Página 14 dos resultados de 8247 itens digitais encontrados em 0.030 segundos
Resultados filtrados por Publicador: Universidade Cornell

'Context, Content, Process' Approach to Align Information Security Investments with Overall Organizational Strategy

Pandey, Pankaj
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 14/12/2015 Português
Relevância na Pesquisa
37.2377%
Today business environment is highly dependent on complex technologies, and information is considered an important asset. Organizations are therefore required to protect their information infrastructure and follow an inclusive risk management approach. One way to achieve this is by aligning the information security investment decisions with respect to organizational strategy. A large number of information security investment models have are in the literature. These models are useful for optimal and cost-effective investments in information security. However, it is extremely challenging for a decision maker to select one or combination of several models to decide on investments in information security controls. We propose a framework to simplify the task of selecting information security investment model(s). The proposed framework follows the 'Context, Content, Process' approach, and this approach is useful in evaluation and prioritization of investments in information security controls in alignment with the overall organizational strategy.

An Outline of Security in Wireless Sensor Networks: Threats, Countermeasures and Implementations

Malik, Muhammad Yasir
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 14/01/2013 Português
Relevância na Pesquisa
37.2377%
With the expansion of wireless sensor networks (WSNs), the need for securing the data flow through these networks is increasing. These sensor networks allow for easy-to-apply and flexible installations which have enabled them to be used for numerous applications. Due to these properties, they face distinct information security threats. Security of the data flowing through across networks provides the researchers with an interesting and intriguing potential for research. Design of these networks to ensure the protection of data faces the constraints of limited power and processing resources. We provide the basics of wireless sensor network security to help the researchers and engineers in better understanding of this applications field. In this chapter, we will provide the basics of information security with special emphasis on WSNs. The chapter will also give an overview of the information security requirements in these networks. Threats to the security of data in WSNs and some of their counter measures are also presented.

Security challenges in mobile ad hoc networks:a survey

Dorri, Ali; Kamel, Seyed Reza; Kheirkhah, Esmaeil
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 11/03/2015 Português
Relevância na Pesquisa
37.2377%
MANET is a kind of Ad hoc network with mobile, wireless nodes. Because of its special characteristics like dynamic topology, hop-by-hop communications and easy and quick setup, MANET faced lots of challenges allegorically routing, security and clustering. The security challenges arise due to MANETs self-configuration and self-maintenance capabilities. In this paper, we present an elaborate view of issues in MANET security. Based on MANETs special characteristics, we define three security parameters for MANET. In addition we divided MANET security into two different aspects and discussed each one in details. A comprehensive analysis in security aspects of MANET and defeating approaches is presented. In addition, defeating approaches against attacks have been evaluated in some important metrics. After analyses and evaluations, future scopes of work have been presented.; Comment: 2 Figures, 2 Tables

A Study Of Cyber Security Challenges And Its Emerging Trends On Latest Technologies

Reddy, G. Nikhita; Reddy, G. J. Ugander
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 08/02/2014 Português
Relevância na Pesquisa
37.2377%
Cyber Security plays an important role in the field of information technology .Securing the information have become one of the biggest challenges in the present day. When ever we think about the cyber security the first thing that comes to our mind is cyber crimes which are increasing immensely day by day. Various Governments and companies are taking many measures in order to prevent these cyber crimes. Besides various measures cyber security is still a very big concern to many. This paper mainly focuses on challenges faced by cyber security on the latest technologies .It also focuses on latest about the cyber security techniques, ethics and the trends changing the face of cyber security.; Comment: 5 pages

The Application of AHP Model to Guide Decision Makers: A Case Study of E-banking Security

Syamsuddin, Irfan; Hwang, Junseok
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 02/07/2010 Português
Relevância na Pesquisa
37.2377%
Changes in technology have resulted in new ways for bankers to deliver their services to costumers. Electronic banking systems in various forms are the evidence of such advancement. However, information security threats also evolving along this trend. This paper proposes the application of Analytic Hierarchy Process (AHP) methodology to guide decision makers in banking industries to deal with information security policy. The model is structured according aspects of information security policy in conjunction with information security elements. We found that cultural aspect is valued on the top priority among other security aspects, while confidentiality is considered as the most important factor in terms of information security elements.; Comment: 5 pages

Knowledge and Security

Pucella, Riccardo
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 04/05/2013 Português
Relevância na Pesquisa
37.24005%
Epistemic concepts, and in some cases epistemic logic, have been used in security research to formalize security properties of systems. This survey illustrates some of these uses by focusing on confidentiality in the context of cryptographic protocols, and in the context of multi-level security systems.; Comment: 51 pages; preliminary version of a chapter for an upcoming Handbook of Logics for Knowledge and Belief

A Temporal Logic of Security

Koleini, Masoud; Clarkson, Michael R.; Micinski, Kristopher K.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.24005%
A new logic for verification of security policies is proposed. The logic, HyperLTL, extends linear-time temporal logic (LTL) with connectives for explicit and simultaneous quantification over multiple execution paths, thereby enabling HyperLTL to express information-flow security policies that LTL cannot. A model-checking algorithm for a fragment of HyperLTL is given, and the algorithm is implemented in a prototype model checker. The class of security policies expressible in HyperLTL is characterized by an arithmetic hierarchy of hyperproperties.

