Página 1 dos resultados de 1872 itens digitais encontrados em 0.030 segundos

Arquitetura de segurança fim-a-fim para redes de sensores sem fio.; End-to-end security architecture for wireless sensor networks.

Oliveira, Bruno Trevizan de
Fonte: Biblioteca Digitais de Teses e Dissertações da USP Publicador: Biblioteca Digitais de Teses e Dissertações da USP
Tipo: Dissertação de Mestrado Formato: application/pdf
Publicado em 03/08/2012 Português
Relevância na Pesquisa
45.97%
Diversas aplicações de redes de sensores sem fio necessitam de serviços de segurança, como confidencialidade, integridade e autenticação de origem de dados. Contudo, dadas as limitações de processamento, memória e suprimento de energia dos dispositivos, os mecanismos de segurança tradicionais podem causar efeitos indesejáveis na rede, como atraso na comunicação e aumento no consumo de energia, impondo obstáculos para seu uso na tecnologia em questão. Muitas propostas de esquemas de segurança baseados em criptografia simétrica projetados especificamente para redes de sensores sem fio são encontradas na literatura. Contudo, essas soluções são focadas na segurança salto-a-salto. Tal abordagem é adequada para garantir a segurança dos enlaces deste tipo de rede, mas não garante a segurança na comunicação fim-a-fim. Neste trabalho são apresentados cenários e desafios de implementação de segurança neste tipo de rede, e a concepção, o projeto e a implementação de uma arquitetura de segurança para redes de sensores sem fio, que tem como objetivos: prover segurança na comunicação fim-a-fim; permitir a interoperabilidade entre diferentes sistemas; e possibilitar uma maior flexibilidade em relação à utilização de chaves criptográficas em diferentes cenários e topologias. Adicionalmente...

Gerenciamento baseado em modelos da configuração de sistemas de segurança em ambientes de redes complexos; Model-based configuration management of security systems in complex network environments

João Porto de Albuquerque Pereira
Fonte: Biblioteca Digital da Unicamp Publicador: Biblioteca Digital da Unicamp
Tipo: Tese de Doutorado Formato: application/pdf
Publicado em 24/05/2006 Português
Relevância na Pesquisa
45.93%
Os mecanismos de segurança empregados em ambientes de redes atuais têm complexidade crescente e o gerenciamento de suas configurações adquire um papel fundamental para proteção desses ambientes. Particularmente em redes de computadores de larga escala, os administradores de segurança se vêem confrontados com o desafio de projetar, implementar, manter e monitorar um elevado número de mecanismos, os quais possuem sintaxes de configuração heterogêneas e complicadas. Uma conseqüência dessa situação é que erros de configuração são causas freqüentes de vulnerabilidades de segurança. O presente trabalho oferece uma sistemática para o gerenciamento da configuração de sistemas de segurança de redes que corresponde especialmente às necessidades dos ambientes complexos encontrados em organizações atuais. A abordagem, construída segundo o paradigma de Gerenciamento Baseado em Modelos, inclui uma técnica de modelagem que trata uniformemente diferentes tipos de mecanismos e permite que o projeto de suas configurações seja executado de forma modular, mediante um modelo orientado a objetos. Esse modelo é segmentado em Subsistemas Abstratos, os quais encerram um grupo de mecanismos de segurança e outras entidades relevantes do sistema ? incluindo seus diferentes tipos de mecanismo e as inter-relações recíprocas entre eles. Uma ferramenta de software apóia a abordagem...

Regions Security Policy (RSP) : applying regions to network security; RSP : applying regions to network security

Baratz, Joshua W. (Joshua William), 1981-
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 65 p.; 3243771 bytes; 3243575 bytes; application/pdf; application/pdf
Português
Relevância na Pesquisa
45.96%
The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly.; by Joshua W. Baratz.; Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.; Includes bibliographical references (p. 51-54).

Statistical Analysis of the Skaion Network Security Dataset

Major, William F. Jr.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
45.95%
This thesis considers the best use of network traffic data to increase cyber security. This operational problem is one of great concern to network administrators and users generally. Our specific task was performed for the Network Security Division of the Army Research Laboratory, who requested we analyze a dataset of cyber-attacks masked in a background of representative network traffic (the Skaion dataset). We find that substantial preprocessing must done before statistical methods can be applied to raw network data, that no single predictor is sufficient, and that the most effective statistical analysis is logistic regression. Our approach is novel in that we consider not only single predictor events, but also combinations of reports from multiple tools. While we consider a number of different statistical techniques, we find that the most satisfactory model is based on logistic regression. Finally, we conclude that while the Skaion dataset is valuable in terms of its new approach to network traffic emulation, the 1999 KDD Cup and DARPA-MIT datasetsdespite their many shortcomingsare more clearly organized and accessible to academic study. Cyber security is a globally important problem and datasets like Skaions must maximize opportunities for cross-disciplinary academic endeavors.

