While online social networking sites have brought convenience and diversity in people’s social lives, they have also been the source for information leakage. Researchers have been looking for ways to balance user privacy protection and information disclosure. However, literature suggested that many users either failed to perceive privacy risks correctly or they failed to behave in accordance with privacy awareness even they have already perceived potential risks.  This thesis conducted a survey to measure social network users’ privacy attitude, privacy perception and their actual behavior when using social networking sites. The survey targeted at three populations of different cultural contexts: U.S. college students, Chinese students in the U.S. and Chinese students in China. It also targeted at 6 populate sites – Facebook, Twitter. WhatsApp, RenRen, Weibo and WeChat. Based on the survey results, this thesis conducted a cross-cultural and cross-site study to explore the relationships of social network users’ privacy attitudes, privacy perceptions and various user behaviors. It also studied whether cultural contexts and the differences of sites had an impact on privacy attitude, perception and behavior.

The American Engineers’ Council for Professional Development, the precursor institution of the Accreditation Board for Engineering and Technology (ABET), defined engineering as the “creative application of scientific principles to design or develop structures, machines, apparatus, or manufacturing processes, or works utilizing them singly or in combination; or to construct or operate the same with full cognizance of their design; or to forecast their behavior under specific operating conditions; all as respects an intended function, economics of operation or safety to life and property.”1 In light of this definition, engineers must have a working familiarity beyond the scope of their technical work. They must be able to identify and understand the social environments and its interactions in order to develop solutions to global engineering challenges. Chapter 3 endeavors to provide a necessary social and global framework for the more detailed examination of specific energy topics undertaken in later chapters. The chapter describes systems within the social environment; introduces theories, concepts, and ideas to help students understand the social context and engineering’s place within it; and addresses the necessity for social engagement among engineers. The chapter also provides two energy themed case studies as examples of how the social environment affects engineering practice. Case Study 1 is designed to complement chapters 4 and 7 and Case Study 2 is designed to demonstrate how political, social, and economic forces may emerge in the energy sector.

There is an increased need to teach public policy issues in the engineering curriculum. The purpose of this paper is to present an example of a way in which a policy discussion can be integrated into an engineering classroom. The paper will discuss a case study approach envisioned as a module. The module outlined in this paper considers four major social goals (i.e., equity, efficiency, security and liberty) prevalent in the policy world and the implications of their pursuit on energy policy. The interplay of the social goals and energy policy is illustrated using the career of Samuel Insull who was a founding member of General Electric and who is credited with creating integrated power grids in the United States. The module is intended to help engineering students understand the policy context of this major technical achievement in the energy sector and its implications for the current and future energy industry. This particular module uses a case study to achieve this goal. The paper discusses the process of creating and teaching this kind of topic. Specifically, the authors will use this module as an example to discuss choosing a topic, providing a framework for your students, choosing the appropriate scope, and selecting an appropriate case study to illustrate the topic and service the outcomes. Additionally, the authors will discuss more specific concerns such as responding to your students and how to connect the case study to current events. In order to provide a clear example, the authors go into great detail about the topic covered and the case study used in this module. This has the additional benefit of providing instructors interested in social goals and energy with content they can use in their own classrooms.

Policy education has been deemed an important component in engineering and technology education. Several approaches can be taken to ensure that engineering students receive some education in policy. These approaches may range from a brief introduction to a comprehensive program integrating engineering and public policy; the goal of all these curricular interventions being to introduce the concept of public policy and promote an understanding of how policy and engineering are interrelated. This paper outlines various methods that may be employed to integrate policy into engineering and technology curricula. This paper takes a case study approach, describing some of the options and discussing the advantages and disadvantages of the various options. These case studies include modules, courses, a certificate program and a study abroad experience.

The purpose of this paper was to extend the work of Chong, Depew, Ngambeki, and Dark “Teaching social topics in engineering: The case of energy policy and social goals,” that discussed a process to create, integrate, and teach public policy topics in an engineering and technology curriculum. The aim of this paper was to explore a perspective by introducing public policy using a case study approach to undergraduate engineering technology students in the engineering economics course in the College of Technology at Purdue University. The course was an introduction to the time value of money and how it relates to capital investments, equipment replacement, production cost, and various engineering technology alternatives. The substantive contribution of this paper will address the following questions: 1) did the students understand and identify the policy context, 2) how effective was the use of case studies to introduce the students to policy, and 3) areas of improvement to enhance efficacy of the case studies to introduce students to policy?

