From sticks and stones to zeros and ones the development of computer network operations as an element of warfare : a study of the Palestinian-Israeli cyberconflict and what the United States can learn from the "Interfada"

Wrona, Jacqueline-Marie Wilson.

09 1900

The Palestinian-Israeli Cyberconflict erupted in 2000, when Israeli hackers crippled the prime website of Hezbollah by mobilizing pro-Israeli supporters to "bomb" the site with automated floods of electronic mail. In retaliation, Hezbollah rallied pro-Arab supporters for a counter-attack, which soon downed the main Israeli government website and the Israeli Foreign Ministry site. Attacks involving website defacements, denial-of-service, viruses, and Trojan horses occurred by both parties for a span of months, effectively shutting down websites, disrupting Internet service and e-commerce. A study and analysis of the utilization and effects of Computer Network Operations (CNO) between pro-Israeli and pro-Palestinian actors during the al-Aqsa Intifada may highlight current trends in warfare, support the notion that information may level the battlefield, and provide the United States with the means to better protect itself against such attacks in the future. This thesis seeks to collect, classify, analyze, define, and resolve IO/IW; the utilization and effects of CNO during the Al-Aqsa Intifada, and how such analysis can be applied to United States national security.

National security

Cyberterrorism

Information warfare

NATO and forward defense an analysis of expeditionary capabilities and out-of-area-security

Kramer, Bryan K.

06 1900

This thesis examines the NATO's adaptation of a new security focus towards forward defense in the 21st Century. Until the late 1990s, the strategic focus of NATO was on mutual defense based on a collective response guaranteed by Article 5 of the Washington Treaty. Since the adoption of NATO's Strategic Concept (1999), the Alliance has shifted their strategic focus toward a forward defense strategy. As NATO assumed more operational responsibilities, and deployed forces out-of-area in non-Article 5 missions, the disparity of military capabilities, operational challenges, and cultural and institutional differences within the Alliance gave rise to the question, "Is NATO the most effective instrument with which to execute a strategy of forward defense?" A review of the expeditionary campaigns in the Balkans, Afghanistan and Iraq determines the efficiency of the Alliance as an expeditionary security actor. The modernization of European military capabilities are described in relation to NATO, and how these programs either complement or duplicate existing structures and capabilities. Furthermore, inherent structural flaws in NATO's composition are examined, as well as cultural and ideological differences within the Alliance and their effects on out-of-area operations. Finally, challenges and issues that may confront NATO in the future during the execution of their forward defense strategy are discussed.

National security

European Union countries

The Conventional Armed Forces in Europe Treaty and its contribution to Euro-Atlantic security after 1990

Jurski, Robert

06 1900

This thesis examines the influence of the Conventional Armed Forces in Europe Treaty (CFE) on security in the European Continent after 1990. This study analyses and describes the origins of the CFE treaty and its development from the late 1990s until signing the CFE agreement during the Conference on Security and Cooperation in Europe, which took place in November 1990 in Paris. In the history of Europe, the 1990s appear as a turbulent time. The end of the Cold War, collapse of communistic governments in some European countries and efforts of certain states toward NATO membership created a specific background during which armed forces reductions were formulated by the leading powers. This thesis further analyzes the relationship between NATO and the CFE treaty, their mutual cooperation, and describes the approach of selected countries toward the CFE settlement. Its also describes the new strategic shape of Europe influenced directly by resolutions of the CFE treaty. However, this agreement shouldn't be viewed as unanimous. The outcome wasn't achieved easily. Even after November 1990, there was still disagreement within certain nations concerning treaty decisions. Therefore, the main part of thesis focuses on usefulness of the CFE treaty in contemporary European security mechanisms.

Arms control

Europe

Security, International

The resiliency of terrorist havens a social mobilization theory approach

Johnston, Robert W.

12 1900

Terrorist havens are an imortant policy problem today. The policy and academic literature has generally concluded that failed states are more likely to be terrorist havens, but some have begun to question this conventional wisdom. While the link between state failure and terrorist havens is fairly clear, it does not tell the entire story. This thesis borrows from an aspect of social mobilization theory to try to explain why some havens are more resilient to outside pressure than others. It argues that a shared collective identity between the group providing haven and the havened terrorist group makes the havening group less likely to buckle under outside pressure. To test this theory, the thesis compares the frames that define al Qaeda's collective identity with those of the Sudanese National Islamic Front and the Afghan Taliban to see if observed variation in haven resiliency can be explained by the levels of shared collective identities in each case. The findings suggest that the theory can account for the variation in resiliency, while raising new questions for future research.

