Página 20 dos resultados de 8247 itens digitais encontrados em 0.018 segundos

Proposta de uma metodologia de medição e priorização de segurança de acesso para aplicações WEB.; Proposal of a methodology for measuring and prioritization access security for WEB applications.

Colombo, Regina Maria Thienne
Fonte: Biblioteca Digitais de Teses e Dissertações da USP Publicador: Biblioteca Digitais de Teses e Dissertações da USP
Tipo: Tese de Doutorado Formato: application/pdf
Publicado em 26/03/2014 Português
Relevância na Pesquisa
37.149438%
Em um mundo tecnológico e globalmente interconectado, em que indivíduos e organizações executam transações na web com frequência, a questão da segurança de software é imprescindível, ela é necessária em diversos nichos: segurança das redes de computadores, dos computadores e dos softwares. A implantação de um sistema de segurança que abrange todos os aspectos é extensa e complexa, ao mesmo tempo em que a exploração de vulnerabilidades e ataques é exponencialmente crescente. Por causa da natureza do software e de sua disponibilidade na web, a garantia de segurança nunca será total, porém é possível planejar, implementar, medir e avaliar o sistema de segurança e finalmente melhorá-la. Atualmente, o conhecimento específico em segurança é detalhado e fragmentado em seus diversos nichos, a visão entre os especialistas de segurança é sempre muito ligada ao ambiente interno da computação. A medição de atributos de segurança é um meio de conhecer e acompanhar o estado da segurança de um software. Esta pesquisa tem como objetivo apresentar uma abordagem top-down para medição da segurança de acesso de aplicações web. A partir de um conjunto de propriedades de segurança reconhecidas mundialmente...

Security specification and enforcement in mediation system

Yang, Li
Fonte: FIU Digital Commons Publicador: FIU Digital Commons
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.13189%
Mediation techniques provide interoperability and support integrated query processing among heterogeneous databases. While such techniques help data sharing among different sources, they increase the risk for data security, such as violating access control rules. Successful protection of information by an effective access control mechanism is a basic requirement for interoperation among heterogeneous data sources. ^ This dissertation first identified the challenges in the mediation system in order to achieve both interoperability and security in the interconnected and collaborative computing environment, which includes: (1) context-awareness, (2) semantic heterogeneity, and (3) multiple security policy specification. Currently few existing approaches address all three security challenges in mediation system. This dissertation provides a modeling and architectural solution to the problem of mediation security that addresses the aforementioned security challenges. A context-aware flexible authorization framework was developed in the dissertation to deal with security challenges faced by mediation system. The authorization framework consists of two major tasks, specifying security policies and enforcing security policies. Firstly, the security policy specification provides a generic and extensible method to model the security policies with respect to the challenges posed by the mediation system. The security policies in this study are specified by 5-tuples followed by a series of authorization constraints...

On security, once more. Assorted inquiries in aviation

Leese, Matthias
Fonte: Universität Tübingen Publicador: Universität Tübingen
Tipo: Dissertação
Português
Relevância na Pesquisa
37.169404%
My dissertation seeks to establish a nuanced understanding of security through an empirical account based on research in the field of aviation security. The core of the dissertation consists of 6 articles (published, accepted for publication, or under review) that deal with distinct technologies, knowledges, and practices within aviation security. In detail, the articles are as follows: Leese M (2013) Blurring the Dimensions of Privacy? Law Enforcement and Trusted Traveler Programs. Computer Law & Security Review 29(5): 480-490; Leese M (2014) The New Profiling: Algorithms, Black Boxes, and the Failure of Anti-discriminatory Safeguards in the European Union. Security Dialogue 45(5): 494-511; Leese M (2015) Privacy and Security - On the Evolution of a European Conflict. In Gutwirth S, Leenes R & De Hert P (eds.) Re-forming European Data Protection Law. Dordrecht/Heidelberg/New York/London: Springer, 271-292; Leese M (2015) Body Scanners in Germany: A Case of Failed Securitization. European Journal of Internal Security (forthcoming); Leese M and Koenigseder A (2015) Humor at the Airport? Visualization, Exposure, and Laughter in the “War on Terror”. International Political Sociology (forthcoming); Leese M (under review) Governing airport security: an empirical account between economic rationality and the public good. Criminology & Criminal Justice. These empirical pieces are embedded in a theoretical framework that offers multiple perspectives on security...

