Scholarship & Research
Permanent URI for this communityhttps://scholarworks.montana.edu/handle/1/1
Browse
9 results
Search Results
Item Using software bill of materials for software supply chain security and its generation impact on vulnerability detection(Montana State University - Bozeman, College of Engineering, 2024) O'Donoghue, Eric Jeffery; Chairperson, Graduate Committee: Clemente Izurieta; This is a manuscript style paper that includes co-authored chapters.Cybersecurity attacks threaten the lives and safety of individuals around the world. Improving defense mechanisms across all vulnerable surfaces is essential. Among surfaces, the software supply chain (SSC) stands out as particularly vulnerable to cyber threats. This thesis investigates how Software Bill of Materials (SBOM) can be utilized to assess and improve the security of software supply chains. An informal literature review reveals the paucity of studies utilizing SBOM to assess SSC security, which further motivates this research. Our research adopts the Goal/Question/Metric paradigm with two goals: firstly, to utilize SBOM technology to assess SSC security; secondly, to examine the impact of SBOM generation on vulnerability detection. The study unfolds in two phases. Initially, we introduce a novel approach to assess SSC security risks using SBOM technology. Utilizing analysis tools Trivy and Grype, we identify vulnerabilities across a corpus of 1,151 SBOMs. The second phase investigates how SBOM generation affects vulnerability detection. We analyzed four SBOM corpora derived from 2,313 Docker images by varying the SBOM generation tools (Syft and Trivy) and formats (CycloneDX 1.5 and SPDX 2.3). Using SBOM analysis tools (Trivy, Grype, CVE-bin-tool), we investigated how the vulnerability findings for the same software artifact changed according to the SBOM generation tool and format. The first phase demonstrates SBOMs use in identifying SSC vulnerabilities, showcasing their utility in enhancing security postures. The subsequent analysis reveals significant discrepancies in vulnerability detection outcomes, influenced by SBOM generation tools and formats. These variations underscore the necessity for rigorous validation and enhancement of SBOM technologies to secure SSCs effectively. This thesis demonstrates the use of SBOMs in assessing the security of SSCs. We underscore the need for stringent standards and rigorous validation mechanisms to ensure the accuracy and reliability of SBOM data. We reveal how SBOM generation affects vulnerability detection, offering insights that enhanced SBOM methodologies can help improve security. While SBOM is promising for enhancing SSC security, it is clear the SBOM space is immature. Extensive development, validation, and verification of analysis tools, generation tools, and formats are required to improve the usefulness of SBOMs for SSC security.Item Enabling real-time communications in resource-constrained networks(Montana State University - Bozeman, College of Engineering, 2023) Mekiker, Batuhan; Co-chairs, Graduate Committee: Clemente Izurieta and Mike WittieThe Internet of Things (IoT) applications require flexible and high-performance data channels, but many IoT networks can only support single-use case applications, which limits their performance and flexibility for real-time and streaming applications. LoRa offers a flexible physical network layer but lacks the resource management needed in its link layer protocols to support real-time flows. My initial contribution, the Beartooth Relay Protocol (BRP), expands the performance envelope of LoRa, making it suitable for a wide range of IoT applications, including those requiring real-time and streaming capabilities, and aims to address the problem. However, the resource-limited nature of LoRa does not allow BRP to scale to multi-hop mesh network deployments while maintaining real-time streams. To address the limitations of BRP in supporting mesh network deployments and real-time streams beyond two hops, we focus on developing the second-generation Beartooth Radios, MKII, and the first-generation Beartooth Gateways. We utilize Commercially-available Of the Shelf Components (COTS) in the radios to provide a cost-effective, power-efficient, and compact solution for establishing real-time situational awareness. The self-healing mesh network provided with MKII and Gateways also enhances the reliability of the overall network, ensuring connectivity even in case of node failures. By incorporating military information brokers, such as the Tactical Assault Kit (TAK), the Beartooth Gateway establishes a hybrid network between Beartooth radios, gateways, and other TAK-capable devices, ensuring compatibility with existing IP networks. Building upon the premise that voice communications are an integral part of real-time SA, the last part of my research focuses on assessing audio quality and efficacy of audio codecs within bandwidth-constrained networks. Delving into voice communications in resource-constrained networks, my research contrasts the performance of Text-to-Speech (TTS) models with traditional audio codecs. I demonstrate that TTS models outperform audio codec compressed voice samples in quality while also effectively managing scarce resources and available capacity more efficiently. By combining flexible link layer protocol elements in BRP, Beartooth MKII radios, Gateways, and insights on integrating TTS systems for voice communication, my research demonstrates a versatile and flexible solution that provides real-time application streams and critical situational awareness capabilities in bandwidth-constrained networks and mission-critical applications.Item Identifying RR Lyrae variable stars in the NoirLab Source Catalog with template fitting(Montana State University - Bozeman, College of Letters & Science, 2022) Matt, Kyle