divided into different phases. These phases include the discovery of a vulnerability in the system, its exploitation and the achieving persistence on the compromised system for (potential) further compromise and future access. Determining the exploitability of a system –and hence the success of an attack– remains a challenging, manual task. Not only because the problem cannot be formally defined but also because advanced protections and mitigations further complicate the analysis and hence, raise the bar for any successful attack. Nevertheless, it is still possible for an attacker to circumvent all of the existing defenses –under certain circumstances.</div><div><br></div><div>In this dissertation, we define and infer the Residual Attack Surface on a system. That is, we expose the limitations of the state-of-the-art mitigations, by showing practical ways to circumvent them. This work is divided into four parts. It assumes an attack with three phases and proposes new techniques to infer the Residual Attack Surface on each stage.</div><div><br></div><div>For the first part, we focus on the vulnerability discovery. We propose FuzzGen, a tool for automatically generating fuzzer stubs for libraries. The synthesized fuzzers are target specific, thus resulting in high code coverage. This enables developers to expose and fix vulnerabilities (that reside deep in the code and require initializing a complex state to trigger them), before they can be exploited. We then move to the vulnerability exploitation part and we present a novel technique called Block Oriented Programming (BOP), that automates data-only attacks. Data-only attacks defeat advanced control-flow hijacking defenses such as Control Flow Integrity. Our framework, called BOPC, maps arbitrary exploit payloads into execution traces and encodes them as a set of memory writes. Therefore an attacker’s intended execution “sticks” to the execution flow of the underlying binary and never departs from it. In the third part of the dissertation, we present an extension of BOPC that presents some measurements that give strong indications of what types of exploit payloads are not possible to execute. Therefore, BOPC enables developers to test what data an attacker would compromise and enables evaluation of the Residual Attack Surface to assess an application’s risk. Finally, for the last part, which is to achieve persistence on the compromised system, we present a new technique to construct arbitrary malware that evades current dynamic and behavioral analysis. The desired malware is split into hundreds (or thousands) of little pieces and each piece is injected into a different process. A special emulator coordinates and synchronizes the execution of all individual pieces, thus achieving a “distributed execution” under multiple address spaces. malWASH highlights weaknesses of current dynamic and behavioral analysis schemes and argues for full-system provenance.</div><div><br></div><div>Our envision is to expose all the weaknesses of the deployed mitigations, protections and defenses through the Residual Attack Surface. That way, we can help the research community to reinforce the existing defenses, or come up with new, more effective ones.</div> Applied Computer Science systems security attack surface binary analysis binary exploitation stealthy malware fuzzing whole system analysis
65	An image encryption system based on two-dimensional quantum random walks Li, Ling Feng January 2018 (has links) University of Macau / Faculty of Science and Technology. / Department of Computer and Information Science Image processing -- Security measures Data encryption (Computer science) Random walks (Mathematics) Quantum theory -- Mathematics
66	Physical Layer Security of Wireless Transmissions Over Fading Channels Unknown Date (has links) The open nature of the wireless medium makes the wireless communication susceptible to eavesdropping attacks. In addition, fading and shadowing significantly degrade the performance of the communication system in the wireless networks. A versatile approach to circumvent the issues of eavesdropping attacks while exploiting the physical properties of the wireless channel is the so-called physical layer-security. In this work, we consider a model in which two legitimate users communicate in the presence of an eavesdropper. We investigate the performance of the wireless network at the physical layer that is subject to a variety of fading environments that may be modeled by the Rayleigh, Nakagami-m, and Generalized-K distributions, to mention a few. We use the secrecy outage probability (SOP) as the standard performance metrics to study the performance of the wireless networks. We propose two different approaches to compute the secrecy outage probability, and derive explicit expressions for the secrecy outage probability that allow us to characterize the performance of the wireless networks. Specifically, we use a direct integration approach as well as a Taylor series base approach to evaluate the secrecy outage probability. Finally, we use computer simulations, based on MATLAB, to confirm the analytical results. / Includes bibliography. / Thesis (M.S.)--Florida Atlantic University, 2016. / FAU Electronic Theses and Dissertations Collection Data encryption (Computer science) Internetworking (Telecommunication) Radio wave propagation