Security Policy Enforcement

Irvine, Cynthia E.
Fonte: Naval Postgraduate School (U.S). Publicador: Naval Postgraduate School (U.S).
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.130796%
Many chapters of this Handbook describe mechanisms that contribute to various facets of security. The arbitrary use of security mechanisms provides no prescription for the achievement of security goals. It is only in their application in the context of organizational objectives for the protection of information and computational assets that security can be assessed. This chapter is intended to discuss the policies that provide a rationale for those mechanisms and to broadly examine their enforcement mechanisms in computer systems. It is intended to focus primarily on fundamental concepts, which remain valid despite their longevity.

Active Learning with the CyberCIEGE Video Game

Thompson, Michael; Irvine, Cynthia
Fonte: Escola de Pós-Graduação Naval Publicador: Escola de Pós-Graduação Naval
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.151167%
Hands-on exercises promote active learning where student experience reinforces material presented in lectures or reading assignments [1]. Drawing the student into a meaningful context where student decisions have clear consequences strengthens the learning experience and thus improves the potential for internalization of knowledge. The CyberCIEGE video game was designed to confront students with computer security decision points within an environment that encourages experimentation, failure and reflection. The game includes over twenty scenarios that address a range of computer and network security concepts. CyberCIEGE is extensible through use of a scenario development language that allows instructors to create and customize game scenarios. The Naval Postgraduate School uses the game in our Introduction to Computer Security course, and it has been used by hundreds of educational institutions worldwide. The game’s tools allow ongoing experimentation with the student’s learning experience. Student assessment is facilitated by log generation, collection and analysis. These logs help the game’s developers identify areas within scenarios that may be confusing or may require additional player feedback. Ongoing development is focused on ultimately adapting the game and its student assessment functions for deployment in a broader range of formal education environments.

The Naval Postgraduate School secure archival storage system, Part I. Design

Schell, Roger R.; Cox, Lyle Ashton
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Relatório Formato: 324 p. in various pagings : ill. ; 28 cm.
Português
Relevância na Pesquisa
37.130796%
There is an increasing need tor systems which Drovide controlled access to multiple levels ot sensitive data and intormaticn. This rencrt comorises the first phase ot the realization ot such a system: the comprehensive design ot a multilevel secure tile storage system. This is the tocus ot an ongoing research oroject, which is currently in the early implementation phases. The design is based uocn security kernel technology as applied to modern multiple microcomputer arrays. This design is intended to interface with other (distributed) Drocessing elements, perhaps torminq the central hub ot a data secure network ot computers. The design would orovide archival shared storage while insuring that each interfacing processor accessed only that information appropriate. The design ohase of the orcject is presented in a series of three research reports (Masters Oegree theses) . These reports, reorinted in their entirety here are: (1) Capt, O'Conneli and Lt. Richardson's definition ot a secure multi-microprocessor family of operating systems; (2) Cant- Coleman's detailed security kernel design tor a member ot this family; and (3) Lt. Parks' hierarchical tile system designed to run under the control ot Capt. Coleman's security kernel.; supported in part by the Foundation Research Program of the Naval Postgraduate School with funds provided by the Chief of Naval Research; http://archive.org/details/navalpostgraduat00sche; Noool480WR00Q54

A Linux-based approach to low-cost support of access control policies

Clark, Paul C.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xiv, 174 p.;28 cm.
Português
Relevância na Pesquisa
37.151167%
It is vital to our country's political and economic future to adequately protect corporate and government information from unauthorized disclosure and modification. Unfortunately, the current state of computer security is weak, especially when novice adversaries can perform successful infiltrations of sensitive systems. Systems that enforce Mandatory Access Control (MAC) policies are known to reduce some known security weaknesses, but such systems have seen limited use within the United States Government, and they are rarely applied in the private sector. Some of this limited use is caused by a lack of exposure to systems able to enforce MAC policies. This thesis presents an inexpensive approach to providing a system supporting MAC policies, allowing users an opportunity to have hands on experience with such a system. A detailed design for modifying the Linux operating system is given, allowing for the flexible and simultaneous support of multiple policies. In particular, a design and detailed specification for the implementation of label based interfaces for the mandatory portions of the Bell and LaPadula secrecy model and the Biba integrity model have been developed. Implementation of portions of this design has demonstrated the feasibility of this approach to label based interfaces. This design has potential for widespread use in computer security education...

