You searched for subject:(Network security).
Showing records 1 – 30 of
1181 total matches.
◁ [1] [2] [3] [4] [5] … [40] ▶
Halmstad University
1.
Rojas, Jose Enrique Charpentier.
Web application Security.
Degree: Computer and Electrical Engineering (IDE), 2013, Halmstad University
URL: http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-21624 
► Problems related to web application security comes in many ways, one example is inexperience programmers but not only in the way they code and…
(more)
▼ Problems related to web application security comes in many ways, one example is inexperience programmers but not only in the way they code and program but also which language and structure they use to code. Not only programmers but Software companies left holes in the software they developed of course without intention.Because is proven that most of the vulnerabilities start in the web application side, as developers we need to follow certain principles, test our code and learn as much as possible about the subject, as a foundation of web application security in order to know how to prevent issues to the most significant treats.The penetration test aimed to help the IT business to discover vulnerabilities in their system ensure their integrity and continue further in the web application security process. The vulnerability research perform in this report is the introduction of a big work that is under continuity for the company.Finally the success of following security standards, process and methodologies applied on this field is considered the best approach to ensure web application security and priceless information you can benefit from.
Subjects/Keywords: Web Application Security; Network Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Rojas, J. E. C. (2013). Web application Security. (Thesis). Halmstad University. Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-21624
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Rojas, Jose Enrique Charpentier. “Web application Security.” 2013. Thesis, Halmstad University. Accessed January 20, 2021.
http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-21624.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Rojas, Jose Enrique Charpentier. “Web application Security.” 2013. Web. 20 Jan 2021.
Vancouver:
Rojas JEC. Web application Security. [Internet] [Thesis]. Halmstad University; 2013. [cited 2021 Jan 20].
Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-21624.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Rojas JEC. Web application Security. [Thesis]. Halmstad University; 2013. Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-21624
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
2.
DeMarinis, Nicholas AF.
On LTE Security: Closing the Gap Between Standards and Implementation.
Degree: MS, 2015, Worcester Polytechnic Institute
URL: etd-050815-095939
;
https://digitalcommons.wpi.edu/etd-theses/791
► Modern cellular networks including LTE (Long Term Evolution) and the evolving LTE- Advanced provide high-speed and high-capacity data services for mobile users. As we become…
(more)
▼ Modern cellular networks including LTE (Long Term Evolution) and the evolving LTE- Advanced provide high-speed and high-capacity data services for mobile users. As we become more reliant on wireless connectivity, the
security of voice and data transmissions on the
network becomes increasingly important. While the LTE
network standards provide strict
security guidelines, these requirements may not be completely followed when LTE networks are deployed in practice. This project provides a method for improving the
security of LTE networks by 1) characterizing a gap between
security requirements defined in the standards and practical implementations, 2) designing a language to express the encoding formats of one of LTE’s
network-layer protocols, 3) developing a compiler to translate a protocol description in our language into an implementation, and 4) providing recommendations on lessons learned during development of the language and compiler to support development of future protocols that employ formal representations. In this way, our work demonstrates how a formal language can be utilized to represent a cellular
network protocol and serves as an example for further research on how adding formalism to
network standards can help ensure that the
security goals defined in the standards can be upheld in an implementation.
Advisors/Committee Members: Alexander M. Wyglinski, Advisor, Hugh C. Lauer, Committee Member, Craig A. Shue, Committee Member.
Subjects/Keywords: cellular networks; network security; cellular network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
DeMarinis, N. A. (2015). On LTE Security: Closing the Gap Between Standards and Implementation. (Thesis). Worcester Polytechnic Institute. Retrieved from etd-050815-095939 ; https://digitalcommons.wpi.edu/etd-theses/791
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
DeMarinis, Nicholas AF. “On LTE Security: Closing the Gap Between Standards and Implementation.” 2015. Thesis, Worcester Polytechnic Institute. Accessed January 20, 2021.
etd-050815-095939 ; https://digitalcommons.wpi.edu/etd-theses/791.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
DeMarinis, Nicholas AF. “On LTE Security: Closing the Gap Between Standards and Implementation.” 2015. Web. 20 Jan 2021.
Vancouver:
DeMarinis NA. On LTE Security: Closing the Gap Between Standards and Implementation. [Internet] [Thesis]. Worcester Polytechnic Institute; 2015. [cited 2021 Jan 20].
Available from: etd-050815-095939 ; https://digitalcommons.wpi.edu/etd-theses/791.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
DeMarinis NA. On LTE Security: Closing the Gap Between Standards and Implementation. [Thesis]. Worcester Polytechnic Institute; 2015. Available from: etd-050815-095939 ; https://digitalcommons.wpi.edu/etd-theses/791
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Anna University
3.
Gowrison G.
Study and analysis of network intrusion detection system
by designing rule based filter.
Degree: Information and Communication, 2011, Anna University
URL: http://shodhganga.inflibnet.ac.in/handle/10603/9850
► The world is linked and interconnected by means of computer networks in various extents of processes, events and applications. The networks must be scalable to…
(more)
▼ The world is linked and interconnected by means of
computer networks in various extents of processes, events and
applications. The networks must be scalable to support increasing
number of users and there is a need for greater capacity and
performance. In this circumstance, every part of the operation
should carefully maintain the systems in an excellent phase of
security. In general, the kind of users and the injection of
network packets into the internet sectors are not under specific
control. The security and effectiveness of a wired and wireless
network system are compromised due to intrusion. An intruder
attempts to gain doorway access to a system or disturb the normal
operations. The literatures in the area of incidental response deal
with the detection, reaction, prevention and correction. Intrusion
reaction should limit the loss due to invasion and trigger measures
to return to normal state as early as possible. Intrusion
correction concludes the reinstatement of operations and makes
necessary actions in order to prevent similar attack eventually.
This thesis focuses on detection of both attack and normal traffics
by analyzing the signatures of the data packet taken from the KDD
Cup99 data. The bench mark intrusion detection features are
constructed by observing the traffic over a time window and are
made available in KDD Cup99 data. In this thesis, the constructed
features are used for clustering the traffic by working out the
statistical distribution and by attaching a label to the cluster
for further classification. Then Adaboost based classification is
made using neural network as weak classification. There are
varieties of types such as continuous and discrete those are
available in the intrusion detection features. Also, due to the
high state space complements with these features, the pattern
recognition techniques do not yield good classification results.
Thus, rule based intrusion detection is proposed in this thesis and
the results obtained are promising.
References p. 106-117, List of publications p.
118
Advisors/Committee Members: Ramar K.
Subjects/Keywords: Network security system
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
G, G. (2011). Study and analysis of network intrusion detection system
by designing rule based filter. (Thesis). Anna University. Retrieved from http://shodhganga.inflibnet.ac.in/handle/10603/9850
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
G, Gowrison. “Study and analysis of network intrusion detection system
by designing rule based filter.” 2011. Thesis, Anna University. Accessed January 20, 2021.
http://shodhganga.inflibnet.ac.in/handle/10603/9850.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
G, Gowrison. “Study and analysis of network intrusion detection system
by designing rule based filter.” 2011. Web. 20 Jan 2021.
Vancouver:
G G. Study and analysis of network intrusion detection system
by designing rule based filter. [Internet] [Thesis]. Anna University; 2011. [cited 2021 Jan 20].
Available from: http://shodhganga.inflibnet.ac.in/handle/10603/9850.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
G G. Study and analysis of network intrusion detection system
by designing rule based filter. [Thesis]. Anna University; 2011. Available from: http://shodhganga.inflibnet.ac.in/handle/10603/9850
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Cincinnati
4.
Hausrath, Nathaniel L.
Methods for Hospital Network and Computer Security.
Degree: MS, Engineering and Applied Science: Computer
Science, 2011, University of Cincinnati
URL: http://rave.ohiolink.edu/etdc/view?acc_num=ucin1303845234
► Hospital IT security presents many unique challenges that must be solved by the entire organization. Network and computer threats can cause thousands of dollars in…
(more)
▼ Hospital IT
security presents many unique challenges
that must be solved by the entire organization.
Network and
computer threats can cause thousands of dollars in lost time and
resources, legal repercussions, and damaged repu- tation. Despite
warnings from a wealth of public breach notifications, many
hospitals are inadequately prepared to deal with today’s
computer-based at- tacks.This thesis explores the root causes of
hospital
network and computer in-
security, and addresses these
problems with methods implemented in actual hospitals. A lack of
comprehension of methods to assess and implement secu- rity
measures by hospital IT
security employees can hinder
network
visibility and prevent their ability to stop threats. In addition,
these same people are unable to express
security concerns in terms
management can understand, harming their credibility within the
business as a whole. Without this sup- port, organizational change
is impossible. By addressing these concerns with a combination of
people, process, and tools, we can solve complex problems, protect
patient data, and ensure IT operations so hospitals can serve their
community and save lives.
Advisors/Committee Members: Franco, John (Committee Chair).
Subjects/Keywords: Information Technology; hospital it Security; information security; network security; computer security; hospital information security; security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Hausrath, N. L. (2011). Methods for Hospital Network and Computer Security. (Masters Thesis). University of Cincinnati. Retrieved from http://rave.ohiolink.edu/etdc/view?acc_num=ucin1303845234
Chicago Manual of Style (16th Edition):
Hausrath, Nathaniel L. “Methods for Hospital Network and Computer Security.” 2011. Masters Thesis, University of Cincinnati. Accessed January 20, 2021.
http://rave.ohiolink.edu/etdc/view?acc_num=ucin1303845234.
MLA Handbook (7th Edition):
Hausrath, Nathaniel L. “Methods for Hospital Network and Computer Security.” 2011. Web. 20 Jan 2021.
Vancouver:
Hausrath NL. Methods for Hospital Network and Computer Security. [Internet] [Masters thesis]. University of Cincinnati; 2011. [cited 2021 Jan 20].
Available from: http://rave.ohiolink.edu/etdc/view?acc_num=ucin1303845234.
Council of Science Editors:
Hausrath NL. Methods for Hospital Network and Computer Security. [Masters Thesis]. University of Cincinnati; 2011. Available from: http://rave.ohiolink.edu/etdc/view?acc_num=ucin1303845234
University of Texas – Austin
5.
-2587-3671.
On the (in)security of service APIs.
Degree: PhD, Computer science, 2015, University of Texas – Austin
URL: http://hdl.handle.net/2152/32586
► Today's systems abstract the implementation details of common services such as secure client-server communication, access to native device resources (e.g. camera), access to cloud-stored files…
(more)
▼ Today's systems abstract the implementation details of common services such as secure client-server communication, access to native device resources (e.g. camera), access to cloud-stored files and folders, etc. by exposing a set of application programming interfaces (service APIs) to applications and software packages.
In this dissertation, we analyze service APIs exposed by modern systems across all layers of the software stack and demonstrate that they are too complex for developers to understand and use correctly. Instead of providing high-level abstractions such as authorization and authentication, they provide low-level details such as callbacks, options and flags. As a result, service APIs used in
security-critical software often end up being misconfigured and exposing sensitive users' data to botnet, Web and
network attackers.
To demonstrate the pervasiveness of the problem, we perform the first systematic analysis of insecure usage of service APIs in modern software developed and maintained by both individual developers and large software companies.