The proliferation of cloud computing resources in recent years offers a way for mobile devices with limited resources to achieve computationally intensive tasks in real-time. The mobile-cloud computing paradigm, which involves collaboration of mobile and cloud resources in such tasks, is expected to become increasingly popular in mobile application development. While mobile-cloud computing is promising to overcome the computational limitations of mobile devices, the lack of frameworks compatible with standard technologies makes it harder to adopt dynamic mobile- cloud computing at large. In this dissertation, we present a dynamic code offloading framework for mobile-cloud computing, based on autonomous agents. Our approach does not impose any requirements on the cloud platform other than providing isolated execution containers, and it alleviates the management burden of offloaded code by the mobile platform using autonomous agent-based application partitions. We also investigate the effects of different runtime environment conditions on the performance of mobile-cloud computing, and present a simple and low-overhead dynamic makespan estimation model for computation offloaded to the cloud that can be integrated into mobile agents to enhance them with self-performance evaluation capability. Offloading mobile computation to the cloud entails security risks associated with handing sensitive data and code over to an untrusted platform. Security frameworks for mobile-cloud computing are not very numerous and most of them focus only on privacy, and ignore the very important aspect of integrity. Perfect security is hard to achieve in real-time mobile-cloud computing due to the extra computational overhead introduced by complex security mechanisms. In this dissertation, we propose a dynamic tamper-resistance approach for protecting mobile computation offloaded to the cloud, by augmenting mobile agents with self-protection capability. The tamper- resistance framework achieves very low execution time overhead and is capable of detecting both load-time and runtime modications to agent code. Lastly, we propose novel applications of mobile-cloud computing for helping context- aware navigation by visually-impaired people. Specifically, we present the results of a feasibility study for using real-time mobile-cloud computing for the task of guiding blind users at pedestrian crossings with no accessible pedestrian signal.

Derived from the field of art curation, digital provenance is an unforgeable record of a digital object’s chain of successive custody and sequence of operations performed on the object. It plays an important role in accessing the trustworthiness of the object, verifying its reliability and conducting audit trails of its lineage. Digital provenance forms an immutable directed acyclic graph (DAG) structure. Since history of an object cannot be changed, once a provenance chain has been created it must be protected in order to guarantee its reliability. Provenance can face attacks against the integrity of records and the confidentiality of user information, making security an important trait required for digital provenance. The digital object and its associated provenance can have different security requirements, and this makes the security of provenance different from that of traditional data.

Research on digital provenance has primarily focused on provenance generation, storage and management frameworks in different fields. Security of digital provenance has also gained attention in recent years, particularly as more and more data is migrated in cloud environments which are distributed and are not under the complete control of data owners. However, there still lacks a viable secure digital provenance scheme which can provide comprehensive security for digital provenance, particularly for generic and dynamic ones. In this work, we address two important aspects of secure digital provenance that have not been investigated thoroughly in existing works: 1) capturing the DAG structure of provenance and 2) supporting dynamic information sharing. We propose a scheme that uses signature-based mutual agreements between successive users to clearly delineate the transition of responsibility of the digital object as it is passed along the chain of users. In addition to preserving the properties of confidentiality, immutability and availability for a digital provenance chain, it supports the representation of DAG structures of provenance. Our scheme supports dynamic information sharing scenarios where the sequence of users who have custody of the document is not predetermined. Security analysis and empirical results indicate that our scheme improves the security of the typical secure provenance schemes with comparable performance.

The following paper looks at past cyber attacks on the United States financial industry for analysis on attack patterns by individuals, groups, and nationstates to determine if the industry really is under attack. The paper first defines the terms used, then explains the theory and paradigm of cyber attacks on the U.S. financial industry. Following is a graphical and detailed timeline of known cyber attacks on the U.S. financial industry reaching from 1970 through 2014. Four attack cases are chosen to be researched in summary and four attack cases are chosen to be researched in depth. These cases include: Kalinin & Nasenkov, Mt. Gox, Stock Market Manipulation Scheme, Project Blitzkrieg, Union Dime Savings Bank Embezzlement, National Bank of Chicago Wire Heist, and an attempted Citibank Heist. An analysis then explores attack origination from individuals, groups, and/or nation states as well as type of attacks and any patterns seen. After gathering attacks and creation of a timeline, a taxonomy of attacks is then created from the analysis of attack data. AStrenghts, Weakness, Opportunities, and Threats (S.W.O.T.) analysis is then applied to the case study Heartland Payment Systems.

