5,109 research outputs found
Configuration Management of Distributed Systems over Unreliable and Hostile Networks
Economic incentives of large criminal profits and the threat of legal consequences have pushed criminals to continuously improve their malware, especially command and control channels. This thesis applied concepts from successful malware command and control to explore the survivability and resilience of benign configuration management systems.
This work expands on existing stage models of malware life cycle to contribute a new model for identifying malware concepts applicable to benign configuration management. The Hidden Master architecture is a contribution to master-agent network communication. In the Hidden Master architecture, communication between master and agent is asynchronous and can operate trough intermediate nodes. This protects the master secret key, which gives full control of all computers participating in configuration management. Multiple improvements to idempotent configuration were proposed, including the definition of the minimal base resource dependency model, simplified resource revalidation and the use of imperative general purpose language for defining idempotent configuration.
Following the constructive research approach, the improvements to configuration management were designed into two prototypes. This allowed validation in laboratory testing, in two case studies and in expert interviews. In laboratory testing, the Hidden Master prototype was more resilient than leading configuration management tools in high load and low memory conditions, and against packet loss and corruption. Only the research prototype was adaptable to a network without stable topology due to the asynchronous nature of the Hidden Master architecture.
The main case study used the research prototype in a complex environment to deploy a multi-room, authenticated audiovisual system for a client of an organization deploying the configuration. The case studies indicated that imperative general purpose language can be used for idempotent configuration in real life, for defining new configurations in unexpected situations using the base resources, and abstracting those using standard language features; and that such a system seems easy to learn.
Potential business benefits were identified and evaluated using individual semistructured expert interviews. Respondents agreed that the models and the Hidden Master architecture could reduce costs and risks, improve developer productivity and allow faster time-to-market. Protection of master secret keys and the reduced need for incident response were seen as key drivers for improved security. Low-cost geographic scaling and leveraging file serving capabilities of commodity servers were seen to improve scaling and resiliency. Respondents identified jurisdictional legal limitations to encryption and requirements for cloud operator auditing as factors potentially limiting the full use of some concepts
The experience of using role-play and simulated practice as an adjunct to paramedic placement learning
This study examines the current experiences of paramedic students regarding the perceptions, understanding and utilisation of role-play plus simulation in a paramedic degree programme. This area is underexplored, so it is situated in the context of paramedic practice, training and education landscape in UK, Australia, Canada and the USA, and cognate professions.The skills training in its original format remains, as does the on-the job clinical training (hospital placement and ambulance internship) as these are set regulatory requirements. Role-play and task focused simulation is used as part of syndicate learning for skills development. A mixed methodology, comprising both qualitative and quantitative approaches, including an exploratory sequential design, was used in this research. This was done in order to evaluate the student perceptions of their current placement experience and to explore the perception of combining simulation and role-playing.The study results show that the current educational model of clinical placement is flawed. After a brief exposure to an exemplar event, students preferred the combination of simulation and role-playing over the use of either technique independently. Adoption of this technique firstly requires a set definition of terminology and consistent interpretation within the discipline.A consolidation of the students’ experience is required by enhancing the mentorship supports. Further research is needed to design and develop the combination of role-playing and simulation to enhance student learning in the simulation laboratory. This study promotes positive social change by providing data to the educators and key decision makers of the paramedic programme on students’ perceptions of the benefits of a technique that is able to support instruction and augment the students’ clinical placement experience
Ready Pupil One: Online Learning Experiences of Undergraduate STEM Majors at a Midwest Regional Comprehensive University
Many institutions of higher education in the United States, and, indeed, around the world, are feeling multi-faceted pressures to offer course content through online delivery modes. Administrators of institutions of higher education often view such delivery as a way to raise revenue and reduce costs for the institution while also often offering students flexibility to learn at their own pace. Still, many students and faculty alike often also encounter challenges with online delivery. In this phenomenological qualitative study, I explored the positive and negative experiences of undergraduate STEM majors who had taken at least one major-required, STEM-focused, class delivered entirely online. Using a semi-structured interview format, I interviewed twenty-three undergraduate STEM majors at a mid-sized, public, four-year Regional Comprehensive University. Students described their learning experiences, which I then analyzed for emergent themes. The majority of participants reported feelings of isolation and loneliness in their classes, owing, primarily, to a lack of opportunity to interact with their peers in substantial ways. This study’s findings align with previous research suggesting that best practices for online synchronous and asynchronous instruction include giving students opportunities to learn collaboratively with peers and interact regularly with their professors