First, we analyze the perils and pitfalls of low-level service APIs for establishing secure
network channels. SSL/TLS (Secure Sockets Layer/Transport Layer
Security) is currently the de facto standard for secure Internet communication; its
security against active
network attackers depends on properly validating server certificates at connection establishment. Unfortunately, our analysis shows that SSL/TLS APIs are often poorly understood and used. As a consequence, server certificate validation is completely broken in many
security-critical applications and libraries, and thus exposes users' data to
network attackers.
Second, we study the software stack employed by modern hybrid applications. Hybrid apps combine the features of Web apps and "native" apps. Like Web apps, they are implemented in platform-independent languages such as HTML5 and JavaScript. Like native apps, they have direct access to local device resources such as file system and camera. We demonstrate that the frameworks on top of which hybrid apps are developed do not properly compose the access-control policies governing the Web half and the local half of the app. The Web half runs in a browser instance, created by the framework at application initialization time, and is confined by the browser's same origin policy. The local half is governed by the access-control policy of the operating system. Unfortunately, improper composition of the two types of access-control policies at the framework layer effectively subjects the applications to "fracking" attacks—foreign-origin Web content (e.g., ads) included into hybrid apps can drill through the layers of the software stack and steal user's contacts list, text messages, photos, etc.
Third, we analyze service APIs exposed by today's Web-based application platforms. This new class of platforms provide browser-like runtime environments to support Web-based applications. Such apps run outside the traditional Web browser and enjoy direct access to…
Advisors/Committee Members: Shmatikov, Vitaly (advisor), Waters, Brent (committee member), Witchel, Emmett (committee member), Qiu, Lili (committee member), Wang, XiaoFeng (committee member).
Subjects/Keywords: Web security; Mobile security; Network protocol security; Security vulnerabilities
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
-2587-3671. (2015). On the (in)security of service APIs. (Doctoral Dissertation). University of Texas – Austin. Retrieved from http://hdl.handle.net/2152/32586
Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete
Chicago Manual of Style (16th Edition):
-2587-3671. “On the (in)security of service APIs.” 2015. Doctoral Dissertation, University of Texas – Austin. Accessed January 20, 2021.
http://hdl.handle.net/2152/32586.
Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete
MLA Handbook (7th Edition):
-2587-3671. “On the (in)security of service APIs.” 2015. Web. 20 Jan 2021.
Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete
Vancouver:
-2587-3671. On the (in)security of service APIs. [Internet] [Doctoral dissertation]. University of Texas – Austin; 2015. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/2152/32586.
Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete
Council of Science Editors:
-2587-3671. On the (in)security of service APIs. [Doctoral Dissertation]. University of Texas – Austin; 2015. Available from: http://hdl.handle.net/2152/32586
Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete
University of Wollongong
6.
Elashry, Ibrahim.
Pairing-free identity-based cryptography.
Degree: PhD, 2015, University of Wollongong
URL: ;
https://ro.uow.edu.au/theses/4409
► Identity-based cryptography (IBC) is considered nowadays as the evolution of public key cryptography because it completely eliminates the use of digital certificates by representing…
(more)
▼ Identity-based cryptography (IBC) is considered nowadays as the evolution of public key cryptography because it completely eliminates the use of digital certificates by representing the public key of a user as his identity. Although the first IBC proposed by Adi Shamir [Sha84] was based on RSA, most of the proposed IBC systems are based on bilinear pairings. This limite the use of IBC in the real world because of several reasons. First, a bilinear pairing is time- and power-inefficient and it takes around 2.5 times an RSA modular exponentiation based on MIRACL benchmarks. Second, these systems are incompatible with the most widely used public key cryptosystem (RSA) which makes them non-commercially appealing. Thus, it is useful to think outside the box and try to use different tools to construct IBC systems. These constructions may have unique security properties that do not exist in current IBC systems. We worked on constructing IBC systems based on RSA settings. We have improved the performance of identity-based encryption (IBE) systems, cryptanalysed IBE systems, implemented variants of IBE systems such as mediated encryption and attribute-based signcryption, and presented an identity-based authenticated key exchange (IBAKE) with some novel security features.
In this thesis, we first present some background about IBC and the motivation for solving the problems associated with pairing-based IBC. Then we give solutions to these problems along withthe thesis structure. Then, we give a literature review about IBC, including identity-based encrytpion (IBE) and key exchange (KE) with focusing on pairing-free constructions. We also review some application of IBC such as mediated cryptography and attribute-based cryptography, In addition, we review the definitions and preliminaries related to the contents of the thesis, including definitions of ssecurity models, hard problems, and some mathematical tools. Then, we review identity-based mediated RSA encryption and signature systems (IB-mRSA) presented by Boneh, Ding and Tsudik [BDT02]. We show that IB-mRSA is not secure and we present a secure modified version of it which is as efficient as the original system. We also propose a generic mediated encryption (GME) that transforms any IBE to a mediated version of this IBE. We also present two implementations of GME based on Boneh-Franklin FullIdent [BF01] which is a pairing-based IBE and Boneh, Gentry and Hamburg (BGH) AnonIBE [BGH07] which is a pairing-free IBE. After that, we present two efficient variants of (BGH) systems (BasicIBE, AnonIBE) [BGH07] in terms of ciphertext length and encryption/decryption speed. The ciphertext is as short as the BGH systems, but with more time-efficient algorithms.
We prove that these variants are as secure as the BGH systems. Then, we review an efficient variant of Boneh, Gentry and Hamburg BasicIBE presented by Jhanwar and Barua [JB08]. We prove that this IBE is not secure against an indistinguishable chosen plaintext attack (IND-ID-CPA) adversary and present a solution…
Subjects/Keywords: Information security-cryptography; key exchange; network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Elashry, I. (2015). Pairing-free identity-based cryptography. (Doctoral Dissertation). University of Wollongong. Retrieved from ; https://ro.uow.edu.au/theses/4409
Chicago Manual of Style (16th Edition):
Elashry, Ibrahim. “Pairing-free identity-based cryptography.” 2015. Doctoral Dissertation, University of Wollongong. Accessed January 20, 2021.
; https://ro.uow.edu.au/theses/4409.
MLA Handbook (7th Edition):
Elashry, Ibrahim. “Pairing-free identity-based cryptography.” 2015. Web. 20 Jan 2021.
Vancouver:
Elashry I. Pairing-free identity-based cryptography. [Internet] [Doctoral dissertation]. University of Wollongong; 2015. [cited 2021 Jan 20].
Available from: ; https://ro.uow.edu.au/theses/4409.
Council of Science Editors:
Elashry I. Pairing-free identity-based cryptography. [Doctoral Dissertation]. University of Wollongong; 2015. Available from: ; https://ro.uow.edu.au/theses/4409
University of Tennessee – Knoxville
7.
Smith, Jared Michael.
Taking Back the Internet: Defeating DDoS and Adverse Network Conditions via Reactive BGP Routing.
Degree: MS, Computer Science, 2017, University of Tennessee – Knoxville
URL: https://trace.tennessee.edu/utk_gradthes/4994
► In this work, we present Nyx, a system for mitigating Distributed Denial of Service (DDoS) attacks by routing critical traffic from known benign networks around…
(more)
▼ In this work, we present Nyx, a system for mitigating Distributed Denial of Service (DDoS) attacks by routing critical traffic from known benign networks around links under attack from a massively distributed botnet. Nyx alters how Autonomous Systems (ASes) handle route selection and advertisement in the Border Gateway Protocol (BGP) in order to achieve isolation of critical traffic away from congested links onto alternative, less congested paths. Our system controls outbound paths through the normal process of BGP path selection, while return paths from critical ASes are controlled through the use of existing traffic engineering techniques. To prevent alternative paths from including attacked
network links, Nyx employs strategic lying in a manner that is functional in the presence of RPKI. Our system only exposes the alternate path to the networks needed for forwarding and those networks' customer cones, thus strategically reducing the number of ASes outside of the critical AS that receive the alternative path. By leaving the path taken by malicious traffic unchanged and limiting the amount of added traffic load placed on the alternate path, our system causes less than 10 ASes on average to be disturbed by our inbound traffic migration.Nyx is the first system that scalably and effectively mitigates transit-link DDoS attacks that cannot be handled by existing and costly traffic filtering or prioritization techniques. Unlike the prior state of the art, Nyx is highly deployable, requiring only minor changes to router policies at the deployer, and requires no assistance from external networks. Using our own Internet-scale simulator, we find that in more than 98% of cases our system can successfully migrate critical traffic off of the
network segments under transit-link DDoS. In over 98% of cases, the alternate path provides some degree of relief over the original path. Finally, in over 70% of cases where Nyx can migrate critical traffic off attacked segments, the new path has sufficient capacity to handle the entire traffic load without congestion.
Advisors/Committee Members: Maxfield Joseph Schuchard, Mark E. Dean, Joseph Bryan Lyles, Audrius Mockus.
Subjects/Keywords: DDoS; security; network security; BGP; distributed systems
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Smith, J. M. (2017). Taking Back the Internet: Defeating DDoS and Adverse Network Conditions via Reactive BGP Routing. (Thesis). University of Tennessee – Knoxville. Retrieved from https://trace.tennessee.edu/utk_gradthes/4994
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Smith, Jared Michael. “Taking Back the Internet: Defeating DDoS and Adverse Network Conditions via Reactive BGP Routing.” 2017. Thesis, University of Tennessee – Knoxville. Accessed January 20, 2021.
https://trace.tennessee.edu/utk_gradthes/4994.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Smith, Jared Michael. “Taking Back the Internet: Defeating DDoS and Adverse Network Conditions via Reactive BGP Routing.” 2017. Web. 20 Jan 2021.
Vancouver:
Smith JM. Taking Back the Internet: Defeating DDoS and Adverse Network Conditions via Reactive BGP Routing. [Internet] [Thesis]. University of Tennessee – Knoxville; 2017. [cited 2021 Jan 20].
Available from: https://trace.tennessee.edu/utk_gradthes/4994.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Smith JM. Taking Back the Internet: Defeating DDoS and Adverse Network Conditions via Reactive BGP Routing. [Thesis]. University of Tennessee – Knoxville; 2017. Available from: https://trace.tennessee.edu/utk_gradthes/4994
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Rochester Institute of Technology
8.
Spinapolice, Matthew.
Mitigating the risk of social engineering attacks.
Degree: MS, Information Sciences and Technologies (GCCIS), 2011, Rochester Institute of Technology
URL: https://scholarworks.rit.edu/theses/394
► The topic of social engineering is only covered briefly in today's system administration and security coursework. This lack of coverage leaves many Administrators ill-equipped…
(more)
▼ The topic of social engineering is only covered briefly in today's system administration and
security coursework. This lack of coverage leaves many Administrators ill-equipped to administer the users of a computer
network. In addition to their technical training, administrators need to comprehend the potential severity and likelihood of social engineering attacks. Teaching administrators only to minimize the risk of hacking attempts or computer virus infections does not fully equip them with the knowledge needed to defend their networks. To ensure the safety of their
network from social engineering attacks, administrators need to be able to answer three primary questions: * How can Administrators look for and identify a social engineering attack? * How can Administrators properly train users to ensure they do not become the
network's weakest
security link? * How can Administrators test their protection methods to ensure the risk of social engineering attacks is sufficiently mitigated? This thesis attempts to answer these questions, devise a training workshop template Administrators can present to their users, and present a base set of audit guidelines Administrators can employ to ensure their attack prevention methods are effective.
