Página 10 dos resultados de 8247 itens digitais encontrados em 0.016 segundos

Plano de segurança para autenticação de dados em redes orientadas à informação; Security plane for data authentication in information-centric networks

Walter Wong
Fonte: Biblioteca Digital da Unicamp Publicador: Biblioteca Digital da Unicamp
Tipo: Tese de Doutorado Formato: application/pdf
Publicado em 23/09/2011 Português
Relevância na Pesquisa
37.292031%
A segurança da informação é responsável pela proteção das informações contra o acesso nãoautorizado, uso, modificação ou a sua destruição. Com o objetivo de proteger os dados contra esses ataques de segurança, vários protocolos foram desenvolvidos, tais como o Internet Protocol Security (IPSEC) e o Transport Layer Security (TLS), provendo mecanismos de autenticação, integridade e confidencialidade dos dados para os usuários. Esses protocolos utilizam o endereço IP como identificador de hosts na Internet, tornando-o referência e identificador no estabelecimento de conexões seguras para a troca de dados entre aplicações na rede. Com o advento da Web e o aumento exponencial do consumo de conteúdos, como vídeos e áudios, há indícios da migração gradual do uso predominante da Internet, passando da ênfase voltada para a conexão entre hosts para uma ênfase voltada para a obtenção de conteúdo da rede, paradigma esse conhecido como information-centric networking. Nesse paradigma, usuários buscam por documentos e recursos na Internet sem se importarem com o conhecimento explícito da localização do conteúdo. Como consequência, o endereço IP que previamente era utilizado como ponto de referência do provedor de dados...

An introduction to Quality of Security Services

Irvine, Cynthia E.; Levin, Timothy E.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Relatório
Português
Relevância na Pesquisa
37.315498%
We examine the concept of security as a dimension of Quality of Service in distributed systems. We provide a discussion and examples of user- specified security variables and show how the range of service levels associated with these variables can support the provision of Quality of Security Service. We also discuss various design implications regarding security ranges provided in a QoS-aware distributed system. Our goal has been to provide an understanding of QoSS and variant security, and to determine whether these concepts can be useful in improving security service and system performance in QoS-aware distributed systems. We described the general requirements for system attributes to participate in the provision of Quality of Service, and described how certain security attributes might meet these requirements. We then described various forms of user and application security "ranges "and showed how these ranges can make sense in relation to existing security policies, when those ranges are presented as user choices. Finally we described security ranges as forming a coherent system of relationships in a distributed multi-tiered system. Our conclusion is that it may be possible for security to be a semantically meaningful dimension of Quality of Service without compromising existing security policies. Further study is needed to understand the effectiveness of QoSS in improving system performance in QoS-aware systems.

Quality of Security Service costing demonstration for the MSHN project

Spyropoulou, Evdoxia; Levin, Timothy; Irvine, Cynthia
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Relatório
Português
Relevância na Pesquisa
37.292031%
Security requirements for a task, system or network may permit the selection of a range of underlying services or security behaviors. When a range of services is available, variant security is possible. Variant security permits the notion of Quality of Security Service (QoSS) to be introduced. This paper describes a quality of security service demonstration, specifically with respect to costing. We describe the network as having three modes: normal, impacted, and emergency. For each of these modes, the user is given three possible security levels: low, medium and high. A variety of security services contribute to the overall security of each task. Each service has two costs: an initialization cost and a run-time cost. The demonstration illustrates the costs incurred as network modes and security levels are changed. High level and detailed specifications are provided.

Research in computer forensics

Wai, Hor Cheong
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
37.313186%
Approved for public release; distribution is unlimited; Computer Forensics involves the preservation, identification, extraction and documentation of computer evidence stored in the form of magnetically encoded information. With the proliferation of E-commerce initiatives and the increasing criminal activities on the web, this area of study is catching on in the IT industry and among the law enforcement agencies. The objective of the study is to explore the techniques of computer forensics from the computer security perspective. Specifically, the thesis looks into the application of forensic principles and techniques, security designs of computer hardware and software, and network protocols, in an effort to discover the trails of the computer hackers. The thesis subsequently packages this knowledge into a curriculum for a twelve weeks resident course at the Naval Postgraduate School Complementing the research and course materials are surveys conducted on agencies and vendors currently providing computer forensic courses and training, reading materials, and software tools applicable to computer forensic investigation. The purpose of these surveys is to provide a depository of useful information related to this specialized discipline of computer security. It is the hope of the study that students in the future will benefit from the knowledge gathered in this thesis and the exposure gained from the course and laboratory exercises will allow them to correctly respond to computer intrusions and unauthorized activities they may encounter on their C4I systems.