67	Event detection in surveillance video Unknown Date (has links) Digital video is being used widely in a variety of applications such as entertainment, surveillance and security. Large amount of video in surveillance and security requires systems capable to processing video to automatically detect and recognize events to alleviate the load on humans and enable preventive actions when events are detected. The main objective of this work is the analysis of computer vision techniques and algorithms used to perform automatic detection of events in video sequences. This thesis presents a surveillance system based on optical flow and background subtraction concepts to detect events based on a motion analysis, using an event probability zone definition. Advantages, limitations, capabilities and possible solution alternatives are also discussed. The result is a system capable of detecting events of objects moving in opposing direction to a predefined condition or running in the scene, with precision greater than 50% and recall greater than 80%. / by Ricardo Augusto Castellanos Jimenez. / Thesis (M.S.C.S.)--Florida Atlantic University, 2010. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2010. Mode of access: World Wide Web. Computer systems--Security measures Image processing--Digital techniques Imaging systems--Mathematical models Pattern recognition systems Computer vision Digital video
68	Secure mobile radio communication over narrowband RF channel. January 1992 (has links) by Wong Chun Kau, Jolly. / Thesis (M.Phil.)--Chinese University of Hong Kong, 1992. / Includes bibliographical references (leaves 84-88). / ABSTRACT --- p.1 / ACKNOWLEDGEMENT --- p.3 / Chapter 1. --- INTRODUCTION --- p.7 / Chapter 1.1 --- Land Mobile Radio (LMR) Communications / Chapter 1.2 --- Paramilitary Communications Security / Chapter 1.3 --- Voice Scrambling Methods / Chapter 1.4 --- Digital Voice Encryption / Chapter 1.5 --- Digital Secure LMR / Chapter 2. --- DESIGN GOALS --- p.20 / Chapter 2.1 --- System Concept and Configuration / Chapter 2.2 --- Operational Requirements / Chapter 2.2.1 --- Operating conditions / Chapter 2.2.2 --- Intelligibility and speech quality / Chapter 2.2.3 --- Field coverage and transmission delay / Chapter 2.2.4 --- Reliability and maintenance / Chapter 2.3 --- Functional Requirements / Chapter 2.3.1 --- Major system features / Chapter 2.3.2 --- Cryptographic features / Chapter 2.3.3 --- Phone patch facility / Chapter 2.3.4 --- Mobile data capability / Chapter 2.4 --- Bandwidth Requirements / Chapter 2.5 --- Bit Error Rate Requirements / Chapter 3. --- VOICE CODERS --- p.38 / Chapter 3.1 --- Digital Speech Coding Methods / Chapter 3.1.1 --- Waveform coding / Chapter 3.1.2 --- Linear predictive coding / Chapter 3.1.3 --- Sub-band coding / Chapter 3.1.4 --- Vocoders / Chapter 3.2 --- Performance Evaluation / Chapter 4. --- CRYPTOGRAPHIC CONCERNS --- p.52 / Chapter 4.1 --- Basic Concepts and Cryptoanalysis / Chapter 4.2 --- Digital Encryption Techniques / Chapter 4.3 --- Crypto Synchronization / Chapter 4.3.1 --- Auto synchronization / Chapter 4.3.2 --- Initial synchronization / Chapter 4.3.3 --- Continuous synchronization / Chapter 4.3.4 --- Hybrid synchronization / Chapter 5. --- DIGITAL MODULATION --- p.63 / Chapter 5.1 --- Narrowband Channel Requirements / Chapter 5.2 --- Narrowband Digital FM / Chapter 5.3 --- Performance Evaluation / Chapter 6. --- SYSTEM IMPLEMENTATION --- p.71 / Chapter 6.1 --- Potential EMC Problems / Chapter 6.2 --- Frequency Planning / Chapter 6.3 --- Key Management / Chapter 6.4 --- Potential Electromagnetic Compatibility (EMC) Problems / Chapter 7. --- CONCLUSION --- p.80 / LIST OF ILLUSTRATIONS --- p.81 / REFERENCES --- p.82 / APPENDICES --- p.89 / Chapter I. --- Path Propagation Loss(L) Vs Distance (d) / Chapter II. --- Speech Quality Assessment Tests performed / by Special Duties Unit (SDU) Radio frequency modulation, Narrow-band Mobile radio stations