Advisors/Committee Members: Johnson, Daryl.
Subjects/Keywords: Network security; Social engineering
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Spinapolice, M. (2011). Mitigating the risk of social engineering attacks. (Masters Thesis). Rochester Institute of Technology. Retrieved from https://scholarworks.rit.edu/theses/394
Chicago Manual of Style (16th Edition):
Spinapolice, Matthew. “Mitigating the risk of social engineering attacks.” 2011. Masters Thesis, Rochester Institute of Technology. Accessed January 20, 2021.
https://scholarworks.rit.edu/theses/394.
MLA Handbook (7th Edition):
Spinapolice, Matthew. “Mitigating the risk of social engineering attacks.” 2011. Web. 20 Jan 2021.
Vancouver:
Spinapolice M. Mitigating the risk of social engineering attacks. [Internet] [Masters thesis]. Rochester Institute of Technology; 2011. [cited 2021 Jan 20].
Available from: https://scholarworks.rit.edu/theses/394.
Council of Science Editors:
Spinapolice M. Mitigating the risk of social engineering attacks. [Masters Thesis]. Rochester Institute of Technology; 2011. Available from: https://scholarworks.rit.edu/theses/394
Oregon State University
9.
Adeli, Majid.
Security protocols for linear network coding.
Degree: PhD, Electrical and Computer Engineering, 2013, Oregon State University
URL: http://hdl.handle.net/1957/40079
► Network coding, as the next generation of data routing protocols, enables each intermediate node in a network to process and encode its received data before…
(more)
▼ Network coding, as the next generation of data routing protocols, enables each intermediate node in a
network to process and encode its received data before forwarding it to the next nodes. Hence, the core idea in
network coding is to allow a
network to encode the data that is being transmitted through it. This revolutionary idea of data routing results in dynamic change in the content of each data packet. That is, in a
network coding setting, the original data symbols that are generated at the source nodes evolve hop-by-hop as they travel through the intermediate nodes. This property is clearly in stark contrast with the methods that are used in traditional data routing protocols, where every intermediate node acts as a plain relay. In other words, in the conventional data routing algorithms, every intermediate node solely replicates its incoming data on one or more of its outgoing channels. The criteria and the policies based on which an intermediate node makes decisions about the proper outgoing channels corresponding to each incoming packet depend on the employed routing protocol. Usually, each intermediate node utilizes a set of routing information (such as a routing table) in order to find the most cost effective path or paths to the final destinations. The cost criterion may be defined based on various parameters, but what is fixed is that the general goal is always to find the most optimum route that starts from the node and reaches the final destination at the lowest cost. Upon finding the best output channels, the intermediate node simply copies the pertinent data packet on the optimum channels without inflicting any change in the data payload. This common method of data routing in conventional routing protocols is indeed considered as a very special case in
network coding theory. The fact that in
network coding every node processes (encodes) its input data to create its outgoing symbols implies that the encoding operation at a given
network node can be expressed as a multi-input multi-output function which intakes the node's incoming data symbols as its input arguments and generates the outgoing data symbols departing the node as its outputs. Since each node in the
network has its own function, they are called "local encoding function". This way of looking at the
network coding operation enables us to simply define linear and nonlinear
network coding as the
network codes with linear and nonlinear local encoding functions, respectively. Hence, in linear
network coding, every node (including the source and the sink nodes) executes a linear function on its incoming data symbols in order to generate its output symbols, while in nonlinear
network coding this function is nonlinear. The linearity indicates that every output symbol of a local encoding function can be stated as a unique linear combination of its input symbols. Therefore, in linear
network coding, the encoding operations at the intermediate nodes can be stated as matrix multiplications. If linear
network coding is applied then each individual…
Advisors/Committee Members: Liu, Huaping (advisor), Bose, Bella (committee member).
Subjects/Keywords: Linear network coding; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Adeli, M. (2013). Security protocols for linear network coding. (Doctoral Dissertation). Oregon State University. Retrieved from http://hdl.handle.net/1957/40079
Chicago Manual of Style (16th Edition):
Adeli, Majid. “Security protocols for linear network coding.” 2013. Doctoral Dissertation, Oregon State University. Accessed January 20, 2021.
http://hdl.handle.net/1957/40079.
MLA Handbook (7th Edition):
Adeli, Majid. “Security protocols for linear network coding.” 2013. Web. 20 Jan 2021.
Vancouver:
Adeli M. Security protocols for linear network coding. [Internet] [Doctoral dissertation]. Oregon State University; 2013. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/1957/40079.
Council of Science Editors:
Adeli M. Security protocols for linear network coding. [Doctoral Dissertation]. Oregon State University; 2013. Available from: http://hdl.handle.net/1957/40079
10.
宇野, 真純.
エントロピーを特徴として用いた初期潜入段階におけるRATの通信検知 : A RAT detection method by using packet entropy on early intrusion stage; エントロピー オ トクチョウ ト シテ モチイタ ショキ センニュウ ダンカイ ニ オケル RAT ノ ツウシン ケンチ.
Degree: Nara Institute of Science and Technology / 奈良先端科学技術大学院大学
URL: http://hdl.handle.net/10061/11551
Subjects/Keywords: Network Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
宇野, . (n.d.). エントロピーを特徴として用いた初期潜入段階におけるRATの通信検知 : A RAT detection method by using packet entropy on early intrusion stage; エントロピー オ トクチョウ ト シテ モチイタ ショキ センニュウ ダンカイ ニ オケル RAT ノ ツウシン ケンチ. (Thesis). Nara Institute of Science and Technology / 奈良先端科学技術大学院大学. Retrieved from http://hdl.handle.net/10061/11551
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
宇野, 真純. “エントロピーを特徴として用いた初期潜入段階におけるRATの通信検知 : A RAT detection method by using packet entropy on early intrusion stage; エントロピー オ トクチョウ ト シテ モチイタ ショキ センニュウ ダンカイ ニ オケル RAT ノ ツウシン ケンチ.” Thesis, Nara Institute of Science and Technology / 奈良先端科学技術大学院大学. Accessed January 20, 2021.
http://hdl.handle.net/10061/11551.
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
宇野, 真純. “エントロピーを特徴として用いた初期潜入段階におけるRATの通信検知 : A RAT detection method by using packet entropy on early intrusion stage; エントロピー オ トクチョウ ト シテ モチイタ ショキ センニュウ ダンカイ ニ オケル RAT ノ ツウシン ケンチ.” Web. 20 Jan 2021.
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Vancouver:
宇野 . エントロピーを特徴として用いた初期潜入段階におけるRATの通信検知 : A RAT detection method by using packet entropy on early intrusion stage; エントロピー オ トクチョウ ト シテ モチイタ ショキ センニュウ ダンカイ ニ オケル RAT ノ ツウシン ケンチ. [Internet] [Thesis]. Nara Institute of Science and Technology / 奈良先端科学技術大学院大学; [cited 2021 Jan 20].
Available from: http://hdl.handle.net/10061/11551.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
No year of publication.
Council of Science Editors:
宇野 . エントロピーを特徴として用いた初期潜入段階におけるRATの通信検知 : A RAT detection method by using packet entropy on early intrusion stage; エントロピー オ トクチョウ ト シテ モチイタ ショキ センニュウ ダンカイ ニ オケル RAT ノ ツウシン ケンチ. [Thesis]. Nara Institute of Science and Technology / 奈良先端科学技術大学院大学; Available from: http://hdl.handle.net/10061/11551
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
No year of publication.
11.
Jason Haydaman.
Application of machine learning to computer network security.
Degree: Electrical and Computer Engineering, 2017, University of Manitoba
URL: http://hdl.handle.net/1993/32543
► Computer Security covers a wide array of topics, with much of the development in the field happening outside academia. We look at intrusion detection, and…
(more)
▼ Computer
Security covers a wide array of topics, with much of the development in the field happening outside academia. We look at intrusion detection, and evaluate the effectiveness of machine learning in the development of a commercial intrusion detection system (IDS), and compare it with conventional IDS design approaches. We attempt to create novel data sets, and examine the difficulties of extracting new features from
network traffic to aid machine learning based systems. Finally, we propose a novel, near-zero overhead method of associating
network packets with the process identifier (pid) of their source in real-time and demonstrate a significant performance improvement over existing methods of pid labeling.
Advisors/Committee Members: Gilmore, Colin (Electrical and Computer Engineering), Ferens, Ken (Electrical and Computer Engineering).
Subjects/Keywords: Machine learning; Computer network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Haydaman, J. (2017). Application of machine learning to computer network security. (Masters Thesis). University of Manitoba. Retrieved from http://hdl.handle.net/1993/32543
Chicago Manual of Style (16th Edition):
Haydaman, Jason. “Application of machine learning to computer network security.” 2017. Masters Thesis, University of Manitoba. Accessed January 20, 2021.
http://hdl.handle.net/1993/32543.
MLA Handbook (7th Edition):
Haydaman, Jason. “Application of machine learning to computer network security.” 2017. Web. 20 Jan 2021.
Vancouver:
Haydaman J. Application of machine learning to computer network security. [Internet] [Masters thesis]. University of Manitoba; 2017. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/1993/32543.
Council of Science Editors:
Haydaman J. Application of machine learning to computer network security. [Masters Thesis]. University of Manitoba; 2017. Available from: http://hdl.handle.net/1993/32543
University of Technology, Sydney
12.
Yu, D.
Generic benchmarking for application specific wireless sensor networks multi criteria performance.
Degree: 2012, University of Technology, Sydney
URL: http://hdl.handle.net/10453/21812
► Due to stringent energy constraint and demand for performance requirement, a generic architecture like TCP/IP or Internet is not feasible with sensors used across various…
(more)
▼ Due to stringent energy constraint and demand for performance requirement, a
generic architecture like TCP/IP or Internet is not feasible with sensors used
across various applications. Instead, application specific design methodology is
the de facto consensus accepted among Wireless Sensor Network (WSN)
community. While it wins WSN performance gains for individual applications,
the methodology sacrifices all plausible attributes a generic architecture can
contribute. Without a unified reference model as comparing foundation, the
profound problem in true protocols contribution evaluation and comparison
remains challenging. Moreover, the stochastic and statistical nature of WSNs
makes realistic performance analysis fairly complex. In multi criteria QoS
context, this problem is further magnified by big design space with not yet fully
understood parameters and the competing relationship between multi objective
performance metrics. This work introduces a generic wireless-benchmarking
methodology not only qualitatively evaluation from high level abstraction,
concerning only profound pros and cons from a general viewpoint of tradeoffs
between generality, performance and cost, but also a set of practical workflows
that are designed to support quantitative evaluation and analysis of WSN
protocols for application-specific objectives. This methodology and the
accompanying new benchmark concepts, such as performance efficiency,
development efficiency and performance stability, are designed to gain new
insight of the dynamic behavior of WSN protocols in a systematical way
compared to the current ad-hoc evaluation approaches applied by most of the
community.
Subjects/Keywords: Wireless sensor network.; Evaluation.; Security.
