Matching Items (16)
Filtering by
Description
Cyber threats are growing in number and sophistication making it important to continually study and improve all dimensions of digital forensics. Teamwork in forensic analysis has been overlooked in systems even though forensics relies on collaboration. Forensic analysis lacks a system that is flexible and available on different electronic devices which are being used and incorporated into everyday life. For instance, cellphones or tablets that are easy to bring on-the-go to sites where the first steps of forensic analysis is done. Due to the present day conversion to online accessibility, most electronic devices connect to the internet. Squeegee is a proof of concept that forensic analysis can be done on the web. The forensic analysis expansion to the web opens many doors to collaboration and accessibility.
ContributorsJuntiff, Samantha Maria (Author) / Ahn, Gail-Joon (Thesis director) / Kashiwagi, Jacob (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2015-05
Description
The proliferation of interconnected and networked medical devices has resulted in the development of innovative Medical Cyber-Physical Systems (MCPS). MCPS are life-critical, distributed systems that are utilized to monitor and control healthcare organizations in order to provide a more coordinated, cohesive care-continuum focused on the whole patient resulting in better outcomes, and a happier, healthier patient. Medical Cyber Physical (MCPS) systems are life-critical, networked systems used to monitor and control healthcare and medical devices in order to provide more coordinated and cohesive care for the patient. Cyber-securing MCPS is difficult due to their complex and interconnected nature, and this project sets about analyzing current security requirements for MCPS using an ontology and exploration techniques, and developing a risk assessment and monitoring framework to better secure such systems.
ContributorsLamp, Josephine Ann (Author) / Ahn, Gail-Joon (Thesis director) / Rubio-Medrano, Carlos (Committee member) / School of Film, Dance and Theatre (Contributor) / Biomedical Informatics Program (Contributor) / Barrett, The Honors College (Contributor)
Created2018-05
Description
Modern computer processors contain an embedded firmware known as microcode that controls decode and execution of x86 instructions. Although proprietary and relatively obscure, this microcode can be modified using updates released by hardware manufacturers to correct processor logic flaws (errata). At the same time, a malicious microcode update could compromise a processor by implementing new malicious instructions or altering the functionality of existing instructions, including processor-accelerated virtualization or cryptographic primitives. Not only is this attack vector capable of subverting all software-enforced security policies and access controls, but it also leaves behind no postmortem forensic evidence since the write-only patch memory is cleared upon system reset. Although supervisor privileges (ring zero) are required to update processor microcode, this attack cannot be easily mitigated due to the implementation of microcode update functionality within processor silicon. In this paper, we reveal the microarchitecture and mechanism of microcode updates, present a security analysis of this attack vector, and provide some mitigation suggestions.
ContributorsChen, Daming Dominic (Author) / Ahn, Gail-Joon (Thesis director) / Lee, Joohyung (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor) / School of International Letters and Cultures (Contributor) / School of Mathematical and Statistical Sciences (Contributor)
Created2014-05
Description
We discuss processes involved in user-centric security design, including the synthesis of goals based on security and usability tasks. We suggest the usage of implicit security and the facilitation of secureuser actions. We propose a process for evaluating usability flaws by treating them as security threats and adapting traditional HCI methods. We discuss how to correct these flaws once they are discovered. Finally, we discuss the Usable Security Development Model for developing usable secure systems.
ContributorsJorgensen, Jan Drake (Author) / Ahn, Gail-Joon (Thesis director) / VanLehn, Kurt (Committee member) / Wilkerson, Kelly (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2013-05
Description
Our goals in our project are to enable management of distributed systems from one central location, record system logs and audit system based on these logs, and to demonstrate feasibility of platform-independent management of distributed systems based on CIM schema. In order to achieve these goals, we will have to overcome research challenges such as identifying meaningful CIM classes and attributes that could help to achieve this goal, how to gather managed objects of these CIM classes to collect such attributes on a given platform, and to research whether a platform's implementation of CIM is complete or incomplete so as to decide which platform would be the best to implement our solution. Even if a platform's implementation of CIM is incomplete, would we be able to create our own solution to a missing attribute and perhaps provide our own extension of the implementation? One major practical accomplishment will include developing a tool to allow distributed systems management regardless of a target system's platform. However, our research accomplishments will include having found the CIM classes that would be advantageous for system management and determining which platform would be best to work with managed objects of these classes.
ContributorsTrang, Patrick D (Author) / Ahn, Gail-Joon (Thesis director) / Chen, Yinong (Committee member) / Wilson, Adrian (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2013-05
Description
Radio Frequency Identification (RFID) technology allows objects to be identified electronically by way of a small electronic tag. RFID is quickly becoming quite popular, and there are many security hurdles for this technology to overcome. The iCLASS line of RFID, produced by HID Global, is one such technology that is widely used for secure access control and applications where a contactless authentication element is desirable. Unfortunately, iCLASS has been shown to have security issues. Nevertheless customers continue to use it because of the great cost that would be required to completely replace it. This Honors Thesis will address attacks against iCLASS and means for countering them that do not require such an overhaul.
