Attempting to gain a competitive advantage is the nature of most business research. However, Industrial espionage is disallowed and frowned upon. Competitive Intelligence is considered to be a lesser evil of Industrial Espionage. This paper discusses the differences between the two and examines the Competitive Intelligence industry. Within the Competitive Intelligence industry there are guidelines on successful and ethical methods for data gathering. The following is a sample of industry topics and methodology. Keywords: Industrial Espionage, Competitive Intelligence

The purpose of this study is to identify several areas of forensic interest within the Yahoo! Messenger application, which are of forensic significance. This study focuses on new areas of interest within the file structure of Windows Vista and Windows 7. One of the main issues with this topic is that little research has been previously conducted on the new Windows platforms. Previously conducted research indicates the evidence found on older file structures, such as Windows XP, as well as outdated versions of Yahoo! Messenger. Several differences were found within the Yahoo Messenger’s registry keys and directory structure on Windows Vista and Windows 7 as compared to Windows XP.

Security and privacy of complex systems is a concern due to proliferation of cyber based technologies. Several researchers have pointed out that for the proper enforcement of privacy rules in a complex system, the privacy requirements should be captured in access control systems. In this paper, we present a framework for composition and enforcement of context-aware rules for such systems. The focus of this paper is the design of a system to allow a user (not a system or security administrator) to compose conflict free access control policies for his or her on-line assets. An additional requirement in this case is that such a policy be context-aware. We also present a methodology for verifying the privacy rules to ensure correctness and logical consistency. The verification process is also used to ensure that sensitive security requirements are not violated when privacy rules are enforced.

Online Social Networks (OSNs) have become ubiquitous in the past few years, counting hundreds of millions of people as members. In this paper we show that the ease of accessing third party information by engineering OSN features, makes users vulnerable to infiltration attacks. Providing invaluable user context information, such attacks can become dangerous tools in the hands of spammers and phishers. Using a set of primitive attacks, we formalize a new infiltration attack called the 3-Clique attack. We design an automated attack system, iFriendU, to demonstrate the effectiveness of these attacks on more than 10,000 Facebook users. We show that the 3-Clique attack outperforms any existing attack by at least 75% in the number of users it can befriend. We propose a novel OSN security framework, called MORPH-x to defend against infiltration attacks. We show the effectiveness of our solution through extensive simulations on a large Facebook social graph. We prove its practicality by implementing MORPH-x as a web application and demonstrate user interest through a user study. We show that our solution imposes only negligible computing overheads on its users and succeeds in blocking the studied attacks in 93-98% of the cases.

Private searching on streaming data allows a user to collect potentially useful information from huge streaming sources of data without revealing his or her searching criteria. This technique can be used for airports, without knowing a classified “possible terrorists” list, to find if any of hundreds of passenger lists has a name from the “possible terrorists” list and if so his/hers itinerary. Current solutions for private searching on streaming data only support searching for “OR” of keywords or “AND” of two sets of keywords. In this paper, we extend the types of private queries to support searching on streaming data for an “OR” of a set of both single and conjunctive keywords. Our protocol is built on Boneh et al.’s result for the evaluation of 2-DNF formulas on ciphertexts. The size of our encrypted dictionary is O(|D|) only, which is much less than 〖|D|〗^2, the size of the encrypted dictionary if conjunctive keywords (A_i,B_i) (i=1,2,…,k) is treated as single keyword, where we assume A_i,B_i∈D (i=1,2,…,k).