How Smart Is “Smart Security”? Exploring Data Subjectivity and Resistance

Baur-Ahrens, Andreas; Krüger, Marco; Ammicht Quinn, Regina; Leese, Matthias; Matzner, Tobias
Fonte: Universität Tübingen Publicador: Universität Tübingen
Tipo: Report (Bericht); info:eu-repo/semantics/other
Português
Relevância na Pesquisa
37.13189%
‘Smart security’ is currently being used as an umbrella term that embraces several initiatives proposed by the aviation industry in order to enhance security procedures at airports. The idea of smarter security opposes the traditional screening framework of passenger security at airports which enacts a one-size-fits-all approach in order to detect dangerous items that might threaten flight safety and security. Recently however, the security industry claims that smart solutions could provide better security, less intrusive screening, and better cost efficiency by employing tailored security procedures based on individual data-driven risk assessment of passengers and corresponding different levels of security screening. As smart security solutions are currently still under development, this report analyses potential human rights problems connected to a broader implementation of smart security routines in a timely fashion. Constituent elements of smart security, such as computer-based sorting of individuals into risk-groups and algorithms preparing or taking decisions on passengers’ mobility, can have severe consequences. Critical questions to be asked include: Who is accountable for smart security decisions? Is it possible to appeal against such decisions? How dangerous is the data-driven approach with regard to structural discrimination and equality of all passengers? We review and summarise the state of the art in the field of data-driven risk analysis and analyse eight interviews that we have conducted with representatives of European aviation associations...

User-Centric IT Security - How to Design Usable Security Mechanisms

Hof, Hans-Joachim
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 23/06/2015 Português
Relevância na Pesquisa
37.138381%
Nowadays, advanced security mechanisms exist to protect data, systems, and networks. Most of these mechanisms are effective, and security experts can handle them to achieve a sufficient level of security for any given system. However, most of these systems have not been designed with focus on good usability for the average end user. Today, the average end user often struggles with understanding and using security mechanisms. Other security mechanisms are simply annoying for end users. As the overall security of any system is only as strong as the weakest link in this system, bad usability of IT security mechanisms may result in operating errors, resulting in insecure systems. Buying decisions of end users may be affected by the usability of security mechanisms. Hence software providers may decide to better have no security mechanism then one with a bad usability. Usability of IT security mechanisms is one of the most underestimated properties of applications and systems. Even IT security itself is often only an afterthought. Hence, usability of security mechanisms is often the afterthought of an afterthought. Software developers are missing guidelines on how to build security mechanisms with good usability for end users. This paper presents some guidelines that should help software developers to improve end user usability of security-related mechanisms...

Immune System Approaches to Intrusion Detection - A Review

Kim, Jungwon; Bentley, Peter J.; Aickelin, Uwe; Greensmith, Julie; Tedesco, Gianni; Twycross, Jamie
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 08/04/2008 Português
Relevância na Pesquisa
37.151167%
The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we review the algorithms used, the development of the systems and the outcome of their implementation. We provide an introduction and analysis of the key developments within this field, in addition to making suggestions for future research.

Immune System Approaches to Intrusion Detection - A Review (ICARIS)

Aickelin, Uwe; Greensmith, Julie; Twycross, Jamie
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 30/05/2013 Português
Relevância na Pesquisa
37.151167%
The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we collate the algorithms used, the development of the systems and the outcome of their implementation. It provides an introduction and review of the key developments within this field, in addition to making suggestions for future research.; Comment: Proceedings of the 3rd International Conference on Artificial Immune Systems (ICARIS), 316-329, 2004

