You searched for subject:(Computer Security)
.
Showing records 1 – 30 of
2827 total matches.
◁ [1] [2] [3] [4] [5] … [95] ▶

Rochester Institute of Technology
1.
Hirwani, Manish.
Forensic analysis of VMware hard disks.
Degree: 2011, Rochester Institute of Technology
URL: https://scholarworks.rit.edu/theses/624
► With the advancement in virtualization technology, virtual machines (VMs) are becoming a common and an integral part of datacenters. As the popularity and use of…
(more)
▼ With the advancement in virtualization technology, virtual machines (VMs) are becoming a common and an integral part of datacenters. As the popularity and use of VMs increases, incidents involving them are also on the rise. There is substantial research on using VMs and virtual appliances to aid forensic investigation, but research on collecting evidence from VMs following a forensic procedure is lacking.
This thesis studies a forensically sound way to acquire and analyze VM hard disks. It also discusses the development of a tool which assists in forensic analysis of snapshots of virtual hard disks that are used in VMs. This tool analyzes the changes made to a virtual disk by comparing snapshots created at various stages. Comparing the state of the files in the base snapshot which is believed to be clean with the snapshot which is suspected of being tampered with, forensics investigators are able to identify files that have been recently added, deleted, edited, or modified.
Advisors/Committee Members: Pan, Yin.
Subjects/Keywords: Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Hirwani, M. (2011). Forensic analysis of VMware hard disks. (Thesis). Rochester Institute of Technology. Retrieved from https://scholarworks.rit.edu/theses/624
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Hirwani, Manish. “Forensic analysis of VMware hard disks.” 2011. Thesis, Rochester Institute of Technology. Accessed March 01, 2021.
https://scholarworks.rit.edu/theses/624.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Hirwani, Manish. “Forensic analysis of VMware hard disks.” 2011. Web. 01 Mar 2021.
Vancouver:
Hirwani M. Forensic analysis of VMware hard disks. [Internet] [Thesis]. Rochester Institute of Technology; 2011. [cited 2021 Mar 01].
Available from: https://scholarworks.rit.edu/theses/624.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Hirwani M. Forensic analysis of VMware hard disks. [Thesis]. Rochester Institute of Technology; 2011. Available from: https://scholarworks.rit.edu/theses/624
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Oxford
2.
Sluganovic, Ivo.
Security of mixed reality systems : authenticating users, devices, and data.
Degree: PhD, 2018, University of Oxford
URL: http://ora.ox.ac.uk/objects/uuid:70779c14-9314-4323-903c-5a9291615fb3
;
https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.791630
► Mixed reality devices continuously scan their environment in order to naturally blend the virtual objects with the user's real-time view of their physical environment. Given…
(more)
▼ Mixed reality devices continuously scan their environment in order to naturally blend the virtual objects with the user's real-time view of their physical environment. Given the potential of these technologies to profoundly change how individuals interact with their environments, many of the largest technology companies are releasing their mixed reality systems and devoting significant resources towards achieving technological leadership in this field. However, due to the recency of the first commercially available mixed reality devices and their specific interaction channels, existing research has yet to provide practical proposals to achieve many of the core security objectives. Furthermore, given that these devices continuously analyze their environment using multiple front-facing cameras, when designing secure system it becomes necessary to reassess the commonly assumed threat models. In this thesis, we aim to bridge this gap by focusing on secure authentication on mixed reality headsets. Taking into account the stronger assumed adversary models and the interface capabilities of existing mixed reality devices, we propose methods for user and device authentication, as well as show how these devices can be used to secure one's interactions with legacy systems. Considering that mixed reality headsets are starting to support gaze tracking, in this thesis we propose, build a prototype and experimentally evaluate the use of reflexive eye movements as a biometric modality that is well suited as an authentication method on MR headsets. As an added benefit, the reflexiveness and predictability of one's eye movement responses makes it possible to incorporate the biometric measurements into challenge-response protocols. This allows the system to prevent replay attacks, one of the most common attack vectors on biometrics. Furthermore, given the many multi-user applications of mixed reality technologies that rely on direct communication between users' devices, in this thesis we research secure and usable methods to mixed reality headsets. We propose a practical pairing protocol, implement a system prototype using two commercially available mixed reality headsets and evaluate its security and usability. Finally, we show that front-facing cameras of mixed reality headsets can also serve as the means of securing legacy electronic systems. We therefore build and evaluate a prototype of a system that uses a trusted device with video capture and analysis capabilities to authenticate the data that the user inputs when using a potentially compromised local client to communicate with a remote server.
Subjects/Keywords: Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Sluganovic, I. (2018). Security of mixed reality systems : authenticating users, devices, and data. (Doctoral Dissertation). University of Oxford. Retrieved from http://ora.ox.ac.uk/objects/uuid:70779c14-9314-4323-903c-5a9291615fb3 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.791630
Chicago Manual of Style (16th Edition):
Sluganovic, Ivo. “Security of mixed reality systems : authenticating users, devices, and data.” 2018. Doctoral Dissertation, University of Oxford. Accessed March 01, 2021.
http://ora.ox.ac.uk/objects/uuid:70779c14-9314-4323-903c-5a9291615fb3 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.791630.
MLA Handbook (7th Edition):
Sluganovic, Ivo. “Security of mixed reality systems : authenticating users, devices, and data.” 2018. Web. 01 Mar 2021.
Vancouver:
Sluganovic I. Security of mixed reality systems : authenticating users, devices, and data. [Internet] [Doctoral dissertation]. University of Oxford; 2018. [cited 2021 Mar 01].
Available from: http://ora.ox.ac.uk/objects/uuid:70779c14-9314-4323-903c-5a9291615fb3 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.791630.
Council of Science Editors:
Sluganovic I. Security of mixed reality systems : authenticating users, devices, and data. [Doctoral Dissertation]. University of Oxford; 2018. Available from: http://ora.ox.ac.uk/objects/uuid:70779c14-9314-4323-903c-5a9291615fb3 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.791630
3.
Ghosh, Esha.
Integrity and Privacy in the Cloud: Efficient algorithms for
secure and privacy-preserving processing of outsourced data.
Degree: Department of Computer Science, 2018, Brown University
URL: https://repository.library.brown.edu/studio/item/bdr:792909/
► An integral component of the modern computing era is the ability to outsource data and computation to remote Cloud Service Providers or CSPs. The advent…
(more)
▼ An integral component of the modern computing era is
the ability to outsource data and computation to remote Cloud
Service Providers or CSPs. The advent of cloud services, however,
raises important challenges of in terms of integrity and privacy of
data and computation. As soon as users delegate computation to
cloud platforms (such as Microsoft Azure or Amazon AWS), concerns
related to integrity of the results arise. For example, have all
correct inputs been used in the computation? Were all the
computation steps applied in the correct order? Have the results
been delivered untampered? Moreover, in the face of an alarming
number of data breaches and massive surveillance programs around
the globe, the privacy of outsourced data is becoming more
important than ever. This thesis focuses on designing efficient
privacy-preserving and verifiable data processing queries for a
rich class of data structures along with prototype implementation
and experimental validation. In particular, we focus on the
following setting: how can a trusted data owner outsource her data
to an untrusted server, such that the server will not be able to
cheat while answering queries on the stored data. In other words,
we require the server to produce a cryptographic proof for each
answer it produces. Moreover, we require the proofs to be
privacy-preserving, i.e., they should not leak any information
about the data structure or the updates on it besides what can be
inferred from the answers. We also consider another dimension of
privacy for verifiable outsourced data-processing, namely,
encrypting the outsourced data. More concretely, we consider the
setting where the data structure is encrypted before outsourcing
using a customized encryption scheme that allows the server to
compute queries on the encrypted data. Furthermore, the client can
efficiently check if the server has correctly computed the answer.
In this thesis, we focus on range queries, closest point queries,
dictionary queries, set algebraic queries and reachability and
shortest path queries on general graphs.
Advisors/Committee Members: Tamassia, Roberto (Advisor), Lysyanskaya, Anna (Reader), Kamara, Seny (Reader).
Subjects/Keywords: Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Ghosh, E. (2018). Integrity and Privacy in the Cloud: Efficient algorithms for
secure and privacy-preserving processing of outsourced data. (Thesis). Brown University. Retrieved from https://repository.library.brown.edu/studio/item/bdr:792909/
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Ghosh, Esha. “Integrity and Privacy in the Cloud: Efficient algorithms for
secure and privacy-preserving processing of outsourced data.” 2018. Thesis, Brown University. Accessed March 01, 2021.
https://repository.library.brown.edu/studio/item/bdr:792909/.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Ghosh, Esha. “Integrity and Privacy in the Cloud: Efficient algorithms for
secure and privacy-preserving processing of outsourced data.” 2018. Web. 01 Mar 2021.
Vancouver:
Ghosh E. Integrity and Privacy in the Cloud: Efficient algorithms for
secure and privacy-preserving processing of outsourced data. [Internet] [Thesis]. Brown University; 2018. [cited 2021 Mar 01].
Available from: https://repository.library.brown.edu/studio/item/bdr:792909/.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Ghosh E. Integrity and Privacy in the Cloud: Efficient algorithms for
secure and privacy-preserving processing of outsourced data. [Thesis]. Brown University; 2018. Available from: https://repository.library.brown.edu/studio/item/bdr:792909/
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
4.
Smith, Robert Walter.
Evolutionary Strategies for Secure Moving Target Configuration Discovery.
Degree: 2014, Wake Forest University
URL: http://hdl.handle.net/10339/39267
► Defense against many cyber security threats can be implemented with existing software on the machine, without requiring patches for current programs or the installation of…
(more)
▼ Defense against many cyber security threats can be implemented with existing software on the machine, without requiring patches for current programs or the installation of specialized security software. There are certain operating system or program parameters which, if set properly, can close security vulnerabilities. Learning a way to securely configure computers to prevent attacks potentially allows organizations to defend their machines with a relatively low cost.
Subjects/Keywords: Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Smith, R. W. (2014). Evolutionary Strategies for Secure Moving Target Configuration Discovery. (Thesis). Wake Forest University. Retrieved from http://hdl.handle.net/10339/39267
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Smith, Robert Walter. “Evolutionary Strategies for Secure Moving Target Configuration Discovery.” 2014. Thesis, Wake Forest University. Accessed March 01, 2021.
http://hdl.handle.net/10339/39267.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Smith, Robert Walter. “Evolutionary Strategies for Secure Moving Target Configuration Discovery.” 2014. Web. 01 Mar 2021.
