Matching Items (129)
Description
Mobile Augmented Reality (MAR) is a portable, powerful, and suitable technology that integrates 3D virtual content into the physical world in real-time. It has been implemented for multiple intents as it enhances people’s interaction, e.g., shopping, entertainment, gaming, etc. Thus, MAR is expected to grow at a tremendous rate in the upcoming years, as its popularity via mobile devices has increased. But, unfortunately, the applications that implement MAR, hereby referred to as MAR-Apps, bear security issues. Such are imaged in worldwide recorded incidents caused by MAR-Apps, e.g., robberies, authorities requesting banning MAR at specific locations, etc. To further explore these concerns, a case study analyzed several MAR-Apps available in the market to identify the security problems in MAR. As a result of this study, the threats found were classified into three categories. First, Space Invasion implies the intrusive modification through MAR of sensitive spaces, e.g., hospitals, memorials, etc. Then, Space Affectation means the degradation of users’ experience via interaction with undesirable MAR or malicious entities. Finally, MAR-Apps mishandling sensitive data leads to Privacy Leaks. SpaceMediator, a proof-of-concept MAR-App that imitates the well-known and successful MAR-App Pokémon GO, implements the solution approach of a Policy-Governed MAR-App, which assists in preventing the aforementioned mentioned security issues. Furthermore, its feasibility is evaluated through a user study with 40 participants. As a result, uncovering understandability over the security issues as participants recognized and prevented them with success rates as high as 92.50%. Furthermore, there is an enriched interest in Policy-Governed MAR-Apps as 87.50% of participants agreed with restricted MAR-Apps within sensitive spaces, and 82.50% would implement constraints in MAR-Apps. These promising results encourage adopting the Policy-Governed solution approach in future MAR-Apps.
ContributorsClaramunt, Luis Manuel (Author) / Ahn, Gail-Joon (Thesis advisor) / Rubio-Medrano, Carlos E (Committee member) / Baek, Jaejong (Committee member) / Arizona State University (Publisher)
Created2022
Description
An examination of 12 darkweb sites involved in selling hacking services - often referred to as ”Hacking-as-a-Service” (HaaS) sites is performed. Data is gathered and analyzed for 7 months via weekly site crawling and parsing. In this empirical study, after examining over 200 forum threads, common categories of services available on HaaS sites are identified as well as their associated topics of conversation. Some of the most common hacking service categories in the HaaS market include Social Media, Database, and Phone hacking. These types of services are the most commonly advertised; found on over 50\% of all HaaS sites, while services related to Malware and Ransomware are advertised on less than 30\% of these sites. Additionally, an analysis is performed on prices of these services along with their volume of demand and comparisons made between the prices listed in posts seeking services with those sites selling services. It is observed that individuals looking to hire hackers for these services are offering to pay premium prices, on average, 73\% more than what the individual hackers are requesting on their own sites. Overall, this study provides insights into illicit markets for contact based hacking especially with regards to services such as social media hacking, email breaches, and website defacement.
ContributorsVincent, Brian W (Author) / Shakarian, Paulo (Thesis advisor) / Candan, Selcuk (Committee member) / Ahn, Gail-Joon (Committee member) / Arizona State University (Publisher)
Created2018
Description
Network Management is a critical process for an enterprise to configure and monitor the network devices using cost effective methods. It is imperative for it to be robust and free from adversarial or accidental security flaws. With the advent of cloud computing and increasing demands for centralized network control, conventional management protocols like Simple Network Management Protocol (SNMP) appear inadequate and newer techniques like Network Management Datastore Architecture (NMDA) design and Network Configuration (NETCONF) have been invented. However, unlike SNMP which underwent improvements concentrating on security, the new data management and storage techniques have not been scrutinized for the inherent security flaws.
In this thesis, I identify several vulnerabilities in the widely used critical infrastructures which leverage the NMDA design. Software Defined Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. I base my research on the security challenges put forth by the existing datastore’s design as implemented by the SDN controllers. The vulnerabilities identified in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using the threat detection methodology, I demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and confidentiality of the network. I finally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.
