Matching Items (14)
Filtering by
- Genre: Masters Thesis
- Creators: Arizona State University
- Creators: Chakraborty, Bijeta
- Member of: ASU Electronic Theses and Dissertations
Description
Access control is necessary for information assurance in many of today's applications such as banking and electronic health record. Access control breaches are critical security problems that can result from unintended and improper implementation of security policies. Security testing can help identify security vulnerabilities early and avoid unexpected expensive cost in handling breaches for security architects and security engineers. The process of security testing which involves creating tests that effectively examine vulnerabilities is a challenging task. Role-Based Access Control (RBAC) has been widely adopted to support fine-grained access control. However, in practice, due to its complexity including role management, role hierarchy with hundreds of roles, and their associated privileges and users, systematically testing RBAC systems is crucial to ensure the security in various domains ranging from cyber-infrastructure to mission-critical applications. In this thesis, we introduce i) a security testing technique for RBAC systems considering the principle of maximum privileges, the structure of the role hierarchy, and a new security test coverage criterion; ii) a MTBDD (Multi-Terminal Binary Decision Diagram) based representation of RBAC security policy including RHMTBDD (Role Hierarchy MTBDD) to efficiently generate effective positive and negative security test cases; and iii) a security testing framework which takes an XACML-based RBAC security policy as an input, parses it into a RHMTBDD representation and then generates positive and negative test cases. We also demonstrate the efficacy of our approach through case studies.
ContributorsGupta, Poonam (Author) / Ahn, Gail-Joon (Thesis advisor) / Collofello, James (Committee member) / Huang, Dijiang (Committee member) / Arizona State University (Publisher)
Created2014
Description
Attribute Based Access Control (ABAC) mechanisms have been attracting a lot of interest from the research community in recent times. This is especially because of the flexibility and extensibility it provides by using attributes assigned to subjects as the basis for access control. ABAC enables an administrator of a server to enforce access policies on the data, services and other such resources fairly easily. It also accommodates new policies and changes to existing policies gracefully, thereby making it a potentially good mechanism for implementing access control in large systems, particularly in today's age of Cloud Computing. However management of the attributes in ABAC environment is an area that has been little touched upon. Having a mechanism to allow multiple ABAC based systems to share data and resources can go a long way in making ABAC scalable. At the same time each system should be able to specify their own attribute sets independently. In the research presented in this document a new mechanism is proposed that would enable users to share resources and data in a cloud environment using ABAC techniques in a distributed manner. The focus is mainly on decentralizing the access policy specifications for the shared data so that each data owner can specify the access policy independent of others. The concept of ontologies and semantic web is introduced in the ABAC paradigm that would help in giving a scalable structure to the attributes and also allow systems having different sets of attributes to communicate and share resources.
ContributorsPrabhu Verleker, Ashwin Narayan (Author) / Huang, Dijiang (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Dasgupta, Partha (Committee member) / Arizona State University (Publisher)
Created2014
Description
Efficiency of components is an ever increasing area of importance to portable applications, where a finite battery means finite operating time. Higher efficiency devices need to be designed that don't compromise on the performance that the consumer has come to expect. Class D amplifiers deliver on the goal of increased efficiency, but at the cost of distortion. Class AB amplifiers have low efficiency, but high linearity. By modulating the supply voltage of a Class AB amplifier to make a Class H amplifier, the efficiency can increase while still maintaining the Class AB level of linearity. A 92dB Power Supply Rejection Ratio (PSRR) Class AB amplifier and a Class H amplifier were designed in a 0.24um process for portable audio applications. Using a multiphase buck converter increased the efficiency of the Class H amplifier while still maintaining a fast response time to respond to audio frequencies. The Class H amplifier had an efficiency above the Class AB amplifier by 5-7% from 5-30mW of output power without affecting the total harmonic distortion (THD) at the design specifications. The Class H amplifier design met all design specifications and showed performance comparable to the designed Class AB amplifier across 1kHz-20kHz and 0.01mW-30mW. The Class H design was able to output 30mW into 16Ohms without any increase in THD. This design shows that Class H amplifiers merit more research into their potential for increasing efficiency of audio amplifiers and that even simple designs can give significant increases in efficiency without compromising linearity.
