Matching Items (7)
Description
Access control is necessary for information assurance in many of today's applications such as banking and electronic health record. Access control breaches are critical security problems that can result from unintended and improper implementation of security policies. Security testing can help identify security vulnerabilities early and avoid unexpected expensive cost in handling breaches for security architects and security engineers. The process of security testing which involves creating tests that effectively examine vulnerabilities is a challenging task. Role-Based Access Control (RBAC) has been widely adopted to support fine-grained access control. However, in practice, due to its complexity including role management, role hierarchy with hundreds of roles, and their associated privileges and users, systematically testing RBAC systems is crucial to ensure the security in various domains ranging from cyber-infrastructure to mission-critical applications. In this thesis, we introduce i) a security testing technique for RBAC systems considering the principle of maximum privileges, the structure of the role hierarchy, and a new security test coverage criterion; ii) a MTBDD (Multi-Terminal Binary Decision Diagram) based representation of RBAC security policy including RHMTBDD (Role Hierarchy MTBDD) to efficiently generate effective positive and negative security test cases; and iii) a security testing framework which takes an XACML-based RBAC security policy as an input, parses it into a RHMTBDD representation and then generates positive and negative test cases. We also demonstrate the efficacy of our approach through case studies.
ContributorsGupta, Poonam (Author) / Ahn, Gail-Joon (Thesis advisor) / Collofello, James (Committee member) / Huang, Dijiang (Committee member) / Arizona State University (Publisher)
Created2014
Description
In this dissertation, two interrelated problems of service-based systems (SBS) are addressed: protecting users' data confidentiality from service providers, and managing performance of multiple workflows in SBS. Current SBSs pose serious limitations to protecting users' data confidentiality. Since users' sensitive data is sent in unencrypted forms to remote machines owned and operated by third-party service providers, there are risks of unauthorized use of the users' sensitive data by service providers. Although there are many techniques for protecting users' data from outside attackers, currently there is no effective way to protect users' sensitive data from service providers. In this dissertation, an approach is presented to protecting the confidentiality of users' data from service providers, and ensuring that service providers cannot collect users' confidential data while the data is processed or stored in cloud computing systems. The approach has four major features: (1) separation of software service providers and infrastructure service providers, (2) hiding the information of the owners of data, (3) data obfuscation, and (4) software module decomposition and distributed execution. Since the approach to protecting users' data confidentiality includes software module decomposition and distributed execution, it is very important to effectively allocate the resource of servers in SBS to each of the software module to manage the overall performance of workflows in SBS. An approach is presented to resource allocation for SBS to adaptively allocating the system resources of servers to their software modules in runtime in order to satisfy the performance requirements of multiple workflows in SBS. Experimental results show that the dynamic resource allocation approach can substantially increase the throughput of a SBS and the optimal resource allocation can be found in polynomial time
ContributorsAn, Ho Geun (Author) / Yau, Sik-Sang (Thesis advisor) / Huang, Dijiang (Committee member) / Ahn, Gail-Joon (Committee member) / Santanam, Raghu (Committee member) / Arizona State University (Publisher)
Created2012
Description
Cloud computing and web services enable the creation of applications that are faster and more interconnected than traditional applications. This project explores the possible ways in which cloud computing and web services can be used to extend already existing applications by developing a data storage web service for 3D modeling applications. The implementation of the service is described, and several example applications are shown that utilize the service. Additionally, related web based applications are discussed along with their influence on the project. The project shows the benefits that cloud-based web services can bring to 3D modeling applications, such as improved collaboration and more comprehensive history tracking.
ContributorsFerry, Mark Travis (Author) / Chen, Yinong (Thesis director) / Balasooriya, Janaka (Committee member) / Barrett, The Honors College (Contributor)
Created2015-05
Description
Tenga is an e-commerce demo web application for students studying Distributed Software Development and Software Integration and Engineering at Arizona State University (ASU). The application, written in C#, aims to empower students to understand how complex systems are build. Complementing the two courses taught at ASU, it seeks to demonstrate how the concepts taught in the two classes can be applied to the real world. In addition to the practical software development process, Tenga also bring in the topics that students are inexperienced with such as recommendation systems and ranking algorithms. Tenga is going to be used in classrooms to help students to learn fundamental issues in Web software development and software integration and to understand tools and skill sets required to built a web application.
