Matching Items (30)
Description
Cyber-weapons and the rapid progression of utilizing cyberspace in conflict poses several risks to states and their ability to maintain control of their respective technological infrastructures. Susceptibility to these weapons extend to virtually all existing nations, and indicates a critical need for transnational organizations and their members to establish collective strategies for governing cyber-arms. In this paper, the United Nations, as a prime example of an influential transnational organization, is utilized as a case study for a framework that seeks to define and establish guidelines for arms control policy as it relates to cyber-weapons. Presented is a strategy that seeks to define cyber-warfare and cyber-weapons, distinguish it from other existing forms of weapons and warfare, and outline recommended actions for the United Nations and its affiliates, including the United Nations Office for Disarmament Affairs and United Nations Security Council.
ContributorsSidhu, Arman Singh (Author) / Berliner, Daniel (Thesis director) / Santanam, Raghu (Committee member) / Barrett, The Honors College (Contributor) / School of Politics and Global Studies (Contributor) / Department of Information Systems (Contributor)
Created2015-12
Description
Security requirements are at the heart of developing secure, invulnerable software. Without embedding security principles in the software development life cycle, the likelihood of producing insecure software increases, putting the consumers of that software at great risk. For large-scale software development, this problem is complicated as there may be hundreds or thousands of security requirements that need to be met, and it only worsens if the software development project is developed by a distributed development team. In this thesis, an approach is provided for software security requirement traceability for large-scale and complex software development projects being developed by distributed development teams. The approach utilizes blockchain technology to improve the automation of security requirement satisfaction and create a more transparent and trustworthy development environment for distributed development teams. The approach also introduces immutability, auditability, and non-repudiation into the security requirement traceability process. The approach is evaluated against existing software security requirement solutions.
ContributorsKulkarni, Adi Deepak (Author) / Yau, Stephen S. (Thesis advisor) / Banerjee, Ayan (Committee member) / Wang, Ruoyu (Committee member) / Baek, Jaejong (Committee member) / Arizona State University (Publisher)
Created2022
Description
Large organizations have multiple networks that are subject to attacks, which can be detected by continuous monitoring and analyzing the network traffic by Intrusion Detection Systems. Collaborative Intrusion Detection Systems (CIDS) are used for efficient detection of distributed attacks by having a global view of the traffic events in large networks. However, CIDS are vulnerable to internal attacks, and these internal attacks decrease the mutual trust among the nodes in CIDS required for sharing of critical and sensitive alert data in CIDS. Without the data sharing, the nodes of CIDS cannot collaborate efficiently to form a comprehensive view of events in the networks monitored to detect distributed attacks. The compromised nodes will further decrease the accuracy of CIDS by generating false positives and false negatives of the traffic event classifications. In this thesis, an approach based on a trust score system is presented to detect and suspend the compromised nodes in CIDS to improve the trust among the nodes for efficient collaboration. This trust score-based approach is implemented as a consensus model on a private blockchain because private blockchain has the features to address the accountability, integrity and privacy requirements of CIDS. In this approach, the trust scores of malicious nodes are decreased with every reported false negative or false positive of the traffic event classifications. When the trust scores of any node falls below a threshold, the node is identified as compromised and suspended. The approach is evaluated for the accuracy of identifying malicious nodes in CIDS.
ContributorsYenugunti, Chandralekha (Author) / Yau, Stephen S. (Thesis advisor) / Yang, Yezhou (Committee member) / Zou, Jia (Committee member) / Arizona State University (Publisher)
Created2020
Description
The coordination of developing various complex and large-scale projects using computers has been well established and is the so-called computer-supported cooperative work (CSCW). Collaborative software development consists of a group of teams working together to achieve a common goal for developing a high-quality, complex, and large-scale software system efficiently, and it requires common processes and communication channels among these teams. The common processes for coordination among software development teams can be handled by similar principles in CSCW. The development of complex and large-scale software becomes complicated due to the involvement of many software development teams. The development of such a software system can be largely improved by effective collaboration among the participating software development teams at both software components and system levels. The efficiency of developing software components depends on trusted coordination among the participating teams for sharing, processing, and managing information on various participating teams, which are often operating in a distributed environment. Participating teams may belong to the same organization or different organizations. Existing approaches to coordination in collaborative software development are based on using a centralized repository to store, process, and retrieve information on participating software development teams during the development. These approaches use a centralized authority, have a single point of failure, and restricted rights to own data and software. In this thesis, the generation of trusted coordination in collaborative software development using blockchain is studied, and an approach to achieving trusted cooperation for collaborative software development using blockchain is presented. The smart contracts are created in the blockchain to encode software specifications and acceptance criteria for the software results generated by participating teams. The blockchain used in the approach is a private blockchain because a private blockchain has the characteristics of providing non-repudiation, privacy, and integrity, which are required in trusted coordination of collaborative software development. This approach is implemented using Hyperledger, an open-source private blockchain. An example to illustrate the approach is also given.