Vancouver:
Smith RW. Evolutionary Strategies for Secure Moving Target Configuration Discovery. [Internet] [Thesis]. Wake Forest University; 2014. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10339/39267.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Smith RW. Evolutionary Strategies for Secure Moving Target Configuration Discovery. [Thesis]. Wake Forest University; 2014. Available from: http://hdl.handle.net/10339/39267
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Oregon State University
5.
Nandakumar Thampi, Archana.
Efficient, secure and covert channel capacity bounded protocols for multilevel security cross-domain environments - an experimental system.
Degree: MS, Computer Science, 2014, Oregon State University
URL: http://hdl.handle.net/1957/51895
► The communication in MLS cross-domain environments faces many challenges. The three most important challenges are efficient key management, privacy preserving and covert channel. We propose…
(more)
▼ The communication in MLS cross-domain environments faces many challenges. The three most important challenges are efficient key management, privacy preserving and covert channel. We propose an Efficient, Secure and Covert Channel Capacity Bounded Protocol which has three algorithms that addresses these challenges: The Efficient Attribute-based Fine-Grained Authentication (EAFA) algorithm, Anonymous Authentication (A2) algorithm and Limiting Covert Channel Capacity (LC3) algorithm. We implemented a prototype of the ESC3B protocol and measured the performance and efficiency of the system.
Advisors/Committee Members: Nguyen, Thinh P. (advisor), Bose, Bella (committee member).
Subjects/Keywords: Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Nandakumar Thampi, A. (2014). Efficient, secure and covert channel capacity bounded protocols for multilevel security cross-domain environments - an experimental system. (Masters Thesis). Oregon State University. Retrieved from http://hdl.handle.net/1957/51895
Chicago Manual of Style (16th Edition):
Nandakumar Thampi, Archana. “Efficient, secure and covert channel capacity bounded protocols for multilevel security cross-domain environments - an experimental system.” 2014. Masters Thesis, Oregon State University. Accessed March 01, 2021.
http://hdl.handle.net/1957/51895.
MLA Handbook (7th Edition):
Nandakumar Thampi, Archana. “Efficient, secure and covert channel capacity bounded protocols for multilevel security cross-domain environments - an experimental system.” 2014. Web. 01 Mar 2021.
Vancouver:
Nandakumar Thampi A. Efficient, secure and covert channel capacity bounded protocols for multilevel security cross-domain environments - an experimental system. [Internet] [Masters thesis]. Oregon State University; 2014. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/1957/51895.
Council of Science Editors:
Nandakumar Thampi A. Efficient, secure and covert channel capacity bounded protocols for multilevel security cross-domain environments - an experimental system. [Masters Thesis]. Oregon State University; 2014. Available from: http://hdl.handle.net/1957/51895
6.
Gasior, Wade Chester.
Network covert channels on the Android platform.
Degree: 2011, University of Tennessee – Chattanooga
URL: https://scholar.utc.edu/theses/270
► Network covert channels are used to exfiltrate information from a secured environment in a way that is extremely difficult to detect or prevent. These secret…
(more)
▼ Network covert channels
are used
to
exfiltrate
information from a secured
environment
in
a way that is extremely difficult to detect or prevent.
These secret channels have been identified
as an important
security threat to governments and the private sector, and several research efforts
have focused on the design, detection, and prevention of such channels in enterprise-type
environments.
Mobile devices have become a ubiquitous computing platform, and are storing or have
access to an increasingly large amount of sensitive information.
As such, these devices have
become prime targets of attackers
who desire access to this information.
In this work,
we
explore the implementation of network covert channels on the Google
Android mobile platform.
Our work
shows that covert communication channels can be
successfully implemented on the Android platform to allow data to be leaked from these devices
in a manner
that hides the fact that subversive
communication is taking place.
Advisors/Committee Members: Yang, Li, Sartipi, Mina, Kizza, Joseph, College of Engineering and Computer Science.
Subjects/Keywords: Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Gasior, W. C. (2011). Network covert channels on the Android platform. (Masters Thesis). University of Tennessee – Chattanooga. Retrieved from https://scholar.utc.edu/theses/270
Chicago Manual of Style (16th Edition):
Gasior, Wade Chester. “Network covert channels on the Android platform.” 2011. Masters Thesis, University of Tennessee – Chattanooga. Accessed March 01, 2021.
https://scholar.utc.edu/theses/270.
MLA Handbook (7th Edition):
Gasior, Wade Chester. “Network covert channels on the Android platform.” 2011. Web. 01 Mar 2021.
Vancouver:
Gasior WC. Network covert channels on the Android platform. [Internet] [Masters thesis]. University of Tennessee – Chattanooga; 2011. [cited 2021 Mar 01].
Available from: https://scholar.utc.edu/theses/270.
Council of Science Editors:
Gasior WC. Network covert channels on the Android platform. [Masters Thesis]. University of Tennessee – Chattanooga; 2011. Available from: https://scholar.utc.edu/theses/270

Rutgers University
7.
Alapati, Kalyan Koushik, 1993-.
Group-oriented secret sharing using Shamir's algorithm.
Degree: MS, Computer Science, 2018, Rutgers University
URL: https://rucore.libraries.rutgers.edu/rutgers-lib/55941/
► In the current state of highly distributed and hybrid-cloud systems environment, managing and securing enterprise or government systems/data requires effective access control techniques and protocols.…
(more)
▼ In the current state of highly distributed and hybrid-cloud systems environment, managing and securing enterprise or government systems/data requires effective access control techniques and protocols. Currently, individual and independent logins using single or multi-factor passwords are widely used across the industry, but they are highly vulnerable to hacking, phishing and various password stealth techniques. For securing highly sensitive IT assets, comprehensive data management and governance programs include group-oriented login or authorization procedures, wherein a group of individuals or processes (as opposed to a single individual) provide their credentials/passwords or keys to gain access to the sensitive resource. To implement the group-oriented login, a widely acclaimed cryptographic technique, Secret Sharing, offers an elegant and secure solution. In this technique, the secret (password) is divided into multiple shares in such a way that a threshold number of shares are essential to reconstruct the secret (password). Shamir’s Secret Sharing uses this cryptographic technique, and the Secret Share splitting and reconstruction are based on a polynomial over a finite field. The goal of this thesis is to study and evaluate this technique with reference to threshold based group-login by various examples.
Advisors/Committee Members: Birget, Jean C (chair).
Subjects/Keywords: Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Alapati, Kalyan Koushik, 1. (2018). Group-oriented secret sharing using Shamir's algorithm. (Masters Thesis). Rutgers University. Retrieved from https://rucore.libraries.rutgers.edu/rutgers-lib/55941/
Chicago Manual of Style (16th Edition):
Alapati, Kalyan Koushik, 1993-. “Group-oriented secret sharing using Shamir's algorithm.” 2018. Masters Thesis, Rutgers University. Accessed March 01, 2021.
https://rucore.libraries.rutgers.edu/rutgers-lib/55941/.
MLA Handbook (7th Edition):
Alapati, Kalyan Koushik, 1993-. “Group-oriented secret sharing using Shamir's algorithm.” 2018. Web. 01 Mar 2021.
Vancouver:
Alapati, Kalyan Koushik 1. Group-oriented secret sharing using Shamir's algorithm. [Internet] [Masters thesis]. Rutgers University; 2018. [cited 2021 Mar 01].
Available from: https://rucore.libraries.rutgers.edu/rutgers-lib/55941/.
Council of Science Editors:
Alapati, Kalyan Koushik 1. Group-oriented secret sharing using Shamir's algorithm. [Masters Thesis]. Rutgers University; 2018. Available from: https://rucore.libraries.rutgers.edu/rutgers-lib/55941/

Penn State University
8.
Ren, Chuangang.
A Study of Selected Issues in Android Security.
Degree: 2016, Penn State University
URL: https://submit-etda.libraries.psu.edu/catalog/b5644r534
► Mobile devices such as smartphones have become an integral part of society today, shaping people’s daily life, changing the landscape of how business operate and…
(more)
▼ Mobile devices such as smartphones have become an integral part of society today, shaping people’s daily life, changing the landscape of how business operate and how industries are powered today. However, the unprecedented popularity of mobile devices introduces a concerning side effect, an dramatically increasing number of
security threats is posing serious risks to the
security of mobile systems and the applications. Notably, one of the most successful mobile systems, Android, has exposed a plethora of vulnerabilities which are actively exploited by a large number of potentially harmful apps (malware, adwares, risk-wares, etc.), most of which are distributed in under-scrutinized third-party Android markets.
Mitigating the
security threats to Android is non-trivial. There has been considerable efforts in securing Android to achieve the following two complimentary goals: (1) Market-scale detection and identification of problematic apps in an efficient manner, and (2) discovery, analysis of the Android system vulnerabilities, and defense measures against the enabled attacks.
In this dissertation, we propose techniques and approaches to solve specific problems in the above two aspects respectively, providing the step stones towards finally achieving these two goals. Specifically, we first present a novel software watermarking scheme, namely Droidmarking, that can efficiently and effectively impede the prevalent software plagiarism (a.k.a app repackaging) problem in the Android markets. Second, we systematically study and propose a new prevalent Android system vulnerability, which, once exploited by an attacker, can lead to serious
security breaches of integrity, confidentiality and availability of the graphic user interface (GUI) on an Android device. Finally, we devise a comprehensive and practical solution to protect the GUI sub-system in Android. The defense is able to defeat all know GUI attacks while preserving the original user experience of Android. We plan to further explore Android system and app
security towards a more secure ecosystem for Android.
Advisors/Committee Members: Sencun Zhu, Dissertation Advisor/Co-Advisor, Peng Liu, Committee Chair/Co-Chair, Sencun Zhu, Committee Member, Wang-Chien Lee, Committee Member, Minghui Zhu, Outside Member.
Subjects/Keywords: Android; Computer Security; Android Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Ren, C. (2016). A Study of Selected Issues in Android Security. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/b5644r534
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Ren, Chuangang. “A Study of Selected Issues in Android Security.” 2016. Thesis, Penn State University. Accessed March 01, 2021.
https://submit-etda.libraries.psu.edu/catalog/b5644r534.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Ren, Chuangang. “A Study of Selected Issues in Android Security.” 2016. Web. 01 Mar 2021.
Vancouver:
Ren C. A Study of Selected Issues in Android Security. [Internet] [Thesis]. Penn State University; 2016. [cited 2021 Mar 01].
Available from: https://submit-etda.libraries.psu.edu/catalog/b5644r534.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Ren C. A Study of Selected Issues in Android Security. [Thesis]. Penn State University; 2016. Available from: https://submit-etda.libraries.psu.edu/catalog/b5644r534
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Johannesburg
9.
Van der Merwe, Isak Pieter.
Rolprofiele vir die bestuur van inligtingsekerheid.