The current study was the first to analyze the relationship among psychological characteristics, personality, and the types of images preferred or collected by self- reported consumers of Internet child pornography. This study had 4 specific aims: (1) to explore the personality differences between self-reported consumers and non-consumers of Internet child pornography, (2) to examine whether the self-reported male and female consumers of Internet child pornography exhibit different personality characteristics and traits from the non-consumers, (3) to assess the types of images preferred by the self- reported consumers of Internet child pornography, and (4) to determine whether or not there was a predictive relationship between the personality characteristics and the types of images preferred by the self-reported child pornography consumers. This study was conducted electronically using an Internet-based survey, which targeted respondents from the United States, United Kingdom, Australia, and Canada. By targeting current permanent residents from these countries, the study ensured the respondents were from countries where the possession, distribution, and production of Internet child pornography was illegal. Results suggested the self-reported child pornography users in xi this sample were more trusting (less suspicious) and compliant (less oppositional) whereas the respondents who did not self-report child pornography use were more suspicious (less trusting) and oppositional (less compliant). Second, the male consumers of child pornography were less likely to make moral decisions based on social values (e.g., societal norms, laws) compared to the female consumers of Internet-child pornography. Third, those individuals who engaged in more Internet child pornography behaviors were more social, unconventional, and followed a different moral compass (i.e., do not make decisions based on moral beliefs). Finally, with regard to image content, the results suggested the self-reported child pornography users in this sample might prefer different types of child pornography. Overall, Internet-based research designs assessing the relationship between psychology constructs and Internet child pornography use was possible, but this type of research was not without limitations.

An operating system kernel is the core of system software which is responsible for the integrity and operations of a conventional computer system. Authors of malicious software (malware) have been continuously exploring various attack vectors to tamper with the kernel. Traditional malware detection approaches have focused on the codecentric aspects of malicious programs, such as the injection of unauthorized code or the control flow patterns of malware programs. However, in response to these malware detection strategies, modern malware is employing advanced techniques such as reusing existing code or obfuscating malware code to circumvent detection. In this dissertation, we offer a new perspective to malware detection that is different from the code-centric approaches. We propose the data-centric malware defense architecture (DMDA), which models and detects malware behavior by using the properties of the kernel data objects targeted during malware attacks. This architecture employs external monitoring wherein the monitor resides outside the monitored kernel to ensure tamper-resistance. It consists of two core system components that enable inspection of the kernel data properties. First, an external monitor has a challenging task in identifying the data object information of the monitored kernel. We designed a runtime kernel object mapping system which has two novel characteristics: (1) an un-tampered view of data objects resistant to memory manipulation and (2) a temporal view capturing the allocation context of dynamic memory. We demonstrate the effectiveness of these views by detecting a class of malware that hides dynamic data objects. Also, we present our analysis of malware attack behavior targeting dynamic kernel objects. Second, in addition to the mapping of kernel objects, we present a new kernel malware characterization approach based on kernel memory access patterns. This approach generates signatures of malware by extracting recurring data access patterns specific to malware attacks. Moreover, each memory pattern in the signature represents abstract data behavior; therefore, it can expose common data behavior among malware variants. Our experiments demonstrate the effectiveness of these signatures in the detection of not only malware with signatures but also malware variants that share memory access patterns. Our results utilizing these approaches in the defense against kernel rootkits demonstrate that the DMDA can be an effective solution that complements code-centric approaches in kernel malware defense.

The Web is an important resource for health information. Pew’s Internet and American Life Project found 62% of adult Web users looking for health-related information on health social networks. However, the National Survey on Identity and Privacy in Social Media by The Ponemon Institute reported that about 56% of adult users were anxious about the privacy of their personal information on social networks. This study examines the privacy policies of 35 online social network sites selected based on the U.S. users’ traffic. The objectives of this research are to determine the extent to which privacy policies of online health social networks comply with the principles of Fair Information Practice (FIP) and to evaluate the readability and accessibility of policies. To measure the readability of the policy statements, the Flesch Reading Ease Score and Flesch Kincaid Grade Level score metrics are used. The findings indicate that 9% of the websites in the sample had no privacy policy posted, and only about 26% of the websites in the sample fully complied with the FIP. The findings show that compliance with the FIP principles is poor, and confirm that most policies require a reading skill higher than the Internet population’s average literacy level.