In this thesis, I identify several vulnerabilities in the widely used critical infrastructures which leverage the NMDA design. Software Defined Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. I base my research on the security challenges put forth by the existing datastore’s design as implemented by the SDN controllers. The vulnerabilities identified in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using the threat detection methodology, I demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and confidentiality of the network. I finally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.
ContributorsDixit, Vaibhav Hemant (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Thesis advisor) / Shoshitaishvili, Yan (Committee member) / Zhao, Ziming (Committee member) / Arizona State University (Publisher)
Created2018
Description
Compartmentalizing access to content, be it websites accessed in a browser or documents and applications accessed outside the browser, is an established method for protecting information integrity [12, 19, 21, 60]. Compartmentalization solutions change the user experience, introduce performance overhead and provide varying degrees of security. Striking a balance between usability and security is not an easy task. If the usability aspects are neglected or sacrificed in favor of more security, the resulting solution would have a hard time being adopted by end-users. The usability is affected by factors including (1) the generality of the solution in supporting various applications, (2) the type of changes required, (3) the performance overhead introduced by the solution, and (4) how much the user experience is preserved. The security is affected by factors including (1) the attack surface of the compartmentalization mechanism, and (2) the security decisions offloaded to the user. This dissertation evaluates existing solutions based on the above factors and presents two novel compartmentalization solutions that are arguably more practical than their existing counterparts.
The first solution, called FlexICon, is an attractive alternative in the design space of compartmentalization solutions on the desktop. FlexICon allows for the creation of a large number of containers with small memory footprint and low disk overhead. This is achieved by using lightweight virtualization based on Linux namespaces. FlexICon uses two mechanisms to reduce user mistakes: 1) a trusted file dialog for selecting files for opening and launching it in the appropriate containers, and 2) a secure URL redirection mechanism that detects the user’s intent and opens the URL in the proper container. FlexICon also provides a language to specify the access constraints that should be enforced by various containers.
The second solution called Auto-FBI, deals with web-based attacks by creating multiple instances of the browser and providing mechanisms for switching between the browser instances. The prototype implementation for Firefox and Chrome uses system call interposition to control the browser’s network access. Auto-FBI can be ported to other platforms easily due to simple design and the ubiquity of system call interposition methods on all major desktop platforms.
The first solution, called FlexICon, is an attractive alternative in the design space of compartmentalization solutions on the desktop. FlexICon allows for the creation of a large number of containers with small memory footprint and low disk overhead. This is achieved by using lightweight virtualization based on Linux namespaces. FlexICon uses two mechanisms to reduce user mistakes: 1) a trusted file dialog for selecting files for opening and launching it in the appropriate containers, and 2) a secure URL redirection mechanism that detects the user’s intent and opens the URL in the proper container. FlexICon also provides a language to specify the access constraints that should be enforced by various containers.
The second solution called Auto-FBI, deals with web-based attacks by creating multiple instances of the browser and providing mechanisms for switching between the browser instances. The prototype implementation for Firefox and Chrome uses system call interposition to control the browser’s network access. Auto-FBI can be ported to other platforms easily due to simple design and the ubiquity of system call interposition methods on all major desktop platforms.
ContributorsZohrevandi, Mohsen (Author) / Bazzi, Rida A (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Doupe, Adam (Committee member) / Zhao, Ming (Committee member) / Arizona State University (Publisher)
Created2018
Description
Cyber-systems and networks are the target of different types of cyber-threats and attacks, which are becoming more common, sophisticated, and damaging. Those attacks can vary in the way they are performed. However, there are similar strategies
and tactics often used because they are time-proven to be effective. The motivations behind cyber-attacks play an important role in designating how attackers plan and proceed to achieve their goals. Generally, there are three categories of motivation
are: political, economical, and socio-cultural motivations. These indicate that to defend against possible attacks in an enterprise environment, it is necessary to consider what makes such an enterprise environment a target. That said, we can understand
what threats to consider and how to deploy the right defense system. In other words, detecting an attack depends on the defenders having a clear understanding of why they become targets and what possible attacks they should expect. For instance,
attackers may preform Denial of Service (DoS), or even worse Distributed Denial of Service (DDoS), with intention to cause damage to targeted organizations and prevent legitimate users from accessing their services. However, in some cases, attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect data rather than causing damages.
