• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 6542
  • 1926
  • 919
  • 814
  • 686
  • 370
  • 179
  • 161
  • 154
  • 105
  • 93
  • 81
  • 79
  • 76
  • 76
  • Tagged with
  • 14798
  • 2965
  • 2025
  • 1872
  • 1447
  • 1375
  • 1343
  • 1298
  • 1259
  • 1163
  • 1153
  • 1145
  • 1073
  • 1030
  • 948
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
101

Federal, State and Local Law Enforcement Agency Interoperability Capabilities and Cyber Vulnerabilities

Trapnell, Tyrone 01 May 2019 (has links)
The National Data Exchange (N-DEx) System is the central informational hub located at the Federal Bureau of Investigation (FBI). Its purpose is to provide network subscriptions to all Federal, state and local level law enforcement agencies while increasing information collaboration across all domains. The National Data Exchange users must satisfy the Advanced Permission Requirements, confirming the terms of N-DEx information use, and the Verification Requirement (verifying the completeness, timeliness, accuracy, and relevancy of N-DEx information) through coordination with the record-owning agency (Management, 2018). A network infection model is proposed to simulate the spread impact of various cyber-attacks within Federal, state and local level law enforcement networks that are linked together through the topologies merging with the National Data Exchange (N-DEx) System as the ability to manipulate the live network is limited. The model design methodology is conducted in a manner that creates a level of organization from the state level to the local level of law enforcement agencies allowing for each organizational infection probability to be calculated and entered, thus making the model very specific in nature for determining spread or outbreaks of cyber-attacks among law enforcement agencies at all levels. This research will enable future researchers to further develop a model that is capable of detecting weak points within an information structure when multiple topologies merge, allowing for more secure operations among law enforcement networks.
102

PACTIGHT: Tightly Seal Sensitive Pointers with Pointer Authentication

Ismail, Mohannad A 02 December 2021 (has links)
ARM is becoming more popular in desktops and data centers. This opens a new realm in terms of security attacks against ARM, increasing the importance of having an effective and efficient defense mechanism for ARM. ARM has released Pointer Authentication, a new hardware security feature that is intended to ensure pointer integrity with cryptographic primitives. Recently, it has been found to be vulnerable. In this thesis, we utilize Pointer Authentication to build a novel scheme to completely prevent any misuse of security-sensitive pointers. We propose PACTight to tightly seal these pointers from attacks targeting Pointer Authentication itself as well as from control-flow hijacks. PACTight utilizes a strong and unique modifier that addresses the current issues with PAC and its implementations. We implement four defenses by fully integrating with the LLVM compiler toolchain. Through a robust and systemic security and performance evaluation, we show that PACTight defenses are more efficient and secure than their counterparts. We evaluated PACTight on 30 different applications, including NGINX web server and using real PAC instructions, with an average performance and memory overhead of 4.28% and 23.2% respectively even when enforcing its strongest defense. As far as we know, PACTight is the first defense mechanism to demonstrate effectiveness and efficiency with real PAC instructions. / M.S. / ARM is slowly but surely establishing itself in the market for desktops and data centers. Intel has been the dominant force for some time but ARM’s entrance into that realm opens up new avenues and possibilities for security attacks against ARM machines. Thus, it is becoming increasingly important to develop an effective and efficient defense mechanism for ARM against possible security threats, particularly against memory corruption vulnerabilities. Memory corruption vulnerabilities are still very prevalent in today’s security realm and have been for the past thirty years. Different hardware vendors have developed a variety of hardware features to combat them and ARM is no different. ARM has released Pointer Authentication, a new hardware security feature that is intended to ensure pointer integrity with cryptographic primitives. Pointer Authentication allows developers to utilize the unused bits of a pointer and add a cryptographic hash that can ensure the pointer hasn’t been tampered with. Pointer Authentication has been utilized in other solutions by security researchers. However, these solutions are either incomplete in their coverage or lack enough randomness for the cryptographic hash. In this thesis we utilize Pointer Authentication to build a novel scheme to completely prevent any misuse of security-sensitive pointers in memory corruption attacks. This thesis presents PACTight to tightly seal these pointers from attacks abusing the limited randomness of the hash as well as control-flow hijack attacks. PACTight implements four defenses by fully integrating with the LLVM compiler toolchain. Through a robust and systemic security and performance evaluation, this thesis show that PACTight defenses are more efficient and secure than their counterparts.
103