Defense Data Network and the Naval Security Group

Eberhardt, Jean M.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
45.9%
This thesis describes the Defense Data Network (DDN) and its possible applications for the Naval Security Group. It reviews the background and historical information that contributed to the selection of DDN as the primary long distance data communications system for the Department of Defense. It evaluates some of the advantages and disadvantages of packet switching technology. The survivability, availability, and security features of DDN are presented. Also included are specifications of the hardware equipment, software standards, and operating procedures for DDN. The Naval Security Group does not require direct DDN access to accomplish its operational mission. There are, however, a number of nonoperational requirements that could be facilitated by direct DDN access. This thesis discusses a potential role for DDN in the Naval Security Group. Applications for administration, personnel, supply, and logistics functions are provided. Theses. (jes)

Introduction of First Passage Time (FPT) Analysis for Software Reliability and Network Security

Ma, Zhanshan (Sam); Krings, Axel W.; Millar, Richard C.
Fonte: Escola de Pós-Graduação Naval Publicador: Escola de Pós-Graduação Naval
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
66.01%
The Fifth CSIIRW '2009, April 13-15, Oak Ridge National Lab, Oak Ridge, Tennessee, USA. Includes a powerpoint presentation.; The study of the First Passage Time (FPT) problem (also known as first passage problem, FPP) started more than a century ago, but its diverse applications in science and engineering mostly emerged in the last two to three decades. Assuming that X(t) is a one-dimensional stochastic process, the First Passage Time is defined as the time (T) when X(t) first crosses a threshold. Engineering reliability is obviously a suitable application domain, and indeed applications such as optimal dam design in hydrology and analysis of structural failure in civil and mechanical engineering are typical examples. Although we envision that the FPT problem has great potential in network and software reliability, it should be more useful for network security and survivability because the approaches developed for the FPT problem are mostly analytical. The assumption for this inference is that in reliability analysis, experimental or historical data are often more readily available, which makes statistical approaches such as survival analysis more convenient and likely more realistic. In contrast, data is generally more difficult to obtain in security and survivability analyses...

Network security and the NPS Internet firewall; NA

Schively, Jody L.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: 105 p.;28 cm.
Português
Relevância na Pesquisa
46%
As the Naval Postgraduate School's (NPS) computer network continues to incorporate computers with a wide variety of security holes, it is vital that an Internet firewall be installed to provide perimeter security for NPS from the Internet. NPS has had systems compromised by unauthorized individuals who have gained access via the Internet. The approach taken by this thesis was to analyze the type of Internet firewalls available and chose a design that provides the protection required at NPS while maintaining the Internet functionality desired. After choosing the appropriate type of firewall, it was tested for functionality and performance. The functionality test successfully validated that the bootp, netwall, tftp, sunrpc, and nfsd packets could he blocked while other network services remained functional. The performance testing process first monitored existing traffic to and from the BARRNET and DDN routers. The second step determined the firewall's performance with a well known network measurement tool, New Test TCP/IP (ntrcp). The existing data rates to and from the Intemet are on average 438 kilobjis per second and the nttcp tests showed that the firewall could run at 600 kilobits per second. These results validated that the firewall could maintain the data rates currently required to the Internet. This thesis resulted in a firewall...

Uma arquitetura distribuída aplicada ao tratamento de registros de segurança de rede; A distributed architecture for network security data analysis

Holtz, Marcelo Dias
Fonte: Universidade de Brasília Publicador: Universidade de Brasília
Tipo: Dissertação
Português
Relevância na Pesquisa
46.07%
Dissertação (mestrado)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, 2012.; A Internet tem se tornado um ambiente cada vez mais hostil, visto o crescimento dos ataques bem como a gravidade dos danos causados por eles. Sistemas de segurança como IDS e honeypot são componentes essenciais em um ambiente de rede seguro, permitindo proativamente a detecção de atividades maliciosas e ataques. Através das informações fornecidas por esses sistemas é possível aplicar contramedidas e mitigar os ataques que, por outro lado, poderiam comprometer seriamente a segurança da rede. No entanto, o atual crescimento do volume de tráfego de rede compromete a maioria das técnicas de IDS e Honeypot. Por isso, tais medidas de proteção requerem novas abordagens capazes de lidar com grandes quantidades de tráfego durante a análise, mantendo o desempenho e a escalabilidade. O presente trabalho propõe uma arquitetura de computação distribuída executada em nuvem para tratamento dos logs de segurança. A coleta descentralizada de dados realizada por vários sensores reúne informações abrangentes em vários níveis, dando um panorama completo do sistema monitorado. Toda a informação coletada de várias fontes é armazenada...