Nowadays, not only the variety of attack types and the way they are launched are important. However, advancement in technology is another factor to consider. Over the last decades, we have experienced various new technologies. Obviously, in the beginning, new technologies will have their own limitations before they stand out. There are a number of related technical areas whose understanding is still less than satisfactory, and in which long-term research is needed. On the other hand, these new technologies can boost the advancement of deploying security solutions and countermeasures when they are carefully adapted. That said, Software Defined Networking i(SDN), its related security threats and solutions, and its adaption in enterprise environments bring us new chances to enhance our security solutions. To reach the optimal level of deploying SDN technology in enterprise environments, it is important to consider re-evaluating current deployed security solutions in traditional networks before deploying them to SDN-based infrastructures. Although DDoS attacks are a bit sinister, there are other types of cyber-threats that are very harmful, sophisticated, and intelligent. Thus, current security defense solutions to detect DDoS cannot detect them. These kinds of attacks are complex, persistent, and stealthy, also referred to Advanced Persistent Threats (APTs) which often leverage the bot control and remotely access valuable information. APT uses multiple stages to break into a network. APT is a sort of unseen, continuous and long-term penetrative network and attackers can bypass the existing security detection systems. It can modify and steal the sensitive data as well as specifically cause physical damage the target system. In this dissertation, two cyber-attack motivations are considered: sabotage, where the motive is the destruction; and information theft, where attackers aim to acquire invaluable information (customer info, business information, etc). I deal with two types of attacks (DDoS attacks and APT attacks) where DDoS attacks are classified under sabotage motivation category, and the APT attacks are classified under information theft motivation category. To detect and mitigate each of these attacks, I utilize the ease of programmability in SDN and its great platform for implementation, dynamic topology changes, decentralized network management, and ease of deploying security countermeasures.
and tactics often used because they are time-proven to be effective. The motivations behind cyber-attacks play an important role in designating how attackers plan and proceed to achieve their goals. Generally, there are three categories of motivation
are: political, economical, and socio-cultural motivations. These indicate that to defend against possible attacks in an enterprise environment, it is necessary to consider what makes such an enterprise environment a target. That said, we can understand
what threats to consider and how to deploy the right defense system. In other words, detecting an attack depends on the defenders having a clear understanding of why they become targets and what possible attacks they should expect. For instance,
attackers may preform Denial of Service (DoS), or even worse Distributed Denial of Service (DDoS), with intention to cause damage to targeted organizations and prevent legitimate users from accessing their services. However, in some cases, attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect data rather than causing damages.
Nowadays, not only the variety of attack types and the way they are launched are important. However, advancement in technology is another factor to consider. Over the last decades, we have experienced various new technologies. Obviously, in the beginning, new technologies will have their own limitations before they stand out. There are a number of related technical areas whose understanding is still less than satisfactory, and in which long-term research is needed. On the other hand, these new technologies can boost the advancement of deploying security solutions and countermeasures when they are carefully adapted. That said, Software Defined Networking i(SDN), its related security threats and solutions, and its adaption in enterprise environments bring us new chances to enhance our security solutions. To reach the optimal level of deploying SDN technology in enterprise environments, it is important to consider re-evaluating current deployed security solutions in traditional networks before deploying them to SDN-based infrastructures. Although DDoS attacks are a bit sinister, there are other types of cyber-threats that are very harmful, sophisticated, and intelligent. Thus, current security defense solutions to detect DDoS cannot detect them. These kinds of attacks are complex, persistent, and stealthy, also referred to Advanced Persistent Threats (APTs) which often leverage the bot control and remotely access valuable information. APT uses multiple stages to break into a network. APT is a sort of unseen, continuous and long-term penetrative network and attackers can bypass the existing security detection systems. It can modify and steal the sensitive data as well as specifically cause physical damage the target system. In this dissertation, two cyber-attack motivations are considered: sabotage, where the motive is the destruction; and information theft, where attackers aim to acquire invaluable information (customer info, business information, etc). I deal with two types of attacks (DDoS attacks and APT attacks) where DDoS attacks are classified under sabotage motivation category, and the APT attacks are classified under information theft motivation category. To detect and mitigate each of these attacks, I utilize the ease of programmability in SDN and its great platform for implementation, dynamic topology changes, decentralized network management, and ease of deploying security countermeasures.
