Matching Items (36)
Filtering by
- All Subjects: Software
- All Subjects: Security
- Creators: Computer Science and Engineering Program
- Creators: Foy, Joseph
- Member of: Barrett, The Honors College Thesis/Creative Project Collection
- Status: Published
Description
CourseKarma is a web application that engages students in their own learning through peer-driven social networking. The influence of technology on students is advancing faster than the school system, and a major gap still lingers between traditional learning techniques and the fast-paced, online culture of today's generation. CourseKarma enriches the educational experience of today's student by creating a space for collaborative inquiry as well as illuminating the opportunities of self and group learning through online collaboration. The features of CourseKarma foster this student-driven environment. The main focus is on a news-feed and Question and Answer component that provides a space for students to share instant updates as well ask and answer questions of the community. The community can be as broad as the entire ASU student body, as specific as students in BIO155, or even more targeted via specific subjects and or skills. CourseKarma also provides reputation points, which are the sum of all of their votes received, identifying the individual's level and or ranking in each subject or class. This not only gamifies the usual day-to-day learning environment, but it also provides an in-depth analysis of the individual's skills, accomplishments, and knowledge. The community is also able to input and utilize course and professor descriptions/feedback. This will be in a review format providing the students an opportunity to share and give feedback on their experience as well as providing incoming students the opportunity to be prepared for their future classes. All of the student's contributions and collaborative activity within CourseKarma is displayed on their personal profile creating a timeline of their academic achievements. The application was created using modern web programming technologies such as AngualrJS, Javascript, jQuery, Bootstrap, HTML5, CSS3 for the styling and front-end development, Mustache.js for client side templating, and Firebase AngularFire as the back-end and NoSQL database. Other technologies such as Pivitol Tracker was used for project management and user story generation, as well as, Github for version control management and repository creation. Object-oreinted programming concepts were heavily present in the creation of the various data structures, as well as, a voting algorithm was used to manage voting of specific posts. Down the road, CourseKarma could even be a necessary add-on within LinkedIn or Facebook that provides a quick yet extremely in-depth look at an individuals' education, skills, and potential to learn \u2014 based all on their actual contribution to their academic community rather than just a text they wrote up.
ContributorsCho, Sungjae (Author) / Mayron, Liam (Thesis director) / Lobock, Alan (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor) / School of Arts, Media and Engineering (Contributor)
Created2015-05
Description
Modern computer processors contain an embedded firmware known as microcode that controls decode and execution of x86 instructions. Although proprietary and relatively obscure, this microcode can be modified using updates released by hardware manufacturers to correct processor logic flaws (errata). At the same time, a malicious microcode update could compromise a processor by implementing new malicious instructions or altering the functionality of existing instructions, including processor-accelerated virtualization or cryptographic primitives. Not only is this attack vector capable of subverting all software-enforced security policies and access controls, but it also leaves behind no postmortem forensic evidence since the write-only patch memory is cleared upon system reset. Although supervisor privileges (ring zero) are required to update processor microcode, this attack cannot be easily mitigated due to the implementation of microcode update functionality within processor silicon. In this paper, we reveal the microarchitecture and mechanism of microcode updates, present a security analysis of this attack vector, and provide some mitigation suggestions.
ContributorsChen, Daming Dominic (Author) / Ahn, Gail-Joon (Thesis director) / Lee, Joohyung (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor) / School of International Letters and Cultures (Contributor) / School of Mathematical and Statistical Sciences (Contributor)
Created2014-05
Description
We discuss processes involved in user-centric security design, including the synthesis of goals based on security and usability tasks. We suggest the usage of implicit security and the facilitation of secureuser actions. We propose a process for evaluating usability flaws by treating them as security threats and adapting traditional HCI methods. We discuss how to correct these flaws once they are discovered. Finally, we discuss the Usable Security Development Model for developing usable secure systems.
ContributorsJorgensen, Jan Drake (Author) / Ahn, Gail-Joon (Thesis director) / VanLehn, Kurt (Committee member) / Wilkerson, Kelly (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2013-05
Description
Despite the advancement of online tools for activities related to the core experience of taking classes on a college campus, there has been a relatively small amount of research into implementing online tools for ancillary academic resources (e.g. tutoring centers, review sessions, etc.). Previous work and a study conducted for this paper indicates that there is value in creating these online tools but that there is value in maintaining an in-person component to these services. Based on this, a system which provides personalized, easily-accessible, simple access to these services is proposed. Designs for user-centered online-tools that provides access to and interaction with tutoring centers and review sessions are described and prototypes are developed to demonstrate the application of design principles for online tools for academic services.
ContributorsBerk, Nicholas Robert (Author) / Balasooriya, Janaka (Thesis director) / Eaton, John (Committee member) / Walker, Erin (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2013-12
Description
Web-application development constantly changes \u2014 new programming languages, testing tools and programming methodologies are often proposed. The focus of this project is on the tool Selenium and the fairly new technique known as High Volume Automated Testing (HVAT). Both of these techniques were used to test the Just-in-Time Teaching and Learning Classroom Management System software. Selenium was used with a black-box testing technique and HVAT was employed in a white-box testing technique. Two of the major functionalities of this software were examined, which include the login and the professor functionality. The results of the black-box testing technique showed parts of the login component contain bugs, but the professor component is clean. HVAT white-box testing revealed error free implementation on the code level. We present an analysis on a new technique for HVAT testing with Selenium.
