Advanced search options

Advanced Search Options 🞨

Browse by author name (“Author name starts with…”).

Find ETDs with:

in
/  
in
/  
in
/  
in

Written in Published in Earliest date Latest date

Sorted by

Results per page:

Sorted by: relevance · author · university · dateNew search

You searched for +publisher:"Penn State University" +contributor:("Patrick McDaniel, Thesis Advisor/Co-Advisor"). Showing records 1 – 3 of 3 total matches.

Search Limiters

Last 2 Years | English Only

No search limiters apply to these results.

▼ Search Limiters


Penn State University

1. Riegel, Meghan Carole. AN ANALYSIS OF THE MIRAI BOTNET AND ITS IMPACT ON THE FUTURE OF EMBEDDED SYSTEMS.

Degree: 2017, Penn State University

Though botnets have been a security problem for a long time, they have recently begun taking advantage of the security vulnerabilities present in connected devices often referred to as the Internet of Things. Mirai, a botnet malware which emerged in mid-2016, has been responsible for the largest DDoS attack on record, a 1.2 Tbps attack on Dyn, a DNS provider. In late 2016, the source code for Mirai was released on a hacker forum. The goal of this thesis is to investigate Mirai, which is responsible for the largest botnets ever seen. We discuss its full functionality, focusing on how it spreads by taking advantage of weak authentication on devices. We take a look at the malware’s strengths and weaknesses and how it may be - and probably currently is being - modified and improved. We collected real Mirai tra c in the wild and investigated how exactly it behaves so that we may distinguish between benign and malicious tra c. We find that Mirai tra c may be fingerprinted using deep-packet inspection and that it has evolved to attack more devices in the past several months. We then use these results to construct a picture of what the Mirai landscape currently looks like and where it is headed. Advisors/Committee Members: Patrick McDaniel, Thesis Advisor/Co-Advisor.

Subjects/Keywords: mirai; botnet; internet of things; malware; iot

Record DetailsSimilar RecordsGoogle PlusoneFacebookTwitterCiteULikeMendeleyreddit

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6th Edition):

Riegel, M. C. (2017). AN ANALYSIS OF THE MIRAI BOTNET AND ITS IMPACT ON THE FUTURE OF EMBEDDED SYSTEMS. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/14014mqr5228

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16th Edition):

Riegel, Meghan Carole. “AN ANALYSIS OF THE MIRAI BOTNET AND ITS IMPACT ON THE FUTURE OF EMBEDDED SYSTEMS.” 2017. Thesis, Penn State University. Accessed April 16, 2021. https://submit-etda.libraries.psu.edu/catalog/14014mqr5228.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7th Edition):

Riegel, Meghan Carole. “AN ANALYSIS OF THE MIRAI BOTNET AND ITS IMPACT ON THE FUTURE OF EMBEDDED SYSTEMS.” 2017. Web. 16 Apr 2021.

Vancouver:

Riegel MC. AN ANALYSIS OF THE MIRAI BOTNET AND ITS IMPACT ON THE FUTURE OF EMBEDDED SYSTEMS. [Internet] [Thesis]. Penn State University; 2017. [cited 2021 Apr 16]. Available from: https://submit-etda.libraries.psu.edu/catalog/14014mqr5228.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Riegel MC. AN ANALYSIS OF THE MIRAI BOTNET AND ITS IMPACT ON THE FUTURE OF EMBEDDED SYSTEMS. [Thesis]. Penn State University; 2017. Available from: https://submit-etda.libraries.psu.edu/catalog/14014mqr5228

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation


Penn State University

2. Kilmer, Eric David. Extending Vulnerability Discovery with Fuzzing and Symbolic Execution to Realistic Applications.

Degree: 2017, Penn State University

In 2016, DARPA held the Cyber Grand Challenge (CGC) using a special execution and evaluation environment to compare the results of different techniques in automated vulnerability discovery. However, this special execution environment simplifies many of the complexities seen in real binaries on a desktop Linux system. In this paper, we augment the top-scoring, open source, vulnerability discovery component from the CGC by providing additional functionality with respect to files, file systems, and library function summaries to more effectively operate on realistic Linux binaries. We begin by transforming the CGC challenge binaries to resemble more realistic Linux binaries by way of dynamically linked standard C library functions and compiling for a 64-bit system. We then look at examples of popular Linux applications to evaluate our solution. We find that support for files is important and the lack of function summaries for C library functions and system calls limits the effective use of symbolic execution in a real Linux environment as compared with the CGC. Advisors/Committee Members: Patrick McDaniel, Thesis Advisor/Co-Advisor.

