This Open Access Dissertation is brought to you for free and open access by the Dissertations and Theses at ScholarWorks@UMass Amherst. It has

Abstract not found

Abstract — Microprocessor memory is sensitive to cold boot attacks. In this kind of attacks, memory remanence is exploited to download its content after the microprocessor has been struck by a hard boot. If just in this moment, a crypto-algorithm was in execution, the memory data can be downloaded into a backup memory and specialized tools can be used to extract the secret keys. In the main memory data can be protected using efficient encryption techniques but in caches this is not possible unless the performance becomes seriously degraded. Recently, an interleaved scrambling technique (IST) was presented to improve the security of caches against cold boot attacks. While IST is effective for this particular kind of attacks, a weakness exists against side channel attacks, in particular using power analysis. Reliability of data in caches is warranted by means of error detecting and correcting codes. In this work it is shown how these kinds of codes can be used not only to improve reliability but also the security of data. In particular, a self-healing technique is selected to make the IST technique robust against side channel attacks using power analysis.

Many organizations are utilizing Internet technologies to be more efficient and productive. However, stronger dependence on the Internet has also increased their vulnerability to information security breaches and cyber attacks. Gains from the use of advanced information and communication technologies are offset by sometimes substantial losses due to cyber security incidents. Given the incomplete understanding of the characteristics of effective cybersecurity strategies and the challenges of creating proper organizational security incentives a considerable number of firms struggle with the design and implementation of effective security measures. This paper provides a conceptual and empirical analysis of the characteristics of effective security measures in the presence of moral hazard. We distinguish two types of attack strategies (targeted, untargeted) and discuss how problems of moral hazard (a misalignment of individual and organizational security incentives) might affect defense efforts. The empirical research uses detailed data from 2,401 organizations that participated in the Korea Internet & Security Agency’s 2007 and 2008 information security surveys. Our findings confirm that technical security controls, while necessary, are not sufficient to achieve information security due to the presence of moral hazard. The data also suggest that raising security awareness and motivation, for example, by deploying a security training program, contributes to overcoming these moral hazard problems.