Number theoretic methods and their significance in computer science, information theory, combinatorics, and geometry

Bibak, Khodakhast

13 April 2017

In this dissertation, I introduce some number theoretic methods and discuss their intriguing applications to a variety of problems in computer science, information theory, combinatorics, and geometry. First, using properties of Ramanujan sums and of the discrete Fourier transform of arithmetic functions, we give an explicit formula for the number of solutions of restricted linear congruences in their `most general case'. As a consequence, we derive necessary and su cient conditions under which these congruences have no solutions. The number of solutions of this kind of congruence was rst considered by Rademacher in 1925 and Brauer in 1926, in a special case. Since then, this problem has been studied, in several other special cases, in many papers. The problem is very well-motivated and has found intriguing applications in several areas of mathematics, computer science, and physics, and there is promise for more applications/implications in these or other directions. Universal hash functions, discovered by Carter and Wegman in 1979, have many important applications in computer science. Applying our results we construct an almost-universal hash function family which is used to give a generalization of a recent authentication code with secrecy scheme. As another application of our results, we prove an explicit and practical formula for the number of surface-kernel epimorphisms from a co-compact Fuchsian group to iv a cyclic group. This problem has important applications in combinatorics, geometry, string theory, and quantum eld theory (QFT). As a consequence, we obtain an `equivalent' form of Harvey's famous theorem on the cyclic groups of automorphisms of compact Riemann surfaces. We also consider the number of solutions of linear congruences with distinct coordinates, and using a graph theoretic method, generalize a result of Sch onemann from 1839. Also, we give explicit formulas for the number of solutions of unweighted linear congruences with distinct coordinates. Our main tools are properties of Ramanujan sums and of the discrete Fourier transform of arithmetic functions. Then, as an application, we derive an explicit formula for the number of codewords in the Varshamov{Tenengolts code V Tb(n) with Hamming weight k, that is, with exactly k 1's. The Varshamov{Tenengolts codes are an important class of codes that are capable of correcting asymmetric errors on a Z-channel. As another application, we derive Ginzburg's formula for the number of codewords in V Tb(n), that is, jV Tb(n)j. We even go further and discuss applications to several other combinatorial problems, some of which have appeared in seemingly unrelated contexts. This provides a general framework and gives new insight into these problems which might lead to further work. Finally, we bring a very deep result of Pierre Deligne into the area of coding theory we connect Lee codes to Ramanujan graphs by showing that the Cayley graphs associated with some quasi-perfect Lee codes are Ramanujan graphs (this solves a recent conjecture). Our main tools are Deligne's bound from 1977 for estimating a particular kind of trigonometric sum and a result of Lov asz from 1975 (or of Babai from 1979) which gives the eigenvalues of Cayley graphs of nite Abelian groups. Our proof techniques may motivate more work in the interactions between spectral graph theory, character theory, and coding theory, and may provide new ideas towards the long-standing Golomb{Welch conjecture. / Graduate / 0984

Number Theoretic Methods

Information Security

Coding Theory

Combinatorics

Surface-kernel Epimorphism

Security awareness of computer users : a game based learning approach

Gamagedara Arachchilage, Nalin Asanka

January 2012

The research reported in this thesis focuses on developing a framework for game design to protect computer users against phishing attacks. A comprehensive literature review was conducted to understand the research domain, support the proposed research work and identify the research gap to fulfil the contribution to knowledge. Two studies and one theoretical design were carried out to achieve the aim of this research reported in this thesis. A quantitative approach was used in the first study while engaging both quantitative and qualitative approaches in the second study. The first study reported in this thesis was focused to investigate the key elements that should be addressed in the game design framework to avoid phishing attacks. The proposed game design framework was aimed to enhance the user avoidance behaviour through motivation to thwart phishing attack. The results of this study revealed that perceived threat, safeguard effectiveness, safeguard cost, self-efficacy, perceived severity and perceived susceptibility elements should be incorporated into the game design framework for computer users to avoid phishing attacks through their motivation. The theoretical design approach was focused on designing a mobile game to educate computer users against phishing attacks. The elements of the framework were addressed in the mobile game design context. The main objective of the proposed mobile game design was to teach users how to identify phishing website addresses (URLs), which is one of many ways of identifying a phishing attack. The mobile game prototype was developed using MIT App inventor emulator. In the second study, the formulated game design framework was evaluated through the deployed mobile game prototype on a HTC One X touch screen smart phone. Then a discussion is reported in this thesis investigating the effectiveness of the developed mobile game prototype compared to traditional online learning to thwart phishing threats. Finally, the research reported in this thesis found that the mobile game is somewhat effective in enhancing the user’s phishing awareness. It also revealed that the participants who played the mobile game were better able to identify fraudulent websites compared to the participants who read the website without any training. Therefore, the research reported in this thesis determined that perceived threat, safeguard effectiveness, safeguard cost, self-efficacy, perceived threat and perceived susceptibility elements have a significant impact on avoidance behaviour through motivation to thwart phishing attacks as addressed in the game design framework.