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Yu, D. (2012). Generic benchmarking for application specific wireless sensor networks multi criteria performance. (Thesis). University of Technology, Sydney. Retrieved from http://hdl.handle.net/10453/21812
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Yu, D. “Generic benchmarking for application specific wireless sensor networks multi criteria performance.” 2012. Thesis, University of Technology, Sydney. Accessed January 20, 2021.
http://hdl.handle.net/10453/21812.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Yu, D. “Generic benchmarking for application specific wireless sensor networks multi criteria performance.” 2012. Web. 20 Jan 2021.
Vancouver:
Yu D. Generic benchmarking for application specific wireless sensor networks multi criteria performance. [Internet] [Thesis]. University of Technology, Sydney; 2012. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/10453/21812.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Yu D. Generic benchmarking for application specific wireless sensor networks multi criteria performance. [Thesis]. University of Technology, Sydney; 2012. Available from: http://hdl.handle.net/10453/21812
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Princeton University
13.
Sun, Yixin.
Enhancing Anonymity Systems under Network and User Dynamics
.
Degree: PhD, 2020, Princeton University
URL: http://arks.princeton.edu/ark:/88435/dsp01z316q454h
► Privacy on the Internet is eroding rapidly. Anonymity systems have been designed to protect the identity and privacy of users from untrusted destinations and third…
(more)
▼ Privacy on the Internet is eroding rapidly. Anonymity systems have been designed to protect the identity and privacy of users from untrusted destinations and third parties on the Internet. However, many prior works on anonymity systems assume that important system components, such as
network routing and user location, are static. In practice, these components are highly dynamic, leading to new vulnerabilities that can compromise user anonymity. In this dissertation, we exploit dynamics in anonymity systems across two different layers:
network dynamics (i.e., changes in routing) at the
network layer and user dynamics (i.e., changes in user location) at the application layer.
First, we present RAPTOR attacks that exploit the dynamics in Internet routing to compromise user anonymity in the Tor
network. The attacks enable adversaries to observe more user traffic and deanonymize them more effectively than previously thought. We successfully demonstrate the attacks by performing them on the live Tor
network, ethically.
Second, we build proactive and reactive defenses to protect Tor users from RAPTOR attacks: (1) a novel Tor relay selection algorithm that proactively reduces the probability of Tor users being affected by an attack, and (2) a monitoring system with novel detection analytics that detect routing anomaly for Tor relays in real time.
Finally, we present attacks that exploit user mobility to compromise user anonymity across a wide range of anonymity systems. While prior works assume that user locations are fixed when accessing anonymity systems, we demonstrate that users can be highly mobile and subsequently expose themselves to adversaries as they visit more locations.
In summary, we demonstrate the dangers of abstracting dynamics in Internet routing and user location from the analysis of anonymity systems, and take the step to design anonymity systems with these important system components in mind.
Advisors/Committee Members: Mittal, Prateek (advisor), Chiang, Mung (advisor).
Subjects/Keywords: Anonymity;
Network Privacy;
Routing security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Sun, Y. (2020). Enhancing Anonymity Systems under Network and User Dynamics
. (Doctoral Dissertation). Princeton University. Retrieved from http://arks.princeton.edu/ark:/88435/dsp01z316q454h
Chicago Manual of Style (16th Edition):
Sun, Yixin. “Enhancing Anonymity Systems under Network and User Dynamics
.” 2020. Doctoral Dissertation, Princeton University. Accessed January 20, 2021.
http://arks.princeton.edu/ark:/88435/dsp01z316q454h.
MLA Handbook (7th Edition):
Sun, Yixin. “Enhancing Anonymity Systems under Network and User Dynamics
.” 2020. Web. 20 Jan 2021.
Vancouver:
Sun Y. Enhancing Anonymity Systems under Network and User Dynamics
. [Internet] [Doctoral dissertation]. Princeton University; 2020. [cited 2021 Jan 20].
Available from: http://arks.princeton.edu/ark:/88435/dsp01z316q454h.
Council of Science Editors:
Sun Y. Enhancing Anonymity Systems under Network and User Dynamics
. [Doctoral Dissertation]. Princeton University; 2020. Available from: http://arks.princeton.edu/ark:/88435/dsp01z316q454h
14.
Wu, Ben.
Physical Layer Security Based on Optical Steganography and Optical Encryption
.
Degree: PhD, 2015, Princeton University
URL: http://arks.princeton.edu/ark:/88435/dsp01pv63g2566
► The communication network has experienced enormous growth in the past few decades. The growth of communication network requires the data to be transmitted at a…
(more)
▼ The communication
network has experienced enormous growth in the past few decades. The growth of communication
network requires the data to be transmitted at a high speed as well as in a secure scheme. The traditional ways of providing communication
security are based on the existing
network infrastructure. These methods consume the capacity of the
network and thus the
security is achieved at the cost of transmission speed. Moreover, since the
network infrastructure in the physical layer is not designed for
security purpose, protection schemes based on the infrastructure is limited by its functions and cannot achieve ideal and effective protection. This thesis focuses on optical steganography and optical encryption techniques to improve the physical infrastructure of the communication
network for secure purpose. The
network is effectively protected without compromising the transmission speed.
Optical steganography methods in which amplifier noise is used as the signal carrier are proposed and experimentally demonstrated. Since the optical amplifiers are widely used in the fiber optic
network, using the amplifier noise as the signal carrier creates extra
network capacity without consuming extra power. The noise carried signals are effectively hidden in both time domain and frequency domain. To deploy optical steganography in the communication
network, the system performances of the stealth channel, including the bit error rate (BER) and dispersion effect are theoretically analyzed and experimentally demonstrated. Besides optical steganography, an optical encryption method is demonstrated. The encrypted signal is protected by analog radio frequency noise. Without decrypting the signal in real time, the data cannot be digitized and will be loss permanently.
The
security techniques studied in this thesis can solve
security problems that cannot be solved by the traditional software based methods. On the other hand, the functions of physical layer techniques can be optimized if physical layer techniques are combined with the traditional software based techniques. This thesis studies the software interface between physical layer techniques and application level
network. Steganography Assisted Tor (SAT) is demonstrated as an interface and it can effectively protect the privacy and anonymity of the
network.
Advisors/Committee Members: Prucnal, Paul R (advisor).
Subjects/Keywords: Fiber-optic communication;
Network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Wu, B. (2015). Physical Layer Security Based on Optical Steganography and Optical Encryption
. (Doctoral Dissertation). Princeton University. Retrieved from http://arks.princeton.edu/ark:/88435/dsp01pv63g2566
Chicago Manual of Style (16th Edition):
Wu, Ben. “Physical Layer Security Based on Optical Steganography and Optical Encryption
.” 2015. Doctoral Dissertation, Princeton University. Accessed January 20, 2021.
http://arks.princeton.edu/ark:/88435/dsp01pv63g2566.
MLA Handbook (7th Edition):
Wu, Ben. “Physical Layer Security Based on Optical Steganography and Optical Encryption
.” 2015. Web. 20 Jan 2021.
Vancouver:
Wu B. Physical Layer Security Based on Optical Steganography and Optical Encryption
. [Internet] [Doctoral dissertation]. Princeton University; 2015. [cited 2021 Jan 20].
Available from: http://arks.princeton.edu/ark:/88435/dsp01pv63g2566.
Council of Science Editors:
Wu B. Physical Layer Security Based on Optical Steganography and Optical Encryption
. [Doctoral Dissertation]. Princeton University; 2015. Available from: http://arks.princeton.edu/ark:/88435/dsp01pv63g2566
University of Windsor
15.
Zhao, Shushan.
ISSUES AND SOLUTIONS OF APPLYING IDENTITY-BASED CRYPTOGRAPHY TO MOBILE AD-HOC NETWORKS.
Degree: PhD, Computer Science, 2012, University of Windsor
URL: https://scholar.uwindsor.ca/etd/5414
► Concept of Mobile Ad-hoc Networks (MANETs) was brought up a few decades ago with assumed prosperous future. Unfortunately, we do not see many practical applications…
(more)
▼ Concept of Mobile Ad-hoc Networks (MANETs) was brought up a few decades ago with
assumed prosperous future. Unfortunately, we do not see many practical applications
of them in real life.
Security of MANETs is a big concern considered by investors and
industries, and hinders them from putting MANETs into application. Requirements of
security, and difficulties to meet these requirements have been stated clearly already; yet
solutions to these difficulties are not quite clear. Cryptographic technologies seem to
be capable of satisfying most of the requirements, which has been proved in Internet or
wired networks. However, most of the technologies, including symmetric and traditional
asymmetric cryptography (such as Public Key Infrastructure (PKI)), are inapplicable or
inconvenient to use inMANETs context. Identity-based Cryptography (IBC), as a special
form of asymmetric cryptography, carries many features interesting for MANETs. IBC
has been studied a lot recently by researchers of MANET
security, and many applications
have been proposed and claimed to address this difficult problem. However, it is still the
case that most of the solutions are not sound enough to be used in a practical MANET.
This thesis starts with an intensive survey on the proposals of applications of IBC in
MANETs, and points out the issues, limitations and weaknesses in these proposals and
also in IBC itself. The thesis proposes a novel framework with key management and
secure routing scheme integrated aiming to address these issues. This scheme brings
these contributions: compared to symmetric key solutions, it has more functionality derived
from asymmetric keys, and is more secure due to using 1-to-m broadcasting key
instead of only 1 group broadcasting key, and has less keys to store per node due to using
asymmetric keys instead of pairwise symmetric keys; compared to traditional asymmetric
cryptography solutions, the storage and communication requirements are lower due to
IBC properties; compared to previous IBC solutions, it has no key management and secure
routing interdependency cycle problem.
Security of the proposed scheme is proved and performance of the scheme is simulated and analyzed in the thesis. To the end of a
complete solution for an arbitraryMANET running in an arbitrary environment, the thesis
proposes enhancements to counter various attacks and options to abate or eliminate limitations
and weaknesses of IBC. The proposed scheme has a wide range of applicability
for various MANETs with little or no administrative overhead depending on situations
where it is considered.
Advisors/Committee Members: Robert D Kent, Akshai A Aggarwal.
Subjects/Keywords: ad-hoc network; cryptography; security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Zhao, S. (2012). ISSUES AND SOLUTIONS OF APPLYING IDENTITY-BASED CRYPTOGRAPHY TO MOBILE AD-HOC NETWORKS. (Doctoral Dissertation). University of Windsor. Retrieved from https://scholar.uwindsor.ca/etd/5414
Chicago Manual of Style (16th Edition):
Zhao, Shushan. “ISSUES AND SOLUTIONS OF APPLYING IDENTITY-BASED CRYPTOGRAPHY TO MOBILE AD-HOC NETWORKS.” 2012. Doctoral Dissertation, University of Windsor. Accessed January 20, 2021.
https://scholar.uwindsor.ca/etd/5414.
MLA Handbook (7th Edition):
Zhao, Shushan. “ISSUES AND SOLUTIONS OF APPLYING IDENTITY-BASED CRYPTOGRAPHY TO MOBILE AD-HOC NETWORKS.” 2012. Web. 20 Jan 2021.
Vancouver:
Zhao S. ISSUES AND SOLUTIONS OF APPLYING IDENTITY-BASED CRYPTOGRAPHY TO MOBILE AD-HOC NETWORKS. [Internet] [Doctoral dissertation]. University of Windsor; 2012. [cited 2021 Jan 20].
