Matching Items (19)
Filtering by
- All Subjects: Computer Science
- All Subjects: Security
- Creators: Chen, Yinong
- Creators: Ahn, Gail-Joon
- Member of: Barrett, The Honors College Thesis/Creative Project Collection
Description
Education in computer science is a difficult endeavor, with learning a new programing language being a barrier to entry, especially for college freshman and high school students. Learning a first programming language requires understanding the syntax of the language, the algorithms to use, and any additional complexities the language carries. Often times this becomes a deterrent from learning computer science at all. Especially in high school, students may not want to spend a year or more simply learning the syntax of a programming language. In order to overcome these issues, as well as to mitigate the issues caused by Microsoft discontinuing their Visual Programming Language (VPL), we have decided to implement a new VPL, ASU-VPL, based on Microsoft's VPL. ASU-VPL provides an environment where users can focus on algorithms and worry less about syntactic issues. ASU-VPL was built with the concepts of Robot as a Service and workflow based development in mind. As such, ASU-VPL is designed with the intention of allowing web services to be added to the toolbox (e.g. WSDL and REST services). ASU-VPL has strong support for multithreaded operations, including event driven development, and is built with Microsoft VPL users in mind. It provides support for many different robots, including Lego's third generation robots, i.e. EV3, and any open platform robots. To demonstrate the capabilities of ASU-VPL, this paper details the creation of an Intel Edison based robot and the use of ASU-VPL for programming both the Intel based robot and an EV3 robot. This paper will also discuss differences between ASU-VPL and Microsoft VPL as well as differences between developing for the EV3 and for an open platform robot.
ContributorsDe Luca, Gennaro (Author) / Chen, Yinong (Thesis director) / Cheng, Calvin (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2015-12
Description
Radio Frequency Identification (RFID) technology allows objects to be identified electronically by way of a small electronic tag. RFID is quickly becoming quite popular, and there are many security hurdles for this technology to overcome. The iCLASS line of RFID, produced by HID Global, is one such technology that is widely used for secure access control and applications where a contactless authentication element is desirable. Unfortunately, iCLASS has been shown to have security issues. Nevertheless customers continue to use it because of the great cost that would be required to completely replace it. This Honors Thesis will address attacks against iCLASS and means for countering them that do not require such an overhaul.
ContributorsMellott, Matthew John (Author) / Ahn, Gail-Joon (Thesis director) / Thorstenson, Tina (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2014-05
Description
Modern computer processors contain an embedded firmware known as microcode that controls decode and execution of x86 instructions. Although proprietary and relatively obscure, this microcode can be modified using updates released by hardware manufacturers to correct processor logic flaws (errata). At the same time, a malicious microcode update could compromise a processor by implementing new malicious instructions or altering the functionality of existing instructions, including processor-accelerated virtualization or cryptographic primitives. Not only is this attack vector capable of subverting all software-enforced security policies and access controls, but it also leaves behind no postmortem forensic evidence since the write-only patch memory is cleared upon system reset. Although supervisor privileges (ring zero) are required to update processor microcode, this attack cannot be easily mitigated due to the implementation of microcode update functionality within processor silicon. In this paper, we reveal the microarchitecture and mechanism of microcode updates, present a security analysis of this attack vector, and provide some mitigation suggestions.
ContributorsChen, Daming Dominic (Author) / Ahn, Gail-Joon (Thesis director) / Lee, Joohyung (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor) / School of International Letters and Cultures (Contributor) / School of Mathematical and Statistical Sciences (Contributor)
Created2014-05
Description
We discuss processes involved in user-centric security design, including the synthesis of goals based on security and usability tasks. We suggest the usage of implicit security and the facilitation of secureuser actions. We propose a process for evaluating usability flaws by treating them as security threats and adapting traditional HCI methods. We discuss how to correct these flaws once they are discovered. Finally, we discuss the Usable Security Development Model for developing usable secure systems.
ContributorsJorgensen, Jan Drake (Author) / Ahn, Gail-Joon (Thesis director) / VanLehn, Kurt (Committee member) / Wilkerson, Kelly (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2013-05
Description
Alife is an event searching and event publishing website written in C# using the MVC software design pattern. Alife aims to offer a platform for student organizations to publish their events while enabling ASU students to browse, search, and filter events based on date, location, keywords, and category tags. Alife can also retrieve events information from the official ASU Event website, parse the keywords of the events and assign category tags to them. Alife project explores many concepts of Distributed Service-Oriented software development, such as server-side development, MVC architecture, client-side development, database integration, web service development and consuming.
ContributorsWu, Mengqi (Author) / Chen, Yinong (Thesis director) / Feng, Xuerong (Committee member) / Computer Science and Engineering Program (Contributor, Contributor) / Barrett, The Honors College (Contributor)
Created2020-05
Description
Learning to code is a skill that is becoming increasing needed as technology advances, yet is absent in traditional education. This thesis aims to provide a resource for middle school teachers to introduce programming skills and concepts to their students over several lessons designed to fit within the constraints of a standard class period. By targeting students in middle school, if they develop an interest, they will have enough time in middle or high school to prepare themselves for a degree in Computer Science or to complete a programming boot camp after they graduate high school. Additionally, middle school students are old enough to understand challenging programming concepts and work together to solve a programming challenge. The programming language and environment, VIPLE, will be used to teach the concepts in the lessons as it is a graphical programming language, which removes many of the common challenges faced by young students in learning to code, like dealing with syntax or remembering keywords for coding blocks.
