Matching Items (7)
Filtering by
- Creators: School of Mathematical and Statistical Sciences
- Member of: Theses and Dissertations
- Status: Published
Description
Modern computer processors contain an embedded firmware known as microcode that controls decode and execution of x86 instructions. Although proprietary and relatively obscure, this microcode can be modified using updates released by hardware manufacturers to correct processor logic flaws (errata). At the same time, a malicious microcode update could compromise a processor by implementing new malicious instructions or altering the functionality of existing instructions, including processor-accelerated virtualization or cryptographic primitives. Not only is this attack vector capable of subverting all software-enforced security policies and access controls, but it also leaves behind no postmortem forensic evidence since the write-only patch memory is cleared upon system reset. Although supervisor privileges (ring zero) are required to update processor microcode, this attack cannot be easily mitigated due to the implementation of microcode update functionality within processor silicon. In this paper, we reveal the microarchitecture and mechanism of microcode updates, present a security analysis of this attack vector, and provide some mitigation suggestions.
ContributorsChen, Daming Dominic (Author) / Ahn, Gail-Joon (Thesis director) / Lee, Joohyung (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor) / School of International Letters and Cultures (Contributor) / School of Mathematical and Statistical Sciences (Contributor)
Created2014-05
Description
We discuss processes involved in user-centric security design, including the synthesis of goals based on security and usability tasks. We suggest the usage of implicit security and the facilitation of secureuser actions. We propose a process for evaluating usability flaws by treating them as security threats and adapting traditional HCI methods. We discuss how to correct these flaws once they are discovered. Finally, we discuss the Usable Security Development Model for developing usable secure systems.
ContributorsJorgensen, Jan Drake (Author) / Ahn, Gail-Joon (Thesis director) / VanLehn, Kurt (Committee member) / Wilkerson, Kelly (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2013-05
Description
Smartphones have become increasingly common over the past few years, and mobile games continue to be the most common type of application (Apple, Inc., 2013). For many people, the social aspect of gaming is very important, and thus most mobile games include support for playing with multiple players. However, there is a lack of common knowledge about which implementation of this functionality is most favorable from a development standpoint. In this study, we evaluate three different types of multiplayer gameplay (pass-and-play, Bluetooth, and GameCenter) via development cost and user interviews. We find that pass-and-play, the most easily-implemented mode, is not favored by players due to its inconvenience. We also find that GameCenter is not as well favored as expected due to latency of GameCenter's servers, and that Bluetooth multiplayer is the most well favored for social play due to its similarity to real-life play. Despite there being a large overhead in developing and testing Bluetooth and GameCenter multiplayer due to Apple's development process, this is irrelevant since professional developers must enroll in this process anyway. Therefore, the most effective multiplayer mode to develop is mostly determined by whether Internet play is desirable: Bluetooth if not, GameCenter if so. Future studies involving more complete development work and more types of multiplayer modes could yield more promising results.
ContributorsBradley, Michael Robert (Author) / Collofello, James (Thesis director) / Wilkerson, Kelly (Committee member) / Barrett, The Honors College (Contributor) / School of Mathematical and Statistical Sciences (Contributor) / Computer Science and Engineering Program (Contributor)
Created2013-12
Description
Ethereum smart contracts are susceptible not only to those vulnerabilities common to all software development domains, but also to those arising from the peculiar execution model of the Ethereum Virtual Machine. One of these vulnerabilities, a susceptibility to re-entrancy attacks, has been at the center of several high-profile contract exploits. Currently, there exist many tools to detect these vulnerabilties, as well as languages which preempt the creation of contracts exhibiting these issues, but no mechanism to address them in an automated fashion. One possible approach to filling this gap is direct patching of source files. The process of applying these patches to contracts written in Solidity, the primary Ethereum contract language, is discussed. Toward this end, a survey of deployed contracts is conducted, focusing on prevalence of language features and compiler versions. A heuristic approach to mitigating a particular class of re-entrancy vulnerability is developed, implemented as the SolPatch tool, and examined with respect to its limitations. As a proof of concept and illustrative example, a simplified version of the contract featured in a high-profile exploit is patched in this manner.
ContributorsLehman, Maxfield Chance Christian (Author) / Bazzi, Rida (Thesis director) / Doupe, Adam (Committee member) / School of Mathematical and Statistical Sciences (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2018-12
Description
Due to its difficult nature, organic chemistry is receiving much research attention across the nation to develop more efficient and effective means to teach it. As part of that, Dr. Ian Gould at ASU is developing an online organic chemistry educational website that provides help to students, adapts to their responses, and collects data about their performance. This thesis creative project addresses the design and implementation of an input parser for organic chemistry reagent questions, to appear on his website. After students used the form to submit questions throughout the Spring 2013 semester in Dr. Gould's organic chemistry class, the data gathered from their usage was analyzed, and feedback was collected. The feedback obtained from students was positive, and suggested that the input parser accomplished the educational goals that it sought to meet.
ContributorsBeerman, Eric Christopher (Author) / Gould, Ian (Thesis director) / Wilkerson, Kelly (Committee member) / Mosca, Vince (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2013-05
Description
This paper explores policies for the management of oil wealth in Norway, Mexico, and Russia, and applies them to the situation in Kazakhstan to create policy guidelines to improve the management of oil wealth in Kazakhstan. Ultimately the paper recommends that Kazakhstan transfer oil wealth to the oil stabilization fund directly, that it increase the cap on annual transfers from the fund to the budget to 11 billion dollars, and that it create strict policies for the promotion of growth.
ContributorsHoyt, Christian Thomas (Co-author) / McCarty, Mark (Co-author) / Mendez, Jose (Thesis director) / Schoellman, Todd (Committee member) / Moldabekova, Saule (Committee member) / Barrett, The Honors College (Contributor) / School of International Letters and Cultures (Contributor) / School of Mathematical and Statistical Sciences (Contributor) / Economics Program in CLAS (Contributor)
Created2013-05
Description
The outlying cities of Phoenix's West Metropolitan experienced rapid growth in the past ten years. This trend is only going to continue with an average expected growth of 449-891% between 2000 and 2035 (ADOT, 2012). Phoenix is not new to growth and has consistently seen swaths of people added to its population. This raises the question of what happened to the people who lived in Phoenix's West Valley during this period of rapid change and growth in their communities? What are their stories and what do their stories reveal about the broader public history of change in Phoenix's West Valley? In consideration of these questions, the community oral histories of eight residents from the West Valley were collected to add historical nuance to the limited archival records available in the area. From this collection, the previous notion of "post-war boomtowns” describing Phoenix’s West Valley was revealed to be highly inaccurate and dismissive of the residents' experiences who lived and formed their lives there.
ContributorsGeiser, Samantha (Author) / Campanile, Isabella (Co-author) / Martinez Orozco, Rafael (Thesis director) / O'Flaherty, Katherine (Committee member) / Barrett, The Honors College (Contributor) / Chemical Engineering Program (Contributor) / School of Mathematical and Statistical Sciences (Contributor)
Created2022-05