Degree: 2014, University of Johannesburg
URL: http://hdl.handle.net/10210/12066
► M.Com. (Informatics)
The aim of this study is to introduce a model that can be used to manage the security profiles by using a role…
(more)
▼ M.Com. (Informatics)
The aim of this study is to introduce a model that can be used to manage the security profiles by using a role oriented approach. In chapter 1 the addressed problem and the aim of the study, are introduced. In chapter 2 the different approaches used in the management of security profiles and the security profiles in Computer Associates's TOP SECRET and IBM's RACF, are discussed, In chapter 3 the Model for Role Profiles (MoRP) is introduced and discussed. Chapter 4 consists of a consideration of the possible problems of MoRP and an extension of MoRP is discussed.' The extended model is called ExMoRP. Chapter 5 consists of an analysis of the Path Context Model (pCM) for security and the principles of the PCM are added to ExMoRP to enhance security. In chapter 6 ExMoRP, with the principles of the PCM, are applied on a case study: In chapter 7 a methodology for the implementation of ExMoRP in an environment, is introduced. In chapter 8 it is shown how the principles of ExMoRP can be applied in UNIX, In chapter 9 it is shown how the principles of ExMoRP can be applied in Windows NT. In chapter 10 it is shown how the principles of ExMoRP can be applied in ORACLE. Chapter 11 consists of a review of the management of security and the present trends.
Subjects/Keywords: Database security; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Van der Merwe, I. P. (2014). Rolprofiele vir die bestuur van inligtingsekerheid. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/12066
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Van der Merwe, Isak Pieter. “Rolprofiele vir die bestuur van inligtingsekerheid.” 2014. Thesis, University of Johannesburg. Accessed March 01, 2021.
http://hdl.handle.net/10210/12066.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Van der Merwe, Isak Pieter. “Rolprofiele vir die bestuur van inligtingsekerheid.” 2014. Web. 01 Mar 2021.
Vancouver:
Van der Merwe IP. Rolprofiele vir die bestuur van inligtingsekerheid. [Internet] [Thesis]. University of Johannesburg; 2014. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10210/12066.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Van der Merwe IP. Rolprofiele vir die bestuur van inligtingsekerheid. [Thesis]. University of Johannesburg; 2014. Available from: http://hdl.handle.net/10210/12066
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Johannesburg
10.
Tolnai, Annette.
ISAP - an information security awareness portal.
Degree: 2010, University of Johannesburg
URL: http://hdl.handle.net/10210/3283
► M.Sc.
The exponential growth of the Internet contributes to risks and threats which materialize without our knowledge. The more computer and Internet use becomes a…
(more)
▼ M.Sc.
The exponential growth of the Internet contributes to risks and threats which materialize without our knowledge. The more computer and Internet use becomes a part of our daily lives, the more we expose ourselves and our personal information on the World Wide Web and hence, the more opportunities arise for fraudsters to get hold of this information. Internet use can be associated with Internet banking, online shopping, online transactions, Internet Relay Chat, newsgroups, search engines, online blogs and e-mail. The source behind online activities carried on over the Internet may be different from what we are led to believe. Communication lines may be intercepted, compromising sensitive information of the user. It is a risk to make digital payments and reveal sensitive information about ourselves to an unknown source. If the risk materializes, it may result in undesired circumstances. Using the Internet securely should be a prerequisite to every user before conducting online transactions and activities over the World Wide Web. Owing to the versatility and ease of the electronic medium, electronic databases and vast amounts of sensitive information are readily accumulated. This is cause for concern regarding the main issues, namely privacy, identity theft and monetary fraud. Major countermeasures to mitigate the main forms of security and Internet-related issues are awareness of these risks and how they may materialize as well as relevant protection mechanisms. A discussion about why the Internet is a popular medium for criminal behaviour, what risks are involved, what can be done about them and some technical as well as non-technical preventative measures are covered in this dissertation. The purpose of this dissertation is to create an overall awareness of Internet banking and the process of Internet transactions. The end result is the development of an information security awareness portal (ISAP) aimed at the general public and potential Internet users who may be subject to identity and credit fraud. The aim of the ISAP is to sensitize users and minimize the growing numbers of individuals who are victimized through online crimes. Individuals using the Internet need to be aware of privacy concerns governing the Internet and how searchers are able to find out almost anything about them. The false sense of security and anonymity we as users think we have when innocently connecting to the World Wide Web outlines threats lurking in the background where we would never imagine. By the time you are finished reading this dissertation, it may put you off transacting and revealing sensitive information about yourself online ever again.
Subjects/Keywords: Computer security; Internet security measures
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Tolnai, A. (2010). ISAP - an information security awareness portal. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/3283
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Tolnai, Annette. “ISAP - an information security awareness portal.” 2010. Thesis, University of Johannesburg. Accessed March 01, 2021.
http://hdl.handle.net/10210/3283.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Tolnai, Annette. “ISAP - an information security awareness portal.” 2010. Web. 01 Mar 2021.
Vancouver:
Tolnai A. ISAP - an information security awareness portal. [Internet] [Thesis]. University of Johannesburg; 2010. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10210/3283.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Tolnai A. ISAP - an information security awareness portal. [Thesis]. University of Johannesburg; 2010. Available from: http://hdl.handle.net/10210/3283
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Colorado
11.
Dixon, Bryan Charles.
Exploring Low Profile Techniques for Malicious Code Detection on Smartphones.
Degree: PhD, Computer Science, 2013, University of Colorado
URL: https://scholar.colorado.edu/csci_gradetds/69
► In recent years there has been a growing number of viruses, rootkits, and malware designed to gain access to system resources and information stored…
(more)
▼ In recent years there has been a growing number of viruses, rootkits, and malware designed to gain access to system resources and information stored on smartphones. Most current approaches for detecting this malicious code have detrimental impacts on the user in terms of reduced functionality, slower network speeds, or loss of battery life. This work presents a number of approaches that have a minimal impact on the user but offer successful detection of potential malicious code on the smartphone. We do this primarily by focusing on anomalous power use as a method for detecting the presence of malicious code. This work also introduces ways to fine-tune the process by establishing a normal profile of power usage for each user, which increases the rate of malware detection.
Advisors/Committee Members: Shivakant Mishra, Richard Han, Qin Lv, John Black, Eric Keller.
Subjects/Keywords: Mobile Security; Security; Computer Sciences; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Dixon, B. C. (2013). Exploring Low Profile Techniques for Malicious Code Detection on Smartphones. (Doctoral Dissertation). University of Colorado. Retrieved from https://scholar.colorado.edu/csci_gradetds/69
Chicago Manual of Style (16th Edition):
Dixon, Bryan Charles. “Exploring Low Profile Techniques for Malicious Code Detection on Smartphones.” 2013. Doctoral Dissertation, University of Colorado. Accessed March 01, 2021.
https://scholar.colorado.edu/csci_gradetds/69.
MLA Handbook (7th Edition):
Dixon, Bryan Charles. “Exploring Low Profile Techniques for Malicious Code Detection on Smartphones.” 2013. Web. 01 Mar 2021.
Vancouver:
Dixon BC. Exploring Low Profile Techniques for Malicious Code Detection on Smartphones. [Internet] [Doctoral dissertation]. University of Colorado; 2013. [cited 2021 Mar 01].
Available from: https://scholar.colorado.edu/csci_gradetds/69.
Council of Science Editors:
Dixon BC. Exploring Low Profile Techniques for Malicious Code Detection on Smartphones. [Doctoral Dissertation]. University of Colorado; 2013. Available from: https://scholar.colorado.edu/csci_gradetds/69

University of Johannesburg
12.
Tolnai, Annette.
A security model for a virtualized information environment.
Degree: 2012, University of Johannesburg
URL: http://hdl.handle.net/10210/5821
► D.Phil.
Virtualization is a new infrastructure platform whose trend is sweeping through IT like a blaze. Improving the IT industry by higher utilization from hardware,…
(more)
▼ D.Phil.
Virtualization is a new infrastructure platform whose trend is sweeping through IT like a blaze. Improving the IT industry by higher utilization from hardware, better responsiveness to changing business conditions and lower cost operations is a must have in the new generation of virtualization solutions. Virtualization is not just one more entry in the long line of “revolutionary” products that have hit the technology marketplace. Many parts of the technology ecosystem will be affected as the paradigm shifts from the old one-to-one correspondence between software and hardware to the new approach of software operating on any hardware that happens to be most suitable to use at the time. This brings along with it security concerns, which need to be addressed. Security evolving in and around the virtualized system will become more pertinent the more virtualization is employed into everyday IT technology and use. In this thesis, a security model for virtualization will be developed and presented. This model will cover the different facets needed to address virtualization security.
Subjects/Keywords: Virtual computer systems - Security measures; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Tolnai, A. (2012). A security model for a virtualized information environment. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/5821
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Tolnai, Annette. “A security model for a virtualized information environment.” 2012. Thesis, University of Johannesburg. Accessed March 01, 2021.
http://hdl.handle.net/10210/5821.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Tolnai, Annette. “A security model for a virtualized information environment.” 2012. Web. 01 Mar 2021.
Vancouver:
Tolnai A. A security model for a virtualized information environment. [Internet] [Thesis]. University of Johannesburg; 2012. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10210/5821.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Tolnai A. A security model for a virtualized information environment. [Thesis]. University of Johannesburg; 2012. Available from: http://hdl.handle.net/10210/5821
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Johannesburg
13.
Muchenje, Tonderai.
An analysis of the impact of emerging technology on organisations’ internal controls.
Degree: 2013, University of Johannesburg
URL: http://hdl.handle.net/10210/8597
► M.Comm. (Computer Auditing)
This study presents an evaluation of emerging information communication technology (ICT) solutions to the security internal control systems in South African organisations.…
(more)
▼ M.Comm. (Computer Auditing)
This study presents an evaluation of emerging information communication technology (ICT) solutions to the security internal control systems in South African organisations. Information systems have enabled companies to communicate more efficiently, gain competitive advantage and get a larger market share. These information systems therefore need to be protected securely as they are the vehicles and containers for critical information assets in decision-making processes. Therefore, this research study seeks to provide an overview of the emerging ICT solutions used to conduct business transactions, and share and communicate information. It identifies and analyses the new security risk associated with the emerging technology, and, finally, outlines the ICT security frameworks that can be used to identify, assess and evaluate organisations‟ security internal controls.