69	Security Architecture and Protocols for Overlay Network Services Srivatsa, Mudhakar 16 May 2007 (has links) Conventional wisdom suggests that in order to build a secure system, security must be an integral component in the system design. However, cost considerations drive most system designers to channel their efforts on the system's performance, scalability and usability. With little or no emphasis on security, such systems are vulnerable to a wide range of attacks that can potentially compromise confidentiality, integrity and availability of sensitive data. It is often cumbersome to redesign and implement massive systems with security as one of the primary design goals. This thesis advocates a proactive approach that cleanly retrofits security solutions into existing system architectures. The first step in this approach is to identify security threats, vulnerabilities and potential attacks on a system or an application. The second step is to develop security tools in the form of customizable and configurable plug-ins that address these security issues and minimally modify existing system code, while preserving its performance and scalability metrics. This thesis uses overlay network applications to shepherd through and address challenges involved in supporting security in large scale distributed systems. In particular, the focus is on two popular applications: publish/subscribe networks and VoIP networks. Our work on VoIP networks has for the first time identified and formalized caller identification attacks on VoIP networks. We have identified two attacks: a triangulation based timing attack on the VoIP network's route set up protocol and a flow analysis attack on the VoIP network's voice session protocol. These attacks allow an external observer (adversary) to uniquely (nearly) identify the true caller (and receiver) with high probability. Our work on the publish/subscribe networks has resulted in the development of an unified framework for handling event confidentiality, integrity, access control and DoS attacks, while incurring small overhead on the system. We have proposed a key isomorphism paradigm to preserve the confidentiality of events on publish/subscribe networks while permitting scalable content-based matching and routing. Our work on overlay network security has resulted in a novel information hiding technique on overlay networks. Our solution represents the first attempt to transparently hide the location of data items on an overlay network. Performance and scalability Applied cryptography Systems security Overlay networks Computer architecture Security measures Computer networks Security measures Plug-ins (Computer programs)
70	Robust and secure monitoring and attribution of malicious behaviors Srivastava, Abhinav 08 July 2011 (has links) Worldwide computer systems continue to execute malicious software that degrades the systemsâ performance and consumes network capacity by generating high volumes of unwanted traffic. Network-based detectors can effectively identify machines participating in the ongoing attacks by monitoring the traffic to and from the systems. But, network detection alone is not enough; it does not improve the operation of the Internet or the health of other machines connected to the network. We must identify malicious code running on infected systems, participating in global attack networks. This dissertation describes a robust and secure approach that identifies malware present on infected systems based on its undesirable use of network. Our approach, using virtualization, attributes malicious traffic to host-level processes responsible for the traffic. The attribution identifies on-host processes, but malware instances often exhibit parasitic behaviors to subvert the execution of benign processes. We then augment the attribution software with a host-level monitor that detects parasitic behaviors occurring at the user- and kernel-level. User-level parasitic attack detection happens via the system-call interface because it is a non-bypassable interface for user-level processes. Due to the unavailability of one such interface inside the kernel for drivers, we create a new driver monitoring interface inside the kernel to detect parasitic attacks occurring through this interface. Our attribution software relies on a guest kernelâ s data to identify on-host processes. To allow secure attribution, we prevent illegal modifications of critical kernel data from kernel-level malware. Together, our contributions produce a unified research outcome --an improved malicious code identification system for user- and kernel-level malware. Systems security Virtualization Malware detection Security architecture Malware (Computer software) Denial of service attacks Cyberterrorism Computer viruses Kernel functions

Search results