Skip to main content

ASU Electronic Theses and Dissertations


This collection includes most of the ASU Theses and Dissertations from 2011 to present. ASU Theses and Dissertations are available in downloadable PDF format; however, a small percentage of items are under embargo. Information about the dissertations/theses includes degree information, committee members, an abstract, supporting data or media.

In addition to the electronic theses found in the ASU Digital Repository, ASU Theses and Dissertations can be found in the ASU Library Catalog.

Dissertations and Theses granted by Arizona State University are archived and made available through a joint effort of the ASU Graduate College and the ASU Libraries. For more information or questions about this collection contact or visit the Digital Repository ETD Library Guide or contact the ASU Graduate College at gradformat@asu.edu.


Date Range
2011 2019


This dissertation is focused on building scalable Attribute Based Security Systems (ABSS), including efficient and privacy-preserving attribute based encryption schemes and applications to group communications and cloud computing. First of all, a Constant Ciphertext Policy Attribute Based Encryption (CCP-ABE) is proposed. Existing Attribute Based Encryption (ABE) schemes usually incur large, linearly increasing ciphertext. The proposed CCP-ABE dramatically reduces the ciphertext to small, constant size. This is the first existing ABE scheme that achieves constant ciphertext size. Also, the proposed CCP-ABE scheme is fully collusion-resistant such that users can not combine their attributes to elevate their decryption capacity. Next step, efficient …

Contributors
Zhou, Zhibin, Huang, Dijiang, Yau, Sik-Sang, et al.
Created Date
2011

In countries of conflict, non-governmental organizations (NGOs) often resort to humanitarian relief. A small number of peace and conflict resolution organizations (P/CROs) engage more directly, through grassroots mediation, elite negotiation and advocacy. This thesis observes the potential for implementing such direct conflict interventions in traditional relief and development organizations. To understand current NGO activities, I examine ten case study organizations in two countries of conflict, Cote d'Ivoire and Somalia. I analyze organizations' rhetorical presentation, their society-level engagement, strategies for intervention, and responses to persistent challenges, such as security, impartiality, collaboration and evaluation. Based on conflict study literature, I make tentative …

Contributors
Diddams, Margaret F., Ron, Amit, Friedrich, Patricia, et al.
Created Date
2011

Access control is one of the most fundamental security mechanisms used in the design and management of modern information systems. However, there still exists an open question on how formal access control models can be automatically analyzed and fully realized in secure system development. Furthermore, specifying and managing access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this dissertation, I present an Assurance Management Framework (AMF) that is designed to cope with various assurance management requirements from both access control system development and policy-based computing. On one hand, the AMF framework facilitates …

Contributors
Hu, Hongxin, Ahn, Gail-Joon, Yau, Stephen S., et al.
Created Date
2012

In modern healthcare environments, there is a strong need to create an infrastructure that reduces time-consuming efforts and costly operations to obtain a patient's complete medical record and uniformly integrates this heterogeneous collection of medical data to deliver it to the healthcare professionals. As a result, healthcare providers are more willing to shift their electronic medical record (EMR) systems to clouds that can remove the geographical distance barriers among providers and patient. Even though cloud-based EMRs have received considerable attention since it would help achieve lower operational cost and better interoperability with other healthcare providers, the adoption of security-aware cloud …

Contributors
Wu, Ruoyu, Ahn, Gail-Joon, Yau, Stephen S., et al.
Created Date
2012

Access control is necessary for information assurance in many of today's applications such as banking and electronic health record. Access control breaches are critical security problems that can result from unintended and improper implementation of security policies. Security testing can help identify security vulnerabilities early and avoid unexpected expensive cost in handling breaches for security architects and security engineers. The process of security testing which involves creating tests that effectively examine vulnerabilities is a challenging task. Role-Based Access Control (RBAC) has been widely adopted to support fine-grained access control. However, in practice, due to its complexity including role management, role …

Contributors
Gupta, Poonam, Ahn, Gail-Joon, Collofello, James, et al.
Created Date
2014

Attribute Based Access Control (ABAC) mechanisms have been attracting a lot of interest from the research community in recent times. This is especially because of the flexibility and extensibility it provides by using attributes assigned to subjects as the basis for access control. ABAC enables an administrator of a server to enforce access policies on the data, services and other such resources fairly easily. It also accommodates new policies and changes to existing policies gracefully, thereby making it a potentially good mechanism for implementing access control in large systems, particularly in today's age of Cloud Computing. However management of the …

Contributors
Prabhu Verleker, Ashwin Narayan, Huang, Dijiang, Ahn, Gail-Joon, et al.
Created Date
2014

Most existing security decisions for both defending and attacking are made based on some deterministic approaches that only give binary answers. Even though these approaches can achieve low false positive rate for decision making, they have high false negative rates due to the lack of accommodations to new attack methods and defense techniques. In this dissertation, I study how to discover and use patterns with uncertainty and randomness to counter security challenges. By extracting and modeling patterns in security events, I am able to handle previously unknown security events with quantified confidence, rather than simply making binary decisions. In particular, …

Contributors
Zhao, Ziming, Ahn, Gail-Joon, Yau, Stephen S., et al.
Created Date
2014

Due to the shortcomings of modern Mobile Device Management solutions, businesses have begun to incorporate forensics to analyze their mobile devices and respond to any incidents of malicious activity in order to protect their sensitive data. Current forensic tools, however, can only look a static image of the device being examined, making it difficult for a forensic analyst to produce conclusive results regarding the integrity of any sensitive data on the device. This research thesis expands on the use of forensics to secure data by implementing an agent on a mobile device that can continually collect information regarding the state …

Contributors
Whitaker, Jeremy Andrew, Ahn, Gail-Joon, Doupé, Adam, et al.
Created Date
2015

A principal goal of this dissertation is to study wireless network design and optimization with the focus on two perspectives: 1) socially-aware mobile networking and computing; 2) security and privacy in wireless networking. Under this common theme, this dissertation can be broadly organized into three parts. The first part studies socially-aware mobile networking and computing. First, it studies random access control and power control under a social group utility maximization (SGUM) framework. The socially-aware Nash equilibria (SNEs) are derived and analyzed. Then, it studies mobile crowdsensing under an incentive mechanism that exploits social trust assisted reciprocity (STAR). The efficacy of …

Contributors
Gong, Xiaowen, Zhang, Junshan, Cochran, Douglas, et al.
Created Date
2015

On Android, existing security procedures require apps to request permissions for access to sensitive resources. Only when the user approves the requested permissions will the app be installed. However, permissions are an incomplete security mechanism. In addition to a user's limited understanding of permissions, the mechanism does not account for the possibility that different permissions used together have the ability to be more dangerous than any single permission alone. Even if users did understand the nature of an app's requested permissions, this mechanism is still not enough to guarantee that a user's information is protected. Applications can potentially send or …

Contributors
Gibson, Aaron Scott, Bazzi, Rida, Ahn, Gail-Joon, et al.
Created Date
2015