In this thesis, we identify basic requirements for privacy-preserving DBMS and focus on two core techniques, namely purpose-based access control and data anonymization, that are essential to address some of the requirements. Specifically, purpose-based access control enables DBMS to tightly control data access with respect to privacy requirements and preferences, and data anonymization provides a way to guarantee privacy protection in data itself even if the control of access is not feasible. We present formal models and develop mechanisms for realizing such models. In addition, we introduce two conceptual models, micro-view and integrity-control, which are designed to enhance data utility and integrity, respectively.

An application of ontological semantics to the problems od declassification, sanitization, or down grading of natural language text by automatically accessing and representing the full meaning of the texts.

A key issue facing today’s society is the increase in cyber crimes. Cyber crimes pose threats to nations, organizations and individuals across the globe. Much of the research in cyber crime has risen from computer science-centric programs and little experimental research has been performed on the psychology of cyber crime. This has caused a knowledge gap in the study of cyber crime. To this end, this dissertation focuses on understanding psychological concepts related to cyber crime. Through an experimental design, participants were randomly assigned to three groups with varying degrees of anonymity. After each treatment, participants were asked to self-report their cyber crime engagement, antisocial behavior and pre-employment integrity. Results indicated that the anonymity manipulation had a main effect on self-reported cyber crime engagement. The results also showed that there is a statistically significant positive relationship between self-reported antisocial behaviors and cyber crime engagement, and a statistically significant negative relationship between self-reported cyber crime engagement and pre-  employment integrity. Suggestions for future research are also discussed.

Current research in fingerprint recognition systems have shown that given a fingerprint template, an approximation of the original fingerprint sample can be created. In this thesis, the capability of template splitting to prevent sample reconstruction from fingerprint templates is evaluated. An attack simulation was formulated as part of this thesis for testing template splitting within a fingerprint verification setup in its ability to prevent sample reconstruction. False Non Match Rate (FNMR) was used as the performance metric. Statistical analysis of the FNMR showed that the use of template splitting results in a significant decrease in the capability of approximate fingerprint samples to get matched within the fingerprint system.

The pervasive use of SMS is increasing the amount of digital evidence available on cellular phones. Consequently it has become important to detect SMS authors, as a post-hoc analysis technique deemed useful in criminal persecution cases. This paper investigates an N-grams based approach for determining the authorship of SMS messages. Despite the scarcity of words in SMS messages and the differences between SMS language and natural language characteristics, the chosen method shows encouraging results in identification of authors. In this paper the effects of the gram size and the similarity scoring technique on the prediction of SMS message authors are also examined.

The notion of confidence policy is a novel notion that exploits trustworthiness of data items in data management and query processing. In this paper we address the problem of enforcing confidence policies in data stream management systems (DSMSs), which is crucial in supporting users with different access rights, processing confidence-aware continuous queries, and protecting the secure streaming data. For the paper, we first propose a DSMS-based framework of confidence policy management and then present a systematic approach for estimating the trustworthiness of data items. Our approach uses the data item provenance as well as their values. We introduce two types of data provenance: the physical provenance which represents the delivering history of each data item, and the logical provenance which describes the semantic meaning of each data item. The logical provenance is used for grouping data items into semantic events with the same meaning or purpose. By contrast, the tree-shaped physical provenance is used in computing trust scores, that is, quantitative measures of trustworthiness. To obtain trust scores, we propose a cyclic framework which well reflects the inter-dependency property: the trust scores of data items affect the trust scores of network nodes, and viceversa. The trust scores of data items are computed from their value similarity and provenance similarity. The value similarity comes from the principle that “the more similar values for the same event, the higher the trust scores,” and we compute it under the assumption of normal distribution. The provenance similarity is based on the principle that “the more different physical provenances with similar values, the higher the trust scores,” and we compute it using the tree similarity. Since new data items continuously arrive in DSMSs, we need to evolve (i.e., recompute) trust scores to reflect those new items. As evolution scheme, we propose the batch mode for computing scores (non)periodically along with the immediate mode. To our best knowledge, our approach is the first supporting the enforcement of confidence policies in DSMSs. Experimental results show that our approach is very efficient.