005.8

MABIC: Mobile Application Builder for Interactive Communication

Nguyen, Huy Manh

01 October 2016

Nowadays, the web services and mobile technology advance to a whole new level. These technologies make the modern communication faster and more convenient than the traditional way. People can also easily share data, picture, image and video instantly. It also saves time and money. For example: sending an email or text message is cheaper and faster than a letter. Interactive communication allows the instant exchange of feedback and enables two-way communication between people and people, or people and computer. It increases the engagement of sender and receiver in communication. Although many systems such as REDCap and Taverna are built for improving the interactive communication between the servers and clients, there are still common drawbacks existing in these systems. These systems lack the support of the branching logic and two-way communication. They also require administrator’s programming skills to function the system adequately. These issues are the motivation of the project. The goal is to build a framework to speed up the prototype development of mobile application. The MABIC support the complex workflow by providing conditional logic, instantaneous interactivity between the administrators and participants and the mobility. These supported features of MABIC improve the interaction because it engages the participants to communicate more with the system. MABIC system provides the mobile electronic communication via sending a text message or pushing a notification to mobile’s device. Moreover, MABIC application also supports multiple mobile platforms. It helps to reduce the time and cost of development. In this thesis, the overview of MABIC system, its implementation, and related application is described.

branching logic

web services

Databases and Information Systems

Information Security

Software Engineering

DEFINING VALUE BASED INFORMATION SECURITY GOVERNANCE OBJECTIVES

Mishra, Sushma

09 December 2008

This research argues that the information security governance objectives should be grounded in the values of organizational members. Research literature in decision sciences suggest that individual values play an important role in developing decision objectives. Information security governance objectives, based on values of the stakeholders, are essential for a comprehensive security control program. The study uses Value Theory as a theoretical basis and value focused thinking as a methodology to develop 23 objectives for information security governance. A case study was conducted to reexamine and interpret the significance of the proposed objectives in an organizational context. The results suggest three emergent dimensions of information security governance for effective control structure in organizations: resource allocation, user involvement and process integrity. The synthesis of data suggests eight principles of information security governance which guides organizations in achieving a comprehensive security environment. We also present a means-end model of ISG which proposes the interrelationships of the developed objectives. Contributions are noted and future research directions suggested.

information security governance

value theory

value focussed approach

internal control

case study

Business

Management Information Systems

An Investigation of Factors that Affect HIPAA Security Compliance in Academic Medical Centers

Brady, James William

01 January 2010

HIPAA security compliance in academic medical centers is a central concern of researchers, academicians, and practitioners. Increased numbers of data security breaches and information technology implementations have caused concern over the confidentiality, integrity, and availability of electronic personal health information. The federal government has implemented stringent HIPAA security compliance reviews and significantly extended the scope and enforcement of the HIPAA Security Rule. However, academic medical centers have shown limited compliance with the HIPAA Security Rule. Therefore, the goal of this study was to investigate the factors that may affect HIPAA security compliance in academic medical centers. Based on a review of the literature of technology acceptance and security effectiveness, this study proposed a theoretical model that uses management support, security awareness, security culture, and computer self-efficacy to predict security behavior and security effectiveness and thus HIPAA security compliance in academic medical centers. To empirically assess the effect of the above-noted variables on HIPAA security compliance in academic medical centers, a Web-based survey was developed. The survey instrument was designed as a multi-line measure that used Likert-type scales. Previous validated scales were adapted and used in the survey. The sample for this investigation was health care information technology professionals who are members of the Group on Information Resources within the Association of American Medical Colleges. Two statistical methods were used to derive and validate predictive models: multiple linear regression and correlation analysis. The results of the investigation demonstrated that security awareness, management support, and security culture were significant predictors of both security effectiveness and security behavior. Security awareness was the most significant predictor of security effectiveness and security behavior. Due to the presence of collinearity, Pearson correlation analysis was used to develop a composite factor, consisting of management support and security culture, for the final multiple linear regression model. By enhancing the understanding of HIPAA security compliance in academic medical centers, the outcomes of this study will contribute to the body of knowledge of security compliance. The empirical results of this research also will provide guidance for individuals and organizations involved with HIPAA security compliance initiatives in health care.

