Automatic detection of software security vulnerabilities in executable program files

Tevis, Jay-Evan J. Hamilton, John A.

January 2005

Dissertation (Ph.D.)--Auburn University, 2005. / Abstract. Includes bibliographic references (p.134-148).

Secure distribution of open source information /

Rogers, Jason Lee.

January 2004

Thesis (M.S. in Computer Science)--Naval Postgraduate School, December 2004. / Thesis advisor(s): George Dinolt. Includes bibliographical references (p. 57-59). Also available online.

Flexible authorizations in workflow management systems

Lui, W. C.

January 2002

Thesis (M. Phil.)--University of Hong Kong, 2003. / Includes bibliographical references (leaves 162-168) Also available in print.

Správa sociálního zabezpečení a ochrana osobních údajů / Social security administration and personal data protection

Beneš, Jiří

January 2019

Social security administration and personal data protection The protection of personal data is one of the most discussed legal topics of contemporary legal science. However, the attention of both the professional and general public has so far been focused on the processing of personal data carried out by private law entities. On the contrary, the author focuses on a topic that has been overlooked, namely the processing of personal data performed by social security administration authorities. This thesis aims to answer the question whether the processing carried out by selected authorities of the social security administration follows the principle of lawfulness according to data protection regulations and the Regulation (GDPR). The key aspect of the author's answer is primarily to assess the compliance of the current legislation in the area of sickness and pension insurance and passive employment policy with the requirements of the Regulation (GDPR). In this work, the author first deals with the historical roots and birth of the legal regulation of personal data protection. Then, by comparing the legal regulations adopted within the Council of Europe, the European Union, and the Czech Republic, it analyses the applicable regulation of personal data protection. As the author points out in this work,...

Analyzing and Improving Security-Enhanced Communication Protocols

Weicheng Wang (17349748)

08 November 2023

<p dir="ltr">Security and privacy are one of the top concerns when experts select for communication protocols. When a protocol is confirmed with problems, such as leaking users’ privacy, the protocol developers will upgrade it to an advanced version to cover those concerns in a short interval, or the protocol will be discarded or replaced by other secured ones. </p><p dir="ltr">There are always communication protocols failing to protect users’ privacy or exposing users’ accounts under attack. A malicious user or an attacker can utilize the vulnerabilities in the protocol to gain private information, or even take control of the users’ devices. Hence, it is important to expose those protocols and improve them to enhance the security properties. Some protocols protect users’ privacy but in a less efficient way. Due to the new cryptography technique or the modern hardware support, the protocols can be improved with less overhead and enhanced security protection. </p><p dir="ltr">In this dissertation, we focus on analyzing and improving security-enhanced communication protocols in three aspects: </p><p dir="ltr">(1) We systematically analyzed an existing and widely used communication protocol: Zigbee. We identified the vulnerabilities of the existing Zigbee protocols during the new device joining process and proposed a security-enhanced Zigbee protocol. The new protocol utilized public-key primitives with little extra overhead with capabilities to protect against the outsourced attackers. The new protocol is formally verified and implemented with a prototype. </p><p dir="ltr">(2) We explored one type of communication detection system: Keyword-based deep packet inspection. The system has several protocols, such as BlindBox, PrivDPI, PE-DPI, mbTLS, and so on. We analyzed those protocols and identified their vulnerabilities or inefficiencies. To address those issues, we proposed three enhanced protocols: MT-DPI, BH-DPI, and CE-DPI which work readily with AES-based encryption schemes deployed and well-supported by AES-NI. Specifically, MT-DPI utilized multiplicative triples to support multi-party computation. </p><p dir="ltr">(3) We developed a technique to support Distributed confidential computing with the use of a trusted execution environment. We found that the existing confidential computing cannot handle multiple-stakeholder scenarios well and did not give reasonable control over derived data after computation. We analyzed six real use cases and pointed out what is missing in the existing solutions. To bridge the gap, we developed a language SeDS policy that was built on top of the trusted execution environment. It works well for specific privacy needs during the collaboration and gives protection over the derived data. We examined the language in the use cases and showed the benefits of applying the new policies.</p>