SNEED: Enhancing Network Security Services Using Network Coding and Joint Capacity

Aly, Salah A.; Ansari, Nirwan; Poor, H. Vincent
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 23/12/2010 Português
Relevância na Pesquisa
55.99%
Traditional network security protocols depend mainly on developing cryptographic schemes and on using biometric methods. These have led to several network security protocols that are unbreakable based on difficulty of solving untractable mathematical problems such as factoring large integers. In this paper, Security of Networks Employing Encoding and Decoding (SNEED) is developed to mitigate single and multiple link attacks. Network coding and shared capacity among the working paths are used to provide data protection and data integrity against network attackers and eavesdroppers. SNEED can be incorporated into various applications in on-demand TV, satellite communications and multimedia security. Finally, It is shown that SNEED can be implemented easily where there are k edge disjoint paths between two core nodes (routers or switches) in an enterprize network.

NEMESYS: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem

Gelenbe, Erol; Gorbil, Gokce; Tzovaras, Dimitrios; Liebergeld, Steffen; Garcia, David; Baltatu, Madalina; Lyberopoulos, George
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 23/05/2013 Português
Relevância na Pesquisa
55.85%
As a consequence of the growing popularity of smart mobile devices, mobile malware is clearly on the rise, with attackers targeting valuable user information and exploiting vulnerabilities of the mobile ecosystems. With the emergence of large-scale mobile botnets, smartphones can also be used to launch attacks on mobile networks. The NEMESYS project will develop novel security technologies for seamless service provisioning in the smart mobile ecosystem, and improve mobile network security through better understanding of the threat landscape. NEMESYS will gather and analyze information about the nature of cyber-attacks targeting mobile users and the mobile network so that appropriate counter-measures can be taken. We will develop a data collection infrastructure that incorporates virtualized mobile honeypots and a honeyclient, to gather, detect and provide early warning of mobile attacks and better understand the modus operandi of cyber-criminals that target mobile devices. By correlating the extracted information with the known patterns of attacks from wireline networks, we will reveal and identify trends in the way that cyber-criminals launch attacks against mobile devices.; Comment: Accepted for publication in Proceedings of the 28th International Symposium on Computer and Information Sciences (ISCIS'13); 9 pages; 1 figure

Tracking Network Events with Write Optimized Data Structures: The Design and Implementation of TWIAD: The Write-Optimized IP Address Database

Donoghue, Nolan; Hahn, Bridger; Xu, Helen; Kroeger, Thomas; Zage, David; Johnson, Rob
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 29/11/2015 Português
Relevância na Pesquisa
45.93%
Access to network traffic records is an integral part of recognizing and addressing network security breaches. Even with the increasing sophistication of network attacks, basic network events such as connections between two IP addresses play an important role in any network defense. Given the duration of current attacks, long-term data archival is critical but typically very little of the data is ever accessed. Previous work has provided tools and identified the need to trace connections. However, traditional databases raise performance concerns as they are optimized for querying rather than ingestion. The study of write-optimized data structures (WODS) is a new and growing field that provides a novel approach to traditional storage structures (e.g., B-trees). WODS trade minor degradations in query performance for significant gains in the ability to quickly insert more data elements, typically on the order of 10 to 100 times more inserts per second. These efficient, out-of-memory data structures can play a critical role in enabling robust, long-term tracking of network events. In this paper, we present TWIAD, the Write-optimized IP Address Database. TWIAD uses a write-optimized B-tree known as a B {\epsilon} tree to track all IP address connections in a network traffic stream. Our initial implementation focuses on utilizing lower cost hardware...

