Automating Cyber Analytics

Model based security metrics are a growing area of cyber security research concerned with measuring the risk exposure of an information system. These metrics are typically studied in isolation, with the formulation of the test itself being the primary finding in publications. As a result, there is a flood of metric specifications available in the literature but a corresponding dearth of analyses verifying results for a given metric calculation under different conditions or comparing the efficacy of one measurement technique over another. The motivation of this thesis is to create a systematic methodology for model based security metric development, analysis, integration, and validation. In doing so we hope to fill a critical gap in the way we view and improve a system’s security. In order to understand the security posture of a system before it is rolled out and as it evolves, we present in this dissertation an end to end solution for the automated measurement of security metrics needed to identify risk early and accurately. To our knowledge this is a novel capability in design time security analysis which provides the foundation for ongoing research into predictive cyber security analytics. Modern development environments contain a wealth of information in infrastructure-as-code repositories, continuous build systems, and container descriptions that could inform security models, but risk evaluation based on these sources is ad-hoc at best, and often simply left until deployment. Our goal in this work is to lay the groundwork for security measurement to be a practical part of the system design, development, and integration lifecycle. In this thesis we provide a framework for the systematic validation of the existing security metrics body of knowledge. In doing so we endeavour not only to survey the current state of the art, but to create a common platform for future research in the area to be conducted. We then demonstrate the utility of our framework through the evaluation of leading security metrics against a reference set of system models we have created. We investigate how to calibrate security metrics for different use cases and establish a new methodology for security metric benchmarking. We further explore the research avenues unlocked by automation through our concept of an API driven S-MaaS (Security Metrics-as-a-Service) offering. We review our design considerations in packaging security metrics for programmatic access, and discuss how various client access-patterns are anticipated in our implementation strategy. Using existing metric processing pipelines as reference, we show how the simple, modular interfaces in S-MaaS support dynamic composition and orchestration. Next we review aspects of our framework which can benefit from optimization and further automation through machine learning. First we create a dataset of network models labeled with the corresponding security metrics. By training classifiers to predict security values based only on network inputs, we can avoid the computationally expensive attack graph generation steps. We use our findings from this simple experiment to motivate our current lines of research into supervised and unsupervised techniques such as network embeddings, interaction rule synthesis, and reinforcement learning environments. Finally, we examine the results of our case studies. We summarize our security analysis of a large scale network migration, and list the friction points along the way which are remediated by this work. We relate how our research for a large-scale performance benchmarking project has influenced our vision for the future of security metrics collection and analysis through dev-ops automation. We then describe how we applied our framework to measure the incremental security impact of running a distributed stream processing system inside a hardware trusted execution environment

Partitioning workflow applications over federated clouds to meet non-functional requirements

PhD ThesisWith cloud computing, users can acquire computer resources when they need them on a pay-as-you-go business model. Because of this, many applications are now being deployed in the cloud, and there are many di erent cloud providers worldwide. Importantly, all these various infrastructure providers o er services with di erent levels of quality. For example, cloud data centres are governed by the privacy and security policies of the country where the centre is located, while many organisations have created their own internal \private cloud" to meet security needs. With all this varieties and uncertainties, application developers who decide to host their system in the cloud face the issue of which cloud to choose to get the best operational conditions in terms of price, reliability and security. And the decision becomes even more complicated if their application consists of a number of distributed components, each with slightly di erent requirements. Rather than trying to identify the single best cloud for an application, this thesis considers an alternative approach, that is, combining di erent clouds to meet users' non-functional requirements. Cloud federation o ers the ability to distribute a single application across two or more clouds, so that the application can bene t from the advantages of each one of them. The key challenge for this approach is how to nd the distribution (or deployment) of application components, which can yield the greatest bene ts. In this thesis, we tackle this problem and propose a set of algorithms, and a framework, to partition a work ow-based application over federated clouds in order to exploit the strengths of each cloud. The speci c goal is to split a distributed application structured as a work ow such that the security and reliability requirements of each component are met, whilst the overall cost of execution is minimised. To achieve this, we propose and evaluate a cloud broker for partitioning a work ow application over federated clouds. The broker integrates with the e-Science Central cloud platform to automatically deploy a work ow over public and private clouds. We developed a deployment planning algorithm to partition a large work ow appli- - i - cation across federated clouds so as to meet security requirements and minimise the monetary cost. A more generic framework is then proposed to model, quantify and guide the partitioning and deployment of work ows over federated clouds. This framework considers the situation where changes in cloud availability (including cloud failure) arise during work ow execution

Thermostructural problem of hypersonic airbreathing flight systems : modeling and simulation