Reversing engineering of data structures involves two aspects: (1) given an application binary, infers the data structure definitions; and (2) given a memory dump, infers the data structure instances. These two capabilities have a number of security and forensics applications that include vulnerability discovery, kernel rootkit detection, and memory forensics.

In this dissertation, we present an integrated framework for reverse engineering of data structures from binary. There are three key components in our framework: REWARDS, SigGraph and DIMSUM. REWARDS is a data structure definition reverse engineering component that can automatically uncover both the syntax and semantics of data structures. SigGraph and DIMSUM are two data structure instance reverse engineering components that can recognize the data structure instances in a memory dump. In particular, SigGraph can systematically generate non-isomorphic signatures for data structures in an OS kernel and enable the brute force scanning of kernel memory to find the data structure instances. SigGraph relies on memory mapping information, but DIMSUM, which leverages probabilistic inference techniques, can directly scan memory without memory mapping information.

We have developed a number of enabling techniques in our framework that include (1) bi-directional (i.e., backward and forward) data flow analysis, (2) signature graph generation and comparison, and (3) belief propagation based probabilistic inference. We demonstrate how we integrate these techniques into our reverse engineering framework in this dissertation.

We have obtained the following preliminary experimental results. REWARDS achieved over 80% accuracy in revealing data structure definitions accessed during an execution. SigGraph recognized Linux kernel data structure instances with zero false negative and close-to-zero false positives, and had strong robustness in the presence of malicious pointer manipulations. DIMSUM achieved over 20% accuracy improvement than previous nonprobabilistic approaches without memory mapping information.

Attribute based systems enable fine-grained access control among a group of users each identified by a set of attributes. Secure collaborative applications need such flexible attribute based systems for managing and distributing group keys. However, current group key management schemes are not well designed to manage group keys based on the attributes of the group members. In this paper, we propose novel key management schemes that allow users whose attributes satisfy a certain access control policy to derive the group key. Our schemes efficiently support rekeying operations when the group changes due to joins or leaves of group members. During a rekey operation, the private information issued to existing members remains unaffected and only the public information is updated to change the group key. Our schemes are expressive; are able to support any monotonic access control policy over a set of attributes. Our schemes are resistant to collusion attacks; group members are unable to pool their attributes and derive the group key which they cannot derive individually.

For a long time, number theory has influenced information security and cryptography. This thesis adds examples of its influence.

The first topic is related with Broadcast Group Key Management (BGKM) in cryptography. After the Access Control Polynomial (ACP) BGKM scheme was proposed, people tried to check its basic security properties in BGKM. They found that it has a weakness in the key hiding property by finding a counterexample when $p=2$. Here, we give strong evidence that it has a weakness in its key hiding property for all sufficiently large primes.

The second topic is a well known integer factoring algorithm SQUFOF, which stands for SQUare FOrm Factorization, invented by Daniel Shanks. At present,  SQUFOF is the fastest factoring algorithm for numbers between $10^$ and $10^$. In Gower’s thesis, he made conjectures about the probability distribution of the number of forms that SQUFOF must examine before finding a proper square form and the number of forms enqueued during the factorization of $N$. We propose a different probability distribution (geometric rather than exponential) than did Gower, and we use Gower’s data to support our conclusions.

The third topic is the period of the Bell numbers $B(n)$ modulo a prime.  It was proved by Williams that the minimum period of the sequence $\{B(n) \bmod ~p\}$, $n=0$, 1, 2, $\ldots$, divides $N_p=(p^p-1)/(p-1)$. In fact, the minimum period equals $N_p$ for every prime $p$ for which this period is known. Several people have conjectured that the minimum period is always $N_p$. This thesis presents a heuristic argument supporting the conjecture.