Current proposals for access control languages cannot specify policies required by specific application scenarios (e.g. a database system to enforce privacy regulations),  may also contain design flaws, and are incompatible. In this dissertation, we extend RBAC with new components to meet requirements from privacy-aware access control which is required to enforce privacy laws and regulations in organizational computing environments.

We propose an access control language for provenance access control which re-  quires aggregating access decisions from different sources and controlling the access to different sections of provenance information.  We investigate various problems in risk-based access control. Risk-based access control is particularly useful for making access decisions in an emergency. Sub jects without sufficient privilege in an emergency have to be given authorization to access sensitive information in different ways, based on their risk estimations.  We also identify design flaws in representative proposals, e.g. XACML, and present corresponding solutions.

We finally propose an extensible functional access control language that com-  bines the benefits of XACML and RBAC without their drawbacks. The language is attribute-based and context-centric and supports sophisticated error handling and flexible decision aggregation methods. We also show the language is able to meet requirements from all specific application domains discussed in this dissertation.

Data sharing over a third-party distribution framework such as the cloud computing paradigm requires that both data authenticity and confidentiality be assured. One of the most widely used data organization structures is the tree structure. When such structures encode sensitive information (such as in XML documents), it is crucial that authenticity and confidentiality be assured not only for the content, but also for the structure. There is a plethora of work on data authentication in the literature; however, none of them address the problem of leakage-free authentication of tree-structured data, especially when such structures encode sensitive information (such as in XML documents). The most widely used technique for trees is the Merkle hash technique (MHT), which however is known to be ``not hiding’‘, i.e., it leads to leakage of information. Most existing data authentication techniques are based on the MHT and thus suffer from the problem of information leakages. In this paper, we propose the first leakage-free authentication scheme for tree data structures, which is also efficient. Our scheme, referred to as the ``structural authentication scheme’’ is based on the structure of the tree as defined by tree traversals, and aggregate signatures. In addition to formally defining the technique, we prove that it protects against violations of content and structural integrity and information leakages. Complexity analysis shows that our scheme incurs comparable cost for signing and user-side authentication, and less communication overhead while providing stronger security properties. We also have shown how our scheme can handle leakage-free authentication of dynamic trees. Two applications of the proposed scheme are presented: (1) automatic correction and recovery from structural errors, and (2) structure-based routing secure publish/subscribe of XML documents.

Secure data sharing in multi-party environments such as cloud computing requires that both authenticity and confidentiality of the data be assured. Digital signature schemes are commonly employed for authentication of data. However, no such technique exists for directed graphs, even though such graphs are one of the most widely used data organization structures.  Existing schemes for DAGs are authenticity-preserving but {\em not} confidentiality-preserving, and lead to leakage of sensitive information during authentication.

In this paper, we propose two schemes on how to {\em authenticate} DAGs and directed cyclic graphs {\em without leaking}, which are the first such schemes in the literature. It is based on the structure of the graph as defined by depth-first graph traversals and aggregate signatures.  Graphs are structurally different from trees in that they have four types of edges: tree, forward, cross, and back-edges in a depth-first traversal. The fact that an edge is a forward, cross or a back-edge conveys information that is sensitive in several contexts. Moreover, back-edges pose a more difficult problem than the one posed by forward, and cross-edges primarily because back-edges add bidirectional properties to graphs. We prove that the proposed technique is {\em both} authenticity-preserving and non-leaking. While providing such strong security properties, our scheme is also efficient, as supported by the performance results.

In this paper, we address the problem of how to authenticate sub-trees (sub-graphs) without leakage of information. Previous schemes for tree (graph)-organized data, such as XML documents, authenticate information recorded in tree (graph)  nodes, but leak structural information that the data receiver is not entitled to access.