ContributorsAlshamrani, Adel (Author) / Huang, Dijiang (Thesis advisor) / Doupe, Adam (Committee member) / Ahn, Gail-Joon (Committee member) / Davulcu, Hasan (Committee member) / Arizona State University (Publisher)
Created2018
Description随着社会经济发展,人们生活水平提高,红木市场不断发展壮大。但红木市场中存在
原材料无法认证、加工工艺无法辨别、产品价格混乱的现象,成为我国红木市场三大痛
点。能否解决红木市场这三大痛点,成为未来红木行业能否健康顺利发展的关键因素。
针对红木行业存在的问题,本文应用市场交易效率理论、信息不对称理论、金融市场
微观结构理论对红木市场做理论梳理,通过实地调研获取红木企业发展现状、厘清传统红
木交易流程和各交易环节中存在的问题,尝试在信息不对称理论的框架下对行业和典型企
业进行分析,将红木市场的交易要素进行序列梳理,重构市场组织和流程再造,创造性地
利用现代的互联网技术,把涉及的非标准的市场要素进行标准化设计,使其成为可交易的
标准化标的产品,并在设计可操作性的红木交易平台上进行交易,从而解决现有红木市场
中信息不对称导致的市场交易效率低下问题。本文一共分为十一章,第一到第五章为绪论、理论研究和研究综述。主要根据市场交
易效率理论、信息不对称理论和金融市场微观结构理论,引出建立红木交易市场,从而为
后续红木交易市场的设计奠定理论基础。第五章,对红木产业及其市场的要素进行信息解
析,为后面的非标准的市场要素进行标准化设计提供依据。第六、第七章,主要对红木交
易市场的信息不对称现状、红木交易市场交易效率进行分析。第八、第九章,主要基于信
息对称条件下的交易要素标准化设计和交易架构设计。第十章,主要通过对实际数据抓
取,对红木交易平台的有效性进行实证对比验证。第十一章是本文的结论和建议。
由于红木交易平台的设计是弥补大宗交易的空白,特别是红木交易市场要素的非标
准化,给标准化交易架构的设计带来一定难度。红木交易平台未来运营与发展中可能会遇
到很多风险,特别是投资者资格认证、交易涉众等社会问题,本文限于篇幅没有进行研
究,留待今后实践中不断总结和修正。
原材料无法认证、加工工艺无法辨别、产品价格混乱的现象,成为我国红木市场三大痛
点。能否解决红木市场这三大痛点,成为未来红木行业能否健康顺利发展的关键因素。
针对红木行业存在的问题,本文应用市场交易效率理论、信息不对称理论、金融市场
微观结构理论对红木市场做理论梳理,通过实地调研获取红木企业发展现状、厘清传统红
木交易流程和各交易环节中存在的问题,尝试在信息不对称理论的框架下对行业和典型企
业进行分析,将红木市场的交易要素进行序列梳理,重构市场组织和流程再造,创造性地
利用现代的互联网技术,把涉及的非标准的市场要素进行标准化设计,使其成为可交易的
标准化标的产品,并在设计可操作性的红木交易平台上进行交易,从而解决现有红木市场
中信息不对称导致的市场交易效率低下问题。本文一共分为十一章,第一到第五章为绪论、理论研究和研究综述。主要根据市场交
易效率理论、信息不对称理论和金融市场微观结构理论,引出建立红木交易市场,从而为
后续红木交易市场的设计奠定理论基础。第五章,对红木产业及其市场的要素进行信息解
析,为后面的非标准的市场要素进行标准化设计提供依据。第六、第七章,主要对红木交
易市场的信息不对称现状、红木交易市场交易效率进行分析。第八、第九章,主要基于信
息对称条件下的交易要素标准化设计和交易架构设计。第十章,主要通过对实际数据抓
取,对红木交易平台的有效性进行实证对比验证。第十一章是本文的结论和建议。
由于红木交易平台的设计是弥补大宗交易的空白,特别是红木交易市场要素的非标
准化,给标准化交易架构的设计带来一定难度。红木交易平台未来运营与发展中可能会遇
到很多风险,特别是投资者资格认证、交易涉众等社会问题,本文限于篇幅没有进行研
究,留待今后实践中不断总结和修正。
ContributorsChiu, Yung (Author) / Pei, Ker-Wei (Thesis advisor) / Qian, Jun (Thesis advisor) / Wu, Fei (Committee member) / Arizona State University (Publisher)
Created2018
Description
Reasoning about the activities of cyber threat actors is critical to defend against cyber
attacks. However, this task is difficult for a variety of reasons. In simple terms, it is difficult
to determine who the attacker is, what the desired goals are of the attacker, and how they will
carry out their attacks. These three questions essentially entail understanding the attacker’s
use of deception, the capabilities available, and the intent of launching the attack. These
three issues are highly inter-related. If an adversary can hide their intent, they can better
deceive a defender. If an adversary’s capabilities are not well understood, then determining
what their goals are becomes difficult as the defender is uncertain if they have the necessary
tools to accomplish them. However, the understanding of these aspects are also mutually
supportive. If we have a clear picture of capabilities, intent can better be deciphered. If we