ContributorsPatel, Jinal Sunilkumar (Author) / Yau, Stephen S. (Thesis advisor) / Bansal, Ajay (Committee member) / Zou, Jia (Committee member) / Arizona State University (Publisher)
Created2020
Description
Many researchers have seen the value blockchain can add to the field of voting and many protocols have been proposed to allow voting to be conducted in a way that takes advantage of blockchains distributed and immutable structure. While blockchains immutable structure can take the place of paper records in preventing tampering it by itself is insufficient to construct a trustworthy voting system with eligibility, privacy, verifiability, and fairness requirements. Many of the protocols which strive to keep voters votes confidential, but also allow for verifiability and eligibility requirements rely on either a blind signature provided by a central authority to provide compliance with these requirements or ring signatures to prove membership in the set of voters. A blind signature issued by a central authority introduces a potential vulnerability as it allows a corrupt central authority to pass a large number of forged ballots into the mix without any detection. Ring signatures on the other hand tend to be overly resource intensive to allow for practical usage in large voting sets. The research in this thesis focuses on improving the trustworthiness of electronic voting systems by providing possible ways of avoiding or detecting corrupt central authorities while still relying upon the benefits of efficiency the blind signature provides.
ContributorsAnderson, Brandon David (Author) / Yau, Stephen S. (Thesis advisor) / Dasgupta, Partha (Committee member) / Marchant, Gary (Committee member) / Arizona State University (Publisher)
Created2020
Description
Various activities move online in the era of the digital economy. Platform design and policy can heavily affect online user activities and result in many expected and unexpected consequences. In this dissertation, I conduct empirical studies on three types of online platforms to investigate the influence of their platform policy on their user engagement and associated outcomes. Specifically, in Study 1, I focus on goal-directed platforms and study how the introduction of the mobile channel affects users’ goal pursuit engagement and persistence. In Study 2, I focus on social media and online communities. I study the introduction of machine-powered platform regulation and its impacts on volunteer moderators’ engagement. In Study 3, I focus on online political discourse forums and examine the role of identity declaration in user participation and polarization in the subsequent political discourse. Overall, my results highlight how various platform policies shape user behavior. Implications on multi-channel adoption, human-machine collaborative platform governance, and online political polarization research are discussed.
ContributorsHe, Qinglai (Author) / Santanam, Raghu (Thesis advisor) / Hong, Yili (Thesis advisor) / Burtch, Gordon (Committee member) / Arizona State University (Publisher)
Created2021
Description
Emerging trends in cyber system security breaches in critical cloud infrastructures show that attackers have abundant resources (human and computing power), expertise and support of large organizations and possible foreign governments. In order to greatly improve the protection of critical cloud infrastructures, incorporation of human behavior is needed to predict potential security breaches in critical cloud infrastructures. To achieve such prediction, it is envisioned to develop a probabilistic modeling approach with the capability of accurately capturing system-wide causal relationship among the observed operational behaviors in the critical cloud infrastructure and accurately capturing probabilistic human (users’) behaviors on subsystems as the subsystems are directly interacting with humans. In our conceptual approach, the system-wide causal relationship can be captured by the Bayesian network, and the probabilistic human behavior in the subsystems can be captured by the Markov Decision Processes. The interactions between the dynamically changing state graphs of Markov Decision Processes and the dynamic causal relationships in Bayesian network are key components in such probabilistic modelling applications. In this thesis, two techniques are presented for supporting the above vision to prediction of potential security breaches in critical cloud infrastructures. The first technique is for evaluation of the conformance of the Bayesian network with the multiple MDPs. The second technique is to evaluate the dynamically changing Bayesian network structure for conformance with the rules of the Bayesian network using a graph checker algorithm. A case study and its simulation are presented to show how the two techniques support the specific parts in our conceptual approach to predicting system-wide security breaches in critical cloud infrastructures.