Study And Performance Evaluation Of Security-Throughput Tradeoff With Link Adaptive Encryption Scheme

Jindal, Poonam; Singh, Brahmjit
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 21/11/2012 Português
Relevância na Pesquisa
45.95%
With the ever increasing volume of information over wireless medium, security has assumed an important dimension. The security of transmitted data over a wireless channel aims at protecting the data from unauthorized intrusion. Wireless network security is achieved using cryptographic primitives. Some properties that give encryption mechanism their cryptographic strength also make them very sensitive to channel error as well. Therefore, security for data transmission over wireless channel results in throughput loss. Trade-off between security and throughput is always a major concern in wireless networks. In this paper, a Link Adaptive Encryption scheme is evaluated that adapts to channel variations and enhances the security level of WLANs without making any compromise with the network performance. Numerical results obtained through simulation are compared with the fixed block length encryption technique in two different modes of operation- Electronic Code Book (ECB) & Cipher Block Chaining (CBC). Optimal block length is also computed, which is assumed to be the effective strength of the cipher. It has been observed that security attained with link adaptive scheme operating in ECB mode of cipher is a better solution for security and throughput trade-off. However...

A Survey of P2P Network Security

Washbourne, Logan
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 06/04/2015 Português
Relevância na Pesquisa
55.78%
This paper presents a review of peer-to-peer network security. Popular for sharing of multimedia files, these networks carry risks and vulnerabilities relating to data integrity, spyware, adware, and unwanted files. Further attacks include those of forgery, pollution, repudiation, membership and Eclipse attacks, neighbor selection attacks, Sybil, DoS, and omission attacks. We review some protection mechanisms that have been devised.; Comment: 12 pages, 6 figures

Security for Smart Mobile Networks: The NEMESYS Approach

Gelenbe, Erol; Gorbil, Gokce; Tzovaras, Dimitrios; Liebergeld, Steffen; Garcia, David; Baltatu, Madalina; Lyberopoulos, George
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 02/07/2013 Português
Relevância na Pesquisa
45.91%
The growing popularity of smart mobile devices such as smartphones and tablets has made them an attractive target for cyber-criminals, resulting in a rapidly growing and evolving mobile threat as attackers experiment with new business models by targeting mobile users. With the emergence of the first large-scale mobile botnets, the core network has also become vulnerable to distributed denial-of-service attacks such as the signaling attack. Furthermore, complementary access methods such as Wi-Fi and femtocells introduce additional vulnerabilities for the mobile users as well as the core network. In this paper, we present the NEMESYS approach to smart mobile network security. The goal of the NEMESYS project is to develop novel security technologies for seamless service provisioning in the smart mobile ecosystem, and to improve mobile network security through a better understanding of the threat landscape. To this purpose, NEMESYS will collect and analyze information about the nature of cyber-attacks targeting smart mobile devices and the core network so that appropriate counter-measures can be taken. We are developing a data collection infrastructure that incorporates virtualized mobile honeypots and honeyclients in order to gather, detect and provide early warning of mobile attacks and understand the modus operandi of cyber-criminals that target mobile devices. By correlating the extracted information with known attack patterns from wireline networks...

A New Trusted and Collaborative Agent Based Approach for Ensuring Cloud Security

Pal, Shantanu; Khatua, Sunirmal; Chaki, Nabendu; Sanyal, Sugata
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 20/08/2011 Português
Relevância na Pesquisa
45.99%
In order to determine the user's trust is a growing concern for ensuring privacy and security in a cloud computing environment. In cloud, user's data is stored in one or more remote server(s) which poses more security challenges for the system. One of the most important concerns is to protect user's sensitive information from other users and hackers that may cause data leakage in cloud storage. Having this security challenge in mind, this paper focuses on the development of a more secure cloud environment, to determine the trust of the service requesting authorities by using a novel VM (Virtual Machine) monitoring system. Moreover, this research aims towards proposing a new trusted and collaborative agent-based two-tier framework, titled WAY (Who Are You?), to protect cloud resources. The framework can be used to provide security in network, infrastructure, as well as data storage in a heterogeneous cloud platform. If the trust updating policy is based on network activities, then the framework can provide network security. Similarly, it provides storage security by monitoring unauthorized access activities by the Cloud Service Users (CSU). Infrastructure security can be provided by monitoring the use of privileged instructions within the isolated VMs. The uniqueness of the proposed security solution lies in the fact that it ensures security and privacy both at the service provider level as well as at the user level in a cloud environment.; Comment: 12 pages...

A New Advanced User Authentication and Confidentiality Security Service

Majumder, Sanjay; Chakraborty, Sanjay; Das, Suman
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 18/06/2014 Português
Relevância na Pesquisa
46.06%
Network & internet security is the burning question of today's world and they are deeply related to each other for secure successful data transmission. Network security approach is totally based on the concept of network security services. In this paper, a new system of network security service is implemented which is more secure than conventional network security services. This technique is mainly deals with two essential network security services, one is user authentication and other is data confidentiality. For user authentication this paper introduces Graphical Username & Voice Password approaches which provides better security than conventional username & password authentication process. In data confidentiality section this paper introduces two layer private key for both message encryption & decryption which is mainly applicable on 8 bit plain text data. This paper also provides the hints of introducing other two network security services (integrity and non-repudiation) as a future work.