The tracking and monitoring of fugitives and persons of interest is of significant concern for the Indiana Department of Corrections (IDOC) Fugitive Detection Unit. The research conducted was to help determine the benefits of implementing a face recognition technology solution. Images were analyzed for standard compliance to help determine their suitability for input into a face recognition matcher. Results from this analysis showed the images were not in compliance with the NIST Mug Shot Best Practices, nor could the software optimize the images to make them compliant. A visit to the intake facility indicated that the process by which these mug shots were collected needed to be addressed before face recognition technology could be implemented.  Consequently, the IDOC main prisoner intake facility’s current mug shot image capture process was assessed. Using the analysis from the images, along with observations from the mug shot capture process, an optimized capture process was implemented for a trial period of two weeks to determine its effectiveness. Results show that the capture process improved the standard compliance of the mug shot images, determining that the images collected would be usable with face recognition technology.  Another finding was that the centerline location ratio variable, which has a precise threshold, was not compliant for any images in either dataset leading to the need for further study to determine if this variable should utilize a range of values for an operational environment such as at the IDOC.

IT enabled products are the result of a fusion of IT with the core functionalities of any product or device around us. This fusion is leading to numerous benefits and advantages that are just beginning to appear. However,  with the increasing number and sophistication of vulnerabilities and threats in IT,  the IT enabled products have also come in the line of fire. Due to the critical and diverse nature of these products, it is important that a holistic security framework exists that addresses security in the early phases of product development. The current state of security in IT enabled products strongly suggests this need along with the efforts of industry leaders in respective fields. In this thesis, the author has made an effort to address security in the IT enabled products by proposing a new framework based on the Balanced Scorecard. The proposed framework uses the concept of the four views and other characteristics of the Balanced Scorecard and it has a strong focus on security. The proposed framework has been evaluated by Prof. James E. Goldman; the chair of this thesis committee and its application has also been demonstrated to one of the discussed case examples of security failures. From this research, it has been concluded that the proposed framework can indeed effectively address security in the IT enabled products.

Mobile phones are increasingly a source of evidence in criminal investigations. The evidence on a phone is volatile and can easily be overwritten or deleted. There are many tools that claim to radio isolate a phone in order to preserve evidence. Unfortunately the wireless preservation devices do not always successfully prevent network communication as promised. The purpose of this study was to identify situations where the devices used to protect evidence on mobile phones can fail. There has been little published research on how well these devices work in the field despite the escalating importance of mobile phone forensics. These shielding devices were tested using mobile phones from three of the largest services providers in the U.S. Calls were made to contact the isolated phones using voice, SMS, and MMS at varying distances from the provider’s towers. In the majority of the test cases the phones were not isolated from their networks despite being enclosed in a shielding device. It was found that SMS calls penetrated the shields the most often. Voice calls were the next most likely to penetrate the shields and MMS were the least.

Recent advances in sensor technologies have made sensors more economical, power efficient, and portable to be mounted onto handheld devices for monitoring different environmental factors, and made mobile sensor networks possible. When it is financially infeasible to deploy enough or an excessive number of sensors, while the environmental factors they monitor are critical for public health and safety, such as chemical or radiation monitoring, we deploy mobile sensors that move under our control. We also decide the best mobility strategy to achieve the desired goals. We propose and analyze mobility strategies that give a well-balanced performance for various goals which may be antagonistic. We notice that for a stochastic mobility algorithm, pausing at a location is well-justified to achieve better quality in event monitoring and a closer match with the expected monitoring time of a location by the sensor. We also notice that the quality of event monitoring at a location may not be proportional to the time the sensors spend at the location. In other cases when it is economical to deploy an excessive number of sensors to monitor the environment by attaching them to electronic devices owned by the public, traces of mobile nodes are collected to help design and analyze of such systems and evaluate the expected performance before deployment. We are interested in studying privacy leakage through trace publication. Although published traces have their identity being replaced consistently with random IDs, movements of mobile nodes can be openly observed by others, or they may be learned through web blogs, status in social networks, and causal conversations, etc. It is then possible for an attacker to learn the whole movement history of the participants, breaching the privacy protection. We study comprehensively attack strategies both analytically and experimentally using real and synthetic traces. We observe that with high probability an adversary can identify participants in the trace set with the current scale of trace collection and publication.