Available from: https://scholar.uwindsor.ca/etd/5414.
Council of Science Editors:
Zhao S. ISSUES AND SOLUTIONS OF APPLYING IDENTITY-BASED CRYPTOGRAPHY TO MOBILE AD-HOC NETWORKS. [Doctoral Dissertation]. University of Windsor; 2012. Available from: https://scholar.uwindsor.ca/etd/5414
University of Waterloo
16.
Zhang, Kuan.
Security and Privacy for Mobile Social Networks.
Degree: 2016, University of Waterloo
URL: http://hdl.handle.net/10012/10418
► With the ever-increasing demands of people's social interactions, traditional online social networking applications are being shifted to the mobile ones, enabling users' social networking and…
(more)
▼ With the ever-increasing demands of people's social interactions, traditional online social networking applications are being shifted to the mobile ones, enabling users' social networking and interactions anywhere anytime. Due to the portability and pervasiveness of mobile devices, such as smartphones, wearable devices and tablets, Mobile Social Network (MSN), as a promising social network platform, has become increasingly popular and brought immense benefits. In MSN, users can easily discover and chat with social friends in the vicinity even without the Internet; vehicle drivers and passengers can exchange traffic information, videos or images with other vehicles on the road; customers in a shopping mall can share sale information and recommend it to their friends. With MSNs, massive opportunities are created to facilitate people's social interactions and enlarge the inherent social circle.
However, the flourish of MSNs also hinges upon fully understanding and managing the challenges, such as security threats and privacy leakage. Security and privacy concerns rise as the boom of MSN applications comes up, but few users have paid adequate attentions to protect their privacy-sensitive information from disclosing. First of all, to initiate social interactions, users sometimes exchange their social interests or preferences with each other (including strangers in the vicinity) without sufficient protections. As such, some private information may be inferred from the exchanged social interests by attackers and untrusted users. Secondly, some malicious attackers might forge fake identities or false contents, such as spam and advertisements, to disrupt MSNs or mislead other users. These attackers could even collude and launch a series of security threats to MSNs. In addition, massive social network data are usually stored in untrusted cloud servers, where data confidentiality, authentication, access control and privacy are of paramount importance. Last but not least, the trade-off between data availability and privacy should be taken into account when the data are stored, queried and processed for various MSN applications. Therefore, novel security and privacy techniques become essential for MSN to provide sufficient and adjustable protections.
In this thesis, we focus on security and privacy for MSNs. Based on the MSN architecture and emerging applications, we first investigate security and privacy requirements for MSNs and introduce several challenging issues, i.e., spam, misbehaviors and privacy leakage. To tackle these problems, we propose efficient security and privacy preservation schemes for MSNs. Specifically, the main contributions of this thesis can be three-fold. Firstly, to address the issues of spam in autonomous MSNs, we propose a personalized fine-grained spam filtering scheme (PIF), which exploits social characteristics during data delivery. The PIF allows users to create personalized filters according to their social interests, and enables social friends to hold these filters, discarding the unwanted…
Subjects/Keywords: Mobile social network; Security; Privacy
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Zhang, K. (2016). Security and Privacy for Mobile Social Networks. (Thesis). University of Waterloo. Retrieved from http://hdl.handle.net/10012/10418
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Zhang, Kuan. “Security and Privacy for Mobile Social Networks.” 2016. Thesis, University of Waterloo. Accessed January 20, 2021.
http://hdl.handle.net/10012/10418.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Zhang, Kuan. “Security and Privacy for Mobile Social Networks.” 2016. Web. 20 Jan 2021.
Vancouver:
Zhang K. Security and Privacy for Mobile Social Networks. [Internet] [Thesis]. University of Waterloo; 2016. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/10012/10418.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Zhang K. Security and Privacy for Mobile Social Networks. [Thesis]. University of Waterloo; 2016. Available from: http://hdl.handle.net/10012/10418
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Louisiana State University
17.
Koopari Roopkumar, Bharath Kumar.
Ethical Hacking Using Penetration Testing.
Degree: MS, Electrical and Computer Engineering, 2014, Louisiana State University
URL: etd-11072014-122259
;
https://digitalcommons.lsu.edu/gradschool_theses/3238
► This thesis provides details of the hardware architecture and the software scripting, which are employed to demonstrate penetration testing in a laboratory setup. The architecture…
(more)
▼ This thesis provides details of the hardware architecture and the software scripting, which are employed to demonstrate penetration testing in a laboratory setup. The architecture depicts an organizational computing asset or an environment.¬¬¬ With the increasing number of cyber-attacks throughout the world, the network security is becoming an important issue. This has motivated a large number of “ethical hackers” to indulge and develop methodologies and scripts to defend against the security attacks. As it is too onerous to maintain and monitor attacks on individual hardware and software in an organization, the demand for the new ways to manage security systems invoked the idea of penetration testing. Many research groups have designed algorithms depending on the size, type and purpose of application to secure networks [55]. In this thesis, we create a laboratory setup replicating an organizational infrastructure to study penetration testing on real time server-client atmosphere. To make this possible, we have used Border Gateway Protocol (BGP) as routing protocol as it is widely used in current networks. Moreover, BGP exhibits few vulnerabilities of its own and makes the security assessment more promising. Here, we propose (a) computer based attacks and (b) actual network based attacks including defense mechanisms. The thesis, thus, describes the way penetration testing is accomplished over a desired BGP network. The procedural generation of the packets, exploit, and payloads involve internal and external network attacks. In this thesis, we start with the details of all sub-fields in the stream of penetration testing, including their requirements and outcomes. As an informative and learning research, this thesis discusses the types of attacks over the routers, switches and physical client machines. Our work also deals with the limitations of the implementation of the penetration testing, discussing over the vulnerabilities of the current standards in the technology. Furthermore, we consider the possible methodologies that require attention in order to accomplish most efficient outcomes with the penetration testing. Overall, this work has provided a great learning opportunity in the area of ethical hacking using penetration testing.
Subjects/Keywords: penetration testing; network security; hacking
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Koopari Roopkumar, B. K. (2014). Ethical Hacking Using Penetration Testing. (Masters Thesis). Louisiana State University. Retrieved from etd-11072014-122259 ; https://digitalcommons.lsu.edu/gradschool_theses/3238
Chicago Manual of Style (16th Edition):
Koopari Roopkumar, Bharath Kumar. “Ethical Hacking Using Penetration Testing.” 2014. Masters Thesis, Louisiana State University. Accessed January 20, 2021.
etd-11072014-122259 ; https://digitalcommons.lsu.edu/gradschool_theses/3238.
MLA Handbook (7th Edition):
Koopari Roopkumar, Bharath Kumar. “Ethical Hacking Using Penetration Testing.” 2014. Web. 20 Jan 2021.
Vancouver:
Koopari Roopkumar BK. Ethical Hacking Using Penetration Testing. [Internet] [Masters thesis]. Louisiana State University; 2014. [cited 2021 Jan 20].
Available from: etd-11072014-122259 ; https://digitalcommons.lsu.edu/gradschool_theses/3238.
Council of Science Editors:
Koopari Roopkumar BK. Ethical Hacking Using Penetration Testing. [Masters Thesis]. Louisiana State University; 2014. Available from: etd-11072014-122259 ; https://digitalcommons.lsu.edu/gradschool_theses/3238
Virginia Tech
18.
Groat, Stephen Lawrence.
Privacy and Security in IPv6 Addressing.
Degree: MS, Electrical and Computer Engineering, 2011, Virginia Tech
URL: http://hdl.handle.net/10919/76978
► Due to an exponentially larger address space than Internet Protocol version 4 (IPv4), the Internet Protocol version 6 (IPv6) uses new methods to assign network…
(more)
▼ Due to an exponentially larger address space than Internet Protocol version 4 (IPv4), the Internet Protocol version 6 (IPv6) uses new methods to assign
network addresses to Internet nodes. StateLess Address Auto Configuration (SLAAC) creates an address using a static value derived from the Media Access Control (MAC) address of a
network interface as host portion, or interface identifier (IID). The Dynamic Host Configuration Protocol version 6 (DHCPv6) uses a client-server model to manage
network addresses, providing stateful address configuration. While DHCPv6 can be configured to assign randomly distributed addresses, the DHCP Unique Identifier (DUID) was designed to remain static for clients as they move between different DHCPv6 subnets and networks. Both the IID and DUID are static values which are publicly exposed, creating a privacy and
security threat for users and nodes.
The static IID and DUID allow attackers to violate unsuspecting IPv6 users' privacy and
security with ease. These static identifiers make geographic tracking and
network traffic correlation over multiple sessions simple. Also, different classes of computer and
network attacks, such as system-specific attacks and Denial-of-Service (DoS) attacks, are easier to successfully employ due to these identifiers. This research identifies and tests the validity of the privacy and
security threat of static IIDs and DUIDs. Solutions which mitigate or eliminate the threat posed by static identifiers in IPv6 are identified.
Advisors/Committee Members: Tront, Joseph G. (committeechair), Marchany, Randolph C. (committee member), Midkiff, Scott F. (committee member).
Subjects/Keywords: Security; Network Addressing; Privacy; Pv6
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Groat, S. L. (2011). Privacy and Security in IPv6 Addressing. (Masters Thesis). Virginia Tech. Retrieved from http://hdl.handle.net/10919/76978
Chicago Manual of Style (16th Edition):
Groat, Stephen Lawrence. “Privacy and Security in IPv6 Addressing.” 2011. Masters Thesis, Virginia Tech. Accessed January 20, 2021.
http://hdl.handle.net/10919/76978.
MLA Handbook (7th Edition):
Groat, Stephen Lawrence. “Privacy and Security in IPv6 Addressing.” 2011. Web. 20 Jan 2021.
Vancouver:
Groat SL. Privacy and Security in IPv6 Addressing. [Internet] [Masters thesis]. Virginia Tech; 2011. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/10919/76978.
Council of Science Editors:
Groat SL. Privacy and Security in IPv6 Addressing. [Masters Thesis]. Virginia Tech; 2011. Available from: http://hdl.handle.net/10919/76978
University of Texas – Austin
19.
Chen, Chia-Ju.
Statistical analysis of identity risk of exposure and cost using the ecosystem of identity attributes.
Degree: MSin Engineering, Electrical and Computer Engineering, 2019, University of Texas – Austin
URL: http://dx.doi.org/10.26153/tsw/7425
► Personally Identifiable Information (PII) is often called the "currency of the Internet" as identity assets are collected, shared, sold, and used for almost every transaction…
(more)
▼ Personally Identifiable Information (PII) is often called the "currency of the Internet" as identity assets are collected, shared, sold, and used for almost every transaction on the Internet. PII is used for all types of applications from access control to credit score calculations to targeted advertising. Every market sector relies on PII to know and authenticate their customers and their employees. With so many businesses and government agencies relying on PII to make important decisions and so many people being asked to share personal data, it is critical to better understand the fundamentals of identity to protect it and responsibly use it. Previously developed comprehensive Identity Ecosystem utilizes graphs to model PII assets and their relationships and is powered by empirical data from almost 6,000 real-world identity theft and fraud news reports to populate the UT CID Identity Ecosystem. We analyze UT CID Identity Ecosystem using graph theory and report numerous novel statistics using identity asset content, structure, value, accessibility, and impact. Our work sheds light on how identity is used and paves the way for improving identity protection.
