Página 2 dos resultados de 8247 itens digitais encontrados em 0.011 segundos

Segurança em grades computacionais; Security in grid computing

Edson Tessarini Pedroso
Fonte: Biblioteca Digital da Unicamp Publicador: Biblioteca Digital da Unicamp
Tipo: Dissertação de Mestrado Formato: application/pdf
Publicado em 26/07/2006 Português
Relevância na Pesquisa
47.43279%
Grade computacional é um conceito que explora as potencialidades das redes de computadores, com o objetivo específico de disponibilizar camadas virtuais que permitem a um usuário ter acesso a aplicações altamente exigentes, bem como aderir a comunidades virtuais de grande escala, com uma grande diversidade de recursos de computação e de repositórios de informações. Grades computacionais são sistemas de suporte à execução de aplicações paralelas que acoplam recursos heterogêneos distribuídos, oferecendo acesso consistente e barato aos recursos, independente de sua posição geográfica. As tecnologias de grades computacionais possibilitam agregar recursos computacionais variados e dispersos, acelerando a execução de vários processos computacionais. Para melhor entendimento das questões de segurança, principal foco deste trabalho, um estudo geral sobre a grade computacional envolvendo assuntos como arquitetura, funcionalidades, aplicações e serviços, foi realizado com o objetivo de identificar e demonstrar a complexidade existente por trás destes cenários. As exigências de segurança são fundamentais a um projeto de grade computacional. Os componentes de segurança devem fornecer os mecanismos corretos para uma comunicação segura em um ambiente de grade. Sem estes mecanismos...

Rule based analysis of computer security

Baldwin, Robert W. (Robet William)
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 93 leaves; 7273037 bytes; 7272794 bytes; application/pdf; application/pdf
Português
Relevância na Pesquisa
56.7112%
by Robert W. Baldwin.; Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1987.; Includes bibliographical references.; Supported by the Defense Advanced Research Projects Agency of the Department of Defense, monitored by the Office of Naval Research. N00014-83-K-0125

Information Technology Security Handbook

Sadowsky, George; Dempsey, James X.; Greenberg, Alan; Mack, Barbara J.; Schwartz, Alan
Fonte: Washington, DC: World Bank Publicador: Washington, DC: World Bank
Português
Relevância na Pesquisa
47.562495%
Informational and Communication Technologies (ICT) plays a fundamental role for social and economic development. Similarly, it is recognized that there cannot be an effective use of ICT in the absence of a safe and trusted ICT environment. Thus, IT security plays a prime role in helping creating the environment needed to set the ground for implementing successful national ICT plans, e-Government or e-Commerce activities, as well as sectoral projects, such as, for example, in the areas of education, health, or finance. IT security is a complex topic and evolves almost as fast as technology does. The authors provide technology-independent best practices, as well as recommendations for particular IT environments. As technology evolves, the accompanying web site (www.infodev-security.net) will provide updates as appropriate, allowing for a constant dissemination of developments in the field of IT security. The book is composed of five parts, each of which can be read independently. After an introduction to general issues of IT security...

Analysis of security solutions in large enterprises

Bailey, Carmen F.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
47.43279%
Approved for public release; distribution is unlimited; The United States Government and private industry are facing challenges in attempting to secure their computer network infrastructure. The purpose of this research was to capture current lessons learned from Government and Industry with respect to solving particular problems associated with the secure management of large networks. Nine thesis questions were generated to look at common security problems faced by enterprises in large networks. Research was predominantly gathered through personal interviews with professionals in the computer security area from both the public and private sector. The data was then analyzed to compile a set of lessons learned by both the public and private sector regarding several leading computer security issues. Some of the problems were challenges such as maintaining and improving security during operating systems upgrades, analyzing lessons learned in configurations management, employee education with regards to following policy and several other challenging issues. The results of this thesis were lessons learned in the areas of employee education, Government involvement in the computer security area and other key security areas. An additional result was the development of case studies based upon the lessons learned.

Calculating Costs for Quality of Security Service

Sypropoulou, Evdoxia; Levin, Timothy E.; Irvine, Cynthia E.
Fonte: Proceedings of the 16th Computer Security Applications Conference Publicador: Proceedings of the 16th Computer Security Applications Conference
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
57.2377%
This paper presents a Quality of Security Service (QoSS) costing framework and demonstration. A method for quantifying costs related to the security service and for storing and retrieving security information is illustrated. We describe a security model for tasks, which incorporates the ideas of variant security services invoked by the task, dynamic network modes, abstract security level choices and resource utilization costs. The estimated costs can be fed into a resource management system to facilitate the process of estimating efficient task schedules. Integration and scalability issues have been taken into account during the design of the QoSS costing demonstration, which we believe is suitable for incorporation into a resource management system research prototype1.