SECURING SYSTEM AND EMBEDDED SOFTWARE VIA FUZZING

Kyungtae Kim (14212763) 05 December 2022 (has links)
<p>    </p> <p>System software is a lucrative target for cyber attacks due to its high privilege and large attack surfaces. While fuzzing has been proven effective for decades, recent fuzzers still suffer from limited coverage when dealing with real-world system programs, such as OS kernels, firmware due to their unique interfaces, and large input space, etc. </p> <p>In this thesis, we aim to secure various system and embedded software, such as OS kernels, device drivers and firmware, using proposed fuzzing techniques tailored for each system software. First, we present HFL, hybrid fuzzing for the Linux kernel. HFL achieves hybrid kernel fuzzing scheme with a faithful combination of traditional fuzzing and concolic execution. Furthermore, HFL addresses essential challenges in the Linux kernel via three distinct features: 1) converting indirect control transfers to direct transfers, 2) inferring system call dependencies, and 3) identifying nested arguments structures. HFL found 24 previously unknown bugs in different Linux kernels, and achieved higher code coverage than baseline kernel fuzzers. </p> <p>While the security of USB host stacks has gotten lots of attention, USB gadget stacks are left behind, leaving their vulnerabilities unfixed. To secure USB gadget stacks, we propose the first USB gadget stack fuzzing, FuzzUSB. As a stateful fuzzer, FuzzUSB extracts USB gadget state machines from USB gadget drivers, and uses them to achieve state-guided fuzzing through multi-channel inputs. FuzzUSB has found total 34 previously-unknown bugs within the Linux and Android kernels, and demonstrated improved bug-finding efficiency with high code coverage. </p> <p>As USB Power Delievery (USBPD) is becoming prevalent, but vulnerable to cyber attacks, there is an increasing need for its security. To achieve secure USBPD communications, we propose FuzzPD, the first black-box USBPD fuzzing technique. FuzzPD leverages a dual-role state machine extracted from USBPD specifications. Guided by the dual-role state machine, FuzzPD performs multi-level mutations, not only achieving state-coverage guided mutation for inter-state exploration, but also leveraging input seeding especially for in-state mutation. FuzzPD discovered 45 USBPD bugs in total, ranging from over-charging bugs to memory access violation. </p>
104

Governing social security : economic crisis and reform in Indonesia, the Philippines and Singapore /

Wisnu, Dinna, January 2007 (has links)
Thesis (Ph. D.)--Ohio State University, 2007. / Vita. Includes bibliographical references (p. 357-386). Also available online via OhioLINK's ETD Center
105

Governing social security economic crisis and reform in Indonesia, the Philippines and Singapore /

Wisnu, Dinna, January 2007 (has links)
Thesis (Ph. D.)--Ohio State University, 2007. / Vita. Includes bibliographical references (p. 357-386).
106

Methods for Hospital Network and Computer Security

Hausrath, Nathaniel L. 16 August 2011 (has links)
No description available.
107

Employee and Organization Security Value Alignment Through Value Sensitive Security Policy Design

Solomon, Dianne Blitstein 05 September 2014 (has links)
Every member of the organization must be involved in proactively and consistently preventing data loss. Implementing a culture of security has proven to be a reliable method of enfranchising employees to embrace security behavior. However, it takes more than education and awareness of policies and directives to effect a culture of security. Research into organizational culture has shown that programs to promote organizational culture - and thus security behavior - are most successful when the organization's values are congruent with employee values. What has not been clear is how to integrate the security values of the organization and its employees in a manner that promotes security culture. This study extended current research related to values and security culture by applying Value Sensitive Design (VSD) methodology to the design of an end user security policy. Through VSD, employee and organizational security values were defined and integrated into the policy. In so doing, the study introduced the concept of value sensitive security policy (VSP) and identified a method for using VSPs to promote a culture of security. At a time when corporate values are playing such a public role in defining the organization, improving security by increasing employee-organization value congruence is both appealing and practical.
108

