Matching Items (1,235)
Filtering by
- All Subjects: Piano music
Description
With the growth of IT products and sophisticated software in various operating systems, I observe that security risks in systems are skyrocketing constantly. Consequently, Security Assessment is now considered as one of primary security mechanisms to measure assurance of systems since systems that are not compliant with security requirements may lead adversaries to access critical information by circumventing security practices. In order to ensure security, considerable efforts have been spent to develop security regulations by facilitating security best-practices. Applying shared security standards to the system is critical to understand vulnerabilities and prevent well-known threats from exploiting vulnerabilities. However, many end users tend to change configurations of their systems without paying attention to the security. Hence, it is not straightforward to protect systems from being changed by unconscious users in a timely manner. Detecting the installation of harmful applications is not sufficient since attackers may exploit risky software as well as commonly used software. In addition, checking the assurance of security configurations periodically is disadvantageous in terms of time and cost due to zero-day attacks and the timing attacks that can leverage the window between each security checks. Therefore, event-driven monitoring approach is critical to continuously assess security of a target system without ignoring a particular window between security checks and lessen the burden of exhausted task to inspect the entire configurations in the system. Furthermore, the system should be able to generate a vulnerability report for any change initiated by a user if such changes refer to the requirements in the standards and turn out to be vulnerable. Assessing various systems in distributed environments also requires to consistently applying standards to each environment. Such a uniformed consistent assessment is important because the way of assessment approach for detecting security vulnerabilities may vary across applications and operating systems. In this thesis, I introduce an automated event-driven security assessment framework to overcome and accommodate the aforementioned issues. I also discuss the implementation details that are based on the commercial-off-the-self technologies and testbed being established to evaluate approach. Besides, I describe evaluation results that demonstrate the effectiveness and practicality of the approaches.
ContributorsSeo, Jeong-Jin (Author) / Ahn, Gail-Joon (Thesis advisor) / Yau, Stephen S. (Committee member) / Lee, Joohyung (Committee member) / Arizona State University (Publisher)
Created2014
Description
Access control is necessary for information assurance in many of today's applications such as banking and electronic health record. Access control breaches are critical security problems that can result from unintended and improper implementation of security policies. Security testing can help identify security vulnerabilities early and avoid unexpected expensive cost in handling breaches for security architects and security engineers. The process of security testing which involves creating tests that effectively examine vulnerabilities is a challenging task. Role-Based Access Control (RBAC) has been widely adopted to support fine-grained access control. However, in practice, due to its complexity including role management, role hierarchy with hundreds of roles, and their associated privileges and users, systematically testing RBAC systems is crucial to ensure the security in various domains ranging from cyber-infrastructure to mission-critical applications. In this thesis, we introduce i) a security testing technique for RBAC systems considering the principle of maximum privileges, the structure of the role hierarchy, and a new security test coverage criterion; ii) a MTBDD (Multi-Terminal Binary Decision Diagram) based representation of RBAC security policy including RHMTBDD (Role Hierarchy MTBDD) to efficiently generate effective positive and negative security test cases; and iii) a security testing framework which takes an XACML-based RBAC security policy as an input, parses it into a RHMTBDD representation and then generates positive and negative test cases. We also demonstrate the efficacy of our approach through case studies.
ContributorsGupta, Poonam (Author) / Ahn, Gail-Joon (Thesis advisor) / Collofello, James (Committee member) / Huang, Dijiang (Committee member) / Arizona State University (Publisher)
Created2014
ContributorsShi, Ge (Performer) / ASU Library. Music Library (Publisher)
Created2018-03-25
ContributorsShatuho, Kristina (Performer) / ASU Library. Music Library (Publisher)
Created2018-03-27
Description
The rate at which new malicious software (Malware) is created is consistently increasing each year. These new malwares are designed to bypass the current anti-virus countermeasures employed to protect computer systems. Security Analysts must understand the nature and intent of the malware sample in order to protect computer systems from these attacks. The large number of new malware samples received daily by computer security companies require Security Analysts to quickly determine the type, threat, and countermeasure for newly identied samples. Our approach provides for a visualization tool to assist the Security Analyst in these tasks that allows the Analyst to visually identify relationships between malware samples.
This approach consists of three steps. First, the received samples are processed by a sandbox environment to perform a dynamic behavior analysis. Second, the reports of the dynamic behavior analysis are parsed to extract identifying features which are matched against other known and analyzed samples. Lastly, those matches that are determined to express a relationship are visualized as an edge connected pair of nodes in an undirected graph.
This approach consists of three steps. First, the received samples are processed by a sandbox environment to perform a dynamic behavior analysis. Second, the reports of the dynamic behavior analysis are parsed to extract identifying features which are matched against other known and analyzed samples. Lastly, those matches that are determined to express a relationship are visualized as an edge connected pair of nodes in an undirected graph.
