Glenn B. Dietrich

Password-based authentication: a system perspective

User authentication in computer systems has been a cornerstone of computer security for decades. The concept of a user id and password is a cost effective and efficient method of maintaining a shared secret between a user and a computer system. One of the key elements in the password solution for security is a reliance on human cognitive ability to remember the shared secret. In early computing days with only a few computer systems and a small select group of users, this model proved effective. With the advent of the Internet, e-commerce, and the proliferation of PCs in offices and schools, the user base has grown both in number and in demographic base. Individual users no longer have single passwords for single systems, but are presented with the challenge of remembering numerous passwords for numerous systems, from email, to web accounts, to banking and financial services. This paper presents a conceptual model depicting how users and systems work together in this function and examines the consequences of the expanding user base and the use of password memory aids. A system model of the risks associated with password-based authentication is presented from a user centric point of view including the construct of user password memory aids. When confronted with too much data to remember, users develop memory aids to assist them in the task of remembering important pieces of information. These user password memory aids form a bridge between otherwise unconnected systems and have an effect on system level security across multiple systems interconnected by the user. A preliminary analysis of the implications of this user centric interconnection of security models is presented.

Knowledge coordination in open source software project teams: a transactive memory system perspective

Although a large number of high-quality open source software (OSS) has been successfully produced, little is known about knowledge coordination in the OSS setting. Therefore, this dissertation investigates how the members of an OSS project team coordinate their knowledge of different domains to bear on software development tasks. From the transactive memory system (TMS) perspective, this dissertation particularly examines antecedents of TMS and the relations among TMS, knowledge coordination behaviors of OSS developers, and their communication quality; furthermore, the study looks into the effects of knowledge coordination and communication quality on team performance. By surveying 97 OSS project teams from Sourceforge.net, one of the largest OSS project hosting sites, the results of this dissertation demonstrate the importance of TMS for knowledge coordination behaviors and communication quality of the OSS developers. Moreover, communication quality shows the positive influence on team performance. These results contribute to the current literature as well as management practice.

A New Process Model for Text String Searching

Investigations involving digital media (e.g., hard disks and USB thumb drives) rely heavily on text string searches. Traditional search approaches utilizing matching algorithms or database technology and treebased indexing algorithms result in an overwhelming number of “hits ” — a large percentage of which are irrelevant to investigative objectives. Furthermore, current approaches predominantly employ literal search techniques, which lead to poor recall with respect to investigative objectives. A better approach is needed that reduces information retrieval overhead and improves investigative recall. This paper proposes a new, high-level text string search process model that addresses some of the shortfalls in current text string search paradigms. We hope that this model will stimulate efforts on extending information retrieval and text mining research to digital forensic text string searching.

Post-retrieval search hit clustering to improve information retrieval effectiveness: Two digital forensics case studies

This research extends text mining and information retrieval research to the digital forensic text string search process. Specifically, we used a self-organizing neural network (a Kohonen Self-Organizing Map) to conceptually cluster search hits retrieved during a real-world digital forensic investigation. We measured information retrieval effectiveness (e.g., precision, recall, and overhead) of the new approach and compared them against the current approach. The empirical results indicate that the clustering process significantly reduces information retrieval overhead of the digital forensic text string search process, which is currently a very burdensome endeavor.

Cyber security exercises: testing an organization's ability to prevent, detect, and respond to cyber security events

The digital age has transformed how todays organizations operate. The production and delivery of essential goods and services takes place through complex and interconnected business processes that in turn rely on a set of interdependent infrastructures. These infrastructures and their supporting information systems transcend individual organizations. However, information systems security research is largely under the purview of computer science and engineering departments, and consequently often focuses on technological issues while overlooking the pervasive nature of information systems in todays society. This has generated calls for a new approach to information systems security; one that employs a socio-organizational perspective that includes not only individual organizations but entire industry sectors and government agencies as well. This paper presents one such approach, the use of scenario-based exercises in addressing security issues common to large organizations, industry sectors, and various levels of government. Lessons learned from illustrative examples of such exercises, as well as suggestions to help organizations conduct their own exercise, are discussed.