Subjects/Keywords: Computer auditing; Information security; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Muchenje, T. (2013). An analysis of the impact of emerging technology on organisations’ internal controls. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/8597
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Muchenje, Tonderai. “An analysis of the impact of emerging technology on organisations’ internal controls.” 2013. Thesis, University of Johannesburg. Accessed March 01, 2021.
http://hdl.handle.net/10210/8597.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Muchenje, Tonderai. “An analysis of the impact of emerging technology on organisations’ internal controls.” 2013. Web. 01 Mar 2021.
Vancouver:
Muchenje T. An analysis of the impact of emerging technology on organisations’ internal controls. [Internet] [Thesis]. University of Johannesburg; 2013. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10210/8597.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Muchenje T. An analysis of the impact of emerging technology on organisations’ internal controls. [Thesis]. University of Johannesburg; 2013. Available from: http://hdl.handle.net/10210/8597
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Nelson Mandela Metropolitan University
14.
Reid, Rayne.
Guidelines for cybersecurity education campaigns.
Degree: 2017, Nelson Mandela Metropolitan University
URL: http://hdl.handle.net/10948/14091
► In our technology- and information-infused world, cyberspace is an integral part of modern-day society. As the number of active cyberspace users increases, so too does…
(more)
▼ In our technology- and information-infused world, cyberspace is an integral part of modern-day society. As the number of active cyberspace users increases, so too does the chances of a cyber threat finding a vulnerable target increase. All cyber users who are exposed to cyber risks need to be educated about cyber security. Human beings play a key role in the implementation and governing of an entire cybersecurity and cybersafety solution. The effectiveness of any cybersecurity and cybersafety solutions in a societal or individual context is dependent on the human beings involved in the process. If these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in these cybersecurity solutions. It is essential that all users be educated to combat any threats. Children are a particularly vulnerable subgroup within society. They are digital natives and make use of ICT, and online services with increasing frequency, but this does not mean they are knowledgeable about or behaving securely in their cyber activities. Children will be exposed to cyberspace throughout their lifetimes. Therefore, cybersecurity and cybersafety should be taught to children as a life-skill. There is a lack of well-known, comprehensive cybersecurity and cybersafety educational campaigns which target school children. Most existing information security and cybersecurity education campaigns limit their scope. Literature reports mainly on education campaigns focused on primary businesses, government agencies and tertiary education institutions. Additionally, most guidance for the design and implementation of security and safety campaigns: are for an organisational context, only target organisational users, and mostly provide high-level design recommendations. This thesis addressed the lack of guidance for designing and implementing cybersecurity and cybersafety educational campaigns suited to school learners as a target audience. The thesis aimed to offer guidance for designing and implementing education campaigns that educate school learners about cybersecurity and cybersafety. This was done through the implementation of an action research process over a five-year period. The action research process involved cybersecurity and cybersafety educational interventions at multiple schools. A total of 18 actionable guidelines were derived from this research to guide the design and implementation of cybersecurity and cybersafety education campaigns which aim to educate school children.
Subjects/Keywords: Computer security; Computer networks – Security measures
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Reid, R. (2017). Guidelines for cybersecurity education campaigns. (Thesis). Nelson Mandela Metropolitan University. Retrieved from http://hdl.handle.net/10948/14091
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Reid, Rayne. “Guidelines for cybersecurity education campaigns.” 2017. Thesis, Nelson Mandela Metropolitan University. Accessed March 01, 2021.
http://hdl.handle.net/10948/14091.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Reid, Rayne. “Guidelines for cybersecurity education campaigns.” 2017. Web. 01 Mar 2021.
Vancouver:
Reid R. Guidelines for cybersecurity education campaigns. [Internet] [Thesis]. Nelson Mandela Metropolitan University; 2017. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10948/14091.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Reid R. Guidelines for cybersecurity education campaigns. [Thesis]. Nelson Mandela Metropolitan University; 2017. Available from: http://hdl.handle.net/10948/14091
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Linköping University
15.
Hellström, Jesper.
A Lightweight Secure Development Process for Developers.
Degree: Software and Systems, 2019, Linköping University
URL: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-158219
► Following a secure development process when developing software can greatly increase the security of the software. Several secure development processes have been developed and…
(more)
▼ Following a secure development process when developing software can greatly increase the security of the software. Several secure development processes have been developed and are available for companies and organizations to adopt. However, the processes can be expensive and complex to adopt in terms of expertise, education, time, and other resources.In this thesis, a software service, developed by a small IT-consulting company, was tested with security tools and manual code review to find security vulnerabilities. These vulnerabilities showed that there was room for security improvement in the software development life cycle. Therefore, a lightweight secure development process that can be used by developers, is proposed. The secure development process called Lightweight Developer-Oriented Security Process (LDOSP) is based on activities from other secure development processes and the choice of these activities were based on interviews with representatives of the IT-consulting company. The interviews showed that the process would need to be lightweight, time- and cost-efficient, and possible to be performed by a developer without extensive security experience. LDOSP contains 11 activities spread across different phases of the software development life cycle and an exemplification of the process was made to simplify the adoption of LDOSP.
Subjects/Keywords: computer security; security; Computer Sciences; Datavetenskap (datalogi)
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Hellström, J. (2019). A Lightweight Secure Development Process for Developers. (Thesis). Linköping University. Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-158219
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Hellström, Jesper. “A Lightweight Secure Development Process for Developers.” 2019. Thesis, Linköping University. Accessed March 01, 2021.
http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-158219.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Hellström, Jesper. “A Lightweight Secure Development Process for Developers.” 2019. Web. 01 Mar 2021.
Vancouver:
Hellström J. A Lightweight Secure Development Process for Developers. [Internet] [Thesis]. Linköping University; 2019. [cited 2021 Mar 01].
Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-158219.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Hellström J. A Lightweight Secure Development Process for Developers. [Thesis]. Linköping University; 2019. Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-158219
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Drexel University
16.
Heverin, Thomas.
Information Behaviors and Cognitive Modes Used for Cyber Situation Assessment.
Degree: 2014, Drexel University
URL: http://hdl.handle.net/1860/idea:7034
► The purpose of this dissertation research was to examine the information behaviors and cognitive modes used by expert cyber defenders when completing cyber situation assessment…
(more)
▼ The purpose of this dissertation research was to examine the information behaviors and cognitive modes used by expert cyber defenders when completing cyber situation assessment tasks (SA-tasks) of different complexities. Theoretical propositions from Library and Information Science (LIS) task-complexity research and the Cognitive Continuum Theory (CCT) informed the theoretical framework. LIS task-complexity research predicts that increased task complexity results in numerous changes in information-source and information-type use. The CCT predicts that increased task complexity results in a shift from analytical to intuitive cognition. A multiple-case studies design was selected as the research approach. The Critical Decision Method served as the basis for semi-structured, retrospective interviews conducted with 21 expert cyber defenders from small defense companies. The data analysis techniques included directed content analysis, pattern matching, and statistical analysis (the Freeman-Halton extension of Fisher's Exact test). The main findings of this study are as cyber SA-task complexity increased, the expert cyber defenders sought more technical information, used more external sources, including external experts, and based their information behaviors on intuitive cognition. These findings support several of the theoretical predictions from LIS task-complexity research and the CCT. The findings are important because they show that the expert cyber defenders base their information behaviors on years of experience in the cyber defense domain and on years of experience in designing their own companies' security postures. Each company has its own security posture as well as its own level of acceptance of risk. Therefore, cyber situation assessment tools need a design that can be tailored for each company. Additionally, methods are needed to elicit the intuitive processes used by expert cyber defenders in order to train novice cyber defenders as well as other expert cyber professionals taking over the experts' localized cyber defense roles.
Ph.D., Computer Science – Drexel University, 2014
Advisors/Committee Members: Zach, Lisl, Unsworth, Kristene, College of Computing and Informatics.
Subjects/Keywords: Computer science; Internet – Security measures; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Heverin, T. (2014). Information Behaviors and Cognitive Modes Used for Cyber Situation Assessment. (Thesis). Drexel University. Retrieved from http://hdl.handle.net/1860/idea:7034
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Heverin, Thomas. “Information Behaviors and Cognitive Modes Used for Cyber Situation Assessment.” 2014. Thesis, Drexel University. Accessed March 01, 2021.
http://hdl.handle.net/1860/idea:7034.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Heverin, Thomas. “Information Behaviors and Cognitive Modes Used for Cyber Situation Assessment.” 2014. Web. 01 Mar 2021.
Vancouver:
Heverin T. Information Behaviors and Cognitive Modes Used for Cyber Situation Assessment. [Internet] [Thesis]. Drexel University; 2014. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/1860/idea:7034.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Heverin T. Information Behaviors and Cognitive Modes Used for Cyber Situation Assessment. [Thesis]. Drexel University; 2014. Available from: http://hdl.handle.net/1860/idea:7034
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Hong Kong University of Science and Technology
17.
Bismut, Raphael Samuel Victor ISD.
User-centred cybersecurity training exercise on a specialised gamified simulation platform.
Degree: 2019, Hong Kong University of Science and Technology
URL: http://repository.ust.hk/ir/Record/1783.1-102266
;
https://doi.org/10.14711/thesis-991012765869803412
;
http://repository.ust.hk/ir/bitstream/1783.1-102266/1/th_redirect.html
► The South Rajuan scenario is an educative cybersecurity simulation scenario aimed at people with technological background, such as IT or software development. Its goal is…
(more)
▼ The South Rajuan scenario is an educative cybersecurity simulation scenario aimed at people with technological background, such as IT or software development. Its goal is to help the user test their knowledge in hacking by making them perform actions such as SQL injection, local file inclusion, and data tampering. The virtual goal of the scenario is to hack into a potentially belligerent country’s nuclear plant and shut it down, without being suspected. The scenario is hosted on a platform named Cywaria, developed within a cybersecurity services company named Soteria. The scenario brings exceptional value to the market because of its innovative use of gamification, which makes possible an effective learning for the user. Indeed, using gamification techniques such as points, achievements, and badges, boosts the user’s motivation to complete the scenario with the best score possible and thus increase their skills in cybersecurity. The South Rajuan scenario is an entrepreneurial project in that it is aimed at a different market from Cywaria’s original scenarios, which target cybersecurity professionals, and will be made into a separate offer from the whole platform. This thesis will start by introducing the project with background on how it began, on Cywaria and Soteria, and on the cybersecurity market and research in gamification. Then, the two technical chapters about cybersecurity and gamification in education will respectively detail the contents of the scenario, and explain how gamification brings educative value to it. Finally, the business plan for the project will be explained, from an analysis of the cybersecurity market and of how the product fits with it, to the scenario’s sales strategy and business model.