Eine Methodik zur Vorhersage von Wandtemperaturen in luftatmenden Raumtransportsystemen

The Choreography of the Soul: A Psychedelic Philosophy of Consciousness

This is a 2020 revision of my 1988 dissertation "The Choreography of the Soul" with a new Foreword, a new Conclusion, a substantially revised Preface and Introduction, and many improvements to the body of the work. However, the thesis remains the same. A theory of consciousness and trance states--including psychedelic experience--is developed. Consciousness can be analyzed into two distinct but generally interrelated systems, which I call System X and System Y. System X is the emotional-visceral-kinaesthetic body. System X is a harmonic system of "endokinetic" (internal bodily) and "ectokinetic" (emotionally expressive) movement. System Y is a "teleokinetic" (goal directed) system that includes language, cognition, perception, voluntary motor control, manipulation of the environment, etc. Contrary to theories of consciousness prevalent in the Western philosophical traditions that begin with Plato, I argue that System Y is secondary to and dependent upon System X, not the reverse. In building my thesis I draw upon the work of Friedrich Nietzsche, psychoanalysis, Jungian depth psychology, political anthropology, modern neuroscience, Pythagorean music theory, and the mathematical theory of harmonic systems

Egypt in material and mind : the use and perception of Aegyptiaca in Roman domestic contexts of Pompeii

This dissertation was written within the NWO VIDI project __Cultural innovation in a globalising society, Egypt in the Roman world__, (Faculty of Archaeology, Leiden University) directed by dr. Miguel John Versluys. The general aim of this project is devoted to the understanding of the different contexts in which Egypt as style, imagery, object, and text, was integrated in the Roman world. It thereby wishes to give Egypt its proper place within the process of Roman cultural innovation through carefully studying its material and textual remains in the context in which they were created and appropriated. Studies on the Roman perception of Egypt, concerning both textual and archaeological sources, generally approach Egypt from fixated and normative concepts. For example, Aegyptiaca have traditionally been interpreted within a framework of oriental cults or Egyptomania. The research project, in contrast, demonstrates that the dichotomy Rome versus Egypt should be approached with care. Besides the present thesis, three other PhD-dissertations are written within the scope of the project: Marike van Aerde, examining the role of Egyptian material culture in Augustan Rome, Sander M_skens, focusing on the material analysis of stone Aegyptiaca in Rome, and Maaike Leemreize, studying the Roman literary perceptions of Egypt. The purpose of this particular dissertation is to obtain a better image of the use, perception, and integration of Egyptian artefacts in domestic contexts, using Pompeii (1st century BC __ 1st century AD) as a case study. The houses of Pompeii yielded many objects that scholars nowadays would call Egyptian or Egyptianised artefacts and are subsumed under the denominator of Aegyptiaca. For the case of Pompeii, Aegyptiaca form a heterogeneous group of both imported and locally produced objects spread throughout the town, consisting of statuettes, imported sculptures, furniture, jewellery, or wall paintings. The most predominant interpretations drawn about the use of these objects have mainly been done on the basis of two accounts: they were interpreted as religious artefacts and explained in the context of the cults of Isis, or they were interpreted as exoticum. The interpretations have been drawn mostly without any contextual analysis or any theoretical underpinnings, and more problematic: the collecting and interpretation of artefacts have been based on modern scholarly perceptions of what Egypt entails, while we as scholars recognise something __Egyptian__ on different grounds than the people of Pompeii once did. The category Aegyptiaca in itself should be seriously questioned and the way Romans categorised should be scrutinised. The aim of this thesis therefore is to analyse the perception of these objects from a bottom up perspective, avoiding the a priori cultural labelling of Egyptian artefacts, but starting instead from the object itself with its main goal to contextualise and to give the finds meaning from within their original use-contexts. For this, methods derived from recent developments in object agency and relationality are used.NWO VIDI project ‘Cultural innovation in a globalising society, Egypt in the Roman world’UBL - phd migration 201

The Choreography of the Soul: A Psychedelic Philosophy of Consciousness

This is a 2020 revision of my 1988 dissertation "The Choreography of the Soul" with a new Foreword, a new Conclusion, a substantially revised Preface and Introduction, and many improvements to the body of the work. However, the thesis remains the same. A theory of consciousness and trance states--including psychedelic experience--is developed. Consciousness can be analyzed into two distinct but generally interrelated systems, which I call System X and System Y. System X is the emotional-visceral-kinaesthetic body. System X is a harmonic system of "endokinetic" (internal bodily) and "ectokinetic" (emotionally expressive) movement. System Y is a "teleokinetic" (goal directed) system that includes language, cognition, perception, voluntary motor control, manipulation of the environment, etc. Contrary to theories of consciousness prevalent in the Western philosophical traditions that begin with Plato, I argue that System Y is secondary to and dependent upon System X, not the reverse. In building my thesis I draw upon the work of Friedrich Nietzsche, psychoanalysis, Jungian depth psychology, political anthropology, modern neuroscience, Pythagorean music theory, and the mathematical theory of harmonic systems