Ascertaining the Relationship between Security Awareness and the Security Behavior of Individuals

Grant, Gordon J. 01 January 2010 (has links)
Security threats caused by the inappropriate actions of the user continue to be a significant security problem within any organization. The purpose of this study was to continue the efforts of Katz by assessing the security behavior and practices of working professionals. Katz conducted a study that assessed whether the faculty and staff at Armstrong Atlantic State University had been performing the simple everyday practices and behavior necessary to avert insider threats to information security. Critical in understanding human behavior is in knowing how behavior varies across different groups or demographics. Because a user's behavior can be influenced by demographic groups, this study adapted Katz's study by examining the influence on the security behavior of four demographic groups identified by gender, age, education, and occupation. Like Katz, this study used a 5-point Likert scale quantitative self-administered, closed-ended questionnaire to assess the participants' security practices and behaviors. The questionnaire was developed in two sections: Section 1 used a binary scale to gather the participants' demographics data while Section 2 used a 5-point Likert scale to measure the participants' security behaviors. The sample population was derived from working professionals at the General Dynamic and Program Manager Advanced Amphibious Assault (GD & PM AAA) Facility in Woodbridge, Virginia. The total population at PM AAA Office was 288, of which 87 or 30% completed the survey. Results of the demographic survey indicate that (a) women were more security aware than their male counterparts, (b) younger participants were more security aware than their older counterparts, (c) participants who did not attend college were more security aware than their college-educated counterparts, and (d) participants in nontechnical positions were more security aware than their counterparts in technical positions. The results indicate that a relation exists between the participants' security behaviors and their levels of security awareness.
109

Agentless endpoint security monitoring framework

Ghaleb, Asem 28 May 2019 (has links)
Existing endpoint security monitors use agents that must be installed on every computing host or endpoint. However, as the number of monitored hosts increases, agents installation, con figuration and maintenance become arduous and requires more efforts. Moreover, installed agents can increase the security threat footprint and several companies impose restrictions on using agents on every computing system. This work provides a generic agentless endpoint framework for security monitoring of computing systems. The computing hosts are accessed by the monitoring framework running on a central server. Since the monitoring framework is separate from the computing hosts for which the monitoring is being performed, the various security models of the framework can perform data retrieval and analysis without utilizing agents executing within the computing hosts. The monitoring framework retrieves transparently raw data from the monitored computing hosts that are then fed to the security modules integrated with the framework. These modules analyze the received data to perform security monitoring of the target computing hosts. As a use case, a real-time intrusion detection model has been implemented to detect abnormal behaviors on computing hosts based on the data collected using the introduced framework. / Graduate
110

Establishing an information security awareness and culture

Korovessis, Peter January 2015 (has links)
In today’s business environment all business operations are enabled by technology. Its always on and connected nature has brought new business possibilities but at the same time has increased the number of potential threats. Information security has become an established discipline as more and more businesses realize its value. Many surveys have indicated the importance of protecting valuable information and an important aspect that must be addressed in this regard is information security awareness. The human component has been recognized to have an important role in information security since the only way to reduce security risks is through making employees more information security aware. This also means that employees take responsibility of their actions when dealing with information in their everyday activities. The research is concentrated mainly on information security concepts alongside their relation to the human factor with evidence that users remain susceptible to information security threats, thus illustrating the need for more effective user training in order to raise the level of security awareness. Two surveys were undertaken in order to investigate the potential of raising security awareness within existing education systems by measuring the level of security awareness amongst the online population. The surveys analyzed not only the awareness levels and needs of students during their study and their preparation towards entering the workforce, but also whether this awareness level changes as they progress in their studies. The results of both surveys established that the awareness level of students concerning information security concepts is not at a sufficient level for students entering university education and does not significantly change as they progress their academic life towards entering the workforce. In respect to this, the research proposes and develops the information security toolkit as a prototype awareness raising initiative. The research goes one step further by piloting and evaluating toolkit effectiveness. As an awareness raising method, the toolkit will be the basis for the general technology user to understand the challenges associated with secure use of information technology and help him assess its current knowledge, identify lacks and weaknesses and acquire the required knowledge in order to be competent and confident users of technology.

Page generated in 0.0992 seconds