ContributorsPeterson, Cory (Author) / Bakkaloglu, Bertan (Thesis advisor) / Barnaby, Hugh (Committee member) / Kiaei, Sayfe (Committee member) / Arizona State University (Publisher)
Created2013
Description
In modern healthcare environments, there is a strong need to create an infrastructure that reduces time-consuming efforts and costly operations to obtain a patient's complete medical record and uniformly integrates this heterogeneous collection of medical data to deliver it to the healthcare professionals. As a result, healthcare providers are more willing to shift their electronic medical record (EMR) systems to clouds that can remove the geographical distance barriers among providers and patient. Even though cloud-based EMRs have received considerable attention since it would help achieve lower operational cost and better interoperability with other healthcare providers, the adoption of security-aware cloud systems has become an extremely important prerequisite for bringing interoperability and efficient management to the healthcare industry. Since a shared electronic health record (EHR) essentially represents a virtualized aggregation of distributed clinical records from multiple healthcare providers, sharing of such integrated EHRs may comply with various authorization policies from these data providers. In this work, we focus on the authorized and selective sharing of EHRs among several parties with different duties and objectives that satisfies access control and compliance issues in healthcare cloud computing environments. We present a secure medical data sharing framework to support selective sharing of composite EHRs aggregated from various healthcare providers and compliance of HIPAA regulations. Our approach also ensures that privacy concerns need to be accommodated for processing access requests to patients' healthcare information. To realize our proposed approach, we design and implement a cloud-based EHRs sharing system. In addition, we describe case studies and evaluation results to demonstrate the effectiveness and efficiency of our approach.
ContributorsWu, Ruoyu (Author) / Ahn, Gail-Joon (Thesis advisor) / Yau, Stephen S. (Committee member) / Huang, Dijiang (Committee member) / Arizona State University (Publisher)
Created2012
Description
Class D Amplifiers are widely used in portable systems such as mobile phones to achieve high efficiency. The demands of portable electronics for low power consumption to extend battery life and reduce heat dissipation mandate efficient, high-performance audio amplifiers. The high efficiency of Class D amplifiers (CDAs) makes them particularly attractive for portable applications. The Digital class D amplifier is an interesting solution to increase the efficiency of embedded systems. However, this solution is not good enough in terms of PWM stage linearity and power supply rejection. An efficient control is needed to correct the error sources in order to get a high fidelity sound quality in the whole audio range of frequencies. A fundamental analysis on various error sources due to non idealities in the power stage have been discussed here with key focus on Power supply perturbations driving the Power stage of a Class D Audio Amplifier. Two types of closed loop Digital Class D architecture for PSRR improvement have been proposed and modeled. Double sided uniform sampling modulation has been used. One of the architecture uses feedback around the power stage and the second architecture uses feedback into digital domain. Simulation & experimental results confirm that the closed loop PSRR & PS-IMD improve by around 30-40 dB and 25 dB respectively.
ContributorsChakraborty, Bijeta (Author) / Bakkaloglu, Bertan (Thesis advisor) / Garrity, Douglas (Committee member) / Ozev, Sule (Committee member) / Arizona State University (Publisher)
Created2012
Description
In countries of conflict, non-governmental organizations (NGOs) often resort to humanitarian relief. A small number of peace and conflict resolution organizations (P/CROs) engage more directly, through grassroots mediation, elite negotiation and advocacy. This thesis observes the potential for implementing such direct conflict interventions in traditional relief and development organizations. To understand current NGO activities, I examine ten case study organizations in two countries of conflict, Cote d'Ivoire and Somalia. I analyze organizations' rhetorical presentation, their society-level engagement, strategies for intervention, and responses to persistent challenges, such as security, impartiality, collaboration and evaluation. Based on conflict study literature, I make tentative recommendations for NGOs in Cote d'Ivoire and Somalia specifically. I also propose a more general system for classifying NGO peace work: five generations of conflict intervention, each more integrated, direct, and political. Rhetorical, structural and operational changes will help organizations move toward higher generation work.
