An Analysis of Factors That Have Influenced the Evolution of Information Assurance from World War I through Vietnam to the Present

This study is an exploratory historical analysis of the factors that have influenced the evolution of military Information Assurance (IA) programs from World War I to the present. Although the term IA has recently been widely used throughout the Information Resource Management field (IRM), evidence indicates that information and information systems protection mechanisms were used during every U.S. Military conflict. This research proposes to increase the body of knowledge within the information systems management field by exploring the areas related to Information Assurance (IA) and the ultimate goal of U. S. Defensive Information Warfare. I found that significant events related to the protection of information and information systems security led to certain levels of IA being explored throughout each U.S. Military conflict. The evaluation of these events provides key information that reveals a common approach to IA throughout history and supports the identification of key concepts that have influenced this evolutionary process and shaped the role of IA in current military operations, with indicators of how it may be used in the future

CARE: COVID-19 Abatement Return to Education

The COVID-19 pandemic poses new challenges in many aspects of life and society. Being that the prime ethical responsibility of engineers is to keep people safe, our sponsor, John Nielsen, asked us to develop a solution that addresses a current or anticipated need related to the ongoing COVID- 19 pandemic. We entered a needs-finding phase to search for problems caused by COVID-19 that people want or need to be solved. We identified K-12 education as an area that has undergone drastic changes due to the pandemic. After conducting interviews with educators, we found that K-12 teachers need a way to return to the classroom safely without relying on the decisions of their students. Our project addresses the following problem statement: K-12 teachers need a way to feel safe during the COVID-19 pandemic so that they can return to in-person teaching. Based on our interviews, guaranteeing the enforcement of safety protocols makes K-12 teachers feel safe. We decided to build a toolbox of devices to help teachers enforce sanitation and personal protective equipment (PPE) protocols. The sanitation device is an automatic disinfecting spray placed above high touch surfaces, like doorknobs, that automatically sanitizes the desired surfaces after any individual touches it. The PPE device is a face shield with a microphone and speaker that enables teachers to overcome the tiring and difficult task of speaking over a face covering. For our toolbox prototype, we purchased or 3D printed all the components. Our automatic disinfecting spray prototype uses a motor and cam controlled by a microcontroller to actuate a nozzle that sprays liquid sanitizer. The system can attach to doors or other flat surfaces via an adhesive mount and adjustable arm. The face shield prototype consists of a microphone and speaker attached to a shoulder-mounted face shield. As we manufactured and assembled our toolbox, we tested individual components and subassemblies to ensure that they operated as expected and would properly integrate into each system. In addition, we performed usability testing for the completed components with teachers and friends. The responses from our user testing indicated the face shield was easy to operate and effective. While the disinfecting spray could use improvements in usability, it functioned as expected. Based on feedback from our usability testing, we recommend reducing the bulkiness of the overall disinfecting spray system and improving the adjustability of the mounting. We also recommend further testing in a wider range of environments to ensure all use cases of the toolbox are covered. We need further nozzle and adhesive testing for the disinfecting spray as the current nozzle tends to leak and the adhesive leaves behind a sticky residue when removed. Moving forward, to reduce the toolbox cost, we recommend pursuing mass manufacturing including purchasing components in bulk and injection molding instead of 3D printing. We also recommend replacing breadboard and wire circuits with custom PCBs for cleaner packaging and less unnecessary electronics parts. Overall, the face shield and automatic disinfecting spray toolbox allows teachers to focus their attention on what really matters, teaching, while maintaining a safe environment

Collaborative, Trust-Based Security Mechanisms for a National Utility Intranet

This thesis investigates security mechanisms for utility control and protection networks using IP-based protocol interaction. It proposes flexible, cost-effective solutions in strategic locations to protect transitioning legacy and full IP-standards architectures. It also demonstrates how operational signatures can be defined to enact organizationally-unique standard operating procedures for zero failure in environments with varying levels of uncertainty and trust. The research evaluates layering encryption, authentication, traffic filtering, content checks, and event correlation mechanisms over time-critical primary and backup control/protection signaling to prevent disruption by internal and external malicious activity or errors. Finally, it shows how a regional/national implementation can protect private communities of interest and foster a mix of both centralized and distributed emergency prediction, mitigation, detection, and response with secure, automatic peer-to-peer notifications that share situational awareness across control, transmission, and reliability boundaries and prevent wide-spread, catastrophic power outages

Requirements and Recommendations for IoT/IIoT Models to automate Security Assurance through Threat Modelling, Security Analysis and Penetration Testing

The factories of the future require efficient interconnection of their physical machines into the cyber space to cope with the emerging need of an increased uptime of machines, higher performance rates, an improved level of productivity and a collective collaboration along the supply chain. With the rapid growth of the Internet of Things (IoT), and its application in industrial areas, the so called Industrial Internet of Things (IIoT)/Industry 4.0 emerged. However, further to the rapid growth of IoT/IIoT systems, cyber attacks are an emerging threat and simple manual security testing can often not cope with the scale of large IoT/IIoT networks. In this paper, we suggest to extract metadata from commonly used diagrams and models in a typical software development process, to automate the process of threat modelling, security analysis and penetration testing, without detailed prior security knowledge. In that context, we present requirements and recommendations for metadata in IoT/IIoT models that are needed as necessary input parameters of security assurance tools.Comment: 8 pages, Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019) (ARES '19), August 26-29, 2019, Canterbury, United Kingdo