Next-Generation Industrial Control System (ICS) Security:Towards ICS Honeypots for Defence-in-Depth Security
The advent of Industry 4.0 and smart manufacturing has led to an increased convergence of traditional manufacturing and production technologies with IP communications. Legacy Industrial Control System (ICS) devices are now exposed to a wide range of previously unconsidered threats, which must be considered to ensure the safe operation of industrial processes. Especially as cyberspace is presenting itself as a popular domain for nation-state operations, including against critical infrastructure. Honeypots are a well-known concept within traditional IT security, and they can enable a more proactive approach to security, unlike traditional systems. More work needs to be done to understand their usefulness within OT and critical infrastructure. This thesis advances beyond current honeypot implementations and furthers the current state-of-the-art by delivering novel ways of deploying ICS honeypots and delivering concrete answers to key research questions within the area. This is done by answering the question previously raised from a multitude of perspectives. We discuss relevant legislation, such as the UK Cyber Assessment Framework, the US NIST Framework for Improving Critical Infrastructure Cybersecurity, and associated industry-based standards and guidelines supporting operator compliance. Standards and guidance are used to frame a discussion on our survey of existing ICS honeypot implementations in the literature and their role in supporting regulatory objectives. However, these deployments are not always correctly configured and might differ from a real ICS. Based on these insights, we propose a novel framework towards the classification and implementation of ICS honeypots. This is underpinned by a study into the passive identification of ICS honeypots using Internet scanner data to identify honeypot characteristics. We also present how honeypots can be leveraged to identify when bespoke ICS vulnerabilities are exploited within the organisational network—further strengthening the case for honeypot usage within critical infrastructure environments. Additionally, we demonstrate a fundamentally different approach to the deployment of honeypots. By deploying it as a deterrent, to reduce the likelihood that an adversary interacts with a real system. This is important as skilled attackers are now adept at fingerprinting and avoiding honeypots. The results presented in this thesis demonstrate that honeypots can provide several benefits to the cyber security of and alignment to regulations within the critical infrastructure environment
Police Officers’ Perspectives on the Death of George Floyd by Minneapolis Police Officers: A Descriptive Study
On May 25, 2020, four Minneapolis police officers reported to the location where an African American man had been accused of trying to use a counterfeit $20 bill in a convenience store. After being taken outside of the store, the man, George Floyd, was eventually placed in the back of a police patrol car, after he was handcuffed. Saying he was claustrophobic and resisting arrest, Mr. Floyd was removed from the patrol car, and placed on the ground on his stomach. One of the patrol officers, the most senior officer present, and a field training officer, placed his knee on Mr. Floyd’s neck for more than nine minutes, while Floyd could be heard saying that he could not breathe. Two police officers also held Mr. Floyd down while a third officer conducted traffic control. The officers did not provide any medical assistance, contrary to their training. Mr. Floyd was not later pronounced dead. This study investigated the actions of the four former Minneapolis Police Department patrol officers from an organizational leadership perspective and assessed whether police organizational systems processes, organizational culture, and the organizational leaders’ leadership practices influenced the police officers’ behavior and choices. The purpose of this qualitative descriptive study was to investigate police officers’ perspectives of the incident that resulted in George Floyd’s death. The study provided police officers an opportunity to communicate their perspectives, including how Floyd’s death has or has not impacted the police officers’ leadership and decision-making processes
Automatic Generation of Personalized Recommendations in eCoaching
Denne avhandlingen omhandler eCoaching for personlig livsstilsstøtte i sanntid ved bruk av informasjons- og kommunikasjonsteknologi. Utfordringen er å designe, utvikle og teknisk evaluere en prototyp av en intelligent eCoach som automatisk genererer personlige og evidensbaserte anbefalinger til en bedre livsstil. Den utviklede løsningen er fokusert på forbedring av fysisk aktivitet. Prototypen bruker bærbare medisinske aktivitetssensorer. De innsamlede data blir semantisk representert og kunstig intelligente algoritmer genererer automatisk meningsfulle, personlige og kontekstbaserte anbefalinger for mindre stillesittende tid. Oppgaven bruker den veletablerte designvitenskapelige forskningsmetodikken for å utvikle teoretiske grunnlag og praktiske implementeringer. Samlet sett fokuserer denne forskningen på teknologisk verifisering snarere enn klinisk evaluering.publishedVersio
- …