Parametric study of prospective early commercial MHD power plants (PSPEC). General Electric Company, task 1: Parametric analysis

The performance and cost of moderate technology coal-fired open cycle MHD/steam power plant designs which can be expected to require a shorter development time and have a lower development cost than previously considered mature OCMHD/steam plants were determined. Three base cases were considered: an indirectly-fired high temperature air heater (HTAH) subsystem delivering air at 2700 F, fired by a state of the art atmospheric pressure gasifier, and the HTAH subsystem was deleted and oxygen enrichment was used to obtain requisite MHD combustion temperature. Coal pile to bus bar efficiencies in ease case 1 ranged from 41.4% to 42.9%, and cost of electricity (COE) was highest of the three base cases. For base case 2 the efficiency range was 42.0% to 45.6%, and COE was lowest. For base case 3 the efficiency range was 42.9% to 44.4%, and COE was intermediate. The best parametric cases in bases cases 2 and 3 are recommended for conceptual design. Eventual choice between these approaches is dependent on further evaluation of the tradeoffs among HTAH development risk, O2 plant integration, and further refinements of comparative costs

How to Be a God

When it comes to questions concerning the nature of Reality, Philosophers and Theologians have the answers. Philosophers have the answers that can’t be proven right. Theologians have the answers that can’t be proven wrong. Today’s designers of Massively-Multiplayer Online Role-Playing Games create realities for a living. They can’t spend centuries mulling over the issues: they have to face them head-on. Their practical experiences can indicate which theoretical proposals actually work in practice. That’s today’s designers. Tomorrow’s will have a whole new set of questions to answer. The designers of virtual worlds are the literal gods of those realities. Suppose Artificial Intelligence comes through and allows us to create non-player characters as smart as us. What are our responsibilities as gods? How should we, as gods, conduct ourselves? How should we be gods

Automatic generation of software interfaces for supporting decisionmaking processes. An application of domain engineering & machine learning

[EN] Data analysis is a key process to foster knowledge generation in particular domains or fields of study. With a strong informative foundation derived from the analysis of collected data, decision-makers can make strategic choices with the aim of obtaining valuable benefits in their specific areas of action. However, given the steady growth of data volumes, data analysis needs to rely on powerful tools to enable knowledge extraction. Information dashboards offer a software solution to analyze large volumes of data visually to identify patterns and relations and make decisions according to the presented information. But decision-makers may have different goals and, consequently, different necessities regarding their dashboards. Moreover, the variety of data sources, structures, and domains can hamper the design and implementation of these tools. This Ph.D. Thesis tackles the challenge of improving the development process of information dashboards and data visualizations while enhancing their quality and features in terms of personalization, usability, and flexibility, among others. Several research activities have been carried out to support this thesis. First, a systematic literature mapping and review was performed to analyze different methodologies and solutions related to the automatic generation of tailored information dashboards. The outcomes of the review led to the selection of a modeldriven approach in combination with the software product line paradigm to deal with the automatic generation of information dashboards. In this context, a meta-model was developed following a domain engineering approach. This meta-model represents the skeleton of information dashboards and data visualizations through the abstraction of their components and features and has been the backbone of the subsequent generative pipeline of these tools. The meta-model and generative pipeline have been tested through their integration in different scenarios, both theoretical and practical. Regarding the theoretical dimension of the research, the meta-model has been successfully integrated with other meta-model to support knowledge generation in learning ecosystems, and as a framework to conceptualize and instantiate information dashboards in different domains. In terms of the practical applications, the focus has been put on how to transform the meta-model into an instance adapted to a specific context, and how to finally transform this later model into code, i.e., the final, functional product. These practical scenarios involved the automatic generation of dashboards in the context of a Ph.D. Programme, the application of Artificial Intelligence algorithms in the process, and the development of a graphical instantiation platform that combines the meta-model and the generative pipeline into a visual generation system. Finally, different case studies have been conducted in the employment and employability, health, and education domains. The number of applications of the meta-model in theoretical and practical dimensions and domains is also a result itself. Every outcome associated to this thesis is driven by the dashboard meta-model, which also proves its versatility and flexibility when it comes to conceptualize, generate, and capture knowledge related to dashboards and data visualizations