ContributorsBelt, Emily (Author) / Chen, Yinong (Thesis director) / Miller, Cindy (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2020-05
Description
Karate is a Japanese martial art that originated approximately a century ago, with heavy influence from Chinese martial arts at the time. Although it was originally created as a form of self-defense, many today practice it for sport. Organizations such as the World Karate Federation (WKF) and USA Karate establish rules for competitions as well as host tournaments for practitioners of all ages and skill levels to participate in. Dojos will often host small, local tournaments for their students to practice and sharpen their competition skills. Smaller tournaments often do not have the same tools and technologies that larger tournaments do. Sign-ups are typically done in-person and payments are cash-only, which can be inconvenient for those who are extremely busy or forgetful. Another issue with hosting local tournaments is that the software used to run the timer is a desktop application, called Karate Semaphore. In the case of technical difficulties, installing the software on another machine can be extremely time-consuming and delay the progression of the tournament. Not to mention, Karate Semaphore was created following the 2012 WKF rules—meaning it is currently out of date, as it does not contain any features supporting new rules.
For my creative project, I designed a website through which smaller, local tournament registration and management are possible. Users can register for tournaments through the registration page. Registered users can check their registration is successful by viewing a table of all competitors. If the list of competitors is too long, they can filter results based on search criteria. Tournament management will be possible via a functioning timer following WKF rules which keeps track of both the match’s score as well as time.
For my creative project, I designed a website through which smaller, local tournament registration and management are possible. Users can register for tournaments through the registration page. Registered users can check their registration is successful by viewing a table of all competitors. If the list of competitors is too long, they can filter results based on search criteria. Tournament management will be possible via a functioning timer following WKF rules which keeps track of both the match’s score as well as time.
ContributorsRuan, Shirley (Author) / Sarwat, Mohamed (Thesis director) / Chen, Yinong (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2019-05
Description
A common challenge faced by students is that they often have questions about course material that they cannot ask during lecture time. There are many ways for students to have these questions answered, such as office hours and online discussion boards. However, office hours may be at inconvenient times or locations, and online discussion boards are difficult to navigate and may be inactive. The purpose of this project was to create an Alexa skill that allows users to ask their Alexa-equipped device a question concerning their course material and to receive an answer retrieved from discussion board data. User questions are mapped to discussion board posts by use of the cosine similarity algorithm. In this algorithm, posts from the discussion board and the user’s question are converted into mathematical vectors, with each term in the vector corresponding to a word. The values of these terms are computed based on the word’s frequency within the vector’s corresponding document, the frequency of that word within all the documents, and the length of the document. After the question and candidate posts are converted into vectors, the algorithm determines the post most similar to the user’s question by computing the angle between the vectors. With the most similar discussion board post determined, the user receives the replies to the post, if any, as their answer. Users are able to indicate to their Alexa device whether they were satisfied by the answer, and if they were unsatisfied then they are given the opportunity to either rephrase their question or to have the question sent to a database of unanswered questions. The professor can view and answer the questions in this database on a website hosted by use of Amazon’s Simple Storage Service. The Alexa skill does well at answering questions that have already been asked in the discussion board. However, the skill depends heavily on the user’s word choice. Two questions that are semantically identical but different in phrasing are often given different answers. This is because the cosine algorithm measures similarity on the basis of word overlap, not semantic meaning, and thus the application never truly “understands” what type of answer the user desires. Improving the performance of this Alexa skill will require a more advanced question answering algorithm, but the limitations of Amazon Web Services as a development platform make implementing such an algorithm difficult. Nevertheless, this project has created the basis of a question answering Alexa skill by demonstrating a feasible way that the resources offered by Amazon can be utilized in order to build such an application.
ContributorsBaker, Matthew Elias (Author) / Chen, Yinong (Thesis director) / Balasooriya, Janaka (Committee member) / Historical, Philosophical & Religious Studies (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2019-05
Description
Node.js is an extremely popular development framework for web applications. The appeal of its event-driven, asynchronous flow and the convenience of JavaScript as its programming language have driven its rapid growth, and it is currently deployed by leading companies in retail, finance, and other important sectors. However, the tools currently available for Node.js developers to secure their applications against malicious attackers are notably scarce. While there has been a substantial amount of security tools created for web applications in many other languages such as PHP and Java, very little exists for Node.js applications. This could compromise private information belonging to companies such as PayPal and WalMart. We propose a tool to statically analyze Node.js web applications for five popular vulnerabilites: cross-site scripting, SQL injection, server-side request forgery, command injection, and code injection. We base our tool off of JSAI, a platform created to parse client-side JavaScript for security risks. JSAI is novel because of its configuration capabilities, which allow a user to choose between various analysis options at runtime in order to select the most thorough analysis with the least amount of processing time. We contribute to the development of our tool by rigorously analyzing and documenting vulnerable functions and objects in Node.js that are relevant to the vulnerabilities we have selected. We intend to use this documentation to build a robust Node.js static analysis tool and we hope that other developers will also incorporate this analysis into their Node.js security projects.
ContributorsWasserman, Jonathan Kanter (Author) / Doupe, Adam (Thesis director) / Ahn, Gail-Joon (Committee member) / Zhao, Ziming (Committee member) / School of Historical, Philosophical and Religious Studies (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2017-05
Description
This thesis project focused on malicious hacking community activities accessible through the I2P protocol. We visited 315 distinct I2P sites to identify those with malicious hacking content. We also wrote software to scrape and parse data from relevant I2P sites. The data was integrated into the CySIS databases for further analysis to contribute to the larger CySIS Lab Darkweb Cyber Threat Intelligence Mining research. We found that the I2P cryptonet was slow and had only a small amount of malicious hacking community activity. However, we also found evidence of a growing perception that Tor anonymity could be compromised. This work will contribute to understanding the malicious hacker community as some Tor users, seeking assured anonymity, transition to I2P.
ContributorsHutchins, James Keith (Author) / Shakarian, Paulo (Thesis director) / Ahn, Gail-Joon (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-12