Curriculum modules in support of tabletop cybersecurity games

Coria, Jose Calderon
Fonte: Monterey, California: Naval Postgraduate School Publicador: Monterey, California: Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
37.28978%
Approved for public release; distribution is unlimited; The number of bachelor degrees in computer science has continued to decline over the past decade. These trends similarly affect cyber security sub-discipline of computer science. The non-digital computer security board game [d0x3d!] aims to teach cyber security concepts to a young, non-CS audience, to increase interest in the subject, and have a positive effect on computer science education. We develop curriculum modules in the form of lesson plans to complement this game. This demonstrates how the game can be used in an academic setting to scaffold instruction that introduces security concepts to K-12 audiences, more formally.

Digital identity: an emergent legal concept; an analysis of the role and legal nature of digital identity in a transactional context.

Sullivan, Clare Linda
Fonte: Universidade de Adelaide Publicador: Universidade de Adelaide
Tipo: Tese de Doutorado
Publicado em //2009 Português
Relevância na Pesquisa
37.307283%
This thesis examines the emergent legal concept of digital identity under the United Kingdom National Identity Scheme ('NIS') and its Australian counterpart, the Access Card Scheme('ACS') proposed in 2007. The Identity Cards Act 2006 UK c 15 ('Identity Cards Act’) and the Human Services (Enhanced Service Delivery) Bill (Cth) 2007 ('Access Card Bill') reveal a remarkably similar concept of identity in terms of its constitution and especially its functions. The United Kingdom scheme is currently being established, whereas the proposed Australian Scheme has been shelved following a change of government late in 2007. The NIS is therefore used as the model for this study but the analysis applies to any such scheme based on digital technology, including the ACS, should it be resurrected. The emergent concept of digital identity which is the subject of this thesis arises from legislation. It is a legal construct which consists of a collection of information that is stored and transmitted in digital form, and which has specific functions under the identity scheme. In this study, the information recorded about an individual for an identity scheme is referred to as an individual's 'database identity.' Database identity consists of information prescribed by legislation. Collectively...

IT Security Plan for Flight Simulation Program

Hood, David; Rahman, Syed Shawon
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 07/11/2011 Português
Relevância na Pesquisa
37.320012%
Information security is one of the most important aspects of technology, we cannot protect the best interests of our organizations' assets (be that personnel, data, or other resources), without ensuring that these assetsare protected to the best of their ability. Within the Defense Department, this is vital to the security of not just those assets but also the national security of the United States. Compromise insecurity could lead severe consequences. However, technology changes so rapidly that change has to be made to reflect these changes with security in mind. This article outlines a growing technological change (virtualization and cloud computing), and how to properly address IT security concerns within an operating environment. By leveraging a series of encrypted physical and virtual systems, andnetwork isolation measures, this paper delivered a secured high performance computing environment that efficiently utilized computing resources, reduced overall computer processing costs, and ensures confidentiality, integrity, and availability of systems within the operating environment.; Comment: 24 pages

From Qualitative to Quantitative Proofs of Security Properties Using First-Order Conditional Logic

Halpern, Joseph Y.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 14/04/2008 Português
Relevância na Pesquisa
37.307283%
A first-order conditional logic is considered, with semantics given by a variant of epsilon-semantics, where p -> q means that Pr(q | p) approaches 1 super-polynomially --faster than any inverse polynomial. This type of convergence is needed for reasoning about security protocols. A complete axiomatization is provided for this semantics, and it is shown how a qualitative proof of the correctness of a security protocol can be automatically converted to a quantitative proof appropriate for reasoning about concrete security.