Louis; Chairperson, Graduate Committee: David L. NideverRR Lyrae are periodic variable stars generally with periods between 5 hours and 1 day. They can be used as standard candles for accurate distance measurements and thus are useful for studying the structure of the Milky Way and its stellar clusters. The second data release of the NoirLab Source Catalog is a large collection of 68 billion time-series measurements of 3.9 billion objects. To process this large volume of data, we designed a computer software package in Python called Leavitt to automate the detection process and measure their properties including period, magnitude, epoch of maximum brightness and amplitude of their pulsations by fitting their light curves to templates. In addition to identifying RR Lyrae, it is expected that Leavitt can be extended to identify similar variable stars such as Cepheids in the same dataset. Distances were calculated for the initial catalog of RR Lyrae candidates using parameters measured with this script.Item Design, fabrication, and validation of a portable perturbation treadmill for balance recovery research(Montana State University - Bozeman, College of Engineering, 2022) Knutson, Robert George; Chairperson, Graduate Committee: Corey PewTrips and falls are a major concern for older adults. The resulting injury and loss of mobility can have a significant impact on quality of life. An emerging field of study, known as Perturbation Training, has been shown to reduce injury rates associated with trips and falls in older adults. In a typical training session, the user stands or walks on a treadmill and is subject to sudden, unexpected accelerations, simulating a trip or slip, in a safe environment. This training aims to improve the user's ability to maintain and recover balance in situations that can often lead to falls. Treadmills traditionally used for Perturbation Training are large instrumented devices that are rigidly bolted to the floor. This presents a problem for older adults with limited mobility or those who live far away from Perturbation Training facilities. A portable treadmill would be able to serve a larger portion of the at-risk population then current methods have allowed. We developed a portable, low-cost perturbation treadmill capable of high-intensity training. The system can perform trip and slip perturbations from a stationary or walking state. It features a tandem belt configuration, a small gap between belts, and individual belt control. The belt speed is digitally controlled, dictated by a custom human-machine-interface and software suite, which allows operators with no programming experience to control the device. When connected to a 240-volt power supply, the maximum belt speed is approximately 3.6 m/s. The treadmill was designed to accommodate a user of up to 118 kg and provide a maximum acceleration of 12 m/s 2 under full load. The treadmill weighs approximately 180 kg and can be moved like a wheelbarrow, with handles in the back and wheels in the front. The design has been validated and was used in multiple locations in a clinical trial.Item How does the use of the anatomage table impact student learning of anatomy and physiology concepts?(Montana State University - Bozeman, College of Letters & Science, 2021) Keegan, Emily; Chairperson, Graduate Committee: Greg FrancisAnatomy and Physiology is a class that relies heavily on visual models. In this study, the use of the Anatomage table was used during the skeletal system and muscular system units. A comparison group did not use the table for their lab in the first unit, and an experimental group used the table. During the second unit, the groups switched so that all students got to experience working with the table in at least one unit. Pre and post-test data, surveys, interviews, and retention tests were used as data collection tools. The results suggest that the Anatomage table has benefits for some students, especially in identifying and applying the knowledge acquired in the units. It had less of an impact on written test scores, especially in higher achieving students.Item Data analytics and software to support avalanche forecasting decisions(Montana State University - Bozeman, College of Engineering, 2021) Ottsen, Peter Kenneth; Chairperson, Graduate Committee: Sean YawAvalanches are a very powerful force of nature and pose significant risk for ski areas and mountainous roads. Avalanche forecasting and mitigation are a very important part of keeping the public safe. Terrestrial laser scanning lidar systems have proven useful in more accurate forecasting and mitigation efforts, but utilizing them can be time consuming. The goal of this project is to operationalize a workflow and create algorithms and ultimately produce a software product that can rapidly analyze snow covered mountainous terrain, allowing avalanche forecasters to make informed decisions on where to focus their mitigation efforts. In this dissertation, I first present algorithms that were designed to align scans, identify trees and cliffs, grid scans, and calculate snow depth. I then introduce a software package that was implemented incorporating these algorithms with a point cloud visualization tool. This software package allows a user to control and visualize the analysis process to make more informed avalanche mitigation decisions. Algorithms were parameterized and validated with a field study consisting of data collection events at Bridger Bowl, Bear Canyon, and the Yellowstone Club in Montana. A Riegl VZ-6000 TLS lidar system was used for all data collection efforts. This dissertation documents the design of this analytics workflow by presenting the algorithms developed, discussing the software implemented, and presenting the data collection efforts that guided the design of the algorithms and served to validate their