ContributorsDiddams, Margaret (Author) / Ron, Amit (Thesis advisor) / Friedrich, Patricia (Thesis advisor) / Wang, Lili (Committee member) / Arizona State University (Publisher)
Created2011
Description
Due to the shortcomings of modern Mobile Device Management solutions, businesses
have begun to incorporate forensics to analyze their mobile devices and respond
to any incidents of malicious activity in order to protect their sensitive data. Current
forensic tools, however, can only look a static image of the device being examined,
making it difficult for a forensic analyst to produce conclusive results regarding the
integrity of any sensitive data on the device. This research thesis expands on the
use of forensics to secure data by implementing an agent on a mobile device that can
continually collect information regarding the state of the device. This information is
then sent to a separate server in the form of log files to be analyzed using a specialized
tool. The analysis tool is able to look at the data collected from the device over time
and perform specific calculations, according to the user's specifications, highlighting
any correlations or anomalies among the data which might be considered suspicious
to a forensic analyst. The contribution of this paper is both an in-depth explanation
on the implementation of an iOS application to be used to improve the mobile forensics
process as well as a proof-of-concept experiment showing how evidence collected
over time can be used to improve the accuracy of a forensic analysis.
have begun to incorporate forensics to analyze their mobile devices and respond
to any incidents of malicious activity in order to protect their sensitive data. Current
forensic tools, however, can only look a static image of the device being examined,
making it difficult for a forensic analyst to produce conclusive results regarding the
integrity of any sensitive data on the device. This research thesis expands on the
use of forensics to secure data by implementing an agent on a mobile device that can
continually collect information regarding the state of the device. This information is
then sent to a separate server in the form of log files to be analyzed using a specialized
tool. The analysis tool is able to look at the data collected from the device over time
and perform specific calculations, according to the user's specifications, highlighting
any correlations or anomalies among the data which might be considered suspicious
to a forensic analyst. The contribution of this paper is both an in-depth explanation
on the implementation of an iOS application to be used to improve the mobile forensics
process as well as a proof-of-concept experiment showing how evidence collected
over time can be used to improve the accuracy of a forensic analysis.
ContributorsWhitaker, Jeremy (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Committee member) / Yau, Stephen (Committee member) / Arizona State University (Publisher)
Created2015
Description
Network Management is a critical process for an enterprise to configure and monitor the network devices using cost effective methods. It is imperative for it to be robust and free from adversarial or accidental security flaws. With the advent of cloud computing and increasing demands for centralized network control, conventional management protocols like Simple Network Management Protocol (SNMP) appear inadequate and newer techniques like Network Management Datastore Architecture (NMDA) design and Network Configuration (NETCONF) have been invented. However, unlike SNMP which underwent improvements concentrating on security, the new data management and storage techniques have not been scrutinized for the inherent security flaws.
In this thesis, I identify several vulnerabilities in the widely used critical infrastructures which leverage the NMDA design. Software Defined Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. I base my research on the security challenges put forth by the existing datastore’s design as implemented by the SDN controllers. The vulnerabilities identified in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using the threat detection methodology, I demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and confidentiality of the network. I finally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.
In this thesis, I identify several vulnerabilities in the widely used critical infrastructures which leverage the NMDA design. Software Defined Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. I base my research on the security challenges put forth by the existing datastore’s design as implemented by the SDN controllers. The vulnerabilities identified in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using the threat detection methodology, I demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and confidentiality of the network. I finally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.