The Science of Digital Forensics: Recovery of Data from Overwritten Areas of Magnetic Media

The first time I encountered data loss and recovery effects of magnetic memory was as a night and weekend computer operator for the computer science department of Carnegie-Mellon University in the 1973-1974 time frame. Part of my job involved dealing directly with outages and failures associated with magnetic memory components used in what, at the time, were large computer systems. On occasions, portions of magnetic core memory or disk drives would encounter various failure modes and the systems using these devices would have to be reconfigured to operate without the failed components until repair personnel could come in to repair them, typically during normal business hours on weekdays. In the early hours of one Sunday morning, I was having such problems with a magnetic core memory module (a cabinet about 6 ft. high and 3 ft. across), and after awakening the manager in charge was instructed to restart the memory and continue the operation of the computer, setting a particular value into a particular memory location to cause the system to continue operation. After several such incidents within a period of less than an hour, a more definitive outage was produced after a mechanical impulse was applied to the cabinet, the memory was reconfigured out of the system, the system operated at reduced memory until the next weekday, and no further outages were experienced

Hardening High-Assurance Security Systems with Trusted Computing

We are living in the time of the digital revolution in which the world we know changes beyond recognition every decade. The positive aspect is that these changes also drive the progress in quality and availability of digital assets crucial for our societies. To name a few examples, these are broadly available communication channels allowing quick exchange of knowledge over long distances, systems controlling automatic share and distribution of renewable energy in international power grid networks, easily accessible applications for early disease detection enabling self-examination without burdening the health service, or governmental systems assisting citizens to settle official matters without leaving their homes. Unfortunately, however, digitalization also opens opportunities for malicious actors to threaten our societies if they gain control over these assets after successfully exploiting vulnerabilities in the complex computing systems building them. Protecting these systems, which are called high-assurance security systems, is therefore of utmost importance. For decades, humanity has struggled to find methods to protect high-assurance security systems. The advancements in the computing systems security domain led to the popularization of hardware-assisted security techniques, nowadays available in commodity computers, that opened perspectives for building more sophisticated defense mechanisms at lower costs. However, none of these techniques is a silver bullet. Each one targets particular use cases, suffers from limitations, and is vulnerable to specific attacks. I argue that some of these techniques are synergistic and help overcome limitations and mitigate specific attacks when used together. My reasoning is supported by regulations that legally bind high-assurance security systems' owners to provide strong security guarantees. These requirements can be fulfilled with the help of diverse technologies that have been standardized in the last years. In this thesis, I introduce new techniques for hardening high-assurance security systems that execute in remote execution environments, such as public and hybrid clouds. I implemented these techniques as part of a framework that provides technical assurance that high-assurance security systems execute in a specific data center, on top of a trustworthy operating system, in a virtual machine controlled by a trustworthy hypervisor or in strong isolation from other software. I demonstrated the practicality of my approach by leveraging the framework to harden real-world applications, such as machine learning applications in the eHealth domain. The evaluation shows that the framework is practical. It induces low performance overhead (<6%), supports software updates, requires no changes to the legacy application's source code, and can be tailored to individual trust boundaries with the help of security policies. The framework consists of a decentralized monitoring system that offers better scalability than traditional centralized monitoring systems. Each monitored machine runs a piece of code that verifies that the machine's integrity and geolocation conform to the given security policy. This piece of code, which serves as a trusted anchor on that machine, executes inside the trusted execution environment, i.e., Intel SGX, to protect itself from the untrusted host, and uses trusted computing techniques, such as trusted platform module, secure boot, and integrity measurement architecture, to attest to the load-time and runtime integrity of the surrounding operating system running on a bare metal machine or inside a virtual machine. The trusted anchor implements my novel, formally proven protocol, enabling detection of the TPM cuckoo attack. The framework also implements a key distribution protocol that, depending on the individual security requirements, shares cryptographic keys only with high-assurance security systems executing in the predefined security settings, i.e., inside the trusted execution environments or inside the integrity-enforced operating system. Such an approach is particularly appealing in the context of machine learning systems where some algorithms, like the machine learning model training, require temporal access to large computing power. These algorithms can execute inside a dedicated, trusted data center at higher performance because they are not limited by security features required in the shared execution environment. The evaluation of the framework showed that training of a machine learning model using real-world datasets achieved 0.96x native performance execution on the GPU and a speedup of up to 1560x compared to the state-of-the-art SGX-based system. Finally, I tackled the problem of software updates, which makes the operating system's integrity monitoring unreliable due to false positives, i.e., software updates move the updated system to an unknown (untrusted) state that is reported as an integrity violation. I solved this problem by introducing a proxy to a software repository that sanitizes software packages so that they can be safely installed. The sanitization consists of predicting and certifying the future (after the specific updates are installed) operating system's state. The evaluation of this approach showed that it supports 99.76% of the packages available in Alpine Linux main and community repositories. The framework proposed in this thesis is a step forward in verifying and enforcing that high-assurance security systems execute in an environment compliant with regulations. I anticipate that the framework might be further integrated with industry-standard security information and event management tools as well as other security monitoring mechanisms to provide a comprehensive solution hardening high-assurance security systems