Advisors/Committee Members: Barber, K. Suzanne (advisor).
Subjects/Keywords: Security; Social network analysis
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Chen, C. (2019). Statistical analysis of identity risk of exposure and cost using the ecosystem of identity attributes. (Masters Thesis). University of Texas – Austin. Retrieved from http://dx.doi.org/10.26153/tsw/7425
Chicago Manual of Style (16th Edition):
Chen, Chia-Ju. “Statistical analysis of identity risk of exposure and cost using the ecosystem of identity attributes.” 2019. Masters Thesis, University of Texas – Austin. Accessed January 20, 2021.
http://dx.doi.org/10.26153/tsw/7425.
MLA Handbook (7th Edition):
Chen, Chia-Ju. “Statistical analysis of identity risk of exposure and cost using the ecosystem of identity attributes.” 2019. Web. 20 Jan 2021.
Vancouver:
Chen C. Statistical analysis of identity risk of exposure and cost using the ecosystem of identity attributes. [Internet] [Masters thesis]. University of Texas – Austin; 2019. [cited 2021 Jan 20].
Available from: http://dx.doi.org/10.26153/tsw/7425.
Council of Science Editors:
Chen C. Statistical analysis of identity risk of exposure and cost using the ecosystem of identity attributes. [Masters Thesis]. University of Texas – Austin; 2019. Available from: http://dx.doi.org/10.26153/tsw/7425
Oklahoma State University
20.
Koskei, Jordan Kiprop.
Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models.
Degree: Computer Science Department, 2011, Oklahoma State University
URL: http://hdl.handle.net/11244/8184
► Currently deployed intrusion detection systems (IDS) have no capacity to discover attacker high level intentions. Understanding an intruder's intention greatly enhances network security as it…
(more)
▼ Currently deployed intrusion detection systems (IDS) have no capacity to discover attacker high level intentions. Understanding an intruder's intention greatly enhances
network security as it allows deployment of more accurate pre-emptive counter-measures and better disaster recovery. In this thesis, we propose a system where we model a known attack scenario using HMM and use alerts from an IDS later to discover an attackers set of intentions for a given set of alerts.
Advisors/Committee Members: Thomas, Johnson (advisor), Kak, Subhash C. (committee member), Toulouse, Michel (committee member).
Subjects/Keywords: intrusion detection; network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Koskei, J. K. (2011). Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models. (Thesis). Oklahoma State University. Retrieved from http://hdl.handle.net/11244/8184
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Koskei, Jordan Kiprop. “Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models.” 2011. Thesis, Oklahoma State University. Accessed January 20, 2021.
http://hdl.handle.net/11244/8184.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Koskei, Jordan Kiprop. “Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models.” 2011. Web. 20 Jan 2021.
Vancouver:
Koskei JK. Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models. [Internet] [Thesis]. Oklahoma State University; 2011. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/11244/8184.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Koskei JK. Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models. [Thesis]. Oklahoma State University; 2011. Available from: http://hdl.handle.net/11244/8184
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Georgia Tech
21.
Formby, David.
Network based fingerprinting techniques for industrial control systems.
Degree: PhD, Electrical and Computer Engineering, 2017, Georgia Tech
URL: http://hdl.handle.net/1853/60668
► Fingerprinting techniques operating over the network are proposed to identify various aspects of industrial control systems (ICSs) including software, hardware, and physical devices. First, a…
(more)
▼ Fingerprinting techniques operating over the
network are proposed to identify various aspects of industrial control systems (ICSs) including software, hardware, and physical devices. First, a detailed traffic characterization is performed on several power substation networks to guide the development of the techniques. Round trip times for the resource-starved embedded devices were observed to be heavily clustered based on device type no matter how large the physical distance between them, suggesting they were largely based on processing time. This insight led to the development of cross-layer response time fingerprinting to passively identify device types based on the processing time between TCP
level acknowledgments and application layer responses, with classification accuracy reaching
99% on real-world substation traffic. Complementing these techniques by addressing a different aspect of ICS networks, methods are developed to fingerprint the physical devices of the ICS. Previous work on physical fingerprinting is extended to improve relay classification from 92% to 100% and extend the scope of the methods to valves, motors, and pumps. Building on the idea behind the cross-layer response time methods, techniques are explored that expand the scope to general programmable logic controllers by generating program fingerprints from the execution times of control programs. The
security of this technique is enhanced by the addition of proof-of-work functions to provide an upper
bound guarantee that no additional instructions are being executed in the program. Performance of all the fingerprinting techniques are discussed with respect to their potential to contribute to a holistic, ICS-specific intrusion detection system.
Advisors/Committee Members: Beyah, Raheem (advisor), Copeland, John (committee member), Owen, Henry (committee member), Chang, Yusun (committee member), Zajic, Alenka (committee member), Zonouz, Saman (committee member).
Subjects/Keywords: Network security; Industrial control systems; Network characterization
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Formby, D. (2017). Network based fingerprinting techniques for industrial control systems. (Doctoral Dissertation). Georgia Tech. Retrieved from http://hdl.handle.net/1853/60668
Chicago Manual of Style (16th Edition):
Formby, David. “Network based fingerprinting techniques for industrial control systems.” 2017. Doctoral Dissertation, Georgia Tech. Accessed January 20, 2021.
http://hdl.handle.net/1853/60668.
MLA Handbook (7th Edition):
Formby, David. “Network based fingerprinting techniques for industrial control systems.” 2017. Web. 20 Jan 2021.
Vancouver:
Formby D. Network based fingerprinting techniques for industrial control systems. [Internet] [Doctoral dissertation]. Georgia Tech; 2017. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/1853/60668.
Council of Science Editors:
Formby D. Network based fingerprinting techniques for industrial control systems. [Doctoral Dissertation]. Georgia Tech; 2017. Available from: http://hdl.handle.net/1853/60668
University of North Texas
22.
Ganduri, Rajasekhar.
Network Security Tool for a Novice.
Degree: 2016, University of North Texas
URL: https://digital.library.unt.edu/ark:/67531/metadc862873/
► Network security is a complex field that is handled by security professionals who need certain expertise and experience to configure security systems. With the ever…
(more)
▼ Network security is a complex field that is handled by
security professionals who need certain expertise and experience to configure
security systems. With the ever increasing size of the networks, managing them is going to be a daunting task. What kind of solution can be used to generate effective
security configurations by both
security professionals and nonprofessionals alike? In this thesis, a web tool is developed to simplify the process of configuring
security systems by translating direct human language input into meaningful, working
security rules. These human language inputs yield the
security rules that the individual wants to implement in their
network. The human language input can be as simple as, "Block Facebook to my son's PC". This tool will translate these inputs into specific
security rules and install the translated rules into
security equipment such as virtualized Cisco FWSM
network firewall, Netfilter host-based firewall, and Snort
Network Intrusion Detection. This tool is implemented and tested in both a traditional
network and a cloud environment. One thousand input policies were collected from various users such as staff from UNT departments' and health science, including individuals with
network security background as well as students with a non-computer science background to analyze the tool's performance. The tool is tested for its accuracy (91%) in generating a
security rule. It is also tested for accuracy of the translated rule (86%) compared to a standard rule written by
security professionals. Nevertheless, the
network security tool built has shown promise to both experienced and inexperienced people in
network security field by simplifying the provisioning process to result in accurate and effective
network security rules.
Advisors/Committee Members: Dantu, Ram, Thompson, Mark A, Vexler, Manuel.
Subjects/Keywords: Network Security; Cloud Computing; OpenStack; Network Security Functions
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
Louisiana State University
23.
Davis, Sarah.
Cyber-Physical Security Strategies.
Degree: MSEE, Electrical and Computer Engineering, 2014, Louisiana State University
URL: etd-04072014-162250
;
https://digitalcommons.lsu.edu/gradschool_theses/1147
► Cyber-physical security describes the protection of systems with close relationships between computational functions and physical ones and addresses the issue of vulnerability to attack through…
(more)
▼ Cyber-physical security describes the protection of systems with close relationships between computational functions and physical ones and addresses the issue of vulnerability to attack through both cyber and physical avenues. This describes systems in a wide variety of functions, many crucial to the function of modern society, making their security of paramount importance. The development of secure system design and attack detection strategies for each potential avenue of attack is needed to combat malicious attacks. This thesis will provide an overview of the approaches to securing different aspect of cyber-physical systems. The cyber element can be designed to better prevent unauthorized entry and to be more robust to attack while its use is evaluated for signs of ongoing intrusion. Nodes in sensor networks can be evaluated by their claims to determine the likelihood of their honesty. Control systems can be designed to be robust in cases of the failure of one component and to detect signal insertion or replay attack. Through the application of these strategies, the safety and continued function of cyber-physical systems can be improved.
Subjects/Keywords: cyber-physical security; control sytem security; sensor network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Davis, S. (2014). Cyber-Physical Security Strategies. (Masters Thesis). Louisiana State University. Retrieved from etd-04072014-162250 ; https://digitalcommons.lsu.edu/gradschool_theses/1147
Chicago Manual of Style (16th Edition):
Davis, Sarah. “Cyber-Physical Security Strategies.” 2014. Masters Thesis, Louisiana State University. Accessed January 20, 2021.
etd-04072014-162250 ; https://digitalcommons.lsu.edu/gradschool_theses/1147.
MLA Handbook (7th Edition):
Davis, Sarah. “Cyber-Physical Security Strategies.” 2014. Web. 20 Jan 2021.
Vancouver:
Davis S. Cyber-Physical Security Strategies. [Internet] [Masters thesis]. Louisiana State University; 2014. [cited 2021 Jan 20].
Available from: etd-04072014-162250 ; https://digitalcommons.lsu.edu/gradschool_theses/1147.
Council of Science Editors:
Davis S. Cyber-Physical Security Strategies. [Masters Thesis]. Louisiana State University; 2014. Available from: etd-04072014-162250 ; https://digitalcommons.lsu.edu/gradschool_theses/1147
University of Canterbury
24.
Hong, Jin Bum.
Scalable and adaptable security modelling and analysis.
Degree: PhD, Computer Science, 2015, University of Canterbury
URL: http://dx.doi.org/10.26021/2743
► Modern networked systems are complex in such a way that assessing the security of them is a difficult task. Security models are widely used to…
(more)
▼ Modern networked systems are complex in such a way that assessing the security of them is a difficult task. Security models are widely used to analyse the security of these systems, which are capable of evaluating the complex relationship between network components. Security models can be generated by identifying vulnerabilities, threats (e.g., cyber attacks), network configurations, and reachability of network components. These network components are then combined into a single model to evaluate how an attacker may penetrate through the networked system. Further, countermeasures can be enforced to minimise cyber attacks based on security analysis. However, modern networked systems are becoming large sized and dynamic (e.g., Cloud Computing systems). As a result, existing security models suffer from scalability problem, where it becomes infeasible to use them for modern networked systems that contain hundreds and thousands of hosts and vulnerabilities. Moreover, the dynamic nature of modern networked systems requires a responsive update in the security model to monitor how these changes may affect the security, but there is a lack of capabilities to efficiently manage these changes with existing security models. In addition, existing security models do not provide functionalities to capture and analyse the security of unknown attacks, where the combined effects of both known and unknown attacks can create unforeseen attack scenarios that may not be detected or mitigated. Therefore, the three goals of this thesis are to (i) develop security modelling and analysis methods that can scale to a large number of network components and adapts to changes in the networked system; (ii) develop efficient security assessment methods to formulate countermeasures; and (iii) develop models and metrics to incorporate and assess the security of unknown attacks.