Compliance

HIPAA

Information Security

Information Systems

Security Effectiveness

Technology Acceptance

Computer Sciences

Developing an Information Systems Security Success Model for Organizational Context

Dunkerley, Kimberley

01 January 2011

In spite of the wealth of research in IS security, there is very little understanding of what actually makes an IS security program successful within an organization. Success has been treated generally as a separate entity from IS security altogether; a great deal of research has been conducted on the "means to the end", while limited research has been focused on truly understanding what the end actually is. The problem compelling this research is that previous studies within the IS security domain do not adequately consider what factors contribute towards IS security success within the organizational context, and how the factors interact. This study built upon Shannon and Weaver (1949) and Mason (1978) to develop a model for predicting IS security success within an organization. A considerable body of information systems security literature was organized based on their findings. Core dimensions of information system security success were identified and operationalized within a model for predicting success with IS security initiatives. The model was empirically validated in a three-phase approach using survey methodology. First, the survey was tested for validity and reliability using an expert panel and pilot study. Next, the survey was administered to a sample, with the results analyzed using Confirmatory Factor Analysis and Structural Equation Modeling techniques. Initial analysis of the measurement model generated through Confirmatory Factor Analysis showed mixed fit. Factor loadings and average variance extracted calculations resulted in the selection of low performing items for removal; after revision, the revised measurement model showed improved fit for all measures. Structural Equation Modeling analysis was conducted on three structural models with varying levels of mediation. Based on the analysis of fit and comparison indices, the model depicting partial mediation was determined to be the best variation of the IS security success model. This study is the first known instance of an empirically tested IS security success model and should provide many avenues for future study, as well as providing practitioners a fundamental roadmap for success within their organizational IS security programs.

Confirmatory Factor Analysis

Information Security

Information Systems

Structural Equation Modeling

Success

Computer Sciences

Ascertaining the Relationship between Security Awareness and the Security Behavior of Individuals

Grant, Gordon J.

01 January 2010

Security threats caused by the inappropriate actions of the user continue to be a significant security problem within any organization. The purpose of this study was to continue the efforts of Katz by assessing the security behavior and practices of working professionals. Katz conducted a study that assessed whether the faculty and staff at Armstrong Atlantic State University had been performing the simple everyday practices and behavior necessary to avert insider threats to information security. Critical in understanding human behavior is in knowing how behavior varies across different groups or demographics. Because a user's behavior can be influenced by demographic groups, this study adapted Katz's study by examining the influence on the security behavior of four demographic groups identified by gender, age, education, and occupation. Like Katz, this study used a 5-point Likert scale quantitative self-administered, closed-ended questionnaire to assess the participants' security practices and behaviors. The questionnaire was developed in two sections: Section 1 used a binary scale to gather the participants' demographics data while Section 2 used a 5-point Likert scale to measure the participants' security behaviors. The sample population was derived from working professionals at the General Dynamic and Program Manager Advanced Amphibious Assault (GD & PM AAA) Facility in Woodbridge, Virginia. The total population at PM AAA Office was 288, of which 87 or 30% completed the survey. Results of the demographic survey indicate that (a) women were more security aware than their male counterparts, (b) younger participants were more security aware than their older counterparts, (c) participants who did not attend college were more security aware than their college-educated counterparts, and (d) participants in nontechnical positions were more security aware than their counterparts in technical positions. The results indicate that a relation exists between the participants' security behaviors and their levels of security awareness.