Expressing an information security policy within a security simulation game

Irvine, Cynthia E.; Thompson, Michael F.
Fonte: Naval Postgraduate School (U.S) Publicador: Naval Postgraduate School (U.S)
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.431255%
The Center for the Information Systems Studies and Research (CISR) at the Naval Postgraduate School has established a broad program in computer and network security education. The program, founded on a core in traditional computer science, is extended by a progression of specialized courses and a broad set of information assurance research projects. A CISR objective has been improvement of information assurance education and training for the U.S. military and government. Pursuant to that objective, CISR is developing a computer simulation game, CyberCIEGE, to teach computer security principles. CyberCIEGE players construct computer networks and make choices affecting the ability of these networks and the game�s virtual users to protect valuable assets from attack by both vandals and well motivated professionals [1]. CyberCIEGE includes a language for expressing different security related scenarios. A central part of this language is an ability to express a variety of different information security policies.

Capture-the-Flag: Learning Computer Security Under Fire

Eagle, Chris; Clark John L.
Fonte: Monterey, California: Naval Postgraduate School Publicador: Monterey, California: Naval Postgraduate School
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.352827%
In this paper, we describe the Capture-the-Flag (CTF) activity and argue that it contributes to a necessary component of the computer security curriculum. This component is the study of software vulnerability investigation. It is currently not properly emphasized in this curriculum. We discuss reasons for this situation and we go on to describe how CTF can be useful for educating students within this focus. CTF helps develop those computer security skills that enable students to identify new vulnerabilities before those with malicious intent find them. It also helps them to hone the core computer security skills. with malicious intent find them. It also helps them to hone the core computer security skills.

Cyber-security curricula for basic users

Zepf, Arthur L.,IV
Fonte: Monterey, California: Naval Postgraduate School Publicador: Monterey, California: Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
47.630405%
Approved for public release; distribution is unlimited; There have been only a small number of attempts at creating a cyber-security curriculum that can be used to teach children the concepts of cyber security and information assurance. There is a significant shortage of attempts at creating a computer-security curricula and cyber-security training for people who have only basic computer skills. Also, the integration of computer-security and information assurance principles into formal and accepted primary and secondary education is nearly non-existent. Our research has been aimed at evaluating the current computer-security curricula according to widely accepted educational standards. The objective is to (i) create a set of requirements to analyze the effectiveness of computer-security curricula, (ii) determine the best current disseminated cyber-security curriculum for children, (iii) and make recommendations for a cyber-security curriculum by utilizing the best traits of the surveyed programs. Literature includes studies on previously created computer-security curricula; and the most effective means of teaching children new concepts. Our research questions include: Is it important for a curriculum to be flexible enough to affect a variety of age groups? Is it important for a computer-security education to be interactive and motivational? Is it possible to teach difficult computer-security concepts in a way that children can understand?

Call for participation first ACM workshop on education in computer security

Irvine, Cynthia; Orman, Hilarie
Fonte: Escola de Pós-Graduação Naval Publicador: Escola de Pós-Graduação Naval
Tipo: Outros
Português
Relevância na Pesquisa
47.456123%
Taken from the NPS website.; The security of information systems and networks is a growing concern. Experts are needed to design and organize the protection mechanisms for these systems. Both government and industry increasingly seek individuals with knowledge and skills in computer security. In the past, most traditional computer science curricula bypassed formal studies in computer security altogether. An understanding of computer security was achieved largely through on-the-job experience. This is both haphazard and inefficient. There is a need to include computer security in computer science education.

Design and development of a web-based DOD PKI common access card (CAC) instruction tool; Design and development of a web-based Department of Defense Public Key Infrastructure common access card (CAC) instruction tool

Athanasopoulos, Vasileios D.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xiv, 84 p. : col. ill. ;
Português
Relevância na Pesquisa
57.08393%
Approved for public release; distribution is unlimited; Public key cryptography and the infrastructure that has been designed to successfully implement it: Public Key Infrastructure (PKI) is a very promising computer security technology. As a significant enhancement to this infrastructure, the DoD is now issuing smart card tokens, in the form of the Common Access Card (CAC), to its service members. This card is a relatively complex cryptographic device that contains its user's private keys, digital certificates, and other personal/administrative information. Service personnel are being issued these cards with little or no training regarding what they are or how they function. Such an omission detracts from the infrastructure's overall security. This thesis presents an introductory-level description of public key cryptography and its supporting infrastructure (PKI). The thesis then goes on to develop a web-based training tool that could provide all DoD CAC holders with the rudimentary knowledge of how their CAC fits into the broader infrastructure. The training tool will require no instructor, and will present a validation test to each user. DoD commands could utilize this tool to provide basic CAC training to their members.