National security

Sociology

Terrorists

Terrorism

State and urban area homeland security strategy v3.0 : evolving strategic planning

Chen, Darren

03 1900

CHDS State/Local / This thesis proposes to overhaul the state and urban area homeland security strategy program by improving the strategic planning process, guidance and assistance, and strategy review in collaboration with state and local stakeholders. Federal, state, and local reviewers regard the current state and urban homeland security strategies as generally inadequate and indicative of limited strategic planning processes. Comprehensive, enterprise-wide homeland security strategies are essential in coordinating preparedness efforts and limited resources. A collaborative effort between the federal government and state and local stakeholders would promote a value innovation in strategic planning that will transform state and urban area homeland security strategies. / Preparedness Officer, DHS - Office for Domestic Preparedness

National security

Military planning

Preparedness

An Exploratory Study of the Approach to Bring Your Own Device (BYOD) in Assuring Information Security

Santee, Coleen D.

01 January 2017

The availability of smart device capabilities, easy to use apps, and collaborative capabilities has increased the expectations for the technology experience of employees. In addition, enterprises are adopting SaaS cloud-based systems that employees can access anytime, anywhere using their personal, mobile device. BYOD could drive an IT evolution for powerful device capabilities and easy to use apps, but only if the information security concerns can be addressed. This research proposed to determine the acceptance rate of BYOD in organizations, the decision making approach, and significant factors that led to the successful adoption of BYOD using the expertise of experienced internal control professionals. The approach and factors leading to the decision to permit the use of BYOD was identified through survey responses, which was distributed to approximately 5,000 members of the Institute for Internal Controls (IIC). The survey participation request was opened by 1,688 potential respondents, and 663 total responses were received for a response rate of 39%. Internal control professionals were targeted by this study to ensure a diverse population of organizations that have implemented or considered implementation of a BYOD program were included. This study provided an understanding of how widely the use of BYOD was permitted in organizations and identified effective approaches that were used in making the decision. In addition, the research identified the factors that were influential in the decision making process. This study also explored the new information security risks introduced by BYOD. The research argued that there were several new risks in the areas of access, compliance, compromise, data protection, and control that affect a company’s willingness to support BYOD. This study identified new information security concerns and risks associated with BYOD and suggested new elements of governance, risk management, and control systems that were necessary to ensure a secure BYOD program. Based on the initial research findings, future research areas were suggested.

BYOD

Information Security

Computer Sciences

Privacy Protection on Cloud Computing

Li, Min

01 January 2015

Cloud is becoming the most popular computing infrastructure because it can attract more and more traditional companies due to flexibility and cost-effectiveness. However, privacy concern is the major issue that prevents users from deploying on public clouds. My research focuses on protecting user's privacy in cloud computing. I will present a hardware-based and a migration-based approach to protect user's privacy. The root cause of the privacy problem is current cloud privilege design gives too much power to cloud providers. Once the control virtual machine (installed by cloud providers) is compromised, external adversaries will breach users’ privacy. Malicious cloud administrators are also possible to disclose user’s privacy by abusing the privilege of cloud providers. Thus, I develop two cloud architectures – MyCloud and MyCloud SEP to protect user’s privacy based on hardware virtualization technology. I eliminate the privilege of cloud providers by moving the control virtual machine (control VM) to the processor’s non-root mode and only keep the privacy protection and performance crucial components in the Trust Computing Base (TCB). In addition, the new cloud platform can provide rich functionalities on resource management and allocation without greatly increasing the TCB size. Besides the attacks to control VM, many external adversaries will compromise one guest VM or directly install a malicious guest VM, then target other legitimate guest VMs based on the connections. Thus, collocating with vulnerable virtual machines, or ”bad neighbors” on the same physical server introduces additional security risks. I develop a migration-based scenario that quantifies the security risk of each VM and generates virtual machine placement to minimize the security risks considering the connections among virtual machines. According to the experiment, our approach can improve the survivability of most VMs.