Interdependent Security Games on Networks under Behavioral Probability Weighting

Hota, Ashish R.; Sundaram, Shreyas
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 30/10/2015 Português
Relevância na Pesquisa
37.24005%
We consider a class of interdependent security games on networks where each node chooses a personal level of security investment. The attack probability experienced by a node is a function of her own investment and the investment by her neighbors in the network. Most of the existing work in these settings consider players who are risk neutral or expected value maximizers. In contrast, studies in behavioral decision theory have shown that individuals often deviate from risk neutral behavior while making decisions under uncertainty. In particular, the true probabilities associated with uncertain outcomes are often transformed into perceived probabilities in a highly nonlinear fashion by the users, which then influence their decisions. In this paper, we investigate the effects of such behavioral probability weightings by the nodes on their optimal investment strategies and the resulting security risk profiles that arise in the Nash equilibria of interdependent network security games. We characterize graph topologies that achieve the largest and smallest worst case average attack probabilities at Nash equilibria in Total Effort games, and equilibrium investments in Weakest Link and Best Shot games.

Six Potential Game-Changers in Cyber Security: Towards Priorities in Cyber Science and Engineering

Kott, Alexander; Swami, Ananthram; McDaniel, Patrick
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 02/11/2015 Português
Relevância na Pesquisa
37.24005%
The fields of study encompassed by cyber science and engineering are broad and poorly defined at this time. As national governments and research communities increase their recognition of the importance, urgency and technical richness of these disciplines, a question of priorities arises: what specific sub-areas of research should be the foci of attention and funding? In this paper we point to an approach to answering this question. We explore results of a recent workshop that postulated possible game-changers or disruptive changes that might occur in cyber security within the next 15 years. We suggest that such game-changers may be useful in focusing attention of research communities on high-priority topics. Indeed, if a drastic, important change is likely to occur, should we not focus our research efforts on the nature and ramifications of the phenomena pertaining to that change? We illustrate each of the game-changers examples of related current research, and then offer recommendations for advancement of cyber science and engineering with respect to each of the six game-changers.; Comment: A version of this paper was presented as a keynote talk at the NATO Symposium on Cyber Security Science and Engineering, 13-14 October 2014...

Network Coding Security: Attacks and Countermeasures

Lima, Luísa; Vilela, João P.; Oliveira, Paulo F.; Barros, João
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 08/09/2008 Português
Relevância na Pesquisa
37.24005%
By allowing intermediate nodes to perform non-trivial operations on packets, such as mixing data from multiple streams, network coding breaks with the ruling store and forward networking paradigm and opens a myriad of challenging security questions. Following a brief overview of emerging network coding protocols, we provide a taxonomy of their security vulnerabilities, which highlights the differences between attack scenarios in which network coding is particularly vulnerable and other relevant cases in which the intrinsic properties of network coding allow for stronger and more efficient security solutions than classical routing. Furthermore, we give practical examples where network coding can be combined with classical cryptography both for secure communication and secret key distribution. Throughout the paper we identify a number of research challenges deemed relevant towards the applicability of secure network coding in practical networks.; Comment: 8 pages, 4 figures

High Security Image Steganography with Modified Arnold cat map

Mishra, Minati; Routray, Ashanta Ranjan; Kumar, Sunit
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 17/08/2014 Português
Relevância na Pesquisa
37.24005%
Information security is concerned with maintaining the secrecy, reliability and accessibility of data. The main objective of information security is to protect information and information system from unauthorized access, revelation, disruption, alteration, annihilation and use. This paper uses spatial domain LSB substitution method for information embedding and modified forms of Arnold transform are applied twice in two different phases to ensure security. The system is tested and validated against a series of standard images and the results show that the method is highly secure and provides high data hiding capacity.; Comment: 5 pages, International Journal of Computer Applications,Volume 37, No.9, January 2012

