Reliable operation of modern power systems is ensured by an intelligent cyber layer that monitors and controls the physical system. The data collection and transmission is achieved by the supervisory control and data acquisition (SCADA) system, and data processing is performed by the energy management system (EMS). In the recent decades, the development of phasor measurement units (PMUs) enables wide area real-time monitoring and control. However, both SCADA-based and PMU-based cyber layers are prone to cyber attacks that can impact system operation and lead to severe physical consequences.

This dissertation studies false data injection (FDI) attacks that are unobservable to bad data detectors (BDD). Prior work has shown that an attacker-defender bi-level linear program (ADBLP) can be used to determine the worst-case consequences of FDI attacks aiming to maximize the physical power flow on a target line. However, the results were only demonstrated on small systems assuming that they are operated with DC optimal power flow (OPF). This dissertation is divided into four parts to thoroughly understand the consequences of these attacks as well as develop countermeasures.

The first part focuses on evaluating the vulnerability of large-scale power systems to FDI attacks. The solution technique introduced in prior work to solve the ADBLP is intractable on large-scale systems due to the large number of binary variables. Four new computationally efficient algorithms are presented to solve this problem.

The second part studies vulnerability of N-1 reliable power systems operated by state-of-the-art EMSs commonly used in practice, specifically real-time contingency analysis (RTCA), and security-constrained economic dispatch (SCED). An ADBLP is formulated with detailed assumptions on attacker's knowledge and system operations.

The third part considers FDI attacks on PMU measurements that have strong temporal correlations due to high data rate. It is shown that predictive filters can detect suddenly injected attacks, but not gradually ramping attacks.

The last part proposes a machine learning-based attack detection framework consists of a support vector regression (SVR) load predictor that predicts loads by exploiting both spatial and temporal correlations, and a subsequent support vector machine (SVM) attack detector to determine the existence of attacks.

Modern digital applications have significantly increased the leakage of private and sensitive personal data. While worst-case measures of leakage such as Differential Privacy (DP) provide the strongest guarantees, when utility matters, average-case information-theoretic measures can be more relevant. However, most such information-theoretic measures do not have clear operational meanings. This dissertation addresses this challenge.

This work introduces a tunable leakage measure called maximal $\alpha$-leakage which quantifies the maximal gain of an adversary in inferring any function of a data set. The inferential capability of the adversary is modeled by a class of loss functions, namely, $\alpha$-loss. The choice of $\alpha$ determines specific adversarial actions ranging from refining a belief for $\alpha =1$ to guessing the best posterior for $\alpha = \infty$, and for the two specific values maximal $\alpha$-leakage simplifies to mutual information and maximal leakage, respectively. Maximal $\alpha$-leakage is proved to have a composition property and be robust to side information.

There is a fundamental disjoint between theoretical measures of information leakages and their applications in practice. This issue is addressed in the second part of this dissertation by proposing a data-driven framework for learning Censored and Fair Universal Representations (CFUR) of data. This framework is formulated as a constrained minimax optimization of the expected $\alpha$-loss where the constraint ensures a measure of the usefulness of the representation. The performance of the CFUR framework with $\alpha=1$ is evaluated on publicly accessible data sets; it is shown that multiple sensitive features can be effectively censored to achieve group fairness via demographic parity while ensuring accuracy for several \textit{a priori} unknown downstream tasks.

Finally, focusing on worst-case measures, novel information-theoretic tools are used to refine the existing relationship between two such measures, $(\epsilon,\delta)$-DP and R\'enyi-DP. Applying these tools to the moments accountant framework, one can track the privacy guarantee achieved by adding Gaussian noise to Stochastic Gradient Descent (SGD) algorithms. Relative to state-of-the-art, for the same privacy budget, this method allows about 100 more SGD rounds for training deep learning models.

The open nature of the wireless communication medium makes it inherently vulnerable to an active attack, wherein a malicious adversary (or jammer) transmits into the medium to disrupt the operation of the legitimate users. Therefore, developing techniques to manage the presence of a jammer and to characterize the effect of an attacker on the fundamental limits of wireless communication networks is important. This dissertation studies various Gaussian communication networks in the presence of such an adversarial jammer.