Subjects/Keywords: Computer security
; Gamification
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Bismut, R. S. V. I. (2019). User-centred cybersecurity training exercise on a specialised gamified simulation platform. (Thesis). Hong Kong University of Science and Technology. Retrieved from http://repository.ust.hk/ir/Record/1783.1-102266 ; https://doi.org/10.14711/thesis-991012765869803412 ; http://repository.ust.hk/ir/bitstream/1783.1-102266/1/th_redirect.html
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Bismut, Raphael Samuel Victor ISD. “User-centred cybersecurity training exercise on a specialised gamified simulation platform.” 2019. Thesis, Hong Kong University of Science and Technology. Accessed March 01, 2021.
http://repository.ust.hk/ir/Record/1783.1-102266 ; https://doi.org/10.14711/thesis-991012765869803412 ; http://repository.ust.hk/ir/bitstream/1783.1-102266/1/th_redirect.html.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Bismut, Raphael Samuel Victor ISD. “User-centred cybersecurity training exercise on a specialised gamified simulation platform.” 2019. Web. 01 Mar 2021.
Vancouver:
Bismut RSVI. User-centred cybersecurity training exercise on a specialised gamified simulation platform. [Internet] [Thesis]. Hong Kong University of Science and Technology; 2019. [cited 2021 Mar 01].
Available from: http://repository.ust.hk/ir/Record/1783.1-102266 ; https://doi.org/10.14711/thesis-991012765869803412 ; http://repository.ust.hk/ir/bitstream/1783.1-102266/1/th_redirect.html.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Bismut RSVI. User-centred cybersecurity training exercise on a specialised gamified simulation platform. [Thesis]. Hong Kong University of Science and Technology; 2019. Available from: http://repository.ust.hk/ir/Record/1783.1-102266 ; https://doi.org/10.14711/thesis-991012765869803412 ; http://repository.ust.hk/ir/bitstream/1783.1-102266/1/th_redirect.html
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Oxford
18.
Osborn, Emma.
Small-scale cyber security : mapping security requirements for IT users at home and in small organisations.
Degree: PhD, 2018, University of Oxford
URL: http://ora.ox.ac.uk/objects/uuid:8fb77495-db75-4cfe-baec-1eb85b6a7b24
;
https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.770446
► Despite a long-standing assumption that developments in personal and cloud computing models would change the way we approach security, small-scale IT users (SSITUs) remain underserviced…
(more)
▼ Despite a long-standing assumption that developments in personal and cloud computing models would change the way we approach security, small-scale IT users (SSITUs) remain underserviced by existent cyber security models. This dissertation discusses survey results relating to the technology employed by SSITUs and their engagement with cyber security. We determine that: SSITUs are focusing on easy-to-implement technical measures, leading to a disconnect between the security implemented and any risks identified; few SSITUs face more than basic threats or employ more than basic security measures; available resources, knowledge, prioritisation of business processes, reduced system control and a lack of threat intelligence all combine to limit the ability to make cyber security decisions; and assessing risk in SSITUs will not lead to sufficient investment to mitigate risks for risk-holding stakeholders in the supply chain. We also found that: the system architectures employed by SSITUs are significantly different to those employed by large corporate or government entities; the architecture of a small organisation's digital footprint has far more impact on their overall security than would be the case for a large organisation; and SSITUs do not hold sufficient influence within the supply chain to manage cyber security in their interactions with service providers. We show that improving small-scale cyber security architectures is not simply about developing new technology - there is a need to consider technology use in context of interactions within a broader ecosystem of a supply chain, users with multiple roles and conflicts of interest, as well as the increased importance of SSITUs' digital footprints on their security. In order to improve the cyber security posture of the smallest organisations, security providers need a better understanding of their requirements and the role of larger stakeholders within the supply chain. They also need a business case for investing in products for this marketplace. To this end we have developed a framework of global requirements and constraints for small-scale cyber security, which should have the potential to assist in the development of products adapted for this user group. For contrast we have provided a requirements framework developed from the perspective of the risk-holding stakeholders in the supply chain, to illustrate the differing expectations of the best-resourced stakeholders in their interactions with SSITUs. This highlights the difficulties posed by incumbent best practices, where many security measures are beyond the grasp of SSITUs and the risks some stakeholders expect to be reduced far exceed the means of the smaller organisations. We conclude that, with a better understanding of the context within which SSITUs operate, combined with a suitable expectation of how much risk can be transferred to them within the supply chain, it is possible to improve small-scale cyber security.
Subjects/Keywords: 004; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Osborn, E. (2018). Small-scale cyber security : mapping security requirements for IT users at home and in small organisations. (Doctoral Dissertation). University of Oxford. Retrieved from http://ora.ox.ac.uk/objects/uuid:8fb77495-db75-4cfe-baec-1eb85b6a7b24 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.770446
Chicago Manual of Style (16th Edition):
Osborn, Emma. “Small-scale cyber security : mapping security requirements for IT users at home and in small organisations.” 2018. Doctoral Dissertation, University of Oxford. Accessed March 01, 2021.
http://ora.ox.ac.uk/objects/uuid:8fb77495-db75-4cfe-baec-1eb85b6a7b24 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.770446.
MLA Handbook (7th Edition):
Osborn, Emma. “Small-scale cyber security : mapping security requirements for IT users at home and in small organisations.” 2018. Web. 01 Mar 2021.
Vancouver:
Osborn E. Small-scale cyber security : mapping security requirements for IT users at home and in small organisations. [Internet] [Doctoral dissertation]. University of Oxford; 2018. [cited 2021 Mar 01].
Available from: http://ora.ox.ac.uk/objects/uuid:8fb77495-db75-4cfe-baec-1eb85b6a7b24 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.770446.
Council of Science Editors:
Osborn E. Small-scale cyber security : mapping security requirements for IT users at home and in small organisations. [Doctoral Dissertation]. University of Oxford; 2018. Available from: http://ora.ox.ac.uk/objects/uuid:8fb77495-db75-4cfe-baec-1eb85b6a7b24 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.770446
19.
Freed, Sarah E.
Examination of personality characteristics among cybersecurity and information technology professionals.
Degree: 2014, University of Tennessee – Chattanooga
URL: https://scholar.utc.edu/theses/127
► An influx of cyber-attacks throughout the past decade has resulted in an increase in demand for cybersecurity professionals. However, the rapid growth of this field…
(more)
▼ An influx of cyber-attacks throughout the past decade has resulted in an increase in demand for cybersecurity professionals. However, the rapid growth of this field has led to a general lack of knowledge regarding the characteristics of individuals and job roles of cybersecurity professionals. This study addresses this gap in the existing literature by evaluating personality characteristics among information technology and cybersecurity professionals. Following an analysis of the facets of the IPIP NEO short form, it was discovered that cybersecurity professionals scored significantly different on Trust, Intellect, Vulnerability, Self-Consciousness, Assertiveness, and Adventurousness when compared to other information technology professional indicating the need for specialized training, assessment, and selection procedures for cybersecurity professionals.
Advisors/Committee Members: Weathington, Bart L., Cunningham, Christopher J. L., Biderman, Michael D., College of Arts and Sciences.
Subjects/Keywords: Computer security – Training.
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Freed, S. E. (2014). Examination of personality characteristics among cybersecurity and information technology professionals. (Masters Thesis). University of Tennessee – Chattanooga. Retrieved from https://scholar.utc.edu/theses/127
Chicago Manual of Style (16th Edition):
Freed, Sarah E. “Examination of personality characteristics among cybersecurity and information technology professionals.” 2014. Masters Thesis, University of Tennessee – Chattanooga. Accessed March 01, 2021.
https://scholar.utc.edu/theses/127.
MLA Handbook (7th Edition):
Freed, Sarah E. “Examination of personality characteristics among cybersecurity and information technology professionals.” 2014. Web. 01 Mar 2021.
Vancouver:
Freed SE. Examination of personality characteristics among cybersecurity and information technology professionals. [Internet] [Masters thesis]. University of Tennessee – Chattanooga; 2014. [cited 2021 Mar 01].
Available from: https://scholar.utc.edu/theses/127.
Council of Science Editors:
Freed SE. Examination of personality characteristics among cybersecurity and information technology professionals. [Masters Thesis]. University of Tennessee – Chattanooga; 2014. Available from: https://scholar.utc.edu/theses/127

University of Limerick
20.
Schramm, Martin.
Investigation and development of a hypervisor-based security architecture utilising a state-of-the-art hardware trust anchor.
Degree: 2011, University of Limerick
URL: http://hdl.handle.net/10344/1688
► peer-reviewed
Trusted Computing is a relatively new approach to computer security in which a system should be permanently maintained in a well-defined state - and…
(more)
▼ peer-reviewed
Trusted Computing is a relatively new approach to computer security in which a system should be permanently maintained in a well-defined state - and therefore it will reside in a trustworthy state. The word "trustworthy" in this context means that the system always behaves in a specific
way as defined by the platform manufacturer and/or the administrator/owner. A key element
of this approach is to employ a security module, which is implemented in hardware, and which is tied to the platform so as to serve as a trust anchor. Based on that ’root of trust’ and other features, an effective security architecture is proposed in this research.
Virtualization techniques, which were formerly developed for server consolidation, cost reduction, and conservation of energy are now gaining more and more interest in the field of trusted computing. Virtualization can greatly enhance the security of a system by isolating
applications, or even whole operating systems, by splitting the computer system into smaller parts, whose integrity can be more easily assured.
This project is concerned with the development of a system that will effectively combine the isolation features of the virtualization schemes with a state-of-the-art hardware security module. This system will provide reliable protection against sophisticated software-based
attacks and will withstand elementary hardware-based attacks. The building block approach of this proposed security architecture makes sure that many different application fields can archive a high level of security by combining the appropriate components.
The research examines some emerging approaches to computer security and proposes a novel security architecture based on a hardware trust anchor. An experimental system is developed to provide a ’proof-of-concept’ model for evaluation. The target application area for the architecture is the embedded computing space, in particular x86 based architectures. The selection of hardware elements and the choice of hypervisor are discussed and justified. The
assumptions on the features of the architecture are evaluated and validated in the context of potential security improvements. Future research in this niche area is proposed.
Advisors/Committee Members: Heffernan, Donal.
Subjects/Keywords: computer security; virtualization
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Schramm, M. (2011). Investigation and development of a hypervisor-based security architecture utilising a state-of-the-art hardware trust anchor. (Thesis). University of Limerick. Retrieved from http://hdl.handle.net/10344/1688
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Schramm, Martin. “Investigation and development of a hypervisor-based security architecture utilising a state-of-the-art hardware trust anchor.” 2011. Thesis, University of Limerick. Accessed March 01, 2021.
http://hdl.handle.net/10344/1688.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Schramm, Martin. “Investigation and development of a hypervisor-based security architecture utilising a state-of-the-art hardware trust anchor.” 2011. Web. 01 Mar 2021.