ContributorsHolmes, James Edward (Author) / Ahn, Gail-Joon (Thesis advisor) / Dasgupta, Partha (Committee member) / Doupe, Adam (Committee member) / Arizona State University (Publisher)
Created2014
Description
Most existing security decisions for both defending and attacking are made based on some deterministic approaches that only give binary answers. Even though these approaches can achieve low false positive rate for decision making, they have high false negative rates due to the lack of accommodations to new attack methods and defense techniques. In this dissertation, I study how to discover and use patterns with uncertainty and randomness to counter security challenges. By extracting and modeling patterns in security events, I am able to handle previously unknown security events with quantified confidence, rather than simply making binary decisions. In particular, I cope with the following four real-world security challenges by modeling and analyzing with pattern-based approaches: 1) How to detect and attribute previously unknown shellcode? I propose instruction sequence abstraction that extracts coarse-grained patterns from an instruction sequence and use Markov chain-based model and support vector machines to detect and attribute shellcode; 2) How to safely mitigate routing attacks in mobile ad hoc networks? I identify routing table change patterns caused by attacks, propose an extended Dempster-Shafer theory to measure the risk of such changes, and use a risk-aware response mechanism to mitigate routing attacks; 3) How to model, understand, and guess human-chosen picture passwords? I analyze collected human-chosen picture passwords, propose selection function that models patterns in password selection, and design two algorithms to optimize password guessing paths; and 4) How to identify influential figures and events in underground social networks? I analyze collected underground social network data, identify user interaction patterns, and propose a suite of measures for systematically discovering and mining adversarial evidence. By solving these four problems, I demonstrate that discovering and using patterns could help deal with challenges in computer security, network security, human-computer interaction security, and social network security.
ContributorsZhao, Ziming (Author) / Ahn, Gail-Joon (Thesis advisor) / Yau, Stephen S. (Committee member) / Huang, Dijiang (Committee member) / Santanam, Raghu (Committee member) / Arizona State University (Publisher)
Created2014
Description
With the rise of mobile technology, the personal lives and sensitive information of everyday citizens are carried about without a thought to the risks involved. Despite this high possibility of harm, many fail to use simple security to protect themselves because they feel the benefits of securing their devices do not outweigh the cost to usability. The main issue is that beyond initial authentication, sessions are maintained using optional timeout mechanisms where a session will end if a user is inactive for a period of time. This interruption-based form of continuous authentication requires constant user intervention leading to frustration, which discourages its use. No solution currently exists that provides an implementation beyond the insecure and low usability of simple timeout and re-authentication. This work identifies the flaws of current mobile authentication techniques and provides a new solution that is not limiting to the user, has a system for secure, active continuous authentication, and increases the usability and security over current methods.
ContributorsRomo, James Tyler (Author) / Ahn, Gail-Joon (Thesis advisor) / Dasgupta, Partha (Committee member) / Burleson, Winslow (Committee member) / Arizona State University (Publisher)
Created2014
ContributorsCarlisi, Daniel (Performer) / ASU Library. Music Library (Publisher)
Created2018-04-07
Description
Yannis Constantinidis was the last of the handful of composers referred to collectively as the Greek National School. The members of this group strove to create a distinctive national style for Greece, founded upon a synthesis of Western compositional idioms with melodic, rhyhmic, and modal features of their local folk traditions. Constantinidis particularly looked to the folk melodies of his native Asia Minor and the nearby Dodecanese Islands. His musical output includes operettas, musical comedies, orchestral works, chamber and vocal music, and much piano music, all of which draws upon folk repertories for thematic material. The present essay examines how he incorporates this thematic material in his piano compositions, written between 1943 and 1971, with a special focus on the 22 Songs and Dances from the Dodecanese. In general, Constantinidis's pianistic style is expressed through miniature pieces in which the folk tunes are presented mostly intact, but embedded in accompaniment based in early twentieth-century modal harmony. Following the dictates of the founding members of the Greek National School, Manolis Kalomiris and Georgios Lambelet, the modal basis of his harmonic vocabulary is firmly rooted in the characteristics of the most common modes of Greek folk music. A close study of his 22 Songs and Dances from the Dodecanese not only offers a valuable insight into his harmonic imagination, but also demonstrates how he subtly adapts his source melodies. This work also reveals his care in creating a musical expression of the words of the original folk songs, even in purely instrumental compositon.
ContributorsSavvidou, Dina (Author) / Hamilton, Robert (Thesis advisor) / Little, Bliss (Committee member) / Meir, Baruch (Committee member) / Thompson, Janice M (Committee member) / Arizona State University (Publisher)
Created2011
Description
This paper describes six representative works by twentieth-century Chinese composers: Jian-Zhong Wang, Er-Yao Lin, Yi-Qiang Sun, Pei-Xun Chen, Ying-Hai Li, and Yi Chen, which are recorded by the author on the CD. The six pieces selected for the CD all exemplify traits of Nationalism, with or without Western influences. Of the six works on the CD, two are transcriptions of the Han Chinese folk-like songs, one is a composition in the style of the Uyghur folk music, two are transcriptions of traditional Chinese instrumental music dating back to the eighteenth century, and one is an original composition in a contemporary style using folk materials. Two of the composers, who studied in the United States, were strongly influenced by Western compositional style. The other four, who did not study abroad, retained traditional Chinese style in their compositions. The pianistic level of difficulty in these six pieces varies from intermediate to advanced level. This paper includes biographical information for the six composers, background information on the compositions, and a brief analysis of each work. The author was exposed to these six pieces growing up, always believing that they are beautiful and deserve to be appreciated. When the author came to the United States for her studies, she realized that Chinese compositions, including these six pieces, were not sufficiently known to her peers. This recording and paper are offered in the hopes of promoting a wider familiarity with Chinese music and culture.
ContributorsLuo, Yali, D.M.A (Author) / Hamilton, Robert (Thesis advisor) / Campbell, Andrew (Committee member) / Pagano, Caio (Committee member) / Cosand, Walter (Committee member) / Rogers, Rodney (Committee member) / Arizona State University (Publisher)
Created2012