ContributorsKawanzaruwa, Allen Tom (Author) / Chen, Yinong (Thesis director) / Nakamura, Mutsumi (Committee member) / Computer Science and Engineering Program (Contributor) / School of Mathematical and Statistical Sciences (Contributor) / Barrett, The Honors College (Contributor)
Created2016-05
Description
The areas of cloud computing and web services have grown rapidly in recent years, resulting in software that is more interconnected and and widely used than ever before. As a result of this proliferation, there needs to be a way to assess the quality of these web services in order to ensure their reliability and accuracy. This project explores different ways in which services can be tested and evaluated through the design of various testing techniques and their implementations in a web application, which can be used by students or developers to test their web services.
ContributorsHilliker, Mark Paul (Author) / Chen, Yinong (Thesis director) / Nakamura, Mutsumi (Committee member) / Computer Science and Engineering Program (Contributor) / School of Mathematical and Statistical Sciences (Contributor) / Barrett, The Honors College (Contributor)
Created2016-05
Description
The purpose of this project was to implement and analyze a new proposed rootkit that claims a greater level of stealth by hiding in cache. Today, the vast majority of embedded devices are powered by ARM processors. To protect their processors from attacks, ARM introduced a hardware security extension known as TrustZone. It provides an isolated execution environment within the embedded device that enables us to run various memory integrity and malware detection tools to identify possible breaches in security to the normal world. Although TrustZone provides this additional layer of security, it also adds another layer of complexity, and thus comes with its own set of vulnerabilities. This new rootkit identifies and exploits a cache incoherence in the ARM device as a result of TrustZone. The newly proposed rootkit, called CacheKit, takes advantage of this cache incoherence to avoid memory introspection from tools in secure world. We implement CacheKit on the i.MX53 development board, which features a single ARM Cortex A8 processor, to analyze the limitations and vulnerabilities described in the original paper. We set up the Linux environment on the computer to be able to cross-compile for the development board which will be running the FreeScale android 2.3.4 platform with a 2.6.33 Linux kernel. The project is implemented as a kernel module that once installed on the board can manipulate cache as desired to conceal the rootkit. The module exploits the fact that in TrustZone, the secure world does not have access to the normal world cache. First, a technique known as Cache-asRAM is used to ensure that the rootkit is loaded only into cache of the normal world where it can avoid detection from the secure world. Then, we employ the cache maintenance instructions and resisters provided in the cp15 coprocessor to keep the code persistent in cache. Furthermore, the cache lines are mapped to unused I/O address space so that if cache content is flushed to RAM for inspection, the data is simply lost. This ensures that even if the rootkit were to be flushed into memory, any trace of the malicious code would be lost. CacheKit prevents defenders from analyzing the code and destroys any forensic evidence. This provides attackers with a new and powerful tool that is excellent for certain scenarios that were previously thought to be secure. Finally, we determine the limitations of the prototype to determine possible areas for future growth and research into the security of networked embedded devices.
ContributorsGutierrez Barnett, Mauricio Antonio (Author) / Zhao, Ziming (Thesis director) / Doupe, Adam (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-12
Description
Gamification is the process of adding game mechanics to non game activities, thus creating a more engaging environment. Loyals provides a gamification API which can be consumed to add Loyals (achievements) to any website, application, or mobile app. Loyals are used in two major ways: (1) to create an interactive environment where users are rewarded for completing tasks and (2) as contextual information useful for analyzing user interaction with the application. The interactive environment inspires users to continue using an application while the contextual information can be used for improving the application to draw in new loyal visitors, ad targeting, creating user profiles, and much more.
ContributorsClaxton, Joshua Allen (Author) / Chen, Yinong (Thesis director) / Collofello, James (Committee member) / Irwin, Don (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2013-05