understand intent and capabilities, a defender may be able to see through deception schemes.
In this dissertation, I present three pieces of work to tackle these questions to obtain
a better understanding of cyber threats. First, we introduce a new reasoning framework
to address deception. We evaluate the framework by building a dataset from DEFCON
capture-the-flag exercise to identify the person or group responsible for a cyber attack.
We demonstrate that the framework not only handles cases of deception but also provides
transparent decision making in identifying the threat actor. The second task uses a cognitive
learning model to determine the intent – goals of the threat actor on the target system.
The third task looks at understanding the capabilities of threat actors to target systems by
identifying at-risk systems from hacker discussions on darkweb websites. To achieve this
task we gather discussions from more than 300 darkweb websites relating to malicious
hacking.
attacks. However, this task is difficult for a variety of reasons. In simple terms, it is difficult
to determine who the attacker is, what the desired goals are of the attacker, and how they will
carry out their attacks. These three questions essentially entail understanding the attacker’s
use of deception, the capabilities available, and the intent of launching the attack. These
three issues are highly inter-related. If an adversary can hide their intent, they can better
deceive a defender. If an adversary’s capabilities are not well understood, then determining
what their goals are becomes difficult as the defender is uncertain if they have the necessary
tools to accomplish them. However, the understanding of these aspects are also mutually
supportive. If we have a clear picture of capabilities, intent can better be deciphered. If we
understand intent and capabilities, a defender may be able to see through deception schemes.
In this dissertation, I present three pieces of work to tackle these questions to obtain
a better understanding of cyber threats. First, we introduce a new reasoning framework
to address deception. We evaluate the framework by building a dataset from DEFCON
capture-the-flag exercise to identify the person or group responsible for a cyber attack.
We demonstrate that the framework not only handles cases of deception but also provides
transparent decision making in identifying the threat actor. The second task uses a cognitive
learning model to determine the intent – goals of the threat actor on the target system.
The third task looks at understanding the capabilities of threat actors to target systems by
identifying at-risk systems from hacker discussions on darkweb websites. To achieve this
task we gather discussions from more than 300 darkweb websites relating to malicious
hacking.