ContributorsMellott, Matthew John (Author) / Ahn, Gail-Joon (Thesis director) / Thorstenson, Tina (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2014-05
Description
Malware that perform identity theft or steal bank credentials are becoming increasingly common and can cause millions of dollars of damage annually. A large area of research focus is the automated detection and removal of such malware, due to their large impact on millions of people each year. Such a detector will be beneficial to any industry that is regularly the target of malware, such as the financial sector. Typical detection approaches such as those found in commercial anti-malware software include signature-based scanning, in which malware executables are identified based on a unique signature or fingerprint developed for that malware. However, as malware authors continue to modify and obfuscate their malware, heuristic detection is increasingly popular, in which the behaviors of the malware are identified and patterns recognized. We explore a malware analysis and classification framework using machine learning to train classifiers to distinguish between malware and benign programs based upon their features and behaviors. Using both decision tree learning and support vector machines as classifier models, we obtained overall classification accuracies of around 80%. Due to limitations primarily including the usage of a small data set, our approach may not be suitable for practical classification of malware and benign programs, as evident by a high error rate.
ContributorsAnwar, Sajid (Co-author) / Chan, Tsz (Co-author) / Ahn, Gail-Joon (Thesis director) / Zhao, Ziming (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-05
Description
IoT Media broadcast devices, such as the Roku stick, Amazon Fire, and Chromecast have been emerging onto the market recently as a portable and inexpensive alternative to cable and disk players, allowing easy integration between home and business Wi-Fi networks and television systems capable of supporting HDMI inputs without the additional overhead of setting up a heavy or complicated player or computer. The rapid expansion of these products as a mechanism to provide for TV Everywhere services for entertainment as well as cheap office appliances brings yet another node in the rapidly expanding network of IoT that surrounds us today. However, the security implications of these devices are nearly unexplored, despite their prevalence. In this thesis, I will go over the structure and mechanisms of Chromecast, and explore some of the potential exploits and consequences of the device. The thesis contains an overview of the inner workings of Chromecast, goes over the segregation and limited control and fundamental design choices of the Android based OS. It then identifies the objectives of security, four different potential methods of exploit to compromise those objectives on a Chromecast and/or its attached network, including rogue applications, traffic sniffing, evil access points and the most effective one: deauthentication attack. Tests or relevant analysis were carried out for each of these methods, and conclusions were drawn on their effectiveness. There is then a conclusion revolving around the consequences, mitigation and the future implications of security issues on Chromecast and the larger IoT landscape.
ContributorsHuang, Kaiyi (Author) / Zhao, Ziming (Thesis director) / Ahn, Gail-Joon (Committee member) / W. P. Carey School of Business (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-12
Description
In the area of hardware, reverse engineering was traditionally focused on developing clones—duplicated components that performed the same functionality of the original component. While reverse engineering techniques have been applied to software, these techniques have instead focused on understanding high-level software designs to ease the software maintenance burden. This approach works well for traditional applications that contain source code, however, there are circumstances, particularly regarding web applications, where it would be very beneficial to clone a web application and no source code is present, e.g., for security testing of the application or for offline mock testing of a third-party web service. We call this the web application cloning problem.
This thesis presents a possible solution to the problem of web application cloning. Our approach is a novel application of inductive programming, which we call inductive reverse engineering. The goal of inductive reverse engineering is to automatically reverse engineer an abstraction of the web application’s code in a completely black-box manner. We build this approach using recent advances in inductive programming, and we solve several technical challenges to scale the inductive programming techniques to realistic-sized web applications. We target the initial version of our inductive reverse engineering tool to a subset of web applications, i.e., those that do not store state and those that do not have loops. We introduce an evaluation methodology for web application cloning techniques and evaluate our approach on several real-world web applications. The results indicate that inductive reverse engineering can effectively reverse engineer specific types of web applications. In the future, we hope to extend the power of inductive reverse engineering to web applications with state and to learn loops, while still maintaining tractability.
This thesis presents a possible solution to the problem of web application cloning. Our approach is a novel application of inductive programming, which we call inductive reverse engineering. The goal of inductive reverse engineering is to automatically reverse engineer an abstraction of the web application’s code in a completely black-box manner. We build this approach using recent advances in inductive programming, and we solve several technical challenges to scale the inductive programming techniques to realistic-sized web applications. We target the initial version of our inductive reverse engineering tool to a subset of web applications, i.e., those that do not store state and those that do not have loops. We introduce an evaluation methodology for web application cloning techniques and evaluate our approach on several real-world web applications. The results indicate that inductive reverse engineering can effectively reverse engineer specific types of web applications. In the future, we hope to extend the power of inductive reverse engineering to web applications with state and to learn loops, while still maintaining tractability.
ContributorsLiao, Kevin (Author) / Doupe, Adam (Thesis director) / Ahn, Gail-Joon (Committee member) / Zhao, Ziming (Committee member) / Computer Science and Engineering Program (Contributor, Contributor) / W. P. Carey School of Business (Contributor) / Barrett, The Honors College (Contributor)
Created2017-05
Description
Smart cars are defined by the European Union Agency for Network and Information Security (ENISA) as systems providing connected, added-value features in order to enhance car users' experience or improve car safety. Because of their extra features, smart cars utilize sophisticated computer systems. These systems, particularly the Controller Area Network (CAN) bus and protocol, have been shown to provide information that can be used to accurately identify individual Electronic Control Units (ECUs) within a car and the driver that is operating a car. I expand upon this work to consider how information from in-vehicle computer systems can be used to identify individual vehicles. I consider fingerprinting vehicles as a means of aiding in stolen car recovery, thwarting VIN forgery, and supporting an intrusion detection system for networks of smart and autonomous vehicles in the near future. I provide an overview of in-vehicle computer systems and detail my work toward building an ECU testbed and fingerprinting vehicles.
ContributorsDavison, Paulina (Author) / Zhao, Ziming (Thesis director) / Ahn, Gail-Joon (Committee member) / Shoshitaishvili, Yan (Committee member) / Doupe, Adam (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2018-05