Date of Award


Document Type


Degree Name

Master of Science (MS)


Computer Engineering and Sciences

First Advisor

Siddhartha Bhattacharyya

Second Advisor

Marius Silaghi

Third Advisor

Juan Camilo Avendano

Fourth Advisor

Philip J. Bernhard


Despite society’s positive outlook, technology poses real cyber security threats. Technology’s benefits can sometimes make it difficult to believe that potential threats lurk behind every device and platform. As cybercrime rises, we have come to rely increasingly on flawed devices and services. As cyberattacks become more prevalent, security professionals are committed to developing more robust and dependable security solutions. In cyber security, human error is regarded as the weakest link since all technical security solutions are vulnerable to human error. Among other human characteristics, risk-taking, logical decision-making, extraversion, and gender can significantly affect cyber security. However, there still is the need to conduct research on improving security based on user behavior, situational awareness and then accordingly assigning security policies. Our contribution, in this research effort has been in the development of a framework to support the generation and implementation of cybersecurity policies specific to the needs of different users or based on users cybersecurity behavior. In the process, we were able to identify the crucial characteristics of user security behavior. Then, using Formal Methods based environment, Uppaal, we modeled the specified security behaviors. Next, we mapped user security behavior to NIST assurance levels. In doing so, we expanded the previous research outcomes, by adding the NIST assurance levels to include issue-specific policy assurance, proactive awareness, social media, and website access. Finally, the formal models were mapped to an agent based simulation environment using NetLogo. Policies were generated based on end user security behaviors. Therefore, we were able to determine types of security policies an organization or other entity should impose on specific users.


Copyright held by author