ContributorsDixit, Vaibhav Hemant (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Thesis advisor) / Shoshitaishvili, Yan (Committee member) / Zhao, Ziming (Committee member) / Arizona State University (Publisher)
Created2018
Description
On Android, existing security procedures require apps to request permissions for access to sensitive resources.
Only when the user approves the requested permissions will the app be installed.
However, permissions are an incomplete security mechanism.
In addition to a user's limited understanding of permissions, the mechanism does not account for the possibility that different permissions used together have the ability to be more dangerous than any single permission alone.
Even if users did understand the nature of an app's requested permissions, this mechanism is still not enough to guarantee that a user's information is protected.
Applications can potentially send or receive sensitive information from other applications without the required permissions by using intents.
In other words, applications can potentially collaborate in ways unforeseen by the user, even if the user understands the permissions of each app independently.
In this thesis, we present several graph-based approaches to address these issues.
We determine the permissions of an app and generate scores based on our assigned value of certain resources.
We analyze these scores overall, as well as in the context of the app's category as determined by Google Play.
We show that these scores can be used to identify overzealous apps, as well as apps that do not properly fit within their category.
We analyze potential interactions between different applications using intents, and identify several promiscuous apps with low permission scores, showing that permissions alone are not sufficient to evaluate the security risks of an app.
Our analyses can form the basis of a system to assist users in identifying apps that can potentially compromise user privacy.
Only when the user approves the requested permissions will the app be installed.
However, permissions are an incomplete security mechanism.
In addition to a user's limited understanding of permissions, the mechanism does not account for the possibility that different permissions used together have the ability to be more dangerous than any single permission alone.
Even if users did understand the nature of an app's requested permissions, this mechanism is still not enough to guarantee that a user's information is protected.
Applications can potentially send or receive sensitive information from other applications without the required permissions by using intents.
In other words, applications can potentially collaborate in ways unforeseen by the user, even if the user understands the permissions of each app independently.
In this thesis, we present several graph-based approaches to address these issues.
We determine the permissions of an app and generate scores based on our assigned value of certain resources.
We analyze these scores overall, as well as in the context of the app's category as determined by Google Play.
We show that these scores can be used to identify overzealous apps, as well as apps that do not properly fit within their category.
We analyze potential interactions between different applications using intents, and identify several promiscuous apps with low permission scores, showing that permissions alone are not sufficient to evaluate the security risks of an app.
Our analyses can form the basis of a system to assist users in identifying apps that can potentially compromise user privacy.
ContributorsGibson, Aaron (Author) / Bazzi, Rida (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Walker, Erin (Committee member) / Arizona State University (Publisher)
Created2015
Description
In this thesis, a digital input class D audio amplifier system which has the ability
to reject the power supply noise and nonlinearly of the output stage is presented. The main digital class D feed-forward path is using the fully-digital sigma-delta PWM open loop topology. Feedback loop is used to suppress the power supply noise and harmonic distortions. The design is using global foundry 0.18um technology.
Based on simulation, the power supply rejection at 200Hz is about -49dB with
81dB dynamic range and -70dB THD+N. The full scale output power can reach as high as 27mW and still keep minimum -68dB THD+N. The system efficiency at full scale is about 82%.
to reject the power supply noise and nonlinearly of the output stage is presented. The main digital class D feed-forward path is using the fully-digital sigma-delta PWM open loop topology. Feedback loop is used to suppress the power supply noise and harmonic distortions. The design is using global foundry 0.18um technology.
Based on simulation, the power supply rejection at 200Hz is about -49dB with
81dB dynamic range and -70dB THD+N. The full scale output power can reach as high as 27mW and still keep minimum -68dB THD+N. The system efficiency at full scale is about 82%.
ContributorsBai, Jing (Author) / Bakkaloglu, Bertan (Thesis advisor) / Arizona State University (Publisher)
Created2015