A lifecycle of security models is introduced in this thesis to concisely describe performance and functionalities of modern security models. The five phases in the lifecycle of security models are: (1) Preprocessing, (2) Generation, (3) Representation, (4) Evaluation, and (5) Modification.
To achieve goal (i), a hierarchical security model is developed to reduce the computational costs of assessing the security while maintaining all security information, where each layer captures different security information. Then, a comparative analysis is presented to show the scalability and adaptability of security models. The complexity analysis showed that the hierarchical security model has better or equivalent complexities in all phases of the lifecycle in comparison to existing security models, while the performance analysis showed that in fact it is much more scalable in practical network scenarios.
To achieve goal (ii), security assessment methods based on importance measures are developed. Network centrality measures are used to identify important hosts in the networked systems, and security metrics are used to identify important vulnerabilities in the host. Also, new…
Subjects/Keywords: adaptability; network security; scalability; security analysis; security modelling
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Hong, J. B. (2015). Scalable and adaptable security modelling and analysis. (Doctoral Dissertation). University of Canterbury. Retrieved from http://dx.doi.org/10.26021/2743
Chicago Manual of Style (16th Edition):
Hong, Jin Bum. “Scalable and adaptable security modelling and analysis.” 2015. Doctoral Dissertation, University of Canterbury. Accessed January 20, 2021.
http://dx.doi.org/10.26021/2743.
MLA Handbook (7th Edition):
Hong, Jin Bum. “Scalable and adaptable security modelling and analysis.” 2015. Web. 20 Jan 2021.
Vancouver:
Hong JB. Scalable and adaptable security modelling and analysis. [Internet] [Doctoral dissertation]. University of Canterbury; 2015. [cited 2021 Jan 20].
Available from: http://dx.doi.org/10.26021/2743.
Council of Science Editors:
Hong JB. Scalable and adaptable security modelling and analysis. [Doctoral Dissertation]. University of Canterbury; 2015. Available from: http://dx.doi.org/10.26021/2743
University of Newcastle
25.
Karmakar , Kallol Krishna.
Techniques for securing software defined networks and services.
Degree: PhD, 2019, University of Newcastle
URL: http://hdl.handle.net/1959.13/1408434
► Research Doctorate - Doctor of Philosophy (PhD)
Software Defined Network (SDN) is rapidly developing to be a disruptive technology in the world of networking. It…
(more)
▼ Research Doctorate - Doctor of Philosophy (PhD)
Software Defined Network (SDN) is rapidly developing to be a disruptive technology in the world of networking. It provides various promising features such as dynamic network programmability, network virtualisation and more effective network management. The separation of the control plane from the data plane in SDN results in the network switches becoming simpler forwarding devices with the more sophisticated control logic implemented in software in a logically centralised Controller. This decoupling in SDN enables the design of new and innovative network functions and protocols. Although SDN offers many advantages in dealing with the complexities of current networks, a critical issue in SDN at present is that of security; SDN security is still in its development stage. Securing networks is becoming more challenging to businesses, especially with bring your own devices (BYOD), increased cloud adoption and the Internet of Things (IoT). The contributions of the thesis fall in the areas of a new security architecture for distributed SDN, specification of fine-grained path and flow based security policies, security techniques for detection of attacks in distributed SDN infrastructure, trust model and key management framework for SDN as well as the application of the proposed SDN security architecture and mechanisms for managing IoT infrastructures. A major contribution is the formulation of a policy-based security architecture for a distributed SDN environment. We propose an Authorisation Policy-based Security Architecture (APbSA) which enables specification of enforceable access policy constraints on communications and flows between end users/devices and services in SDNs across multiple domains. The APbSA is a trusted component of the security architecture and forms part of the SDN Controller. Another significant component of the security architecture is the security component in the SDN switches. We have developed a security-enhanced OpenFlow switch with security component that can monitor the state of the switch and validate the flow rules as well as protect the flow traffic for confidentiality and integrity using encryption mechanisms. Policy-based language for specifying policies is another contribution of this thesis. The policy language allows fine granular policy specifications based on a variety of attributes of users, devices/switches, services, location as well as security labels associated with the switches and Controllers in different domains. A novel feature of such a language based policy approach is that it allows the specification of path and flow based policies to achieve secure flow of packets and secure management of paths in a distributed SDN. Such path based policies are not only relevant in security critical applications but also useful in normal applications which may have different requirements for different types of traffic. The proposed architecture allows secure virtual partition of the network to achieve separation of flows and services,…
Advisors/Committee Members: University of Newcastle. Faculty of Engineering & Built Environment, School of Electrical Engineering and Computing.
Subjects/Keywords: software defined network security; policy-based network security; security architecture; SDN attacks
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Karmakar , K. K. (2019). Techniques for securing software defined networks and services. (Doctoral Dissertation). University of Newcastle. Retrieved from http://hdl.handle.net/1959.13/1408434
Chicago Manual of Style (16th Edition):
Karmakar , Kallol Krishna. “Techniques for securing software defined networks and services.” 2019. Doctoral Dissertation, University of Newcastle. Accessed January 20, 2021.
http://hdl.handle.net/1959.13/1408434.
MLA Handbook (7th Edition):
Karmakar , Kallol Krishna. “Techniques for securing software defined networks and services.” 2019. Web. 20 Jan 2021.
Vancouver:
Karmakar KK. Techniques for securing software defined networks and services. [Internet] [Doctoral dissertation]. University of Newcastle; 2019. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/1959.13/1408434.
Council of Science Editors:
Karmakar KK. Techniques for securing software defined networks and services. [Doctoral Dissertation]. University of Newcastle; 2019. Available from: http://hdl.handle.net/1959.13/1408434
26.
Viduto, Valentina.
A risk assessment and optimisation model for minimising network security risk and cost.
Degree: PhD, 2012, University of Bedfordshire
URL: http://hdl.handle.net/10547/270440
► Network security risk analysis has received great attention within the scientific community, due to the current proliferation of network attacks and threats. Although, considerable effort…
(more)
▼ Network security risk analysis has received great attention within the scientific community, due to the current proliferation of network attacks and threats. Although, considerable effort has been placed on improving security best practices, insufficient effort has been expanded on seeking to understand the relationship between risk-related variables and objectives related to cost-effective network security decisions. This thesis seeks to improve the body of knowledge focusing on the trade-offs between financial costs and risk while analysing the impact an identified vulnerability may have on confidentiality, integrity and availability (CIA). Both security best practices and risk assessment methodologies have been extensively investigated to give a clear picture of the main limitations in the area of risk analysis. The work begins by analysing information visualisation techniques, which are used to build attack scenarios and identify additional threats and vulnerabilities. Special attention is paid to attack graphs, which have been used as a base to design a novel visualisation technique, referred to as an Onion Skin Layered Technique (OSLT), used to improve system knowledge as well as for threat identification. By analysing a list of threats and vulnerabilities during the first risk assessment stages, the work focuses on the development of a novel Risk Assessment and Optimisation Model (RAOM), which expands the knowledge of risk analysis by formulating a multi-objective optimisation problem, where objectives such as cost and risk are to be minimised. The optimisation routine is developed so as to accommodate conflicting objectives and to provide the human decision maker with an optimum solution set. The aim is to minimise the cost of security countermeasures without increasing the risk of a vulnerability being exploited by a threat and resulting in some impact on CIA. Due to the multi-objective nature of the problem a performance comparison between multi-objective Tabu Search (MOTS) Methods, Exhaustive Search and a multi-objective Genetic Algorithm (MOGA) has been also carried out. Finally, extensive experimentation has been carried out with both artificial and real world problem data (taken from the case study) to show that the method is capable of delivering solutions for real world problem data sets.
Subjects/Keywords: 005.8; G420 Networks and Communications; network security risk analysis; computer security; network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Viduto, V. (2012). A risk assessment and optimisation model for minimising network security risk and cost. (Doctoral Dissertation). University of Bedfordshire. Retrieved from http://hdl.handle.net/10547/270440
Chicago Manual of Style (16th Edition):
Viduto, Valentina. “A risk assessment and optimisation model for minimising network security risk and cost.” 2012. Doctoral Dissertation, University of Bedfordshire. Accessed January 20, 2021.
http://hdl.handle.net/10547/270440.
MLA Handbook (7th Edition):
Viduto, Valentina. “A risk assessment and optimisation model for minimising network security risk and cost.” 2012. Web. 20 Jan 2021.
Vancouver:
Viduto V. A risk assessment and optimisation model for minimising network security risk and cost. [Internet] [Doctoral dissertation]. University of Bedfordshire; 2012. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/10547/270440.
Council of Science Editors:
Viduto V. A risk assessment and optimisation model for minimising network security risk and cost. [Doctoral Dissertation]. University of Bedfordshire; 2012. Available from: http://hdl.handle.net/10547/270440
University of Pretoria
27.
[No author].
Link layer topology discovery in an uncooperative
ethernet environment
.
Degree: 2008, University of Pretoria
URL: http://upetd.up.ac.za/thesis/available/etd-08272008-161605/
► Knowledge of a network’s entities and the physical connections between them, a network’s physical topology, can be useful in a variety of network scenarios and…
(more)
▼ Knowledge of a network’s entities and the physical
connections between them, a network’s physical topology, can be
useful in a variety of
network scenarios and applications.
Administrators can use topology information for fault- finding,
inventorying and
network planning. Topology information can also be
used during protocol and routing algorithm development, for
performance prediction and as a basis for accurate
network
simulations. Specifically, from a
network security perspective,
threat detection,
network monitoring,
network access control and
forensic investigations can benefit from accurate
network topology
information. The dynamic nature of large networks has led to the
development of various automatic topology discovery techniques, but
these techniques have mainly focused on cooperative
network
environments where
network elements can be queried for topology
related information. The primary objective of this study is to
develop techniques for discovering the physical topology of an
Ethernet
network without the assistance of the network’s elements.
This dissertation describes the experiments performed and the
techniques developed in order to identify
network nodes and the
connections between these nodes. The product of the investigation
was the formulation of an algorithm and heuristic that, in
combination with measurement techniques, can be used for inferring
the physical topology of a target
network.
Advisors/Committee Members: Prof M S Olivier (advisor).
Subjects/Keywords: Network management;
Ethernet;
Network security;
Network topology discovery;
Network mapping;
Network monitoring;
UCTD
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
author], [. (2008). Link layer topology discovery in an uncooperative
ethernet environment
. (Masters Thesis). University of Pretoria. Retrieved from http://upetd.up.ac.za/thesis/available/etd-08272008-161605/
Chicago Manual of Style (16th Edition):
author], [No. “Link layer topology discovery in an uncooperative
ethernet environment
.” 2008. Masters Thesis, University of Pretoria. Accessed January 20, 2021.
http://upetd.up.ac.za/thesis/available/etd-08272008-161605/.