First of all, a standard Gaussian channel is considered in the presence of a jammer, known as a Gaussian arbitrarily-varying channel, but with list-decoding at the receiver. The receiver decodes a list of messages, instead of only one message, with the goal of the correct message being an element of the list. The capacity is characterized, and it is shown that under some transmitter's power constraints the adversary is able to suspend the communication between the legitimate users and make the capacity zero.

Next, generalized packing lemmas are introduced for Gaussian adversarial channels to achieve the capacity bounds for three Gaussian multi-user channels in the presence of adversarial jammers. Inner and outer bounds on the capacity regions of Gaussian multiple-access channels, Gaussian broadcast channels, and Gaussian interference channels are derived in the presence of malicious jammers. For the Gaussian multiple-access channels with jammer, the capacity bounds coincide. In this dissertation, the adversaries can send any arbitrary signals to the channel while none of the transmitter and the receiver knows the adversarial signals' distribution.

Finally, the capacity of the standard point-to-point Gaussian fading channel in the presence of one jammer is investigated under multiple scenarios of channel state information availability, which is the knowledge of exact fading coefficients. The channel state information is always partially or fully known at the receiver to decode the message while the transmitter or the adversary may or may not have access to this information. Here, the adversary model is the same as the previous cases with no knowledge about the user's transmitted signal except possibly the knowledge of the fading path.

Signal compressed using classical compression methods can be acquired using brute force (i.e. searching for non-zero entries in component-wise). However, sparse solutions require combinatorial searches of high computations. In this thesis, instead, two Bayesian approaches are considered to recover a sparse vector from underdetermined noisy measurements. The first is constructed using a Bernoulli-Gaussian (BG) prior distribution and is assumed to be the true generative model. The second is constructed using a Gamma-Normal (GN) prior distribution and is, therefore, a different (i.e. misspecified) model. To estimate the posterior distribution for the correctly specified scenario, an algorithm based on generalized approximated message passing (GAMP) is constructed, while an algorithm based on sparse Bayesian learning (SBL) is used for the misspecified scenario. Recovering sparse signal using Bayesian framework is one class of algorithms to solve the sparse problem. All classes of algorithms aim to get around the high computations associated with the combinatorial searches. Compressive sensing (CS) is a widely-used terminology attributed to optimize the sparse problem and its applications. Applications such as magnetic resonance imaging (MRI), image acquisition in radar imaging, and facial recognition. In CS literature, the target vector can be recovered either by optimizing an objective function using point estimation, or recovering a distribution of the sparse vector using Bayesian estimation. Although Bayesian framework provides an extra degree of freedom to assume a distribution that is directly applicable to the problem of interest, it is hard to find a theoretical guarantee of convergence. This limitation has shifted some of researches to use a non-Bayesian framework. This thesis tries to close this gab by proposing a Bayesian framework with a suggested theoretical bound for the assumed, not necessarily correct, distribution. In the simulation study, a general lower Bayesian Cram\'er-Rao bound (BCRB) bound is extracted along with misspecified Bayesian Cram\'er-Rao bound (MBCRB) for GN model. Both bounds are validated using mean square error (MSE) performances of the aforementioned algorithms. Also, a quantification of the performance in terms of gains versus losses is introduced as one main finding of this report.

Energy management system (EMS) is at the heart of the operation and control of a modern electrical grid. Because of economic, safety, and security reasons, access to industrial grade EMS and real-world power system data is extremely limited. Therefore, the ability to simulate an EMS is invaluable in researching the EMS in normal and anomalous operating conditions.

I first lay the groundwork for a basic EMS loop simulation in modern power grids and review a class of cybersecurity threats called false data injection (FDI) attacks. Then I propose a software architecture as the basis of software simulation of the EMS loop and explain an actual software platform built using the proposed architecture. I also explain in detail the power analysis libraries used for building the platform with examples and illustrations from the implemented application. Finally, I will use the platform to simulate FDI attacks on two synthetic power system test cases and analyze and visualize the consequences using the capabilities built into the platform.