Vancouver:
Schramm M. Investigation and development of a hypervisor-based security architecture utilising a state-of-the-art hardware trust anchor. [Internet] [Thesis]. University of Limerick; 2011. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10344/1688.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Schramm M. Investigation and development of a hypervisor-based security architecture utilising a state-of-the-art hardware trust anchor. [Thesis]. University of Limerick; 2011. Available from: http://hdl.handle.net/10344/1688
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Oxford
21.
Dwyer, Andrew Carl.
Malware ecologies : a politics of cybersecurity.
Degree: PhD, 2019, University of Oxford
URL: http://ora.ox.ac.uk/objects/uuid:a81dcaae-585b-4d5b-922f-8c972b371ec8
;
https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.786263
► Computation, in popular imaginations, is at perennial risk of infection from the tools of nefarious hackers, commonly referred to as malware. Today, malware pervade and…
(more)
▼ Computation, in popular imaginations, is at perennial risk of infection from the tools of nefarious hackers, commonly referred to as malware. Today, malware pervade and perform a crucial and constitutive role in the insecurities of contemporary life from financial transactions, to 'critical national infrastructures' - such as electricity, water, and transportation - to devices in our 'smart' homes and cities, and even to potential 'cyberwar.' Yet, critical security research has rarely turned its attention to malware. In contrast, I explore malware and their politics, situated and extended beyond, an (auto)ethnographic study of the malware analysis laboratory of the UK endpoint protection business, Sophos. I argue that malware are currently processed through a patho-logic that conflate organic and non-organic materialities, permitting analogies between biology and computation, and are generative of particular forms of security that relegate malware to the intent of their authors. I explore how endpoint protection businesses are imbibed with these logics in order to attend to how malware are analysed, detected, and curated beyond them. By drawing on my method of 'becoming-analyst,' I critically reflect on how malware become known, are responded to by ad hoc political groups, and can assist in rethinking the role of computational agency in geography, international relations, security studies, and beyond. I instead conceive of malware as performative political actors making limited choices in broader computational ecologies. I therefore advocate for an eco-logical repositioning of malware, where cyberspace is not simply a neutral domain; but is central to the formation of choice that gives space for malware to be political. With four cases - Conficker, Stuxnet, the Dukes, and WannaCry/(Not)Petya - I write new stories on how malware are encountered and dealt with in the twenty-first century. In doing so, I challenge contemporary discourses of cybersecurity to ask if conventional notions of who and what (per)form security are adequate, and how these are reconfigured through a radical 'more-than-human' politics, where malware are not just objects of security, but are active participants in its production and negotiation.
Subjects/Keywords: Computer security; Geography
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Dwyer, A. C. (2019). Malware ecologies : a politics of cybersecurity. (Doctoral Dissertation). University of Oxford. Retrieved from http://ora.ox.ac.uk/objects/uuid:a81dcaae-585b-4d5b-922f-8c972b371ec8 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.786263
Chicago Manual of Style (16th Edition):
Dwyer, Andrew Carl. “Malware ecologies : a politics of cybersecurity.” 2019. Doctoral Dissertation, University of Oxford. Accessed March 01, 2021.
http://ora.ox.ac.uk/objects/uuid:a81dcaae-585b-4d5b-922f-8c972b371ec8 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.786263.
MLA Handbook (7th Edition):
Dwyer, Andrew Carl. “Malware ecologies : a politics of cybersecurity.” 2019. Web. 01 Mar 2021.
Vancouver:
Dwyer AC. Malware ecologies : a politics of cybersecurity. [Internet] [Doctoral dissertation]. University of Oxford; 2019. [cited 2021 Mar 01].
Available from: http://ora.ox.ac.uk/objects/uuid:a81dcaae-585b-4d5b-922f-8c972b371ec8 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.786263.
Council of Science Editors:
Dwyer AC. Malware ecologies : a politics of cybersecurity. [Doctoral Dissertation]. University of Oxford; 2019. Available from: http://ora.ox.ac.uk/objects/uuid:a81dcaae-585b-4d5b-922f-8c972b371ec8 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.786263

University of Aberdeen
22.
Taylor, Barry.
Identitying vulnerabilities and controls in complex composite security architectures.
Degree: PhD, 2014, University of Aberdeen
URL: https://abdn.alma.exlibrisgroup.com/view/delivery/44ABE_INST/12152719810005941
;
https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.646105
► The ability to design and reason about architectures (here understood as organisations which are designed according to hierarchies of roles and those processes that link…
(more)
▼ The ability to design and reason about architectures (here understood as organisations which are designed according to hierarchies of roles and those processes that link them) which co-exist and interact within complex environments is of increasing importance. With the introduction of more interconnected technology affecting the way in which stakeholders manage information and conduct their operations, the need for such a capability is clear. Current approaches either address this issue with a mathematical approach which presents an obstacle to most non-specialist analysts, or they choose not to incorporate the full spread of factors that fall within the scope of this thesis. This thesis aims to develop a capability that provides those decision-makers who have information security management responsibilities with the means to analyse isolated, as well as interacting, security and business architectures. It aims to provide this capability at a level of modelling abstraction that is accessible to such non-technical specialists. The first stage of the thesis builds on earlier work on hierarchical structures by Beautement and Pym (2010b). It is dedicated to the development of a suitable conceptual framework which is both general and flexible enough to embody the required properties of a system, as well as their method of implementation spread across hierarchies of rˆoles describing organisations. This concept is expanded to describe how such architectures may interact with one another, and notation which is helpful in discussing these operations carefully is also developed. The framework is then applied to three broad areas within information security, those of trust (which is interpreted as a specific property within a given domain), heuristics (which are broadly treated as actions that should be undertaken during certain conditions), and access control. In each case the suitability of the framework is investigated, leading to refinements in the model which support the common goal of providing a novel view on these approaches to security analysis. This view is characterised by a unified consideration of the underlying architectures, to properties and policies applied across organisations. A key driver in conducting this analysis is to enable the description of how properties, fundamental to the legitimacy of systems, may firstly be established and then by how they may be compromised—providing a view on system vulnerabilities in that controls may fail or be circumvented. Following this, the framework is also intended as a tool to address such vulnerabilities, and to provide a means by which to scope measures designed to mitigate them.
Subjects/Keywords: 004; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Taylor, B. (2014). Identitying vulnerabilities and controls in complex composite security architectures. (Doctoral Dissertation). University of Aberdeen. Retrieved from https://abdn.alma.exlibrisgroup.com/view/delivery/44ABE_INST/12152719810005941 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.646105
Chicago Manual of Style (16th Edition):
Taylor, Barry. “Identitying vulnerabilities and controls in complex composite security architectures.” 2014. Doctoral Dissertation, University of Aberdeen. Accessed March 01, 2021.
https://abdn.alma.exlibrisgroup.com/view/delivery/44ABE_INST/12152719810005941 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.646105.
MLA Handbook (7th Edition):
Taylor, Barry. “Identitying vulnerabilities and controls in complex composite security architectures.” 2014. Web. 01 Mar 2021.
Vancouver:
Taylor B. Identitying vulnerabilities and controls in complex composite security architectures. [Internet] [Doctoral dissertation]. University of Aberdeen; 2014. [cited 2021 Mar 01].
Available from: https://abdn.alma.exlibrisgroup.com/view/delivery/44ABE_INST/12152719810005941 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.646105.
Council of Science Editors:
Taylor B. Identitying vulnerabilities and controls in complex composite security architectures. [Doctoral Dissertation]. University of Aberdeen; 2014. Available from: https://abdn.alma.exlibrisgroup.com/view/delivery/44ABE_INST/12152719810005941 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.646105

University of Johannesburg
23.
Naidoo, Chintal Krishna.
Fitting an information security architecture to an enterprise architecture.
Degree: 2009, University of Johannesburg
URL: http://hdl.handle.net/10210/2539
► M.Phil. (Computer Science)
Despite the efforts at international and national level, security continues to pose challenging problems. Firstly, attacks on information systems are increasingly motivated…
(more)
▼ M.Phil. (Computer Science)
Despite the efforts at international and national level, security continues to pose challenging problems. Firstly, attacks on information systems are increasingly motivated by profit rather than by the desire to create disruption for its own sake. Data are illegally mined, increasingly without the user’s knowledge, while the number of variants (and the rate of evolution) of malicious software (malware) is increasing rapidly. Spam is a good example of this evolution. It is becoming a vehicle for viruses and fraudulent and criminal activities, such as spyware, phishing and other forms of malware. Its widespread distribution increasingly relies on botnets, i.e. compromised servers and PCs used as relays without the knowledge of their owners. The increasing deployment of mobile devices (including 3G mobile phones, portable videogames, etc.) and mobile-based network services will pose new challenges, as IP-based services develop rapidly. These could eventually prove to be a more common route for attacks than personal computers since the latter already deploy a significant level of security. Indeed, all new forms of communication platforms and information systems inevitably provide new windows of opportunity for malicious attacks. In order to successfully tackle the problems described above, a strategic approach to information security is required, rather than the implementation of ad hoc solutions and controls. The strategic approach requires the development of an Information Security Architecture. To be effective, an Information Security Architecture that is developed must be aligned with the organisation’s Enterprise Architecture and must be able to incorporate security into each domain of the Enterprise Architecture. This mini dissertation evaluates two current Information Security Architecture models and frameworks to find an Information Security Architecture that aligns with Eskom’s Enterprise Architecture.
Subjects/Keywords: Computer security; Computer architecture
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Naidoo, C. K. (2009). Fitting an information security architecture to an enterprise architecture. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/2539
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Naidoo, Chintal Krishna. “Fitting an information security architecture to an enterprise architecture.” 2009. Thesis, University of Johannesburg. Accessed March 01, 2021.
http://hdl.handle.net/10210/2539.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Naidoo, Chintal Krishna. “Fitting an information security architecture to an enterprise architecture.” 2009. Web. 01 Mar 2021.
Vancouver:
Naidoo CK. Fitting an information security architecture to an enterprise architecture. [Internet] [Thesis]. University of Johannesburg; 2009. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10210/2539.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Naidoo CK. Fitting an information security architecture to an enterprise architecture. [Thesis]. University of Johannesburg; 2009. Available from: http://hdl.handle.net/10210/2539
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Rhodes University
24.
Aschmann, Michael Joseph.
Towards a capability maturity model for a cyber range.