Impact of Secondary User Communication on Security Communication of Primary User

Sibomana, Louis; Tran, Hung; Tran, Quang Anh
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 29/08/2014 Português
Relevância na Pesquisa
37.24005%
Recently, spectrum sharing has been considered as a promising solution to improve the spectrum utilization. It however may be vulnerable to security problems as the primary and secondary network access the same resource. Therefore, in this paper, we focus on the performance analysis of a cognitive radio network in the presence of an eavesdropper (EAV) who illegally listens to the primary user (PU) communication in which the transmit power of the secondary transmitter (SU-Tx) is subject to the joint constraint of peak transmit power of the SU-Tx and outage probability of the PU. Accordingly, an adaptive transmit power policy and an analytical expression of symbol error probability are derived for the SU. Most importantly, security evaluations of primary network in terms of the probability of existence of non-zero secrecy capacity and outage probability of secrecy capacity are obtained. Numerical results reveal a fact that the security of the primary network does not only depends on the channel mean powers between primary and secondary networks, but also strongly depends on the channel condition of the SU-Tx to EAV link and transmit power policy of the SU-Tx.

Through the Frosted Glass: Security Problems in a Translucent UI

Renkema-Padmos, Arne; Baum, Jerome
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 30/08/2014 Português
Relevância na Pesquisa
37.24005%
Translucency is now a common design element in at least one popular mobile operating system. This raises security concerns as it can make it harder for users to correctly identify and interpret trusted interaction elements. In this paper, we demonstrate this security problem using the example of the Safari browser in the latest iOS version on Apple tablets and phones (iOS7), and discuss technical challenges of an attack as well as solutions to these challenges. We conclude with a survey-based user study, where we seek to quantify the security impact, and find that further investigation is warranted.; Comment: 10 pages

User-Generated Free-Form Gestures for Authentication: Security and Memorability

Sherman, Michael; Clark, Gradeigh; Yang, Yulong; Sugrim, Shridatt; Modig, Arttu; Lindqvist, Janne; Oulasvirta, Antti; Roos, Teemu
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 02/01/2014 Português
Relevância na Pesquisa
37.24005%
This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We conclude the paper with strategies for generating secure and memorable free-form gestures...

Password Based a Generalize Robust Security System Design Using Neural Network

Singh, Manoj Kumar
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 09/10/2009 Português
Relevância na Pesquisa
37.24005%
Among the various means of available resource protection including biometrics, password based system is most simple, user friendly, cost effective and commonly used. But this method having high sensitivity with attacks. Most of the advanced methods for authentication based on password encrypt the contents of password before storing or transmitting in physical domain. But all conventional cryptographic based encryption methods are having its own limitations, generally either in terms of complexity or in terms of efficiency. Multi-application usability of password today forcing users to have a proper memory aids. Which itself degrades the level of security. In this paper a method to exploit the artificial neural network to develop the more secure means of authentication, which is more efficient in providing the authentication, at the same time simple in design, has given. Apart from protection, a step toward perfect security has taken by adding the feature of intruder detection along with the protection system. This is possible by analysis of several logical parameters associated with the user activities. A new method of designing the security system centrally based on neural network with intrusion detection capability to handles the challenges available with present solutions...

Security Policy Enforcement Through Refinement Process

Stouls, Nicolas; Potet, Marie-Laure
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 09/04/2010 Português
Relevância na Pesquisa
37.24005%
In the area of networks, a common method to enforce a security policy expressed in a high-level language is based on an ad-hoc and manual rewriting process. We argue that it is possible to build a formal link between concrete and abstract terms, which can be dynamically computed from the environment data. In order to progressively introduce configuration data and then simplify the proof obligations, we use the B refinement process. We present a case study modeling a network monitor. This program, described by refinement following the layers of the TCP/IP suite protocol, has to warn for all observed events which do not respect the security policy. To design this model, we use the event-B method because it is suitable for modeling network concepts. This work has been done within the framework of the POTESTAT project, based on the research of network testing methods from a high-level security policy.

Security Theorems via Model Theory

Guttman, Joshua
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 10/11/2009 Português
Relevância na Pesquisa
37.24005%
A model-theoretic approach can establish security theorems for cryptographic protocols. Formulas expressing authentication and non-disclosure properties of protocols have a special form. They are quantified implications for all xs . (phi implies for some ys . psi). Models (interpretations) for these formulas are *skeletons*, partially ordered structures consisting of a number of local protocol behaviors. Realized skeletons contain enough local sessions to explain all the behavior, when combined with some possible adversary behaviors. We show two results. (1) If phi is the antecedent of a security goal, then there is a skeleton A_phi such that, for every skeleton B, phi is satisfied in B iff there is a homomorphism from A_phi to B. (2) A protocol enforces for all xs . (phi implies for some ys . psi) iff every realized homomorphic image of A_phi satisfies psi. Hence, to verify a security goal, one can use the Cryptographic Protocol Shapes Analyzer CPSA (TACAS, 2007) to identify minimal realized skeletons, or "shapes," that are homomorphic images of A_phi. If psi holds in each of these shapes, then the goal holds.