Matching Items (236)
Filtering by

Clear all filters

152590-Thumbnail Image.png

Automated testing for RBAC policies

Description
Access control is necessary for information assurance in many of today's applications such as banking and electronic health record. Access control breaches are critical security problems that can result from unintended and improper implementation of security policies. Security testing can help identify security vulnerabilities early and avoid unexpected expensive cost

Access control is necessary for information assurance in many of today's applications such as banking and electronic health record. Access control breaches are critical security problems that can result from unintended and improper implementation of security policies. Security testing can help identify security vulnerabilities early and avoid unexpected expensive cost in handling breaches for security architects and security engineers. The process of security testing which involves creating tests that effectively examine vulnerabilities is a challenging task. Role-Based Access Control (RBAC) has been widely adopted to support fine-grained access control. However, in practice, due to its complexity including role management, role hierarchy with hundreds of roles, and their associated privileges and users, systematically testing RBAC systems is crucial to ensure the security in various domains ranging from cyber-infrastructure to mission-critical applications. In this thesis, we introduce i) a security testing technique for RBAC systems considering the principle of maximum privileges, the structure of the role hierarchy, and a new security test coverage criterion; ii) a MTBDD (Multi-Terminal Binary Decision Diagram) based representation of RBAC security policy including RHMTBDD (Role Hierarchy MTBDD) to efficiently generate effective positive and negative security test cases; and iii) a security testing framework which takes an XACML-based RBAC security policy as an input, parses it into a RHMTBDD representation and then generates positive and negative test cases. We also demonstrate the efficacy of our approach through case studies.
ContributorsGupta, Poonam (Author) / Ahn, Gail-Joon (Thesis advisor) / Collofello, James (Committee member) / Huang, Dijiang (Committee member) / Arizona State University (Publisher)
Created2014
150987-Thumbnail Image.png

Confidentiality protection of user data and adaptive resource allocation for managing multiple workflow performance in service-based systems

Description
In this dissertation, two interrelated problems of service-based systems (SBS) are addressed: protecting users' data confidentiality from service providers, and managing performance of multiple workflows in SBS. Current SBSs pose serious limitations to protecting users' data confidentiality. Since users' sensitive data is sent in unencrypted forms to remote machines owned

In this dissertation, two interrelated problems of service-based systems (SBS) are addressed: protecting users' data confidentiality from service providers, and managing performance of multiple workflows in SBS. Current SBSs pose serious limitations to protecting users' data confidentiality. Since users' sensitive data is sent in unencrypted forms to remote machines owned and operated by third-party service providers, there are risks of unauthorized use of the users' sensitive data by service providers. Although there are many techniques for protecting users' data from outside attackers, currently there is no effective way to protect users' sensitive data from service providers. In this dissertation, an approach is presented to protecting the confidentiality of users' data from service providers, and ensuring that service providers cannot collect users' confidential data while the data is processed or stored in cloud computing systems. The approach has four major features: (1) separation of software service providers and infrastructure service providers, (2) hiding the information of the owners of data, (3) data obfuscation, and (4) software module decomposition and distributed execution. Since the approach to protecting users' data confidentiality includes software module decomposition and distributed execution, it is very important to effectively allocate the resource of servers in SBS to each of the software module to manage the overall performance of workflows in SBS. An approach is presented to resource allocation for SBS to adaptively allocating the system resources of servers to their software modules in runtime in order to satisfy the performance requirements of multiple workflows in SBS. Experimental results show that the dynamic resource allocation approach can substantially increase the throughput of a SBS and the optimal resource allocation can be found in polynomial time
ContributorsAn, Ho Geun (Author) / Yau, Sik-Sang (Thesis advisor) / Huang, Dijiang (Committee member) / Ahn, Gail-Joon (Committee member) / Santanam, Raghu (Committee member) / Arizona State University (Publisher)
Created2012
134879-Thumbnail Image.png

Memory Inspection Resistant Rootkit: An implementation and analysis

Description
The purpose of this project was to implement and analyze a new proposed rootkit that claims a greater level of stealth by hiding in cache. Today, the vast majority of embedded devices are powered by ARM processors. To protect their processors from attacks, ARM introduced a hardware security extension known