PCI DSS case study: Impact in network design and security

María, Yudit
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
46.01%
The Payment Card Industry Data Security Standard is a set of twelve security requirements applicable to all institutions and systems handling, storing or transmitting cardholder information. It was created by the main card brands in a united effort to respond to the increasing number of attacks and data breaches cases targeted and linked to card and cardholder data. The standard considers points such as policies design, data security, network architecture, software design, application security, transmission encryption requirements and so on. Being compliant with the standard can be both expensive and traumatic for any business willing to do it. This research analyzes the impact that this compliance achievement process can have on an enterprise. This work is focused on the networking infrastructure and security and application security in general. This is a case study based on a real situation, where real current procedures and implementations were evaluated against the standard requirements regarding networking design, security and applications security. This will provide a benchmark of the situation towards getting the compliance validation in the company subject of this case study.

Network security: Risk assessment of information systems

Lurain, Sher
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
55.89%
This paper investigates fundamental security issues and the growing impact of security breaches on computer networks. Cost-effective security measures, such as asset-threat analysis, enable monitoring of security levels in complex systems. An evaluation of one technique, called the Livermore Risk Analysis Methodology (LRAM) is documentedC 1 ] . Untrusted communication lines, unauthorized access and unauthorized dissemination of information must be contained. The complexity and corresponding sophistication of todays' systems and the reliance of management on information generated by these systems make them attractive targets for computer related crimes. A profile of computer criminals and their crimes emphasize the importance of management involvement and social ethics as determents to crime. An overview of system security, control concepts, communication and transmission security, and a discussion of threats, vulnerabilities, and countermeasures is provided. The growing need for risk management models is presented as well as an overview of LRAM. Risk assessment of a specific system case study and risk profiles are developed using LRAM.

Development of a cyber attack simulator for network modeling and cyber security analysis

Costantini, Kevin
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
45.99%
Computer networks are now relied on more than ever before for gathering information and performing essential business functions. In addition, cyber crime is frequently used as a means of exploiting these networks to obtain useful and private information. Although intrusion detection tools are available to assist in detecting malicious activity within a network, these tools often lack the ability to clearly identify cyber attacks. This limitation makes the development of effective tools an imperative task to assist in both detecting and taking action against cyber attacks as they occur. In developing such tools, reliable test data must be provided that accurately represents the activities of networks and attackers without the large overhead of setting up physical networks and cyber attacks. The intent of this thesis is to use operation research and simulation techniques to provide both data and data-generation tools representative of real-world computer networks, cyber attacks, and security intrusion detection systems. A simulation model is developed to represent the structure of networks, the unique details of network devices, and the aspects of intrusion detection systems used within networks. The simulation is also capable of generating representative cyber attacks that accurately portray the capabilities of attackers and the intrusion detection alerts associated with the attacks. To ensure that the data provided is reliable...

ExFILD: a tool for the detection of data exfiltration using entropy and encryption characteristics of network traffic

Fawcett, Tyrell
Fonte: University of Delaware Publicador: University of Delaware
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
45.95%
Sincoskie, Walter; The twin goals of easy communication and privacy protection have always been in con ict. Everyone can agree that important information such as social secu- rity numbers, credit card numbers, proprietary information, and classi ed govern- ment information should not be shared with untrusted and unknown entities. The Internet makes it rather simple for an attacker to steal this information from even security conscious users without the victims ever discovering the theft. All it takes is one lapse in judgment and an attacker can have access to sensitive information. Currently the computer and network security industry places its focus on tools and techniques that are concerned with what is entering a system and not what is exiting a system. The industry has no reason to not inspect the outgoing tra c. Many attacks' success and e ectiveness rely heavily on tra c exiting the computer system. Outgoing tra c is just as, if not more important to inspect as incoming tra c to detect attacks involving theft of con dential information or interaction between the attacker and victim's computer systems. Frequently recurring data breaches reinforce the necessity of tools and techniques capable of alerting the users when data is being ex ltrated from their computer systems. This thesis explores the use of entropy characteristics of network tra c to ascertain whether egress tra c from computer systems is encrypted. The inspection of network tra c at the session level instead of the packet is proposed to improve the accuracy of the entropy values. It establishes that entropy can indeed be used as an accurate metric of the tra c's actual state of encryption.; University of Delaware...