Information Security on the Web and App Platforms : An Economic and Socio-Behavioral Perspective

Chia, Pern Hui

January 2012

Various security measures are ineffective having been designed without adequate usability and economic considerations. The primary objective of this thesis is to add an economic and socio-behavioral perspective to the traditional computer science research in information security. The resulting research is interdisciplinary, and the papers combine different approaches, ranging from analytic modeling to empirical measurements and user studies. Contributing to the fields of usable security and security economics, this thesis fulfills three motivations. First, it provides a realistic game theoretical model for analyzing the dynamics of attack and defense on the Web. Adapted from the classical Colonel Blotto games, our Colonel Blotto Phishing model captures the asymmetric conflict (resource, information, action) between a resource-constrained attacker and a defender. It also factors in the practical scenario where the attacker creates large numbers of phishing websites (endogenous dimensionality), while the defender reactively detects and strives to take them down promptly. Second, the thesis challenges the conventional view that users are always the weakest link or liability in security. It explores the feasibility of leveraging inputs from expert and ordinary users for improving information security. While several potential challenges are identified, we find that community inputs are more comprehensive and relevant than automated assessments. This does not imply that users should be made liable to protect themselves; it demonstrates the potentials of community efforts in complementing conventional security measures. We further analyze the contribution characteristics of serious and casual security volunteers, and suggest ways for improvement. Third, following the rise of third party applications (apps), the thesis explores the security and privacy risks and challenges with both centralized and decentralized app control models. Centralized app control can lead to the risk of central judgment and the risk of habituation, while the increasingly widespread decentralized user-consent permission model also suffers from the lack of effective risk signaling. We find the tendency of popular apps requesting more permissions than average. Compound with the absence of alternative risk signals, users will habitually click through the permission request dialogs. In addition, we find the free apps, apps with mature content, and apps with names mimicking the popular ones, request more permissions than typical. These indicate possible attempts to trick the users into compromising their privacy.

Information Security

Security Economics

Usable Security

A Critical Study of the conception of Taiwan¡¦s National Security

Su, Chang-chun

03 July 2006

In the study of international relations, it has been all the time that ¡§security¡¨ means national security and military security. The topic of ¡§security¡¨ in early days was focused on how to avoid suffering from the external military attack. Under this concept structure, economy, culture, or ideology is considered to be the accessories under the military strategy, or a kind of tools to strengthen the military threat. Such practices and thinking are not only helpless to the settlement of the problem, but it is apt to face the security dilemma instead, and the development of education, culture, social welfare, economic construction, and environmental public security, etc. will be oppressed and restricted. Long time of the hostile state for the two sides of Mainland China and Taiwan, makes both sides all the time to construct stronger military force for national defense. However, how much security is really bought by spending huge number of money on national defense? And is it really safe by buying the military equipments? Is it really the security what we want? Is there no other ways to get security without military force to threaten? This thesis attempts to adopt critical study, and analyzes the four concepts of national security from David Baldwin: ¡§Security for whom?¡¨, ¡§Security for which values?¡¨, ¡§From what threat?¡¨, and ¡§By what means?¡¨ It also researches on the thinking of national security concept and different national defense policies in different periods after the government moving to Taiwan in 1949. It is hoped to find out the blind spot of the national security concept in Taiwan, and construct the security view that relies mainly on people.

Critical Study

Security Studies

National Security

Security

Homeland Security lessons for the United States /

Farr, Matthew A.

January 2004

Thesis (M.A. in National Security Affairs)--Naval Postgraduate School, June 2004. / Thesis advisor(s): Lyman Miller. Includes bibliographical references. Also available online.

The incidence of social security regulation : evidence from the reform in Mexico /

Marrufo, Grecia M.

January 2001

Thesis (Ph. D.)--University of Chicago, Dept. of Economics, August 2001. / Includes bibliographical references. Also available on the Internet.

A comparative survey of the social security schemes in Hong Kong and Singapore.