ContributorsNagaraja, Vinjith (Author) / Yau, Stephen S. (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Davulcu, Hasan (Committee member) / Arizona State University (Publisher)
Created2015
Description
The evolution of technology, including the proliferation of the Internet of Things (IoT), advanced sensors, intelligent systems, and more, has paved the way for the establishment of smart homes. These homes bring a new era of automation with interconnected devices, offering increased services. However, they also introduce data security and device management challenges. Current smart home technologies are susceptible to security violations, leaving users vulnerable to data compromise, privacy invasions, and physical risks. These systems often fall short in implementing stringent data security safeguards, and the user control process is complex. In this thesis, an approach is presented to improve smart home security by integrating private blockchain technology with situational awareness access control. Using blockchain technology ensures transparency and immutability in data transactions. Transparency from the blockchain enables meticulous tracking of data access, modifications, and policy changes. The immutability of blockchain is utilized to strengthen the integrity of data, deterring, and preventing unauthorized alterations. While the designed solution leverages these specific blockchain features, it consciously does not employ blockchain's decentralization due to the limited computational resources of IoT devices and the focused requirement for centralized management within a smart home context. Additionally, situational awareness facilitates the dynamic adaptation of access policies.
The strategies in this thesis excel beyond existing solutions, providing fine-grained access control, reliable transaction data storage, data ownership, audibility, transparency, access policy, and immutability. This approach is thoroughly evaluated against existing smart home security improvement solutions.
ContributorsLin, Zhicheng (Author) / Yau, Stephen S. (Thesis advisor) / Baek, Jaejong (Committee member) / Ghayekhloo, Samira (Committee member) / Arizona State University (Publisher)
Created2023
Description
Information systems research is replete with examples of the importance of business processes defining IT adoption. Business processes are influenced by both organizational and operational concerns. We evaluate the comparative importance of operational and organizational influences for complementary IT systems. In the context of acute-care hospitals the analysis shows that an organizational approach to automating a process is related to different financial outcomes than an operational approach. Six complementary systems supporting a three-stage medication management process are studied: prescribing, dispensing, and administration. The analysis uses firm-level, panel data extracted from the HIMSS Analytics database spanning ten years of IT adoption for 140 hospitals. We have augmented the HIMSS dataset with matching demographic and financial details from the American Hospital Association and the Centers for Medicare and Medicaid Services. Using event sequence analysis we explore whether organizations are more likely to adopt organization boundary spanning systems and if the sequence of adoption follows the temporal ordering of the business process steps. The research also investigates if there is a relationship between the paths to IT adoption and financial performance. Comparison of the two measures suggests that the organizational model of adoption is observed more often in the data. Following the organizational model of adoption is associated with approximately $155 dollar increase in net income per patient day; whereas the operational model of adoption is associated with approximately $225 dollars decrease in net income per patient day. However, this effect diminishes with the adoption of each additional system thus demonstrating that the adoption path effects may only be relevant in the short-term.
ContributorsSpaulding, Trent J. (Author) / Furukawa, Michael (Author) / Santanam, Raghu (Author) / Vinze, Ajay (Author) / W.P. Carey School of Business (Contributor)
Created2013-09-05
Description
Mobile applications markets with app stores have introduced a new approach to define and sell software applications with access to a large body of heterogeneous consumer population. This research examines key seller- and app-level characteristics that impact success in an app store market. We tracked individual apps and their presence in the top-grossing 300 chart in Apple's App Store and examined how factors at different levels affect the apps' survival in the top 300 chart. We used a generalized hierarchical modeling approach to measure sales performance, and confirmed the results with the use of a hazard model and a count regression model. We find that broadening app offerings across multiple categories is a key determinant that contributes to a higher probability of survival in the top charts. App-level attributes such as free app offers, high initial ranks, investment in less-popular (less-competitive) categories, continuous quality updates, and high-volume and high-user review scores have positive effects on apps' sustainability. In general, each diversification decision across a category results in an approximately 15 percent increase in the presence of an app in the top charts. Survival rates for free apps are up to two times more than that for paid apps. Quality (feature) updates to apps can contribute up to a threefold improvement in survival rate as well. A key implication of the results of this study is that sellers must utilize the natural segmentation in consumer tastes offered by the different categories to improve sales performance.
ContributorsLee, Gun-woong (Author) / Santanam, Raghu (Author) / W.P. Carey School of Business (Contributor)
Created2013-11-30