Chaotic iterations versus Spread-spectrum: topological-security and stego-security

Guyeux, Christophe; Friot, Nicolas; Bahi, Jacques M.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 16/12/2011 Português
Relevância na Pesquisa
37.292031%
A new framework for information hiding security, called topological-security, has been proposed in a previous study. It is based on the evaluation of unpredictability of the scheme, whereas existing notions of security, as stego-security, are more linked to information leaks. It has been proven that spread-spectrum techniques, a well-known stego-secure scheme, are topologically-secure too. In this paper, the links between the two notions of security is deepened and the usability of topological-security is clarified, by presenting a novel data hiding scheme that is twice stego and topological-secure. This last scheme has better scores than spread-spectrum when evaluating qualitative and quantitative topological-security properties. Incidentally, this result shows that the new framework for security tends to improve the ability to compare data hiding scheme.; Comment: 2 figures; 10 pages; IIH-MSP 2010: The Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, October 15-17, 2010 Darmstadt, Germany

Security Formalizations and Their Relationships for Encryption and Key Agreement in Information-Theoretic Cryptography

Iwamoto, Mitsugu; Ohta, Kazuo; Shikata, Junji
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 05/10/2014 Português
Relevância na Pesquisa
37.292031%
This paper revisits formalizations of information-theoretic security for symmetric-key encryption and key agreement protocols which are very fundamental primitives in cryptography. In general, we can formalize information-theoretic security in various ways: some of them can be formalized as stand-alone security by extending (or relaxing) Shannon's perfect secrecy or by other ways such as semantic security; some of them can be done based on composable security. Then, a natural question about this is: what is the gap between the formalizations? To answer the question, we investigate relationships between several formalizations of information-theoretic security for symmetric-key encryption and key agreement protocols. Specifically, for symmetric-key encryption protocols in a general setting including the case where there exist decryption-errors, we deal with the following formalizations of security: formalizations extended (or relaxed) from Shannon's perfect secrecy by using mutual information and statistical distance; information-theoretic analogues of indistinguishability and semantic security by Goldwasser and Micali; and composable security by Maurer et al. and Canetti. Then, we explicitly show the equivalence and non-equivalence between those formalizations. Under the model...

Multidefender Security Games

Lou, Jian; Smith, Andrew M.; Vorobeychik, Yevgeniy
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 28/05/2015 Português
Relevância na Pesquisa
37.320012%
Stackelberg security game models and associated computational tools have seen deployment in a number of high-consequence security settings, such as LAX canine patrols and Federal Air Marshal Service. These models focus on isolated systems with only one defender, despite being part of a more complex system with multiple players. Furthermore, many real systems such as transportation networks and the power grid exhibit interdependencies between targets and, consequently, between decision makers jointly charged with protecting them. To understand such multidefender strategic interactions present in security, we investigate game theoretic models of security games with multiple defenders. Unlike most prior analysis, we focus on the situations in which each defender must protect multiple targets, so that even a single defender's best response decision is, in general, highly non-trivial. We start with an analytical investigation of multidefender security games with independent targets, offering an equilibrium and price-of-anarchy analysis of three models with increasing generality. In all models, we find that defenders have the incentive to over-protect targets, at times significantly. Additionally, in the simpler models, we find that the price of anarchy is unbounded...

Predictive Cyber-security Analytics Framework: A non-homogenous Markov model for Security Quantification

Abraham, Subil; Nair, Suku
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 08/01/2015 Português
Relevância na Pesquisa
37.304653%
Numerous security metrics have been proposed in the past for protecting computer networks. However we still lack effective techniques to accurately measure the predictive security risk of an enterprise taking into account the dynamic attributes associated with vulnerabilities that can change over time. In this paper we present a stochastic security framework for obtaining quantitative measures of security using attack graphs. Our model is novel as existing research in attack graph analysis do not consider the temporal aspects associated with the vulnerabilities, such as the availability of exploits and patches which can affect the overall network security based on how the vulnerabilities are interconnected and leveraged to compromise the system. Gaining a better understanding of the relationship between vulnerabilities and their lifecycle events can provide security practitioners a better understanding of their state of security. In order to have a more realistic representation of how the security state of the network would vary over time, a nonhomogeneous model is developed which incorporates a time dependent covariate, namely the vulnerability age. The daily transition-probability matrices are estimated using Frei's Vulnerability Lifecycle model. We also leverage the trusted CVSS metric domain to analyze how the total exploitability and impact measures evolve over a time period for a given network.; Comment: 16 pages...