ContributorsNunes, Eric (Author) / Shakarian, Paulo (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Baral, Chitta (Committee member) / Cooke, Nancy J. (Committee member) / Arizona State University (Publisher)
Created2018
Description
Health is among the most basic needs of the people and driving force of social and economic development. The health nutrition & wellness industry is gradually becoming a global sunrise industry . However, the industry is faced many problems and challenges including weaknesses in the industry structure, fragmentations of supply chain, low
efficiency in resources allocation, and lacking in quality on personnel training. To achieve core competitiveness and value creation, it is important that the health nutrition & wellness industry must meet the needs of Chinese market and its customers with a customer centric perspective to design a firm’s organization strucrture and management processes. This thesis is based on an analysis of the competitive landscape faced by the nutrition & wellness industry as exemplified by By-Health.Ltd. The investigation begins with an analysis and synthsis of the common industry practices on sales & distribution channels for their underlying similarities and differences in product strategies, branding strategies, and agency models on incentive design and profit sharing mechanisms. Through an empirical survey, this thesis also investigate customer’s demand for nutritious and healthy products. The results through factor analysis reveal that such demands are driven by individual factor, product factor, enterprise factor and environmental factor. The study concludes with a proposed framework to link customer value through three innovative designs in sales and distribution: community marketing model, sharing marketing model and Internet factory marketing model.
efficiency in resources allocation, and lacking in quality on personnel training. To achieve core competitiveness and value creation, it is important that the health nutrition & wellness industry must meet the needs of Chinese market and its customers with a customer centric perspective to design a firm’s organization strucrture and management processes. This thesis is based on an analysis of the competitive landscape faced by the nutrition & wellness industry as exemplified by By-Health.Ltd. The investigation begins with an analysis and synthsis of the common industry practices on sales & distribution channels for their underlying similarities and differences in product strategies, branding strategies, and agency models on incentive design and profit sharing mechanisms. Through an empirical survey, this thesis also investigate customer’s demand for nutritious and healthy products. The results through factor analysis reveal that such demands are driven by individual factor, product factor, enterprise factor and environmental factor. The study concludes with a proposed framework to link customer value through three innovative designs in sales and distribution: community marketing model, sharing marketing model and Internet factory marketing model.
ContributorsGong, Binghui (Author) / Pei, Ker-Wei (Thesis advisor) / Cui, Haitao (Thesis advisor) / Gu, Bin (Committee member) / Arizona State University (Publisher)
Created2018
Description
This dissertation studies three classes of combinatorial arrays with practical applications in testing, measurement, and security. Covering arrays are widely studied in software and hardware testing to indicate the presence of faulty interactions. Locating arrays extend covering arrays to achieve identification of the interactions causing a fault by requiring additional conditions on how interactions are covered in rows. This dissertation introduces a new class, the anonymizing arrays, to guarantee a degree of anonymity by bounding the probability a particular row is identified by the interaction presented. Similarities among these arrays lead to common algorithmic techniques for their construction which this dissertation explores. Differences arising from their application domains lead to the unique features of each class, requiring tailoring the techniques to the specifics of each problem.
One contribution of this work is a conditional expectation algorithm to build covering arrays via an intermediate combinatorial object. Conditional expectation efficiently finds intermediate-sized arrays that are particularly useful as ingredients for additional recursive algorithms. A cut-and-paste method creates large arrays from small ingredients. Performing transformations on the copies makes further improvements by reducing redundancy in the composed arrays and leads to fewer rows.
This work contains the first algorithm for constructing locating arrays for general values of $d$ and $t$. A randomized computational search algorithmic framework verifies if a candidate array is $(\bar{d},t)$-locating by partitioning the search space and performs random resampling if a candidate fails. Algorithmic parameters determine which columns to resample and when to add additional rows to the candidate array. Additionally, analysis is conducted on the performance of the algorithmic parameters to provide guidance on how to tune parameters to prioritize speed, accuracy, or a combination of both.