Framework for managing metadata security tags as the basis for making security decisions

Aposporis, Panagiotis.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xii, 274 p. : ill. (some col.) ;
Português
Relevância na Pesquisa
57.2377%
Approved for public release; distribution is unlimited; This thesis presents an analysis of a capability to employ CAPCO (Controlled Access Program Coordination Office) compliant Metadata security tags as the basis for making security decisions. My research covers all the security aspects of the related technologies, such as XML, Web Services, Java API's for XML, .NET Architecture to help determine how security conscious enterprises such as the Intelligence Community can implement this approach in the real insecure world, with commercial off-the-self products, to meet their needs. There were many concerns about using the XML Metadata Label Tags as the basis for making security decisions, due to an un -trusted environment. By using appropriate trusted parts, when really necessary, and new technologies , we can find secure solutions for creating, storing and disseminating XML documents. Besides the theoretical research, this thesis also presents a prototype development of a Web Service that can handle most of the tasks (save, save locally, review etc), which are required to securely manage XML documents. In order to implement the above Web Service, open -source products, such as Java and Apache Tomcat Web Server, are used. These are not only available free...

Defining and enforcing hardware security requirements

Bilzor, Michael B.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Formato: xxiv, 141 p. : col. ill. ; 28 cm.
Português
Relevância na Pesquisa
57.210757%
Security in computing systems to date has focused mostly on software. In this research, we explore the application and enforceability of well-defined security requirements in hardware designs. The principal threats to hardware systems demonstrated in the academic literature to date involve some type of subversion, often called a Hardware Trojan or malicious inclusion. Detecting these has proved very difficult. We demonstrate a method whereby the dynamic enforcement of a processor's security requirements can be used to detect the presence of some of these malicious inclusions. Although there are theoretical limits on which security properties can be dynamically enforced using the techniques we describe, our research does provide a novel method for expressing and enforcing security requirements at runtime in hardware designs. While the method does not guarantee the detection of all possible malicious inclusions in a given processor, it addresses a large class of inclusions-those detectable as violations of behavioral restrictions in the architectural specification-which provides significant progress against the general case, given a suitably complete set of checkers.; US Navy (USN) author

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

Martínez Monterrubio, Sergio Mauricio; Frausto Solis, Juan; Monroy Borja, Raúl
Fonte: Hindawi Publishing Corporation Publicador: Hindawi Publishing Corporation
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.385723%
The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

Response to The Department of the Prime Minister and Cabinet's discussion paper "Connecting with Confidence"

Australian Computer Society; Argy, Philip; Caelli, William J. (Bill); Choo, Raymond; Clarke, Roger; Harvey, Rick; Koulakis, George; Overmars, Anthony; Stewart-Rattray, Jo; Redman, Adam; Skeivys, Rimas; Valli, Craig; Varadharajan, Vijay; Warren, Matthew; W
Fonte: Australian Computer Society; https://www.acs.org.au/ Publicador: Australian Computer Society; https://www.acs.org.au/
Tipo: Working/Technical Paper; Working/Technical Paper Formato: 14 pages
Português
Relevância na Pesquisa
57.08393%
The ACS has prepared this response to the discussion paper to assist with the design of the cyber whitepaper expected in 2012. The ACS also welcomes the opportunity to promote discussion and support of our digital economy to position Australia for the future. Drawing from its membership of ICT professionals, and academics - particularly in areas of cyber resilience and security - the ACS established a Cyber Taskforce for this purpose. The ACS recommends: greater focus on education - noting that ICT education in primary and secondary schooling is essential - to developing ICT skills of the future and that school level educational activity forms the base on which appropriate tertiary level education programs can function for the education and training of ICT professionals; greater assistance to small and medium sized business as this is the engine room of the Australian economy; policy coordination on trusted identities; better coordination of cyber related education and research; providing consumers and businesses with resources directed to the everyday real-life challenges they face; global Internet governance changes designed to underpin and deliver trustworthy people, processes and systems including, where appropriate, a legislated mandatory baseline of trustworthiness attributes analogous to the non-excludable warranties implied in consumer contacts.

Security Visualization for peer-to-peer resource sharing applications

Tri, Dand Tran; Dang, Tran Khanh
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 11/12/2009 Português
Relevância na Pesquisa
47.456123%
Security of an information system is only as strong as its weakest element. Popular elements of such system include hardware, software, network and people. Current approaches to computer security problems usually exclude people in their studies even though it is an integral part of these systems. To fill that gap, this paper discusses crucial people-related problems in computer security and proposes a method of improving security in such systems by integrating people tightly into the whole system. The integration is implemented via visualization to provide visual feedbacks and capture people's awareness of their actions and consequent results. By doing it, we can improve system usability, shorten user's learning curve, and hence enable user uses computer systems more securely.