A Supervisory Control Approach to Dynamic Cyber-Security

Rasouli, Mohammad; Miehling, Erik; Teneketzis, Demosthenis
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.307283%
An analytical approach for a dynamic cyber-security problem that captures progressive attacks to a computer network is presented. We formulate the dynamic security problem from the defender's point of view as a supervisory control problem with imperfect information, modeling the computer network's operation by a discrete event system. We consider a min-max performance criterion and use dynamic programming to determine, within a restricted set of policies, an optimal policy for the defender. We study and interpret the behavior of this optimal policy as we vary certain parameters of the supervisory control problem.; Comment: 19 pages, 4 figures, GameSec 2014 (Conference on Decision and Game Theory for Security)

Picking vs. Guessing Secrets: A Game-Theoretic Analysis (Technical Report)

Khouzani, MHR; Mardziel, Piotr; Cid, Carlos; Srivatsa, Mudhakar
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 09/05/2015 Português
Relevância na Pesquisa
37.307283%
Choosing a hard-to-guess secret is a prerequisite in many security applications. Whether it is a password for user authentication or a secret key for a cryptographic primitive, picking it requires the user to trade-off usability costs with resistance against an adversary: a simple password is easier to remember but is also easier to guess; likewise, a shorter cryptographic key may require fewer computational and storage resources but it is also easier to attack. A fundamental question is how one can optimally resolve this trade-off. A big challenge is the fact that an adversary can also utilize the knowledge of such usability vs. security trade-offs to strengthen its attack. In this paper, we propose a game-theoretic framework for analyzing the optimal trade-offs in the face of strategic adversaries. We consider two types of adversaries: those limited in their number of tries, and those that are ruled by the cost of making individual guesses. For each type, we derive the mutually-optimal decisions as Nash Equilibria, the strategically pessimistic decisions as maximin, and optimal commitments as Strong Stackelberg Equilibria of the game. We establish that when the adversaries are faced with a capped number of guesses, the user's optimal trade-off is a uniform randomization over a subset of the secret domain. On the other hand...

A Survey on Cloud Security Issues and Techniques

Sharma, Shubhanjali; Gupta, Garima; Laxmi, P. R.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 22/03/2014 Português
Relevância na Pesquisa
37.320012%
Today, cloud computing is an emerging way of computing in computer science. Cloud computing is a set of resources and services that are offered by the network or internet. Cloud computing extends various computing techniques like grid computing, distributed computing. Today cloud computing is used in both industrial field and academic field. Cloud facilitates its users by providing virtual resources via internet. As the field of cloud computing is spreading the new techniques are developing. This increase in cloud computing environment also increases security challenges for cloud developers. Users of cloud save their data in the cloud hence the lack of security in cloud can lose the users trust. In this paper we will discuss some of the cloud security issues in various aspects like multi-tenancy, elasticity, availability etc. The paper also discuss existing security techniques and approaches for a secure cloud. This paper will enable researchers and professionals to know about different security threats and models and tools proposed.; Comment: 8 pages, 5 figures, SCNDS Ajmer

Security Through Entertainment: Experiences Using a Memory Game for Secure Device Pairing

Gallego, Alexander; Saxena, Nitesh; Voris, Jonathan
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.307283%
The secure "pairing" of wireless devices based on auxiliary or out-of-band (OOB) communication, such as audio, visual, or tactile channels, is a well-established research direction. However, prior work shows that this approach to pairing can be prone to human errors of different forms that may directly or indirectly translate into man-in-the-middle attacks. To address this problem, we propose a general direction of the use of computer games for pairing. Since games are a popular means of entertainment, our hypothesis is that they may serve as an incentive to users and make the pairing process enjoyable for them, thus improving the usability, as well as the security, of the pairing process. We consider an emerging use case of pairing whereby two different users are involved, each in possession of his or her own device (e.g., Alice and Bob pairing their smartphones for social interactions). We develop "Alice Says," a pairing game based on a popular memory game called Simon (Says), and discuss the underlying design challenges. We also present a preliminary evaluation of Alice Says via a usability study and demonstrate its feasibility in terms of usability and security. Our results indicate that overall Alice Says was deemed as a fun and an enjoyable way to pair devices...