Steganalysis using modified pixel comparison and complexity measure

This article presents a new approach, which focuses on the following problems: detection and localization of stego informative regions within digital clean and noisy images; removing hidden data along with minimizing the statistical differences between stego images and stego information removed image. The new approach is based on a new pixel comparison and a new complexity measure. This new measure identifies the informative and stego-like regions of an image, with the objective of stegoanalysis through the saving of informative regions and the discarding of stego-like areas. The areas that are harder for detection are scanned in an alternate method in an attempt to detect areas that are classified as good for embedding. This allows for a higher detection rate and a low false positive. Experimental results will be presented in the complete write up. The data gathered will be listed on tables from a set of 100+ digital images. The images used in the analysis will vary in size, format, and color. Various commonly employed (e.g., S-Tools, SecurEngine, and wbStego3.51) approaches were used to hide hidden data onto the digital images for analysis. The new method has shown remarkable detection accuracy and localization of embedded information for LSB embedding. We have also shown that the presented method works even in the presence of noise in the image. In addition, this method shows that an image can be divided into ideal detection areas and ideal embedding areas. With this in mind the image can be scanned for the ideal detection methods to reduce both false positives and false negatives. This technique can be applied to data compression and for hiding secret information, in both time and transformed domains. It is also independent of the order color vectors in the palette.

Systems Theory Model for Information Security

Architecting security solutions for todays diverse computer systems is a challenge. The modern business environment is comprised of many different applications, e-mail, databases, e-commerce, and more. Each of these has its own threat profile and associated business risk. The complexity of the computing environment extends to the design of security solutions. Current methodologies for designing security systems include piecemeal designs and patchwork systems comprised of multiple point solutions. As the complexity of the business driven systems increase, these methods are being strained to keep up with security requirements. Systems science provides information on how complex systems interact with their environment, and this guidance can be applied to designing security architectures. Analysis and design of security systems using systems theory provides a new path to reduce the complexity.

Secure Software Engineering: A New Paradigm

Software defects lead to security vulnerabilities, which are costing businesses millions of dollars each year and threaten the security of individuals and the nation. It can be demonstrated that changes to the software engineering process can help to reduce the number of defects in new or changed software. Universities play a major role in the education and training of software engineers. This paper proposes a new way of teaching software development. The changes in curricula are designed to be time neutral, to not increase the length of courses, yet still significantly improve the outcome

Emergency Communications Using the Web: Matching Media Richness to the Situation

The Internet has become a method of mass communication during disasters and emergencies. Using Media Richness Theory, the design parameters of emergency communication techniques are examined and new methods of using the web are proposed. The objective is to better serve those in need at the time of need with targeted communications that provide value. The new methods proposed are starkly different than those in common use today, but after testing during hurricane Ike in 2008, they appear to offer functionality not currently available through existing methods of communication.

Self-Efficacy in Software Developers: A Framework for the Study of the Dynamics of Human Cognitive Empowerment

abstraCt This article applies General System Theory to the formalization of the Cognitive Affective Personality System (CAPS). A model is developed as means for understanding the relationships between widely studied constructs at the individual level of analysis: personality traits, affectivity, self-efficacy, intrinsic task complexity, and managerial empowerment, among others. The resulting theoretical framework is formalized within the setting of software development tasks, and qualitatively studied to show holistic emergent behavior. The discussion offers novel insights for future research and proposes quantitative analyses methods to unlock novel management strategies and productivity gains. [Article copies are available for purchase from InfoSci-on-Demand.com] The systems approach will have to disturb typical mental processes and suggest some radical approaches to thinking. The use of systems theory to study organizational phenomena is extensively supported inman, 1968) is used to characterize the cognitive processing of software developers as an open system, in interface with the organizational environment, namely: the interactions with the management, the environmental resources, and the characteristics of the tasks being pursued. The purpose of this article is to propose a theoretical model capable of depicting the