The vast majority of hosts on the Internet, including mobile clients, are running one of three commodity, general-purpose operating system families. In such operating systems the kernel software executes at the highest processor privilege level. If an adversary is able to hijack the kernel software then by extension he has full control of the system. This control includes the ability to disable protection mechanisms and hide evidence of compromise.

The lack of diversity in commodity, general-purpose operating systems enables attackers to craft a single kernel exploit that has the potential to infect millions of hosts. If enough variants of the vulnerable software exist, then mass exploitation is much more difficult to achieve. We introduce novel kernel diversification techniques to improve kernel security.

This paper identifies, characterizes, maps, and prioritizes cyber-vulnerabilities in the industrial control systems which are used throughout the Water Sector (includes both drinking water and wastewater treatment facilities). This report discusses both technical vulnerabilities and business/operational challenges, with concentration on the technical issues. The priority order is based upon the research team’s review of the “Road Map to Secure Control Systems in the Water Sector,” DHS Control Systems Security Program documents, a CSET-CS2SAT evaluation, and from comments by the project advisory board and individual discussion with water sector personnel.

Cyber-security has been a topic of interest for several decades, and much work has been done in this area. Historically, industrial control systems (ICS) have been an island, both figuratively and literally, as they have utilized closed, proprietary systems air-gapped from the outside world. As these systems are now being incorporated into the corporate Wide Area Network (WAN) and subsequently exposed to the Internet at large, they are now at risk for cyber attack. The educational arena is still considerably lacking in producing new professionals or training existing ones to combat this new threat. As ICS are often in control of critical infrastructure, they are increasingly becoming targets of terroristic cyber attacks. A discussion of the educational deficits and a proposed solution is presented with sample modules and a class evaluation.

Vulnerabilities in the cyber-security of industrial control systems as used in the Dams Sector are identified, analyzed, and prioritized. These vulnerabilities span both organization and technical aspects operational control in the Dams Sector. The research team has completed projects in both the Water and Dams Sectors for the Department of Homeland Security as recent attacks in these and other critical infrastructure have become more prevalent. The analysis is based on expert knowledge by the research team, interviews with field personnel, tours of field locations, and an associated project advisory board.

This paper presents the results from a recent evaluation of the reliability and cyber-security vulnerability of telemedicine/telehealth systems used today in the United States. As this technology becomes more widely used in an effort to reduce costs and better serve remote and isolated populations, these issues will undoubtedly become more pronounced. This paper presents some background information about telemedicine/telehealth systems and an overview of recognized reliability and cyber-security risks. It then discusses a national survey of equipment and software vendors for telemedicine/telehealth, discusses a risk scoring system that was developed as part of the project, and presents overall results and recommendations for future work in this area.

Fingerprint verification is a commonly used modality in biometric identification and as such, Biometric fingerprint verification continues to be incorporated into many facets of world-wide society it is prudent that multiple factors in the image acquisition by accepted as ‘industry standards’ to facilitate and ensure the information security community can seamlessly integrate technologies.

There is also a need for both better understanding how fingerprint recognition system can better match against multiple fingers without creating the potential for greater security holes.

The impetus for this paper is the better understand the how combinations of multiple fingers affect match scores against a common thresh-hold and to determine, if one exists, an optimal number and combination of fingers to match against to create the lost possibility to both false accepts and false rejects.

An attractive approach for securing sensor networks has been behavior-based detection of malicious actions performed through overhearing traffic in the neighborhood. This approach has been applied toward detection of different kinds of network security attacks, building trust relationships, and also for non-security functions such as providing an implicit acknowledgment. However, observations on a wireless channel are known to be imperfect, both due to the intrinsic nature of the channel and contention from other concurrent flows. An open question has been whether any higher level protocol that relies on overhearing can be useful in light of such imperfections. This thesis addresses that question through the design and implementation of an overhearing scheme, called local monitoring, that monitors the communication functionality of neighboring nodes. The answer, derived through experiments on a sensor network testbed, is that neighborhood observation is useful for certain network configurations and parameter settings. The significant settings are node density and threshold for determining a node to be malicious. For specificity, we apply local monitoring to the detection of the highly disruptive wormhole attack. We design customized structures and algorithms for detection of anomalous events that optimize computational, memory, and bandwidth usages. These include a method for discretizing the events observed by a node for the purpose of determining malicious behavior. We also present a novel method for launching the wormhole attack and develop a countermeasure based on local monitoring. Experiments demonstrate the quality of detection measured through latency and rates of correct and false detection. ^