Stochastic Games for Security in Networks with Interdependent Nodes

Nguyen, Kien C.; Alpcan, Tansu; Basar, Tamer
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 11/03/2010 Português
Relevância na Pesquisa
37.307283%
This paper studies a stochastic game theoretic approach to security and intrusion detection in communication and computer networks. Specifically, an Attacker and a Defender take part in a two-player game over a network of nodes whose security assets and vulnerabilities are correlated. Such a network can be modeled using weighted directed graphs with the edges representing the influence among the nodes. The game can be formulated as a non-cooperative zero-sum or nonzero-sum stochastic game. However, due to correlation among the nodes, if some nodes are compromised, the effective security assets and vulnerabilities of the remaining ones will not stay the same in general, which leads to complex system dynamics. We examine existence, uniqueness, and structure of the solution and also provide numerical examples to illustrate our model.

Security in Monitoring Schemes: A Survey

Vaibhav, Atul
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 19/11/2014 Português
Relevância na Pesquisa
37.320012%
With our growing reliability on distributed networks, the security aspect of such networks becomes of prime importance. In large scale distributed networks it becomes cardinal to have an efficient and effective monitoring scheme. The monitoring schemes supervise the node behaviour in the network and look out for any discrepancy. Monitoring schemes comprise of monitoring components that work together to help schemes in meeting various security requirement parameters for the networks. These security parameters are breached via various attacks by manipulation of monitoring components of particular monitoring schemes to produce faulty results and thereby reducing efficiency of networks, reliability and security. In this paper we have discussed these components of monitoring, multiple monitoring schemes, their security parameters and various types of attacks possible on these monitoring components by manipulating assumptions of monitoring schemes.; Comment: Attacks, Monitoring Schemes, Aggregation, Analysis, Dissemination, Gossip, Tree, Hybrid, Distributed Networks

Semantic Matching of Security Policies to Support Security Experts

Benammar, Othman; Elasri, Hicham; Sekkaki, Abderrahim
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 28/03/2013 Português
Relevância na Pesquisa
37.304653%
Management of security policies has become increasingly difficult given the number of domains to manage, taken into consideration their extent and their complexity. Security experts has to deal with a variety of frameworks and specification languages used in different domains that may belong to any Cloud Computing or Distributed Systems. This wealth of frameworks and languages make the management task and the interpretation of the security policies so difficult. Each approach provides its own conflict management method or tool, the security expert will be forced to manage all these tools, which makes the field maintenance and time consuming expensive. In order to hide this complexity and to facilitate some security experts tasks and automate the others, we propose a security policies aligning based on ontologies process; this process enables to detect and resolve security policies conflicts and to support security experts in managing tasks.; Comment: SECURWARE 2012 : The Sixth International Conference on Emerging Security Information, Systems and Technologies

Performance comparison between Ad Hoc On Demand Distance Vector and Dynamic Source Routing Protocols with security encryption using OPNET

Jafferi, Jaseem
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
37.307283%
Application for wireless networking has been evolving rapidly and is becoming an integral part in our everyday life. Also with the recent performance advancement in wireless communication technologies, mobile wireless ad-hoc networks has been used in many areas such as military, health and commercial applications. Mobile ad hoc networks utilize radio waves and microwaves to maintain communication channel between computers. 802.11 (Wi-Fi) is the pre-eminent technology for building general purpose wireless networks. Mobile ad-hoc networking (MANET) utilize the Internet Protocol (IP) suite and aims at supporting robust and efficient operation by incorporating routing functionality into the mobile nodes. MANET is among one of the wireless networks that uses 802.11 to transmit data from the source to the destination. Since MANET is used in applications like defense, security is of vital importance due to its wireless nature. Wireless networks are vulnerable to attacks like eavesdropping, Man-In-The-Middle-Attack (MITM), hijacking, and so are MANETs. A malicious node can get within the wireless range of the nodes in the MANET and can disrupt the communication process. Various routing protocols have been proposed using encryption techniques to protect routing in MANETs. In this thesis...