The purpose of this project was to implement and analyze a new proposed rootkit that claims a greater level of stealth by hiding in cache. Today, the vast majority of embedded devices are powered by ARM processors. To protect their processors from attacks, ARM introduced a hardware security extension known as TrustZone. It provides an isolated execution environment within the embedded device that enables us to run various memory integrity and malware detection tools to identify possible breaches in security to the normal world. Although TrustZone provides this additional layer of security, it also adds another layer of complexity, and thus comes with its own set of vulnerabilities. This new rootkit identifies and exploits a cache incoherence in the ARM device as a result of TrustZone. The newly proposed rootkit, called CacheKit, takes advantage of this cache incoherence to avoid memory introspection from tools in secure world. We implement CacheKit on the i.MX53 development board, which features a single ARM Cortex A8 processor, to analyze the limitations and vulnerabilities described in the original paper. We set up the Linux environment on the computer to be able to cross-compile for the development board which will be running the FreeScale android 2.3.4 platform with a 2.6.33 Linux kernel. The project is implemented as a kernel module that once installed on the board can manipulate cache as desired to conceal the rootkit. The module exploits the fact that in TrustZone, the secure world does not have access to the normal world cache. First, a technique known as Cache-asRAM is used to ensure that the rootkit is loaded only into cache of the normal world where it can avoid detection from the secure world. Then, we employ the cache maintenance instructions and resisters provided in the cp15 coprocessor to keep the code persistent in cache. Furthermore, the cache lines are mapped to unused I/O address space so that if cache content is flushed to RAM for inspection, the data is simply lost. This ensures that even if the rootkit were to be flushed into memory, any trace of the malicious code would be lost. CacheKit prevents defenders from analyzing the code and destroys any forensic evidence. This provides attackers with a new and powerful tool that is excellent for certain scenarios that were previously thought to be secure. Finally, we determine the limitations of the prototype to determine possible areas for future growth and research into the security of networked embedded devices.
ContributorsGutierrez Barnett, Mauricio Antonio (Author) / Zhao, Ziming (Thesis director) / Doupe, Adam (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-12
147879-Thumbnail Image.png

Walker Norris

Description

Extreme heat is the deadliest weather and climate-related hazard in the United States, and the threat it poses to urban residents is rising. City planners increasingly recognize these risks and are taking action to mitigate them. However, the COVID-19 pandemic has disrupted many plans. Building on a

Extreme heat is the deadliest weather and climate-related hazard in the United States, and the threat it poses to urban residents is rising. City planners increasingly recognize these risks and are taking action to mitigate them. However, the COVID-19 pandemic has disrupted many plans. Building on a previous survey which queried city planners from across the United States about how concerned they were about extreme heat, and their heat management efforts. This thesis examines how these perceptions and efforts have changed in the face of the COVID-19 pandemic. In general, it was found that public spaces which would typically have been used to shelter individuals from extreme heat conditions were closed to mitigate close-contact and to encourage social distancing. Furthermore, priorities were changed as the presence of the virus became commonplace, with plans being altered, delayed, or shelved to diverge more time and effort towards the crisis at hand. Working environments and conditions also changed, which in several cases led to technological shortcomings, resulting in further delays. Finally, most planners had attained a surface-level understanding of which socio-economic groups were most impacted by both COVID-19 and extreme heat, in congruence with the current literature written on the topic. Generally, it appears that planners feel that the impact of COVID-19 on heat planning efforts has been limited.
ContributorsNorris, Walker Yale (Author) / Meerow, Sara (Thesis director) / Keith, Ladd (Committee member) / Dean, W.P. Carey School of Business (Contributor) / Barrett, The Honors College (Contributor)
Created2021-05
147893-Thumbnail Image.png

The Making of a COVID-19 Lab: A Business Exploration

Description

For our project, we explored the growth of the ASU BioDesign Clinical Testing Laboratory (ABCTL) from a standard university research lab to a COVID-19 testing facility through a business lens. The lab has pioneered the saliva-test in the Western United States. This thesis analyzes the laboratory from various business concepts