ContributorsEjaz, Samira (Author) / Balasooriya, Janaka (Thesis director) / Nakamura, Mutsumi (Committee member) / Wilkerson, Kelly (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2013-05
Description
Radio Frequency Identification (RFID) technology allows objects to be identified electronically by way of a small electronic tag. RFID is quickly becoming quite popular, and there are many security hurdles for this technology to overcome. The iCLASS line of RFID, produced by HID Global, is one such technology that is widely used for secure access control and applications where a contactless authentication element is desirable. Unfortunately, iCLASS has been shown to have security issues. Nevertheless customers continue to use it because of the great cost that would be required to completely replace it. This Honors Thesis will address attacks against iCLASS and means for countering them that do not require such an overhaul.
ContributorsMellott, Matthew John (Author) / Ahn, Gail-Joon (Thesis director) / Thorstenson, Tina (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2014-05
Description
IoT Media broadcast devices, such as the Roku stick, Amazon Fire, and Chromecast have been emerging onto the market recently as a portable and inexpensive alternative to cable and disk players, allowing easy integration between home and business Wi-Fi networks and television systems capable of supporting HDMI inputs without the additional overhead of setting up a heavy or complicated player or computer. The rapid expansion of these products as a mechanism to provide for TV Everywhere services for entertainment as well as cheap office appliances brings yet another node in the rapidly expanding network of IoT that surrounds us today. However, the security implications of these devices are nearly unexplored, despite their prevalence. In this thesis, I will go over the structure and mechanisms of Chromecast, and explore some of the potential exploits and consequences of the device. The thesis contains an overview of the inner workings of Chromecast, goes over the segregation and limited control and fundamental design choices of the Android based OS. It then identifies the objectives of security, four different potential methods of exploit to compromise those objectives on a Chromecast and/or its attached network, including rogue applications, traffic sniffing, evil access points and the most effective one: deauthentication attack. Tests or relevant analysis were carried out for each of these methods, and conclusions were drawn on their effectiveness. There is then a conclusion revolving around the consequences, mitigation and the future implications of security issues on Chromecast and the larger IoT landscape.
ContributorsHuang, Kaiyi (Author) / Zhao, Ziming (Thesis director) / Ahn, Gail-Joon (Committee member) / W. P. Carey School of Business (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-12
Description
Charleston, South Carolina currently faces serious annual flooding issues due to tides and rainfall. These issues are expected to get significantly worse within the next few decades reaching a projected 180 days a year of flooding by 2045 (Carter et al., 2018). Several permanent solutions are in progress by the City of Charleston. However, these solutions are years away at minimum and faced with development issues. This thesis attempts to treat some of the symptoms of flooding, such as navigation, by creating an iPhone application which predicts flooding and helps people navigate around it safely. Specifically, this thesis will take into account rainfall and tide levels to display to users actively flooded areas of downtown Charleston and provide routing to a destination from a user’s location around these flooded areas whenever possible.
ContributorsSalisbury, Mason (Author) / Balasooriya, Janaka (Thesis director) / Faucon, Christophe (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2019-05
Description
Third-party mixers are used to heighten the anonymity of Bitcoin users. The mixing techniques implemented by these tools are often untraceable on the blockchain, making them appealing to money launderers. This research aims to analyze mixers currently available on the deep web. In addition, an in-depth case study is done on an open-source bitcoin mixer known as Penguin Mixer. A local version of Penguin Mixer was used to visualize mixer behavior under specific scenarios. This study could lead to the identification of vulnerabilities in mixing tools and detection of these tools on the blockchain.
ContributorsPakki, Jaswant (Author) / Doupe, Adam (Thesis director) / Shoshitaishvili, Yan (Committee member) / Computer Science and Engineering Program (Contributor, Contributor) / Barrett, The Honors College (Contributor)
Created2018-12
Description
Despite the more tightly controlled permissions and Java framework used by most programs in the Android operating system, an attacker can use the same classic vulnerabilities that exist for traditional Linux binaries on the programs in the Android operating system. Some classic vulnerabilities include stack overows, string formats, and heap meta-information corruption. Through the exploitation of these vulnerabilities an attacker can hijack the execution ow of an application. After hijacking the execution ow, an attacker can then violate the con_dentiality, integrity, or availability of the operating system. Over the years, the operating systems and compliers have implemented a number of protections to prevent the exploitation of vulnerable programs. The most widely implemented protections include Non-eXecutable stack (NX Stack), Address Space Layout Randomization (ASLR), and Stack Canaries (Canaries). NX Stack protections prevent the injection and execution of arbitrary code through the use of a permissions framework within a program. Whereas, ASLR and Canaries rely on obfuscation techniques to protect control ow, which requires su_cient entropy between each execution. Early in the implementation of these protections in Linux, researchers discovered that without su_cient entropy between executions, ASLR and Canaries were easily bypassed. For example, the obfuscation techniques were useless in programs that ran continuously because the programs did not change the canaries or re-randomize the address space. Similarly, aws in the implementation of ASLR and Canaries in Android only re-randomizes the values after rebooting, which means the address space locations and canary values remain constant across the executions of an Android program. As a result, an attacker can hijack the control ow Android binaries that contain control ow vulnerabilities. The purpose of this paper is to expose these aws and the methodology used to verify their existence in Android versions 4.1 (Jelly Bean) through 8.0 (Oreo).
ContributorsGibbs, Wil (Author) / Doupe, Adam (Thesis director) / Shoshitaishvili, Yan (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2018-12