Data and information privacy

Data security and protection

security

privacy

communication protocol

Improving operating systems security: two case studies

Wei, Jinpeng

14 August 2009

Malicious attacks on computer systems attempt to obtain and maintain illicit control over the victim system. To obtain unauthorized access, they often exploit vulnerabilities in the victim system, and to maintain illicit control, they apply various hiding techniques to remain stealthy. In this dissertation, we discuss and present solutions for two classes of security problems: TOCTTOU (time-of-check-to-time-of-use) and K-Queue. TOCTTOU is a vulnerability that can be exploited to obtain unauthorized root access, and K-Queue is a hiding technique that can be used to maintain stealthy control of the victim kernel. The first security problem is TOCTTOU, a race condition in Unix-style file systems in which an attacker exploits a small timing gap between a file system call that checks a condition and a use kernel call that depends on the condition. Our contributions on TOCTTOU include: (1) A model that enumerates the complete set of potential TOCTTOU vulnerabilities; (2) A set of tools that detect TOCTTOU vulnerabilities in Linux applications such as vi, gedit, and rpm; (3) A theoretical as well as an experimental evaluation of security risks that shows that TOCTTOU vulnerabilities can no longer be considered "low risk" given the wide-scale deployment of multiprocessors; (4) An event-driven protection mechanism and its implementation that defend Linux applications against TOCTTOU attacks at low performance overhead. The second security problem addressed in this dissertation is kernel queue or K-Queue, which can be used by the attacker to achieve continual malicious function execution without persistently changing either kernel code or data, which prevents state-of-the-art kernel integrity monitors such as CFI and SBCFI from detecting them. Based on our successful defense against a concrete instance of K-Queue-driven attacks that use the soft timer mechanism, we design and implement a solution to the general class of K-Queue-driven attacks, including (1) a unified static analysis framework and toolset that can generate specifications of legitimate K-Queue requests and the checker code in an automated way; (2) a runtime reference monitor that validates K-Queue invariants and guards such invariants against tampering; and (3) a comprehensive experimental evaluation of our static analysis framework and K-Queue Checkers.

Control flow integrity

Security and protection

Reliability

File systems management

Towards securing networks of resource constrained devices a study of cryptographic primitives and key distribution schemes /

Chan, Kevin Sean.

January 2008

Thesis (Ph.D)--Electrical and Computer Engineering, Georgia Institute of Technology, 2009. / Committee Chair: Fekri, Faramarz; Committee Member: James McClellan; Committee Member: John Copeland; Committee Member: Steven McLaughlin; Committee Member: Yajun Mei. Part of the SMARTech Electronic Thesis and Dissertation Collection.

A dynamic, perimeter based, community-centric access control system

Chapman, Adam Scott. Burmester, Mike.

January 2006

Thesis (M.S.)--Florida State University, 2006. / Advisor: Mike Burmester, Florida State University, College of Arts and Sciences, Dept. of Computer Science. Title and description from dissertation home page (viewed June 15, 2006). Document formatted into pages; contains viii, 48 pages. Includes bibliographical references.

Institutionalized environments and information security management learning from Y2K /

Hassebroek, Pamela Burns.

January 2007

Thesis (Ph. D.)--Public Policy, Georgia Institute of Technology, 2008. / Rogers, Juan D., Committee Chair ; Klein, Hans K., Committee Member ; Bolter, Jay David, Committee Member ; Nelson-Palmer, Mike, Committee Member ; Kingsley, Gordon, Committee Member.

Biometric system security and privacy: data reconstruction and template protection

Mai, Guangcan

31 August 2018

Biometric systems are being increasingly used, from daily entertainment to critical applications such as security access and identity management. It is known that biometric systems should meet the stringent requirement of low error rate. In addition, for critical applications, the security and privacy issues of biometric systems are required to be concerned. Otherwise, severe consequence such as the unauthorized access (security) or the exposure of identity-related information (privacy) can be caused. Therefore, it is imperative to study the vulnerability to potential attacks and identify the corresponding risks. Furthermore, the countermeasures should also be devised and patched on the systems. In this thesis, we study the security and privacy issues in biometric systems. We first make an attempt to reconstruct raw biometric data from biometric templates and demonstrate the security and privacy issues caused by the data reconstruction. Then, we make two attempts to protect biometric templates from being reconstructed and improve the state-of-the-art biometric template protection techniques.