Degree: Faculty of Science, Computer Science, 2020, Rhodes University
URL: http://hdl.handle.net/10962/163142
► This work describes research undertaken towards the development of a Capability Maturity Model (CMM) for Cyber Ranges (CRs) focused on cyber security. Global cyber security…
(more)
▼ This work describes research undertaken towards the development of a Capability Maturity Model (CMM) for Cyber Ranges (CRs) focused on cyber security. Global cyber security needs are on the rise, and the need for attribution within the cyber domain is of particular concern. This has prompted major efforts to enhance cyber capabilities within organisations to increase their total cyber resilience posture. These efforts include, but are not limited to, the testing of computational devices, networks, and applications, and cyber skills training focused on prevention, detection and cyber attack response. A cyber range allows for the testing of the computational environment. By developing cyber events within a confined virtual or sand-boxed cyber environment, a cyber range can prepare the next generation of cyber security specialists to handle a variety of potential cyber attacks. Cyber ranges have different purposes, each designed to fulfil a different computational testing and cyber training goal; consequently, cyber ranges can vary greatly in the level of variety, capability, maturity and complexity. As cyber ranges proliferate and become more and more valued as tools for cyber security, a method to classify or rate them becomes essential. Yet while a universal criteria for measuring cyber ranges in terms of their capability maturity levels becomes more critical, there are currently very limited resources for researchers aiming to perform this kind of work. For this reason, this work proposes and describes a CMM, designed to give organisations the ability to benchmark the capability maturity of a given cyber range. This research adopted a synthesised approach to the development of a CMM, grounded in prior research and focused on the production of a conceptual model that provides a useful level of abstraction. In order to achieve this goal, the core capability elements of a cyber range are defined with their relative importance, allowing for the development of a proposed classification cyber range levels. An analysis of data gathered during the course of an expert review, together with other research, further supported the development of the conceptual model. In the context of cyber range capability, classification will include the ability of the cyber range to perform its functions optimally with different core capability elements, focusing on the Measurement of Capability (MoC) with its elements, namely effect, performance and threat ability. Cyber range maturity can evolve over time and can be defined through the Measurement of Maturity (MoM) with its elements, namely people, processes, technology. The combination of these measurements utilising the CMM for a CR determines the capability maturity level of a CR. The primary outcome of this research is the proposed level-based CMM framework for a cyber range, developed using adopted and synthesised CMMs, the analysis of an expert review, and the mapping of the results.
Subjects/Keywords: Computer software – Development; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Aschmann, M. J. (2020). Towards a capability maturity model for a cyber range. (Thesis). Rhodes University. Retrieved from http://hdl.handle.net/10962/163142
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Aschmann, Michael Joseph. “Towards a capability maturity model for a cyber range.” 2020. Thesis, Rhodes University. Accessed March 01, 2021.
http://hdl.handle.net/10962/163142.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Aschmann, Michael Joseph. “Towards a capability maturity model for a cyber range.” 2020. Web. 01 Mar 2021.
Vancouver:
Aschmann MJ. Towards a capability maturity model for a cyber range. [Internet] [Thesis]. Rhodes University; 2020. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10962/163142.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Aschmann MJ. Towards a capability maturity model for a cyber range. [Thesis]. Rhodes University; 2020. Available from: http://hdl.handle.net/10962/163142
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Rutgers University
25.
Karim, Rezwana, 1984-.
Techniques and tools for secure web browser extension development.
Degree: PhD, Computer Science, 2015, Rutgers University
URL: https://rucore.libraries.rutgers.edu/rutgers-lib/48537/
► Many modern application platforms support an extensible architecture that allows the application core to be extended with functionality developed by third-parties. This bootstraps a developer…
(more)
▼ Many modern application platforms support an extensible architecture that allows the application core to be extended with functionality developed by third-parties. This bootstraps a developer community that works together to enhance and customize the basic functionality of those platforms. To ease development of such extensions, these platforms expose an API that third-parties can use to implement their functionality. For instance, Web applications make use of the browser’s Document Object Model (DOM) API, smart phone applications use the mobile platform’s SDK and browser extensions use the extension API. These APIs usually endow extension developers with privileges to access various system resources. However, to isolate the platform from any new security threats caused by these untrusted extensions, the API must ideally restrict extensions’ authority. Thus, an important challenge is to simplify extension programming for the third-party developers while ensuring that these extensions do not compromise the security of the application core. This dissertation seeks to address the above issues in the context of Web browser extensions. It presents algorithms and tools to facilitate secure Web browser extension development. In particular, it makes the following two contributions. First, it studies and characterizes the security of a modern Web browser extension architecture, the Mozilla Jetpack framework — proposes solutions to improve the security of the architecture and extensions developed on top of it. It presents Beacon, which leverages JavaScript-level information flow technique to detect unsafe programming practices in browser extensions. Upon analyzing 68000 lines of JavaScript code from modern extension framework and real world extensions, Beacon found 36 instances of potentially unsafe programming practices. Second, it addresses the problem of porting unsafe legacy extensions to modern, privilege- separated extension architectures. It presents Morpheus, which applies program analysis and software engineering techniques that refactor legacy vulnerable extensions for use with modern extension frameworks, the Jetpack framework in particular. Morpheus also enables fine-grained control over extensions via a runtime policy enforcement engine. Morpheus has been applied to successfully port 52 legacy Mozilla extensions to the Jetpack framework.
Advisors/Committee Members: Ganapathy, Vinod (chair), Kremer, Ulrich (internal member), Nagarakatte, Santosh (internal member), Lu, Long (outside member).
Subjects/Keywords: Computer security; Browsers (Computer programs)
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Karim, Rezwana, 1. (2015). Techniques and tools for secure web browser extension development. (Doctoral Dissertation). Rutgers University. Retrieved from https://rucore.libraries.rutgers.edu/rutgers-lib/48537/
Chicago Manual of Style (16th Edition):
Karim, Rezwana, 1984-. “Techniques and tools for secure web browser extension development.” 2015. Doctoral Dissertation, Rutgers University. Accessed March 01, 2021.
https://rucore.libraries.rutgers.edu/rutgers-lib/48537/.
MLA Handbook (7th Edition):
Karim, Rezwana, 1984-. “Techniques and tools for secure web browser extension development.” 2015. Web. 01 Mar 2021.
Vancouver:
Karim, Rezwana 1. Techniques and tools for secure web browser extension development. [Internet] [Doctoral dissertation]. Rutgers University; 2015. [cited 2021 Mar 01].
Available from: https://rucore.libraries.rutgers.edu/rutgers-lib/48537/.
Council of Science Editors:
Karim, Rezwana 1. Techniques and tools for secure web browser extension development. [Doctoral Dissertation]. Rutgers University; 2015. Available from: https://rucore.libraries.rutgers.edu/rutgers-lib/48537/

Rhodes University
26.
Schoeman, Adam.
Amber : A aero-interaction honeypot with distributed intelligence.
Degree: MS, Faculty of Science, Computer Science, 2015, Rhodes University
URL: http://hdl.handle.net/10962/d1017938
► For the greater part, security controls are based on the principle of Decision through Detection (DtD). The exception to this is a honeypot, which analyses…
(more)
▼ For the greater part, security controls are based on the principle of Decision
through Detection (DtD). The exception to this is a honeypot, which analyses interactions
between a third party and itself, while occupying a piece of unused information
space. As honeypots are not located on productive information resources, any
interaction with it can be assumed to be non-productive. This allows the honeypot
to make decisions based simply on the presence of data, rather than on the behaviour
of the data. But due to limited resources in human capital, honeypots’ uptake in the
South African market has been underwhelming. Amber attempts to change this by
offering a zero-interaction security system, which will use the honeypot approach of
Decision through Presence (DtP) to generate a blacklist of third parties, which can
be passed on to a network enforcer. Empirical testing has proved the usefulness of
this alternative and low cost approach in defending networks. The functionality of
the system was also extended by installing nodes in different geographical locations,
and streaming their detections into the central Amber hive.
Subjects/Keywords: Security systems – Security measures; Computer viruses; Intrusion detection systems (Computer security); Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Schoeman, A. (2015). Amber : A aero-interaction honeypot with distributed intelligence. (Masters Thesis). Rhodes University. Retrieved from http://hdl.handle.net/10962/d1017938
Chicago Manual of Style (16th Edition):
Schoeman, Adam. “Amber : A aero-interaction honeypot with distributed intelligence.” 2015. Masters Thesis, Rhodes University. Accessed March 01, 2021.
http://hdl.handle.net/10962/d1017938.
MLA Handbook (7th Edition):
Schoeman, Adam. “Amber : A aero-interaction honeypot with distributed intelligence.” 2015. Web. 01 Mar 2021.
Vancouver:
Schoeman A. Amber : A aero-interaction honeypot with distributed intelligence. [Internet] [Masters thesis]. Rhodes University; 2015. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10962/d1017938.
Council of Science Editors:
Schoeman A. Amber : A aero-interaction honeypot with distributed intelligence. [Masters Thesis]. Rhodes University; 2015. Available from: http://hdl.handle.net/10962/d1017938

University of Illinois – Chicago
27.
Costa, Francesco.
A Layer-Independent Taxonomy for Evaluating Application Security and its application to the Ethos OS.
Degree: 2012, University of Illinois – Chicago
URL: http://hdl.handle.net/10027/9313
► Security breaches and vulnerability in software are topics that are rapidly gaining importance and fame. Every year about 6000 vulnerabilities are officially classified in the…
(more)
▼ Security breaches and vulnerability in software are topics that are rapidly gaining importance and fame. Every year about 6000 vulnerabilities are officially classified in the NIST National Vulnerabilities Database.
Usually these vulnerabilities are not actually perceived by the final users, who are light years from the technical understanding of what happens in software and services that they daily use.
Providing a crisp definition of what is secure software, and how to establish whether or not some software is more secure than other is an extremely hard problem to solve.
The goal of this work is not to provide a final answer to a problem that most likely doesn't have a crisp answer, and is intrinsically well suited for having many interpretations depending on the perspective from which is observed.
This work focus on the development of a way to approach the problem, understanding the environment related to it and providing means of analyzing and comparing different systems and the applications that run on top of them, from the
security perspective.
These concerns have been addressed by the creation of a conceptual framework based on a taxonomization process of
security flaws in software.
The proposed methodology has been applied and tested in a real case involving the experimental
security-oriented operating system Ethos.
Advisors/Committee Members: Solworth, Jon A. (advisor).
Subjects/Keywords: taxonomy; computer security; security evaluation; taxonomization; security flaw; software security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Costa, F. (2012). A Layer-Independent Taxonomy for Evaluating Application Security and its application to the Ethos OS. (Thesis). University of Illinois – Chicago. Retrieved from http://hdl.handle.net/10027/9313
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Costa, Francesco. “A Layer-Independent Taxonomy for Evaluating Application Security and its application to the Ethos OS.” 2012. Thesis, University of Illinois – Chicago. Accessed March 01, 2021.
http://hdl.handle.net/10027/9313.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Costa, Francesco. “A Layer-Independent Taxonomy for Evaluating Application Security and its application to the Ethos OS.” 2012. Web. 01 Mar 2021.
