Date of Award


Degree Name

Doctor of Philosophy


Computer Science

First Advisor

Dr. Steven M. Carr

Second Advisor

Dr. Zijiang James Yang

Third Advisor

Dr. Li Yang

Fourth Advisor

Dr. Jean Mayo


Mandatory integrity control language, dynamic trust framework, arbitrary structured data


The expansion of attacks against information systems of companies that operate nuclear power stations and other energy facilities in the United States and other countries, are noticeable with potential catastrophic real-world implications. Data integrity is a fundamental component of information security. It refers to the accuracy and the trustworthiness of data or resources. Data integrity within information systems becomes an important factor of security protection as the data becomes more integrated and crucial to decision-making. The security threats brought by human errors whether, malicious or unintentional, such as viruses, hacking, and many other cybersecurity threats, are dangerous and require mandatory integrity protection. To date, Biba and Clark-Wilson are well-known general integrity models in computer systems but they impose a number of restrictions that make them impractical to implement. Additionally, permission-based solutions are one of the popular approaches in the literature but existing solutions are designed to address the trustworthiness of who accesses the data not the trustworthiness of the data itself. To solve these problems, we propose a generally applicable system to prevent and detect compromised data integrity. The proposed work consists of two major components: Maia -the definition of mandatory integrity control language for describing integrity constraints, and Admonita -the construction of recommendation-based trust model for trustworthy data.

The integrity of systems files is necessary for the secure functioning of an operating system. Often, file integrity is determined by who modifies the file or by a checksum. Even if a file is modified by a subject with trust or has a valid checksum, it may not meet the specification of a valid file. An example would be a password file with no user assigned a user id of 0. Maia provides a means to specify what the contents of a valid file should be. In addition, Maia can be used to specify the format and valid properties of system configuration files, PNG files and others. In this dissertation, we give a structural operational semantics of Maia to evaluate and validate our approach, and generate a Maia-verifier that supports many features of the Maia language. Additionally, we quantify Maia’s impact on performance, and demonstrate that we can provide robust integrity guarantees without sacrificing usability using an implementation that has not been optimized for performance. Within the context of the Linux password file, our implementation of Maia itself is quite fast, adding only extra milliseconds overhead to the time required to compile JAVA code, load and access a single file, and construct containers. In the worst case, total processing time is 4 seconds to verify and parse 15000-record password file, and less than 2 seconds to validate the input data. Within SSH configuration file context, in the worst case, Maia requires less than 2 seconds to load, validate, and parse 10000-record SSH configuration file, and around 170 milliseconds to validate the input data.

Data integrity is critical to the secure operation of a computer system. Applications need to know that the data that they access is trustworthy. In this work, we propose a recommendation-based trust model, called Admonita, for data integrity that is applicable to any structured data in a system and provides a measure of trust to applications on-the-fly. The proposed model is based on the Biba integrity model and utilizes the concept of an Integrity Verification Procedure (IVP) proposed by Clark-Wilson.

Admonita incorporates subjective logic to maintain the trustworthiness of data and applications in a system. To prevent critical applications from losing trust, Admonita also incorporates the principle of weak tranquility to ensure that highly trusted applications can maintain their trust levels. We develop a simple algebra around these elements and describe how it can be used to calculate the trustworthiness of system entities. By applying subjective logic, we build a powerful, artificial and reasoning trust model for implementing data integrity.

In the future, we plan to implement Admonita in a real system and measure its performance. This will involve creating a high-performance compiler for Maia that utilizes its natural parallelism. The result will be a system that measures and maintains the trust levels for the applications and data contained within it.


Fifth advisor: Dr. Said Abubakr

Access Setting

Dissertation-Open Access