For our project, we explored the growth of the ASU BioDesign Clinical Testing Laboratory (ABCTL) from a standard university research lab to a COVID-19 testing facility through a business lens. The lab has pioneered the saliva-test in the Western United States. This thesis analyzes the laboratory from various business concepts and aspects. The business agility of the lab and it’s quickness to innovation has allowed the lab to enjoy great success. Looking into the future, the laboratory has a promising future and will need to answer many questions to remain the premier COVID-19 testing institution in Arizona.
ContributorsQian, Michael (Co-author) / Cosgrove, Samuel (Co-author) / English, Corinne (Co-author) / Agee, Claire (Co-author) / Mattson, Kyle (Co-author) / Compton, Carolyn (Thesis director) / Schneller, Eugene (Committee member) / School of Accountancy (Contributor) / Department of Finance (Contributor) / Department of Information Systems (Contributor) / Barrett, The Honors College (Contributor)
Created2021-05
147895-Thumbnail Image.png

The Making of a COVID-19 Lab: A Business Exploration

Description

For our project, we explored the growth of the ASU BioDesign Clinical Testing Laboratory (ABCTL) from a standard university research lab to a COVID-19 testing facility through a business lens. The lab has pioneered the saliva-test in the Western United States. This thesis analyzes the laboratory from various business concepts

For our project, we explored the growth of the ASU BioDesign Clinical Testing Laboratory (ABCTL) from a standard university research lab to a COVID-19 testing facility through a business lens. The lab has pioneered the saliva-test in the Western United States. This thesis analyzes the laboratory from various business concepts and aspects. The business agility of the lab and it’s quickness to innovation has allowed the lab to enjoy great success. Looking into the future, the laboratory has a promising future and will need to answer many questions to remain the premier COVID-19 testing institution in Arizona.
ContributorsEnglish, Corinne (Co-author) / Cosgrove, Samuel (Co-author) / Mattson, Kyle (Co-author) / Agee, Claire (Co-author) / Qian, Michael (Co-author) / Compton, Carolyn (Thesis director) / Schneller, Eugene (Committee member) / Department of Information Systems (Contributor) / Department of Supply Chain Management (Contributor) / Dean, W.P. Carey School of Business (Contributor) / Barrett, The Honors College (Contributor)
Created2021-05
147906-Thumbnail Image.png

The Making of a COVID-19 Lab: A Business Exploration

Description

For our project, we explored the growth of the ASU BioDesign Clinical Testing Laboratory (ABCTL) from a standard university research lab to a COVID-19 testing facility through a business lens. The lab has pioneered the saliva-test in the Western United States. This thesis analyzes the laboratory from various business concepts

For our project, we explored the growth of the ASU BioDesign Clinical Testing Laboratory (ABCTL) from a standard university research lab to a COVID-19 testing facility through a business lens. The lab has pioneered the saliva-test in the Western United States. This thesis analyzes the laboratory from various business concepts and aspects. The business agility of the lab and it’s quickness to innovation has allowed the lab to enjoy great success. Looking into the future, the laboratory has a promising future and will need to answer many questions to remain the premier COVID-19 testing institution in Arizona.
ContributorsAgee, Claire (Co-author) / English, Corinne (Co-author) / Mattson, Kyle (Co-author) / Qian, Michael (Co-author) / Cosgrove, Samuel (Co-author) / Compton, Carolyn (Thesis director) / Schneller, Eugene (Committee member) / Department of Finance (Contributor) / Department of Supply Chain Management (Contributor) / Barrett, The Honors College (Contributor)
Created2021-05
147907-Thumbnail Image.png

The Making of a COVID-19 Lab: A Business Exploration

Description

For our project, we explored the growth of the ASU BioDesign Clinical Testing Laboratory (ABCTL) from a standard university research lab to a COVID-19 testing facility through a business lens. The lab has pioneered the saliva-test in the Western United States. This thesis analyzes the laboratory from various business concepts

For our project, we explored the growth of the ASU BioDesign Clinical Testing Laboratory (ABCTL) from a standard university research lab to a COVID-19 testing facility through a business lens. The lab has pioneered the saliva-test in the Western United States. This thesis analyzes the laboratory from various business concepts and aspects. The business agility of the lab and it’s quickness to innovation has allowed the lab to enjoy great success. Looking into the future, the laboratory has a promising future and will need to answer many questions to remain the premier COVID-19 testing institution in Arizona.
ContributorsMattson, Kyle (Co-author) / Agee, Claire (Co-author) / English, Corinne (Co-author) / Cosgrove, Samuel (Co-author) / Compton, Carolyn (Thesis director) / Schneller, Eugene (Committee member) / Department of Marketing (Contributor) / Department of Supply Chain Management (Contributor) / Barrett, The Honors College (Contributor)
Created2021-05
148381-Thumbnail Image.png