This is often unacceptable, as the value of a tree (graph)-organized data is not only in the contents of the tree (graph) nodes but also in the tree (graph) structure (such as in healthcare and military data). A possible approach would be to store a pre-signed hash for each subset of the tree (graph). Such an approach is however not suitable even for moderate-size trees (graphs) because of the exponential number of such subsets. This paper proposes authentication schemes for trees and graphs (with or without cycles). The schemes are provably secure and efficient in that the number of signatures computed for trees is \bigoh and for graphs is \bigoh, where $m$ is the number of nodes. The schemes are highly scalable - they accommodate trees and graphs with high branching factors and extremely large numbers of nodes, such as in the order of millions. The efficiency is corroborated by our experimental results. Branching factors of 100 and 300 (which result in trees with nodes as many as 1 million and 27 millions, respectively, with the height being 3) are handled by the proposed schemes quite efficiently. We also describe how our scheme for graphs can be used to authenticate forests without leaking.

The rapid growth of communication environments such as the Internet has spurred the development of a wide range of systems and applications based on peer-to-peer ideologies.  As these applications continue to evolve, there is an increasing effort towards improving their overall performance.  This effort has led to the incorporation of measurement-based adaptivity mechanisms and network awareness into peer-to-peer applications, which can greatly increase peer-to-peer performance and dependability.  Unfortunately, these mechanisms are often vulnerable to attack, making the entire solution less suitable for real-world deployment. In this dissertation, we study how to create robust systems components for adaptivity, network awareness, and responding to identified threats.  These components can form the basis for creating efficient, high-performance, and resilient peer-to-peer systems.

In this information age, data and knowledge extracted by data mining techniques represent a key asset driving research, innovation, and policy-making activities. Many agencies and organizations have recognized the need of accelerating such trends and are therefore willing to release the data they collected to other parties, for purposes such as research and the formulation of public policies. However the data publication processes are today still very difficult. Data often contains personally identifiable information and therefore releasing such data may result in privacy breaches; this is the case for the examples of microdata, e.g., census data and medical data.

This thesis studies how we can publish and share microdata in a privacy-preserving manner. We present an extensive study of this problem along three dimensions: (1) designing a simple, intuitive, and robust privacy model; (2) designing an effective anonymization technique that works on sparse and high-dimensional data; and (3) developing a methodology for evaluating privacy and utility tradeoff.

Security of 802.11x wireless encryption standards are increasingly coming under scrutiny as compared to other security protocols and standards. The attacks on 802.11x wireless security protocols are exacerbated by the ease with which attackers can monitor radio signals and passively capture packets as compared to LAN or other physical networks. The intent of this research is to analyze the feasibility of designing a wireless authentication protocol, which is secure against dictionary attacks, for home networks and small wireless networks without using PKI or transport layer security. The research focuses mainly on pre-shared key authentication mechanisms in order to reduce the overhead of directory servers or radius based authentication mechanisms.

Wireless routers are common in the typical home and are becoming more so every year. While wireless networks can be convenient and provide many benefits they also have the potential to be insecure and vulnerable. Statistics show that a large percentage of wireless routers use weak or no encryption and many wireless routers still use their default password. This research analyzed the security of wireless routers, specifically the security of a standard Linksys wireless router. The research focused on CSRF attacks and the possibility for an attacker to modify a wireless router through such attacks. The results of the research were significant. Proof of concept code is provided that demonstrates a variety of different types of attacks that enable an attacker to modify a wireless router in order to gain complete and persistent control of the device.

Availability is not often a primary concern for frameworks meant to provide security. Poly^2 is one such framework. It provides us with a hardened foundation based on secure design principles to run mission-critical services. While, the primary focus of Poly^2 till now seems to have been fault isolation, we will now attempt to add recovery as well. However, current techniques may compromise the security principles on which the framework was originally built. We propose a hybrid system based on two popular techniques to rectify the same.