Sum, Ngai-ling, Ivin,

January 1900

Thesis (M.A.)--University of Hong Kong, 1979.

Social security - financial viability in the 21st century a dissertation /

Solomon, Samuel B.

January 1900

Thesis (Ph. D.)--Northeastern University, 2008. / Title from title page (viewed Aug. 5, 2009). Graduate School of Arts and Sciences, Law, Policy and Society Program. Includes bibliographical references.

A comparative survey of the social security schemes in Hong Kong and Singapore

Sum, Ngai-ling, Ivin,

January 1900

Thesis (M.A.)--University of Hong Kong, 1979. / Also available in print.

The incidence of social security regulation evidence from the reform in Mexico /

Marrufo, Grecia M.

January 2001

Thesis (Ph. D.)--University of Chicago, 2001. / Includes bibliographical references (leaves 87-89).

DeviceGuard: External Device-Assisted System And Data Security

Deng, Yipan

31 May 2011

This thesis addresses the threat that personal computer faced from malware when the personal computer is connected to the Internet. Traditional host-based security approaches, such as anti-virus scanning protect the host from virus, worms, Trojans and other malwares. One of the issues of the host-based security approaches is that when the operating system is compromised by the malware, the antivirus software also becomes vulnerable. In this thesis, we present a novel approach through using an external device to enhance the host security by offloading the security solution from the host to the external device. We describe the design of the DeviceGuard framework that separate the security solution from the host and offload it to the external device, a Trusted Device. The architecture of the DeviceGuard consists of two components, the DeviceGuard application on the Trusted Device and a DeviceGuard daemon on the host. Our prototype based on Android Development Phone (ADP) shows the feasibilities and efficiency of our approach to provide security features including system file and user data integrity monitoring, secure signing and secure decryption. We use Bluetooth as the communication protocol between the host and the Trusted Device. Our experiment results indicates a practical Bluetooth throughput at about 2M Bytes per second is sufficient for short range communication between the host and the Trusted Device; Message digest with SHA-512, digital signing with 1024 bits signature and secure decryption with AES 256 bits on the Trusted device takes only the scale of 10? and 10? ms for 1K bytes and 1M bytes respectively which are also shows the feasibility and efficiency of the DeviceGuard solution. We also investigated the use of embedded system as the Trusted Device. Our solution takes advantage of the proliferation of devices, such as Smartphone, for stronger system and data security. / Master of Science

Host Security

System Security

Data Security

Smartphone

Food security among male and female-headed households in Eden District Municipality of the Western Cape, South Africa / Sinah Modirwa

Modirwa, Sinah

January 2011

The study presented food security situation among farming male and female headed households in Eden District Municipality of the Western Cape, South Africa was conducted in 2010. The study was conducted among 31 male and 19 female headed farming household heads, selected proportionate to the size of each group. The household heads were selected via simple random sampling procedure. Data for the study were elicited from the respondents using structured questionnaire. The analytical tools used include the Mann-Whitney test to determine if a difference in food security exists among the two groups, a Wilcoxon test was used as an alternative for indicating the differences in food security. Frequency tables indicated the percentage distribution of respondents based on demographic characteristics. Out of the 12 food security constraints identified, both males and females viewed poor storage, poor market, and lack of credit and land tenure as the constraints that highly affect their household food security. The result showed that 58 percent of the females were between 41-50 years and 42 percent of the males were above fifty years of age. The percentage of male headed households that studied up to college level (16.1) was slightly higher than those of females (15.8). Most of the household heads had between 2 to four years farming experience (77.4 males and 64.4 females respectively). with 90.3 males farming on 3 to 4 hectors and females on 78.9 hector. Most of the farn1ers do not have any co-operative or farmer society. A significant difference existed in their food security status (Z =2.115, p 0.34), with higher mean rank for males (28.44) than for females (20.71). This confirms that food insecurity incidence was higher in female headed households than male headed households. / Thesis (M.Sc.(Agric Extension) North-West University, Mafikeng Campus, 2011

Food security