Wayne Patterson

Cloud Service Security & application vulnerability

Cloud computing is one of todays most appealing technology areas due to its cost-efficiency and flexibility. However, despite significant interests, deploying cloud computing in an enterprise infrastructure offers significant security concerns. Successful implementation of cloud computing in an enterprise requires proper planning and understanding of emerging risks, threats, vulnerabilities, and possible countermeasures. This paper discusses security concerns of the three cloud computing models namely “Software as a Service” (SaaS), Platform as a Service” (PaaS) and “Infrastructure as a Service” (IaaS). It also discusses Cloud-based Security Tools currently available today. Under the U.S. Federal Security Requirements for Cloud Security. The paper demonstrated the Federal Information Security Management Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP). The paper also discusses Cloud Data Encryption, Homomorphic Encryption and Access Control (Identity Access Management). Finally, this paper talks about cloud applications focusing on select cloud applications. It also looks at some of the known vulnerability issues associated with the applications and also the future of cloud applications.

Behavioral Cybersecurity: Human Factors in the Cybersecurity Curriculum

As more concentrations in cybersecurity in the computer science undergraduate curriculum are being offered to meet a high demand, these offerings have not reflected a major concern of cybersecurity researchers, namely that there is little emphasis on the behavioral questions involved in the study and analysis of cybersecurity events. To this end, Howard University has introduced an upper division undergraduate course and graduate course to complement its cybersecurity course offerings, called “Behavioral Cybersecurity.” The behavioral approach also includes considerations of human factors. This paper reviews the course development, pedagogical choices made, and outcomes of its initial offering.

A Metric to Assess Cyberattacks

The field of cybersecurity has grown exponentially in the past few years with the level of cyberattacks and defenses that have had a major impact on government, industry, and personal behavior. However, analysis of such attacks has tended to be more qualitative than quantitative, undoubtedly because the latter is often extremely difficult. This paper will present a metric for the analysis of certain types of cyberattacks and present examples where it can be calculated with considerable precision.

The Gender Turing Test

In our Behavioral Cybersecurity course at Howard University in last spring (2016), students for their final exam were asked to write an opinion on the following question: “We know, in general in the US as well as at Howard, that only about 20% of Computer Science majors are female. Furthermore, of those CS students choosing to concentrate in Cybersecurity, fewer than 10% are female. Can you suggest any reason or reasons that so many fewer female computer scientists choose Cybersecurity?” In the course of reviewing the answers, it became clear that the challenge of determining the gender of the writer was a difficult problem. To that end, a sample of approximately 50 readers have analyzed the students’ texts and tried to determine the gender of the writers. The distribution of answers, to be presented in the full paper, has provided interesting options for further development of this research. In some aspects, the challenge of determining gender from a source absent of physical signals is similar to the challenge of the original Turing Test, which Turing formulated in order to present the challenge of determining whether or not machines could be said to possess intelligence.

Behavioral Cybersecurity: A needed aspect of the security curriculum

As more concentrations in cybersecurity in the computer science undergraduate curriculum are being offered to meet a high demand, these offerings have not reflected a major concern of cybersecurity researchers, namely that there is little emphasis on the behavioral questions involved in the study and analysis of cybersecurity events. To this end, Howard University has introduced an upper division undergraduate course to complement its cybersecurity course offerings, called “Behavioral Cybersecurity.” This paper reviews the course development, pedagogical choices made, and outcomes of its initial offering.

Development of an indicator to distinguish DDoS attacks from other anomalous events

Distributed Denial of Service attacks (DDoS) are coordinated efforts, by human or machine, to overwhelm web sites, and at a minimum, to cause them to shut down. The use of this type of malicious software has grown exponentially in the past decade, and despite considerable research, it has proven very difficult to identify, detect or prevent such attacks. On the other hand, increases in traffic at Web sites may not be the result of a DDoS attack, but a legitimate increase in demand for the Web service. Our current research attempts to find indicators that will enable a system or network to distinguish between a DDoS attack and legitimate heavy traffic in real time.

On the Development of Digital Signatures for Author Identification

With the increasing numbers of books converted to a digital format, represented generally with underlying ASCII text, it is now feasible to perform frequency analyses on the components of a book. This leads to the question of whether or not frequency analysis can be used as a biometric tool to determine authorship, in other words, to be used as a digital signature for author identification. The results of this study indicate some positive findings, and that there is potential in further study of this type of analysis. The importance of this area of research is intensified because of the current projects to digitize all of the worlds literature.