MLA Handbook (7th Edition):
author], [No. “Link layer topology discovery in an uncooperative
ethernet environment
.” 2008. Web. 20 Jan 2021.
Vancouver:
author] [. Link layer topology discovery in an uncooperative
ethernet environment
. [Internet] [Masters thesis]. University of Pretoria; 2008. [cited 2021 Jan 20].
Available from: http://upetd.up.ac.za/thesis/available/etd-08272008-161605/.
Council of Science Editors:
author] [. Link layer topology discovery in an uncooperative
ethernet environment
. [Masters Thesis]. University of Pretoria; 2008. Available from: http://upetd.up.ac.za/thesis/available/etd-08272008-161605/
University of Pretoria
28.
Delport, Johannes
Petrus.
Link layer
topology discovery in an uncooperative ethernet
environment.
Degree: Computer Science, 2008, University of Pretoria
URL: http://hdl.handle.net/2263/27589
► Knowledge of a network’s entities and the physical connections between them, a network’s physical topology, can be useful in a variety of network scenarios and…
(more)
▼ Knowledge of a network’s entities and the physical
connections between them, a network’s physical topology, can be
useful in a variety of
network scenarios and applications.
Administrators can use topology information for fault- finding,
inventorying and
network planning. Topology information can also be
used during protocol and routing algorithm development, for
performance prediction and as a basis for accurate
network
simulations. Specifically, from a
network security perspective,
threat detection,
network monitoring,
network access control and
forensic investigations can benefit from accurate
network topology
information. The dynamic nature of large networks has led to the
development of various automatic topology discovery techniques, but
these techniques have mainly focused on cooperative
network
environments where
network elements can be queried for topology
related information. The primary objective of this study is to
develop techniques for discovering the physical topology of an
Ethernet
network without the assistance of the network’s elements.
This dissertation describes the experiments performed and the
techniques developed in order to identify
network nodes and the
connections between these nodes. The product of the investigation
was the formulation of an algorithm and heuristic that, in
combination with measurement techniques, can be used for inferring
the physical topology of a target
network.
Advisors/Committee Members: Prof M S Olivier (advisor).
Subjects/Keywords: Network
management;
Ethernet; Network
security; Network
topology discovery; Network
mapping; Network
monitoring;
UCTD
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Delport, J. (2008). Link layer
topology discovery in an uncooperative ethernet
environment. (Masters Thesis). University of Pretoria. Retrieved from http://hdl.handle.net/2263/27589
Chicago Manual of Style (16th Edition):
Delport, Johannes. “Link layer
topology discovery in an uncooperative ethernet
environment.” 2008. Masters Thesis, University of Pretoria. Accessed January 20, 2021.
http://hdl.handle.net/2263/27589.
MLA Handbook (7th Edition):
Delport, Johannes. “Link layer
topology discovery in an uncooperative ethernet
environment.” 2008. Web. 20 Jan 2021.
Vancouver:
Delport J. Link layer
topology discovery in an uncooperative ethernet
environment. [Internet] [Masters thesis]. University of Pretoria; 2008. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/2263/27589.
Council of Science Editors:
Delport J. Link layer
topology discovery in an uncooperative ethernet
environment. [Masters Thesis]. University of Pretoria; 2008. Available from: http://hdl.handle.net/2263/27589
University of Bradford
29.
Miskeen, Guzlan Mohamed Alzaroug.
Performance and security trade-offs in high-speed networks : an investigation into the performance and security modelling and evaluation of high-speed networks based on the quantitative analysis and experimentation of queueing networks and generalised stochastic Petri nets.
Degree: PhD, 2013, University of Bradford
URL: http://hdl.handle.net/10454/6362
► Most used security mechanisms in high-speed networks have been adopted without adequate quantification of their impact on performance degradation. Appropriate quantitative network models may be…
(more)
▼ Most used security mechanisms in high-speed networks have been adopted without adequate quantification of their impact on performance degradation. Appropriate quantitative network models may be employed for the evaluation and prediction of 'optimal' performance vs. security trade-offs. Several quantitative models introduced in the literature are based on queueing networks (QNs) and generalised stochastic Petri nets (GSPNs). However, these models do not take into consideration Performance Engineering Principles (PEPs) and the adverse impact of traffic burstiness and security protocols on performance. The contributions of this thesis are based on the development of an effective quantitative methodology for the analysis of arbitrary QN models and GSPNs through discrete-event simulation (DES) and extended applications into performance vs. security trade-offs involving infrastructure and infrastructure-less high-speed networks under bursty traffic conditions. Specifically, investigations are carried out focusing, for illustration purposes, on high-speed network routers subject to Access Control List (ACL) and also Robotic Ad Hoc Networks (RANETs) with Wired Equivalent Privacy (WEP) and Selective Security (SS) protocols, respectively. The Generalised Exponential (GE) distribution is used to model inter-arrival and service times at each node in order to capture the traffic burstiness of the network and predict pessimistic 'upper bounds' of network performance. In the context of a router with ACL mechanism representing an infrastructure network node, performance degradation is caused due to high-speed incoming traffic in conjunction with ACL security computations making the router a bottleneck in the network. To quantify and predict the trade-off of this degradation, the proposed quantitative methodology employs a suitable QN model consisting of two queues connected in a tandem configuration. These queues have single or quad-core CPUs with multiple-classes and correspond to a security processing node and a transmission forwarding node. First-Come-First-Served (FCFS) and Head-of-the-Line (HoL) are the adopted service disciplines together with Complete Buffer Sharing (CBS) and Partial Buffer Sharing (PBS) buffer management schemes. The mean response time and packet loss probability at each queue are employed as typical performance metrics. Numerical experiments are carried out, based on DES, in order to establish a balanced trade-off between security and performance towards the design and development of efficient router architectures under bursty traffic conditions. The proposed methodology is also applied into the evaluation of performance vs. security trade-offs of robotic ad hoc networks (RANETs) with mobility subject to Wired Equivalent Privacy (WEP) and Selective Security (SS) protocols. WEP protocol is engaged to provide confidentiality and integrity to exchanged data amongst robotic nodes of a RANET and thus, to prevent data capturing by unauthorised users. WEP security mechanisms in RANETs, as infrastructure-less…
Subjects/Keywords: 004; Performance; Security; High-speed network; Queueing network; Generalised stochastic; Petri net; Network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Miskeen, G. M. A. (2013). Performance and security trade-offs in high-speed networks : an investigation into the performance and security modelling and evaluation of high-speed networks based on the quantitative analysis and experimentation of queueing networks and generalised stochastic Petri nets. (Doctoral Dissertation). University of Bradford. Retrieved from http://hdl.handle.net/10454/6362
Chicago Manual of Style (16th Edition):
Miskeen, Guzlan Mohamed Alzaroug. “Performance and security trade-offs in high-speed networks : an investigation into the performance and security modelling and evaluation of high-speed networks based on the quantitative analysis and experimentation of queueing networks and generalised stochastic Petri nets.” 2013. Doctoral Dissertation, University of Bradford. Accessed January 20, 2021.
http://hdl.handle.net/10454/6362.
MLA Handbook (7th Edition):
Miskeen, Guzlan Mohamed Alzaroug. “Performance and security trade-offs in high-speed networks : an investigation into the performance and security modelling and evaluation of high-speed networks based on the quantitative analysis and experimentation of queueing networks and generalised stochastic Petri nets.” 2013. Web. 20 Jan 2021.
Vancouver:
Miskeen GMA. Performance and security trade-offs in high-speed networks : an investigation into the performance and security modelling and evaluation of high-speed networks based on the quantitative analysis and experimentation of queueing networks and generalised stochastic Petri nets. [Internet] [Doctoral dissertation]. University of Bradford; 2013. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/10454/6362.
Council of Science Editors:
Miskeen GMA. Performance and security trade-offs in high-speed networks : an investigation into the performance and security modelling and evaluation of high-speed networks based on the quantitative analysis and experimentation of queueing networks and generalised stochastic Petri nets. [Doctoral Dissertation]. University of Bradford; 2013. Available from: http://hdl.handle.net/10454/6362
Kansas State University
30.
Zhuang, Rui.
A theory for
understanding and quantifying moving target defense.
Degree: PhD, Computing and Information
Sciences, 2015, Kansas State University
URL: http://hdl.handle.net/2097/20525
► The static nature of cyber systems gives attackers a valuable and asymmetric advantage - time. To eliminate this asymmetric advantage, a new approach, called Moving…
(more)
▼ The static nature of cyber systems gives attackers a
valuable and asymmetric advantage - time. To eliminate this
asymmetric advantage, a new approach, called Moving Target Defense
(MTD) has emerged as a potential solution. MTD system seeks to
proactively change system configurations to invalidate the
knowledge learned by the attacker and force them to spend more
effort locating and re-locating vulnerabilities. While it sounds
promising, the approach is so new that there is no standard
definition of what an MTD is, what is
meant by diversification and
randomization, or what metrics to define the effectiveness of such
systems. Moreover, the changing nature of MTD violates two basic
assumptions about the conventional attack surface notion. One is
that the attack surface remains unchanged during an attack and the
second is that it is always reachable. Therefore, a new attack
surface definition is needed.
To address these issues, I propose
that a theoretical framework for MTD be defined. The framework
should clarify the most basic questions such as what an MTD system
is and its properties such as adaptation, diversification and
randomization. The framework should reveal what is meant by gaining
and losing knowledge, and what are different attack types. To
reason over the interactions between attacker and MTD system, the
framework should define key concepts such as attack surface,
adaptation surface and engagement
surface. Based on that, this
framework should allow MTD system designers to decide how to use
existing configuration choices and functionality diversification to
increase
security. It should allow them to analyze the
effectiveness of adapting various combinations of different
configuration aspects to thwart different types of attacks. To
support analysis, the frame-
work should include an analytical
model that can be used by designers to determine how different
parameter settings will impact system
security.
Advisors/Committee Members: Scott A. DeLoach.
Subjects/Keywords: Moving
Target Defense; Network
Security; Computer
Security; Science of
Security; Cloud
Security; Computer Science (0984)
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Zhuang, R. (2015). A theory for
understanding and quantifying moving target defense. (Doctoral Dissertation). Kansas State University. Retrieved from http://hdl.handle.net/2097/20525
Chicago Manual of Style (16th Edition):
Zhuang, Rui. “A theory for
understanding and quantifying moving target defense.” 2015. Doctoral Dissertation, Kansas State University. Accessed January 20, 2021.
http://hdl.handle.net/2097/20525.
MLA Handbook (7th Edition):
Zhuang, Rui. “A theory for
understanding and quantifying moving target defense.” 2015. Web. 20 Jan 2021.
Vancouver:
Zhuang R. A theory for
understanding and quantifying moving target defense. [Internet] [Doctoral dissertation]. Kansas State University; 2015. [cited 2021 Jan 20].
Available from: http://hdl.handle.net/2097/20525.
Council of Science Editors:
Zhuang R. A theory for
understanding and quantifying moving target defense. [Doctoral Dissertation]. Kansas State University; 2015. Available from: http://hdl.handle.net/2097/20525
◁ [1] [2] [3] [4] [5] … [40] ▶
. 
Open Access Theses and Dissertations