Subjects/Keywords: Symbolic Execution; Vulnerability Discovery; Program Analysis; Fuzzing

Record DetailsSimilar RecordsGoogle PlusoneFacebookTwitterCiteULikeMendeleyreddit

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6th Edition):

Kilmer, E. D. (2017). Extending Vulnerability Discovery with Fuzzing and Symbolic Execution to Realistic Applications. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/14016eyk5120

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16th Edition):

Kilmer, Eric David. “Extending Vulnerability Discovery with Fuzzing and Symbolic Execution to Realistic Applications.” 2017. Thesis, Penn State University. Accessed April 16, 2021. https://submit-etda.libraries.psu.edu/catalog/14016eyk5120.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7th Edition):

Kilmer, Eric David. “Extending Vulnerability Discovery with Fuzzing and Symbolic Execution to Realistic Applications.” 2017. Web. 16 Apr 2021.

Vancouver:

Kilmer ED. Extending Vulnerability Discovery with Fuzzing and Symbolic Execution to Realistic Applications. [Internet] [Thesis]. Penn State University; 2017. [cited 2021 Apr 16]. Available from: https://submit-etda.libraries.psu.edu/catalog/14016eyk5120.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Kilmer ED. Extending Vulnerability Discovery with Fuzzing and Symbolic Execution to Realistic Applications. [Thesis]. Penn State University; 2017. Available from: https://submit-etda.libraries.psu.edu/catalog/14016eyk5120

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation


Penn State University

3. Krych, Daniel Erle. An Exposure of Android Social Media Applications and the Data ISPs Can Collect.

Degree: 2017, Penn State University

Social media applications play a key role in our day-to-day lives, using and handling sensitive/private data in their nature. Android applications continue to share data with third parties and transmit data unencrypted, leaking data directly and inadvertently. Internet Service Providers (ISPs) can legally collect and sell this leaked, sensitive user data to ad companies and third parties, and since ISPs available to users vary based on geolocation, users may be unable to avoid these providers. End user’s rely on privacy policies to understand how their data is used, but these have been largely absent, and those present lacked detail, especially in their security methods. Inconsistencies between app policies and their actions have been found through static code analysis and dynamic analysis, but studies lacked depth and/or the context of the application. Overall, we lack a detailed understanding of the state of these privacy and security issues within sensitive settings such as social media applications. We aim to expose Android social media applications, classifying and comparing each app’s unencrypted data transmitted with the disclosure in their privacy policy. We develop an analysis framework and isolated testbed environments, which use a variety of open-source tools, and enable accurate data collection. We use dynamic analysis to obtain the behaviors from traffic, and leverage the Platform for Privacy Preferences (P3P) Specification to bridge the connection between these behaviors and disclosure in the privacy policies, while considering the context of each application [1]. We find inconsistencies between applications behaviors and disclosure in their privacy policies. The majority of the applications in our dataset transmitted more than half of their traffic unencrypted. Few apps leaked a large portion of Personally Identifiable Information (PII)/sensitive data, and others used more encryption to protect user data, but none detailed security methods or specified which data was transmitted encrypted. In addition, we peer into application’s privacy policy revisions, the advertising/analytics libraries applications used, and business relationships held by application companies. We conclude that despite Android applications being on the market for over eight years, failure to protect sensitive user data and vague privacy policies are still prevalent. Advisors/Committee Members: Dr. Patrick McDaniel, Thesis Advisor/Co-Advisor, Dr. David Reitter, Committee Member, Dr. Mahmut Kandemir, Committee Member.

Subjects/Keywords: Android security; Android privacy; Dynamic analysis; Social media; Privacy policies; Dshell

Record DetailsSimilar RecordsGoogle PlusoneFacebookTwitterCiteULikeMendeleyreddit

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6th Edition):

Krych, D. E. (2017). An Exposure of Android Social Media Applications and the Data ISPs Can Collect. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/14730dek5156

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16th Edition):

Krych, Daniel Erle. “An Exposure of Android Social Media Applications and the Data ISPs Can Collect.” 2017. Thesis, Penn State University. Accessed April 16, 2021. https://submit-etda.libraries.psu.edu/catalog/14730dek5156.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7th Edition):

Krych, Daniel Erle. “An Exposure of Android Social Media Applications and the Data ISPs Can Collect.” 2017. Web. 16 Apr 2021.

Vancouver:

Krych DE. An Exposure of Android Social Media Applications and the Data ISPs Can Collect. [Internet] [Thesis]. Penn State University; 2017. [cited 2021 Apr 16]. Available from: https://submit-etda.libraries.psu.edu/catalog/14730dek5156.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Krych DE. An Exposure of Android Social Media Applications and the Data ISPs Can Collect. [Thesis]. Penn State University; 2017. Available from: https://submit-etda.libraries.psu.edu/catalog/14730dek5156

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

.