This work proposes anonymizing arrays as a class related to covering arrays with a higher coverage requirement and constraints. The algorithms for covering and locating arrays are tailored to anonymizing array construction. An additional property, homogeneity, is introduced to meet the needs of attribute-based authorization. Two metrics, local and global homogeneity, are designed to compare anonymizing arrays with the same parameters. Finally, a post-optimization approach reduces the homogeneity of an anonymizing array.
One contribution of this work is a conditional expectation algorithm to build covering arrays via an intermediate combinatorial object. Conditional expectation efficiently finds intermediate-sized arrays that are particularly useful as ingredients for additional recursive algorithms. A cut-and-paste method creates large arrays from small ingredients. Performing transformations on the copies makes further improvements by reducing redundancy in the composed arrays and leads to fewer rows.
This work contains the first algorithm for constructing locating arrays for general values of $d$ and $t$. A randomized computational search algorithmic framework verifies if a candidate array is $(\bar{d},t)$-locating by partitioning the search space and performs random resampling if a candidate fails. Algorithmic parameters determine which columns to resample and when to add additional rows to the candidate array. Additionally, analysis is conducted on the performance of the algorithmic parameters to provide guidance on how to tune parameters to prioritize speed, accuracy, or a combination of both.
This work proposes anonymizing arrays as a class related to covering arrays with a higher coverage requirement and constraints. The algorithms for covering and locating arrays are tailored to anonymizing array construction. An additional property, homogeneity, is introduced to meet the needs of attribute-based authorization. Two metrics, local and global homogeneity, are designed to compare anonymizing arrays with the same parameters. Finally, a post-optimization approach reduces the homogeneity of an anonymizing array.
ContributorsLanus, Erin (Author) / Colbourn, Charles J (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Montgomery, Douglas C. (Committee member) / Syrotiuk, Violet R. (Committee member) / Arizona State University (Publisher)
Created2019
Description本文选取当前在学界和业界关注度较高的“新三板”企业作为研究对象,从融资效率和融资偏好角度实证了新三板企业当前的运行状况,补充了资本结构和融资效率的研究文献。利用二元选择回归以及分位数回归方法,探究了内部融资、债务融资以及权益融资偏好的影响因素。本文发现:1)对于内部融资,企业资产负债率越低、经营能力越强、盈利能力越好、抵押品越少以及公司成长性高的企业更倾向于使用内部融资,资产负债率对内部融资的负面影响边际增大;2)对于债务融资,资产负债率越低、盈利能力越好、经营能力越强、抵押品越多、公司成长性高的企业更倾向于使用债务融资;3)对于权益融资,盈利能力较差、经营能力较弱的企业更倾向于使用权益融资,而资本结构以及公司成长性对权益融资没有影响。分位数回归也发现,盈利能力、现金状况、总资产周转率、资产流动性、非债务税盾、民营企业以及公司成长性等变量对权益融资的影响较为稳定,提示公司的特征变量对权益融资并没有明显的主导作用。在融资效率上,本文也发现:1)于2012年挂牌新三板的企业整体融资效率不高,DEA融资效率为有效的企业占比仅为10%左右;但融资效率在逐年持续改善,表现出一个较好的发展势头。并且,对于做市转让的企业来说,2014年由协议转让改为做市转让以后,融资相对有效的企业数量增长明显快于协议转让企业,表明采用做市转让的企业融资效率优于采用协议转让的企业。2)市场整体融资规模并未达到挂牌企业的需求,导致一半以上企业尚未达到最优的生产经营状态,仍需要资金来增加生产资料的投入,以扩大生产规模获取规模收益。对于做市转让的企业来说,在2014年由协议转让改为做市转让以后,规模报酬递增的企业数量占比下降更快,表明做市转让制度要比协议转让制度从融资效率角度更能满足新三板企业的融资需求。
ContributorsWu, Jintao (Author) / Pei, Ker-Wei (Thesis advisor) / Li, Feng (Thesis advisor) / Wang, Tan (Committee member) / Arizona State University (Publisher)
Created2019