Synthetic power system test cases offer a wealth of new data for research and development purposes, as well as an avenue through which new kinds of analyses and questions can be examined. This work provides both a methodology for creating and validating synthetic test cases, as well as a few use-cases for how access to synthetic data enables otherwise impossible analysis.

First, the question of how synthetic cases may be generated in an automatic manner, and how synthetic samples should be validated to assess whether they are sufficiently ``real'' is considered. Transmission and distribution levels are treated separately, due to the different nature of the two systems. Distribution systems are constructed by sampling distributions observed in a dataset from the Netherlands. For transmission systems, only first-order statistics, such as generator limits or line ratings are sampled statistically. The task of constructing an optimal power flow case from the sample sets is left to an optimization problem built on top of the optimal power flow formulation.

Secondly, attention is turned to some examples where synthetic models are used to inform analysis and modeling tasks. Co-simulation of transmission and multiple distribution systems is considered, where distribution feeders are allowed to couple transmission substations. Next, a distribution power flow method is parametrized to better account for losses. Numerical values for the parametrization can be statistically supported thanks to the ability to generate thousands of feeders on command.

Through the personal experience of volunteering at ASU Project Humanities, an organization that provides resources such as clothing and toiletries to the homeless population in Downtown Phoenix, I noticed efficiently serving the needs of the homeless population is an important endeavor, but the current processes for Phoenix nonprofits to collect data are manual, ad-hoc, and inefficient. This leads to the research question: is it possible to improve this process of collecting statistics on client needs, tracking donations, and managing resources using technology? Background research includes an interview with ASU Project Humanities, articles by analysts, and related work including case studies of current technologies in the nonprofit community. Major findings include i) a lack of centralized communication in nonprofits collecting needs, tracking surplus donations, and sharing resources, ii) privacy assurance is important to homeless individuals, and iii) pre-existing databases and technological solutions have demonstrated that technology has the ability to make an impact in the nonprofit community. To improve the process, standardization, efficiency, and automation need to increase. As a result of my analysis, the thesis proposes a prototype solution which includes two parts: an inventory database and a web application with forms for user input and tables for the user to view. This solution addresses standardization by showing a consistent way of collecting data on need requests and surplus donations while guaranteeing privacy of homeless individuals. This centralized solution also increases efficiency by connecting different agencies that cater to these clients. Lastly, the solution demonstrates the ability for resources to be made available to each organization which can increase automation. In conclusion, this database and web application has the potential to improve nonprofit organizations’ networking capabilities, resource management, and resource distribution. The percentile of homeless individuals connected to these resources is expected to increase substantially with future live testing and large-scale implementation.

In the past few decades, there has been a remarkable shift in the boundary between public and private information. The application of information technology and electronic communications allow service providers (businesses) to collect a large amount of data. However, this ``data collection" process can put the privacy of users at risk and also lead to user reluctance in accepting services or sharing data. This dissertation first investigates privacy sensitive consumer-retailers/service providers interactions under different scenarios, and then focuses on a unified framework for various information-theoretic privacy and privacy mechanisms that can be learned directly from data.

Existing approaches such as differential privacy or information-theoretic privacy try to quantify privacy risk but do not capture the subjective experience and heterogeneous expression of privacy-sensitivity. The first part of this dissertation introduces models to study consumer-retailer interaction problems and to better understand how retailers/service providers can balance their revenue objectives while being sensitive to user privacy concerns. This dissertation considers the following three scenarios: (i) the consumer-retailer interaction via personalized advertisements; (ii) incentive mechanisms that electrical utility providers need to offer for privacy sensitive consumers with alternative energy sources; (iii) the market viability of offering privacy guaranteed free online services. We use game-theoretic models to capture the behaviors of both consumers and retailers, and provide insights for retailers to maximize their profits when interacting with privacy sensitive consumers.