Computer Security

Individual Security

Information Assurance

Information Security

Security Behavior

Security Practices

Computer Sciences

Development of an Audit Classification Index (ACI) for Federal e-learning Systems Security Vulnerabilities

Johnson, Gerald Deawne

01 January 2012

As U.S federal government agencies have increased the use of the Internet to utilize technologies such as e-learning, U.S. federal government information systems have become more exposed to security vulnerabilities that may contribute to system attacks and system exploitation. U.S. federal government agencies are required to come up with their own security solutions for ensuring their information systems are secured, however, security experts are having difficulties identifying what is needed to classify their information systems as secured. The aim of this developmental study is to develop an audit classification index (ACI) to assist in identifying vulnerabilities and classifying electronic learning (e-learning) systems at U.S. federal government agencies. The study identified the requirements for performing an audit of e-learning systems in U.S. federal government agencies. After the requirements were identified, the study used the ACI to audit the federal e-learning systems using a black-box approach and classified the e-learning systems based on the results of the audit. Additionally, a comparative group of electronic government (e-government) systems were also audited and classified using the ACI to compare the results against the e-learning systems. This study sought to contribute to the body of knowledge regarding the information security of U.S. federal e-learning systems by developing an ACI that can be used to identify vulnerabilities and classify U.S. federal e-learning systems as secured, good, marginal, unsatisfactory, or unsecured. By identifying the vulnerabilities of a particular information system, security experts should have a better understanding of what is needed to secure and determine the security level of U.S. federal information systems.

e-learning

FISMA

information security

information systems

information technology

vulnerabilities

Computer Sciences

Quantifying Performance Costs of Database Fine-Grained Access Control

Kumka, David Harold

01 January 2012

Fine-grained access control is a conceptual approach to addressing database security requirements. In relational database management systems, fine-grained access control refers to access restrictions enforced at the row, column, or cell level. While a number of commercial implementations of database fine-grained access control are available, there are presently no generalized approaches to implementing fine-grained access control for relational database management systems. Fine-grained access control is potentially a good solution for database professionals and system architects charged with designing database applications that implement granular security or privacy protection features. However, in the oral tradition of the database community, fine-grained access control is spoken of as imposing significant performance penalties, and is therefore best avoided. Regardless, there are current and emerging social, legal, and economic forces that mandate the need for efficient fine-grained access control in relational database management systems. In the study undertaken, the author was able to quantify the performance costs associated with four common implementations of fine-grained access control for relational database management systems. Security benchmarking was employed as the methodology to quantify performance costs. Synthetic data from the TPC-W benchmark as well as representative data from a real-world application were utilized in the benchmarking process. A simple graph-base performance model for Fine-grained Access Control Evaluation (FACE) was developed from benchmark data collected during the study. The FACE model is intended for use in predicting throughput and response times for relational database management systems that implement fine-grained access control using one of the common fine-grained access control mechanisms - authorization views, the Hippocratic Database, label-based access control, and transparent query rewrite. The author also addresses the issue of scalability for fine-grained access control mechanisms that were evaluated in the study.

Benchmarking

Fine-Grained Access Control

Information Security

Performance

Privacy Preservation

Relational Databases

Computer Sciences

A Prudent Access Control Behavioral Intention Model for the Healthcare Domain

Mussa, Constance Cecilia

01 January 2011

In recent years, many health care organizations have begun to take advantage of computerized information systems to facilitate more effective and efficient management and processing of information. However, commensurate with the vastly innovative enhancements that computer technology has contributed to traditional paper-based health care information systems, are security vulnerabilities that have potentially devastating effects on these systems. To ensure the confidentiality, integrity, and availability of information and to ensure compliance with the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA), health care organizations have implemented a number of security controls. Although the objectives of these controls are understood and acknowledged by users of computerized patient care information management systems, the controls are sometimes circumvented or ignored. The purpose of this study was the development of an instrument that measures key determinants of healthcare professionals' prudent access control behavior. The study examined healthcare professionals' prudent access control behavior using a model that integrates the Theory of Planned Behavior (TPB) and the Health Belief Model (HBM). Two additional variables - information security awareness and perceived information security responsibility were incorporated into the model. Rather than focusing on a single behavior or a few specific behaviors, a category of behaviors was proposed. Results of the study indicate that the HBM and TPB constructs as well as the two additional constructs included in the model are indeed key determinants of healthcare professionals' intention to engage in prudent access control behavior that mitigate security threats. Additionally, results of the study provide support for the partial mediating effects of perceived benefits and perceived responsibility for information security on attitude, information security awareness, subjective norm, perceived behavioral control, and perceived severity. The study contributes to the IS knowledge domain by providing theoretically grounded explanations for a subset of prudent information security behaviors of healthcare professionals.

access control

confidentiality

health belief model

information security

security threats

theory of planned behavior

Computer Sciences