Vancouver:
Costa F. A Layer-Independent Taxonomy for Evaluating Application Security and its application to the Ethos OS. [Internet] [Thesis]. University of Illinois – Chicago; 2012. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10027/9313.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Costa F. A Layer-Independent Taxonomy for Evaluating Application Security and its application to the Ethos OS. [Thesis]. University of Illinois – Chicago; 2012. Available from: http://hdl.handle.net/10027/9313
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Coventry University
28.
Kalutarage, H. K.
Effective monitoring of slow suspicious activites on computer networks.
Degree: PhD, 2013, Coventry University
URL: http://curve.coventry.ac.uk/open/items/afdbba5c-2c93-41a7-90c3-2f0f3261b794/1
;
http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.628964
► Slow and suspicious activities on modern computer networks are increasingly hard to detect. An attacker may take days, weeks or months to complete an attack…
(more)
▼ Slow and suspicious activities on modern computer networks are increasingly hard to detect. An attacker may take days, weeks or months to complete an attack life cycle. A particular challenge is to monitor for stealthy attempts deliberately designed to stay beneath detection thresholds. This doctoral research presents a theoretical framework for effective monitoring of such activities. The main contribution of this work is a scalable monitoring scheme proposed in a Bayesian framework, which allows for detection of multiple attackers by setting a threshold using the Grubbs’ test. Second contribution is a tracing algorithm for such attacks. Network paths from a victim to its immediate visible hops are mapped and profiled in a Bayesian framework and the highest scored path is prioritised for monitoring. Third contribution explores an approach to minimise data collection by employing traffic sampling. The traffic is sampled using the stratification sampling technique with optimum allocation method. Using a 10% sampling rate was sufficient to detect simulated attackers, and some network parameters affected on sampling error. Final contribution is a target-centric monitoring scheme to detect nodes under attack. Target-centric approach is quicker to detect stealthy attacks and has potential to detect collusion as it completely independent from source information. Experiments are carried out in a simulated environment using the network simulator NS3. Anomalous traffic is generated along with normal traffic within and between networks using a Poisson arrival model. Our work addresses a key problem of network security monitoring: a scalable monitoring scheme for slow and suspicious activities. State size, in terms of a node score, is a small number of nodes in the network and hence storage is feasible for very large networks.
Subjects/Keywords: 005.8; computer security, detection; Computer security; Internet – Security measures
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Kalutarage, H. K. (2013). Effective monitoring of slow suspicious activites on computer networks. (Doctoral Dissertation). Coventry University. Retrieved from http://curve.coventry.ac.uk/open/items/afdbba5c-2c93-41a7-90c3-2f0f3261b794/1 ; http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.628964
Chicago Manual of Style (16th Edition):
Kalutarage, H K. “Effective monitoring of slow suspicious activites on computer networks.” 2013. Doctoral Dissertation, Coventry University. Accessed March 01, 2021.
http://curve.coventry.ac.uk/open/items/afdbba5c-2c93-41a7-90c3-2f0f3261b794/1 ; http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.628964.
MLA Handbook (7th Edition):
Kalutarage, H K. “Effective monitoring of slow suspicious activites on computer networks.” 2013. Web. 01 Mar 2021.
Vancouver:
Kalutarage HK. Effective monitoring of slow suspicious activites on computer networks. [Internet] [Doctoral dissertation]. Coventry University; 2013. [cited 2021 Mar 01].
Available from: http://curve.coventry.ac.uk/open/items/afdbba5c-2c93-41a7-90c3-2f0f3261b794/1 ; http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.628964.
Council of Science Editors:
Kalutarage HK. Effective monitoring of slow suspicious activites on computer networks. [Doctoral Dissertation]. Coventry University; 2013. Available from: http://curve.coventry.ac.uk/open/items/afdbba5c-2c93-41a7-90c3-2f0f3261b794/1 ; http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.628964

Columbia University
29.
Kang, Yuan Jochen.
Combining Programs to Enhance Security Software.
Degree: 2018, Columbia University
URL: https://doi.org/10.7916/D8ZK6ZK2
► Automatic threats require automatic solutions, which become automatic threats themselves. When software grows in functionality, it grows in complexity, and in the number of bugs.…
(more)
▼ Automatic threats require automatic solutions, which become automatic threats themselves. When software grows in functionality, it grows in complexity, and in the number of bugs. To keep track of and counter all of the possible ways that a malicious party can exploit these bugs, we need security software. Such software helps human developers identify and remove bugs, or system administrators detect attempted attacks. But like any other software, and likely more so, security software itself can have blind spots or flaws. In the best case, it stops working, and becomes ineffective. In the worst case, the security software has privileged access to the system it is supposed to protect, and the attacker can hijack those privileges for its own purposes. So we will need external programs to compensate for their weaknesses. At the same time, we need to minimize the additional attack surface and development time due to creating new solutions. To address both points, this thesis will explore how to combine multiple programs to overcome a number of weaknesses in individual security software:
(1) When login authentication and physical protections of a smart phone fail,
fake, decoy applications detect unauthorized usage
and draw the attacker away from truly sensitive applications;
(2) when a fuzzer, an automatic software testing tool,
requires a diverse set of initial test inputs,
manipulating the tools that a human uses to generate these inputs
multiplies the generated inputs;
(3) when the software responsible for detecting attacks,
known as an intrusion detection system,
itself needs protection against attacks,
a simplified state machine tracks the software's
interaction with the underlying platform,
without the complexity and risks of a fully functional
intrusion detection system;
(4) when intrusion detection systems run on multiple, independent machines,
a graph-theoretic framework drives the design
for how the machines cooperatively monitor each other,
forcing the attacker to not only perform more work,
but also do so faster.
Instead of introducing new, stand-alone security software, the above solutions only require a fixed number of new tools that rely on a diverse selection of programs that already exist. Nor do any of the programs, old or new, require additional privileges that the old programs did not have before. In other words, we multiply the power of security software without multiplying their risks.
Subjects/Keywords: Computer science; Computer security; Computer security – Computer programs
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Kang, Y. J. (2018). Combining Programs to Enhance Security Software. (Doctoral Dissertation). Columbia University. Retrieved from https://doi.org/10.7916/D8ZK6ZK2
Chicago Manual of Style (16th Edition):
Kang, Yuan Jochen. “Combining Programs to Enhance Security Software.” 2018. Doctoral Dissertation, Columbia University. Accessed March 01, 2021.
https://doi.org/10.7916/D8ZK6ZK2.
MLA Handbook (7th Edition):
Kang, Yuan Jochen. “Combining Programs to Enhance Security Software.” 2018. Web. 01 Mar 2021.
Vancouver:
Kang YJ. Combining Programs to Enhance Security Software. [Internet] [Doctoral dissertation]. Columbia University; 2018. [cited 2021 Mar 01].
Available from: https://doi.org/10.7916/D8ZK6ZK2.
Council of Science Editors:
Kang YJ. Combining Programs to Enhance Security Software. [Doctoral Dissertation]. Columbia University; 2018. Available from: https://doi.org/10.7916/D8ZK6ZK2

Columbia University
30.
Boggs, Nathaniel.
Empirical Measurement of Defense in Depth.
Degree: 2015, Columbia University
URL: https://doi.org/10.7916/D8BK1B83
► Measurement is a vital tool for organizations attempting to increase, evaluate, or simply maintain their overall security posture over time. Organizations rely on defense in…
(more)
▼ Measurement is a vital tool for organizations attempting to increase, evaluate, or simply maintain their overall security posture over time. Organizations rely on defense in depth, which is a layering of multiple defenses, in order to strengthen overall security. Measuring organizations' total security requires evaluating individual security controls such as firewalls, antivirus, or intrusion detection systems alone as well as their joint effectiveness when deployed together in defense in depth. Currently, organizations must rely on best practices rooted in ad hoc expert opinion, reports on individual product performance, and marketing hype to make their choices. When attempting to measure the total security provided by a defense in depth architecture, dependencies between security controls compound the already difficult task of measuring a single security control accurately.
We take two complementary approaches to address this challenge of measuring the total security provided by defense in depth deployments. In our first approach, we use direct measurement where for some set of attacks, we compute a total detection rate for a set of security controls deployed in defense in depth. In order to compare security controls operating on different types of data, we link together all data generated from each particular attack and track the specific attacks detected by each security control. We implement our approach for both the drive-by download and web application attack vectors across four separate layers each. We created an extensible automated framework for web application data generation using public sources of English text.
For our second approach, we measure the total adversary cost that is the total effort, resources, and time required to evade security controls deployed in defense in depth. Dependencies between security controls prevent us from simply summing the adversary cost to evade individual security controls in order to compute a total adversary cost. We create a methodology that accounts for these dependencies especially focusing on multiplicative relationships where the adversary cost of evading two security controls together is more than the sum of the adversary costs to evade each individually. Using the insight gained into the multiplicative dependency, we design a method for creating sets of multiplicative security controls. Additionally, we create a prototype to demonstrate our methodology for empirically measuring total adversary cost using attack tree visualizations and a database design capable of representing dependent relationships between security controls.
Subjects/Keywords: Firewalls (Computer security); Virus inhibitors; Intrusion detection systems (Computer security); Computer security; Computer science
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Boggs, N. (2015). Empirical Measurement of Defense in Depth. (Doctoral Dissertation). Columbia University. Retrieved from https://doi.org/10.7916/D8BK1B83
Chicago Manual of Style (16th Edition):
Boggs, Nathaniel. “Empirical Measurement of Defense in Depth.” 2015. Doctoral Dissertation, Columbia University. Accessed March 01, 2021.
https://doi.org/10.7916/D8BK1B83.
MLA Handbook (7th Edition):
Boggs, Nathaniel. “Empirical Measurement of Defense in Depth.” 2015. Web. 01 Mar 2021.
Vancouver:
Boggs N. Empirical Measurement of Defense in Depth. [Internet] [Doctoral dissertation]. Columbia University; 2015. [cited 2021 Mar 01].
Available from: https://doi.org/10.7916/D8BK1B83.
Council of Science Editors:
Boggs N. Empirical Measurement of Defense in Depth. [Doctoral Dissertation]. Columbia University; 2015. Available from: https://doi.org/10.7916/D8BK1B83
◁ [1] [2] [3] [4] [5] … [95] ▶
.