efficacy.Item The design and testing of an axial condenser fan(Montana State University - Bozeman, College of Engineering, 2021) Kirk, David Michael; Chairperson, Graduate Committee: Kevin AmendeAxial or propeller fans are a subset of turbomachinery whose application is prevalent in everyday life. In the case of heating, ventilation, air conditioning, and refrigeration (HVAC&R), fans can be a large source of inefficient energy consumption due to their physical operating nature. With the global push for more efficient systems, components of HVAC&R equipment such as fans have become a focal point for researchers in academia and industry alike. Technological improvements in research equipment such as computational fluid dynamics (CFD) and additive manufacturing play a large role in achieving these improved efficiencies. The goal of this research is to improve the efficiency of an axial fan intended for cooling a micro-channel heat exchanger that is used in rooftop condenser units. A higher efficiency retrofit fan was iteratively designed using a commercial CFD software package, Star CCM+, which constitutes much of the research conducted in this project. The iterative models show that significant efficiency gains can be achieved through incremental alterations of classical fan blade geometry elements such as pitch, camber, skew, cross section loft path, chord length, thickness, etc. A physical model of the fan design thought to be the optimal choice for experimental analysis was 3D printed and tested using an AMCA Standard 210 setup. Upon analysis of the physical test results, several discrepancies between simulated and actual results were discovered, highlighting the importance of CFD model validation in the design process. Despite the efficiency gains and advancements in user-friendly packaged software, the simulation underpredicted the power demand and incorrectly depicted the fan's performance at critical operating points showing that improper usage of these experts' tools can inadvertently lead to developed solutions with significant error. While the designed fan achieves an improved peak static efficiency and volumetric flow rate of 53.9% and 4334 CFM respectively, it ultimately did not meet the operating parameters of the specific unit it was designed for and further improvements to the CFD model are needed.Item Comparing network models of gap gene interaction during Drosophila melanogaster development(Montana State University - Bozeman, College of Letters & Science, 2021) Andreas, Elizabeth Anne; Chairperson, Graduate Committee: Tomas GedeonEarly development of Drosophila melanogaster (fruit fly) facilitated by the gap gene network has been shown to be incredibly robust, and the same patterns emerge even when the process is seriously disrupted. In this thesis we plan to investigate this robustness using a previously developed computational framework called Dynamic Signatures Generated by Regulatory Networks (DSGRN). The principal result of this research has been in extending DSGRN to study how tissue-scale behavior arises from network behavior in individual cells, such as gap gene expression along the anterior-posterior (A-P) axis of the Drosophila embryo. Essentially, we extend DSGRN to study cellular systems where each cell contains the same network structure but operates under a parameter regime that changes continuously from cell to cell. We then use this extension to study the robustness of two different models of the gap gene network by looking at the number of paths in each network that can produce the observed gap gene expression. While we found that both networks are capable or replicating the data, we hypothesize that one network is a better fit than the other. This is significant in two ways; finding paths shows us that the spatial data can be replicated using a single network with different parameters along the A-P axis, and that we may be able to use this extension of DSGRN to rank network models.Item Predicting metamorphic relations: an evaluation of program representations and machine learning techniques(Montana State University - Bozeman, College of Engineering, 2020) Rahman, Karishma; Chairperson, Graduate Committee: Upulee Kanewala; Upulee Kanewala was a co-author of the article, 'Predicting metamorphic relations for matrix calculation programs' in the 'MET18: Proceedings of the 3rd International Workshop on Metamorphic Testing' which is contained within this thesis.Testing complex scientific applications can often be a complicated and expensive procedure. A test oracle is used to verify the behavior of the software under test. However, difficulties due to the implementation of a test oracle make the process of systematically testing scientific applications more challenging. This problem is known as the oracle problem. Metamorphic testing (MT) is an effective technique to test these applications as it uses metamorphic relations (MRs) to determine whether test cases have passed or failed. Metamorphic relations are essential components of metamorphic testing that highly affect its fault detection effectiveness. MRs are usually identified with the help of a domain expert, which is a labor-intensive task. In this work, a previously developed graph kernel-based machine learning method is extended by predicting MRs for functions that perform matrix calculations. Then, semi-supervised support vector machine (S3VM) is used to build the predictive model for the suggested approach. Finally, call graph (CG) information of the functions are used to calculate the graph kernels to predict MRs. The overall result shows that random walk kernel performs better than the graphlet kernel, and semi-supervised learning can be effective with more unlabelled data. Also, the use of call graph representation presents a new avenue of research in predicting MRs for unseen functions.