Cloud

Security

Computer and Systems Architecture

Academic knowledge and political practice : security studies and Israeli security

Maltman, Stuart

January 2016

This thesis examines the production and function of knowledge concerning security and Israeli security. A critical, post-positivist approach to analysing the constitution and practices connected to security knowledge is justified. From a broadly Foucaultian point of view, the thesis looks at the 'regime of truth' within which ideas of Israeli security concerning Palestinians are formulated. The connections between the Security Studies discipline, academic studies focusing on Israel's security, and the formulation of Israel's policy positions towards the Palestinians are examined. Overall, it is shown how the practices of a 'social scientific' Security Studies discipline engaged in producing 'useful' knowledge for state practitioners reinforces and legitimates official Israeli security discourse and practice based around a conception of a singular state-based identity seeking security, primarily through military-diplomatic means, against a recalcitrant and hostile enemy 'Other' in the Palestinians. This basic framework of security knowledge is traced through official Israeli security discourse and practice (the security dispositif) from 1988 to 2009, offering an in-depth analysis of the development and evolution of official security processes concerning the Palestinians. Adopting an explicitly critical ethos for reflexive research, the thesis disrupts and challenges official Israeli security dynamics, finding them to be repeatedly exacerbating conflictual relations. Through the deployment of the regime of truth, the repeated instantiation of the official Israeli security dispositif is shown to re-incite and re-confirm existing parameters of knowledge and knowledge production. The thesis therefore also provides a detailed and critical examination of the notion of a repetitive 'cycle of violence' at the heart of Israeli-Palestinian relations.

A framework for dynamic subversion

Rogers, David T.

06 1900

Approved for public release, distribution is unlimited / The subversion technique of attacking an operating system is often overlooked in information security. Operating Systems are vulnerable throughout their lifecycle in that small artifices can be inserted into an operating system's code that, on command, can completely disable its security mechanisms. To illustrate that this threat is viable, it is shown that it is not difficult for an attacker to implement the framework for the "two-card loader" type of subversion, a trap door which enables the insertion of arbitrary code into the operating system while the system is deployed and running. This framework provides several services such as memory allocation in the attacked system, and mechanisms for relocating, linking and loading the inserted attack code. Additionally, this thesis shows how Windows XP embedded designers can use Intel's x86 hardware more effectively to build a higher assurance operating system. Principles of hardware support are discussed and recommendations are presented. Subversion is overlooked because critics believe the attack is too difficult to carry out. It is illustrated in this thesis that this is simply not the case. Anyone with access to the operating system code at some point in its lifecycle can design a fairly elaborate subversion artifice with modest effort. / Ensign, United States Navy Reserve

Operating systems (Computers)

Computer security

A Comparison of Users' Personal Information Sharing Awareness, Habits, and Practices in Social Networking Sites and E-Learning Systems

Ball, Albert

01 January 2012

Although reports of identity theft continue to be widely published, users continue to post an increasing amount of personal information online, especially within social networking sites (SNS) and e-learning systems (ELS). Research has suggested that many users lack awareness of the threats that risky online personal information sharing poses to their personal information. However, even among users who claim to be aware of security threats to their personal information, actual awareness of these security threats is often found to be lacking. Although attempts to raise users' awareness about the risks of sharing their personal information have become more common, it is unclear if users are unaware of the risks, or are simply unwilling or unable to protect themselves. Research has also shown that users' habits may also have an influence on their practices. However, user behavior is complex, and the relationship between habit and practices is not clear. Habit theory has been validated across many disciplines, including psychology, genetics, and economics, with very limited attention in IS. Thus, the main goal of this study was to assess the influence of users' personal information sharing awareness (PISA) on their personal information sharing habits (PISH) and personal information sharing practices (PISP), as well as to compare the three constructs between SNS and ELS. Although habit has been studied significantly in other disciplines, a limited number of research studies have been conducted regarding IS usage and habit. Therefore, this study also investigated the influence of users' PISH on their PISP within the contexts of SNS and ELS. An empirical survey instrument was developed based on prior literature to collect and analyze data relevant to these three constructs. Path analysis was conducted on the data to determine the influence of users' PISA on their PISH and PISP, as well as the influence of users' PISH on their PISP. This study also utilized ANCOVA to determine if, and to what extent, any differences may exist between users' PISA, PISH, and PISP within SNS and ELS. The survey was deployed to the student body and faculty members at a small private university in the Southeast United States; a total of 390 responses was received. Prior to final data analysis, pre-analysis data screening was performed to ensure the validity and accuracy of the collected data. Cronbach's Alpha was performed on PISA, PISH, and PISP, with all three constructs demonstrating high reliability. PISH was found to be the most significant factor evaluated in this study, as users' habits were determined to have the strongest influence on their PISP within the contexts of SNS and ELS. The main contribution of this study was to advance the understanding of users' awareness of information security threats, their personal information sharing habits, and their personal information sharing practices. Information gained from this study may help organizations in the development of better approaches to the securing of users' personal information.

E-learning Systems

Information Security

Information Security Awareness

Information Security Habits

Information Security Practices

Social Networks

Computer Sciences