Preserving the utility of published datasets while simultaneously providing provable privacy guarantees is a well-known challenge. In the second part, a novel context-aware privacy framework called generative adversarial privacy (GAP) is introduced. Inspired by recent advancements in generative adversarial networks, GAP allows the data holder to learn the privatization mechanism directly from the data. Under GAP, finding the optimal privacy mechanism is formulated as a constrained minimax game between a privatizer and an adversary. For appropriately chosen adversarial loss functions, GAP provides privacy guarantees against strong information-theoretic adversaries. Both synthetic and real-world datasets are used to show that GAP can greatly reduce the adversary's capability of inferring private information at a small cost of distorting the data.

Fundamental limits of fixed-to-variable (F-V) and variable-to-fixed (V-F) length universal source coding at short blocklengths is characterized. For F-V length coding, the Type Size (TS) code has previously been shown to be optimal up to the third-order rate for universal compression of all memoryless sources over finite alphabets. The TS code assigns sequences ordered based on their type class sizes to binary strings ordered lexicographically.

Universal F-V coding problem for the class of first-order stationary, irreducible and aperiodic Markov sources is first considered. Third-order coding rate of the TS code for the Markov class is derived. A converse on the third-order coding rate for the general class of F-V codes is presented which shows the optimality of the TS code for such Markov sources.

This type class approach is then generalized for compression of the parametric sources. A natural scheme is to define two sequences to be in the same type class if and only if they are equiprobable under any model in the parametric class. This natural approach, however, is shown to be suboptimal. A variation of the Type Size code is introduced, where type classes are defined based on neighborhoods of minimal sufficient statistics. Asymptotics of the overflow rate of this variation is derived and a converse result establishes its optimality up to the third-order term. These results are derived for parametric families of i.i.d. sources as well as Markov sources.

Finally, universal V-F length coding of the class of parametric sources is considered in the short blocklengths regime. The proposed dictionary which is used to parse the source output stream, consists of sequences in the boundaries of transition from low to high quantized type complexity, hence the name Type Complexity (TC) code. For large enough dictionary, the $\epsilon$-coding rate of the TC code is derived and a converse result is derived showing its optimality up to the third-order term.

The uncertainty and variability associated with stochastic resources, such as wind and solar, coupled with the stringent reliability requirements and constantly changing system operating conditions (e.g., generator and transmission outages) introduce new challenges to power systems. Contemporary approaches to model reserve requirements within the conventional security-constrained unit commitment (SCUC) models may not be satisfactory with increasing penetration levels of stochastic resources; such conventional models pro-cure reserves in accordance with deterministic criteria whose deliverability, in the event of an uncertain realization, is not guaranteed. Smart, well-designed reserve policies are needed to assist system operators in maintaining reliability at least cost.

Contemporary market models do not satisfy the minimum stipulated N-1 mandate for generator contingencies adequately. This research enhances the traditional market practices to handle generator contingencies more appropriately. In addition, this research employs stochastic optimization that leverages statistical information of an ensemble of uncertain scenarios and data analytics-based algorithms to design and develop cohesive reserve policies. The proposed approaches modify the classical SCUC problem to include reserve policies that aim to preemptively anticipate post-contingency congestion patterns and account for resource uncertainty, simultaneously. The hypothesis is to integrate data-mining, reserve requirement determination, and stochastic optimization in a holistic manner without compromising on efficiency, performance, and scalability. The enhanced reserve procurement policies use contingency-based response sets and post-contingency transmission constraints to appropriately predict the influence of recourse actions, i.e., nodal reserve deployment, on critical transmission elements.

This research improves the conventional deterministic models, including reserve scheduling decisions, and facilitates the transition to stochastic models by addressing the reserve allocation issue. The performance of the enhanced SCUC model is compared against con-temporary deterministic models and a stochastic unit commitment model. Numerical results are based on the IEEE 118-bus and the 2383-bus Polish test systems. Test results illustrate that the proposed reserve models consistently outperform the benchmark reserve policies by improving the market efficiency and enhancing the reliability of the market solution at reduced costs while maintaining scalability and market transparency. The proposed approaches require fewer ISO discretionary adjustments and can be employed by present-day solvers with minimal disruption to existing market procedures.