Password Cracking and Countermeasures in Computer Security: A Survey

Han, Aaron L. -F.; Wong, Derek F.; Chao, Lidia S.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 28/11/2014 Português
Relevância na Pesquisa
57.244233%
With the rapid development of internet technologies, social networks, and other related areas, user authentication becomes more and more important to protect the data of the users. Password authentication is one of the widely used methods to achieve authentication for legal users and defense against intruders. There have been many password cracking methods developed during the past years, and people have been designing the countermeasures against password cracking all the time. However, we find that the survey work on the password cracking research has not been done very much. This paper is mainly to give a brief review of the password cracking methods, import technologies of password cracking, and the countermeasures against password cracking that are usually designed at two stages including the password design stage (e.g. user education, dynamic password, use of tokens, computer generations) and after the design (e.g. reactive password checking, proactive password checking, password encryption, access control). The main objective of this work is offering the abecedarian IT security professionals and the common audiences with some knowledge about the computer security and password cracking, and promoting the development of this area.

An Overview of Computer security

Annam, Shireesh Reddy
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 21/10/2001 Português
Relevância na Pesquisa
57.229604%
As more business activities are being automated and an increasing number of computers are being used to store vital and sensitive information the need for secure computer systems becomes more apparent. These systems can be achieved only through systematic design; they cannot be achieved through haphazard seat-of-the-pants methods.This paper introduces some known threats to the computer security, categorizes the threats, and analyses protection mechanisms and techniques for countering the threats. The threats have been classified more so as definitions and then followed by the classifications of these threats. Also mentioned are the protection mechanisms.; Comment: 11 pages,PDF, Comments about threats to the computer security and their protection mechanisms

War of 2050: a Battle for Information, Communications, and Computer Security

Kott, Alexander; Alberts, David S.; Wang, Cliff
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 27/11/2015 Português
Relevância na Pesquisa
57.151167%
As envisioned in a recent future-casting workshop, warfare will continue to be transformed by advances in information technologies. In fact, information itself will become the decisive domain of warfare. Four developments will significantly change the nature of the battle. The first of these will be a proliferation of intelligent systems; the second, augmented humans; the third, the decisive battle for the information domain; and the fourth, the introduction of new, networked approaches to command and control. Each of these new capabilities possesses the same critical vulnerability - attacks on the information, communications and computers that will enable human-robot teams to make sense of the battlefield and act decisively. Hence, the largely unseen battle for information, communications and computer security will determine the extent to which adversaries will be able to function and succeed on the battlefield of 2050.; Comment: A shorter version of this paper has been accepted for publication in IEEE Computer, December 2015

Securing the IT acquisition security chain: Security concerns and human factors in IT acquisition

Goldman, Eric
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
47.401284%
This thesis research evaluates the extent to which IT decision makers consider security concerns and requirements while performing technology acquisition in small-to-medium sized organizations. The research sought to understand what factors influence decision maker attitudes on the role of security during acquisition and how these attitudes and decision strategies affect security throughout the system lifecycle. Through an interview based study, with fifteen IT decision makers from small-to-medium sized organizations, decision maker attitudes and organizational practices were evaluated. The findings suggest that security is not often considered during the acquisition process and is not a crucial element of acquisition decision and selections strategies for a majority of the sample. There is, however, a significant relationship between acquisition and security throughout the system lifecycle and the findings further suggest that end-user consideration and involvement are crucial elements for both acquisition and security.

The Development of a graduate course on identity management for the Department of Networking, Security, and Systems Administration

Mitchell, Marsha
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
47.386406%
Digital identities are being utilized more than ever as a means to authenticate computer users in order to control access to systems, web services, and networks. To maintain these digital identities, administrators turn to Identity Management solutions to offer protection for users, business partners, and networks. This paper proposes an analysis of Identity Management to be accomplished in the form of a graduate level course of study for a ten-week period for the Networking, Security, and Systems Administration department at Rochester Institute of Technology. This course will be designed for this department because of its emphasis on securing, protecting, and managing the identities of users within and across networks. Much of the security-related courses offered by the department focus primarily on security within enterprises. Therefore, Identity Management, a topic that is becoming more popular within enterprises each day, would compliment these courses. Students that enroll in this course will be more equipped to satisfy the needs of modern enterprises when they graduate because they will have a better understanding of how to address security issues that involve managing user identities across networks, systems, and enterprises. This course will focus on several aspects of Identity Management and its use in enterprises today. Covered during the course will be the frameworks of Identity Management...