An Analysis of Healthcare Capital Equipment Planning and Healthcare Software Implementation

Description

Healthcare facilities are essential for any community, and they must stay up-to-date with the latest equipment and technology. They provide necessary resources for keeping populations healthy and safe. In order to provide healthcare services, these healthcare facilities must be adequately equipped with appropriate physical capital as well as software to

Healthcare facilities are essential for any community, and they must stay up-to-date with the latest equipment and technology. They provide necessary resources for keeping populations healthy and safe. In order to provide healthcare services, these healthcare facilities must be adequately equipped with appropriate physical capital as well as software to meet the demands of their patients. Healthcare capital equipment planning involves building up a facility with all it’s equipment and is a part of the healthcare supply chain. Attainia is a healthcare capital equipment planning software used to assist equipment planners in organizing the procurement of equipment for their projects. Attainia has a large amount of data about the capital equipment supply chain through the Attainia equipment catalog. Analysis of this catalog data reveals different patterns in the spending patterns of capital equipment planners as well as trends in the supplier offerings. Since Attainia itself is a software, Attainia’s users have experience with implementing and integrating software into healthcare IT solutions. Their experiences give some insight into the complex nature of software implementations at healthcare facilities. The COVID-19 pandemic has affected healthcare facilities all over the world. Impacting the supply chain and hitting hospitals’ finances, COVID-19 has drastically changed many parts of the healthcare system. This paper will examine some of these ongoing effects from COVID-19 along with analysis on capital equipment planning, supply chain, and healthcare software implementation.
ContributorsShah, Shailee (Author) / Pye, Jessica (Thesis director) / Roumina, Kavous (Committee member) / School of International Letters and Cultures (Contributor) / Department of Information Systems (Contributor, Contributor) / Barrett, The Honors College (Contributor)
Created2021-05
148391-Thumbnail Image.png

An Assessment of Arizona College Students’ Knowledge, Preventative Strategies, Preparedness, and Risk Perception during Covid-19

Description

The SARS-CoV-2 (Covid-19) virus has had severe impacts on college students' ways of life. To examine how students were coping and perceiving the Covid-19 pandemic, a secondary analysis of an online survey across the three Arizona public universities investigated students’ knowledge about Covid-19, engagement with preventive strategies, pandemic preparedness and

The SARS-CoV-2 (Covid-19) virus has had severe impacts on college students' ways of life. To examine how students were coping and perceiving the Covid-19 pandemic, a secondary analysis of an online survey across the three Arizona public universities investigated students’ knowledge about Covid-19, engagement with preventive strategies, pandemic preparedness and gauged their risk perception. Results from our analysis indicate that the students were knowledgeable about Covid-19 and were changing their habits and engaging with preventive measures. Results further suggest that students were prepared for the pandemic in terms of resources and were exhibiting high-risk perceptions. The data also revealed that students who were being cautious and engaging with preventive behaviors had a higher risk-perception than individuals who were not. As for individuals who were prepared for the pandemic in terms of supplies, their risk perception was similar to those who did not have supplies. Individuals who were prepared and capable of providing a single caretaker to tend to their sick household members and isolate them in a separate room had a higher risk perception than those who could not. These results can help describe how college students will react to a future significant event, what resources students may be in need of, and how universities can take additional steps to keep their students safe and healthy. The results from this study and recommendations will provide for a stronger and more understanding campus community during times of distress and can improve upon already established university protocols for health crises and even natural disasters.
ContributorsNaqvi, Avina Itrat (Co-author) / Shaikh, Sara (Co-author) / Jehn, Megan (Thesis director) / Adams, Marc (Committee member) / School of Life Sciences (Contributor) / School of Human Evolution & Social Change (Contributor) / Barrett, The Honors College (Contributor)
Created2021-05