Improved 3-Dimensional Security in Cloud Computing

Tirodkar, Sagar; Baldawala, Yazad; Ulane, Sagar; Jori, Ashok
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 07/04/2014 Português
Relevância na Pesquisa
37.151167%
Cloud computing is a trending technology in the field of Information Technology as it allows sharing of resources over a network. The reason Cloud computing gained traction so rapidly was because of its performance, availability and low cost among other features. Besides these features, companies are still refraining from binding their business with cloud computing due to the fear of data leakage. The focus of this paper is on the problem of data leakage. It proposes a framework which works in two phases. The first phase consists of data encryption and classification which is performed before storing the data. In this phase, the client may want to encrypt his data prior to uploading. After encryption, data is classified using three parameters namely Confidentiality [C], Integrity [I] and Availability [A]. With the help of proposed algorithm, criticality rating (Cr) of the data is calculated. According to the Cr, security will be provided on the basis of the 3 Dimensions proposed in this paper. The second phase consists of data retrieval by the client. As per the concept of 3D, users who want to access their data need to be authenticated, to avoid data from being compromised. Before every access to data, the users identity is verified for authorization. After the user is authorized for data access...

Fictitious Play with Time-Invariant Frequency Update for Network Security

Nguyen, Kien C.; Alpcan, Tansu; Başar, Tamer
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 17/06/2010 Português
Relevância na Pesquisa
37.151167%
We study two-player security games which can be viewed as sequences of nonzero-sum matrix games played by an Attacker and a Defender. The evolution of the game is based on a stochastic fictitious play process, where players do not have access to each other's payoff matrix. Each has to observe the other's actions up to present and plays the action generated based on the best response to these observations. In a regular fictitious play process, each player makes a maximum likelihood estimate of her opponent's mixed strategy, which results in a time-varying update based on the previous estimate and current action. In this paper, we explore an alternative scheme for frequency update, whose mean dynamic is instead time-invariant. We examine convergence properties of the mean dynamic of the fictitious play process with such an update scheme, and establish local stability of the equilibrium point when both players are restricted to two actions. We also propose an adaptive algorithm based on this time-invariant frequency update.; Comment: Proceedings of the 2010 IEEE Multi-Conference on Systems and Control (MSC10), September 2010, Yokohama, Japan

Shoulder Surfing attack in graphical password authentication

Lashkari, Arash Habibi; Farmand, Samaneh; Zakaria, Dr. Omar Bin; Saleh, Dr. Rosli
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 04/12/2009 Português
Relevância na Pesquisa
37.151167%
Information and computer security is supported largely by passwords which are the principle part of the authentication process. The most common computer authentication method is to use alphanumerical username and password which has significant drawbacks. To overcome the vulnerabilities of traditional methods, visual or graphical password schemes have been developed as possible alternative solutions to text based scheme. A potential drawback of graphical password schemes is that they are more vulnerable to shoulder surfing than conventional alphanumeric text passwords. When users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individuals authentication session. This is referred to as shouldersurfing and is a known risk, of special concern when authenticating in public places. In this paper we will present a survey on graphical password schemes from 2005 till 2009 which are proposed to be resistant against shoulder surfing attacks.; Comment: 10 pages IEEE format, International Journal of Computer Science and Information Security, IJCSIS November 2009, ISSN 1947 5500, http://sites.google.com/site/ijcsis/

The Case for Modeling Security, Privacy, Usability and Reliability (SPUR) in Automotive Software

Prasad, K. Venkatesh; Giuli, TJ; Watson, David
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 06/04/2006 Português
Relevância na Pesquisa
37.151167%
Over the past five years, there has been considerable growth and established value in the practice of modeling automotive software requirements. Much of this growth has been centered on requirements of software associated with the established functional areas of an automobile, such as those associated with powertrain, chassis, body, safety and infotainment. This paper makes a case for modeling four additional attributes that are increasingly important as vehicles become information conduits: security, privacy, usability, and reliability. These four attributes are important in creating specifications for embedded in-vehicle automotive software.; Comment: 12 pages, 3 figures, presented at the 2006 Automotive Software Workshop, San Diego, CA

A Logic for SDSI's Linked Local Name Spaces

Halpern, Joseph Y.; van der Meyden, Ron
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 28/01/2000 Português
Relevância na Pesquisa
37.151167%
Abadi has introduced a logic to explicate the meaning of local names in SDSI, the Simple Distributed Security Infrastructure proposed by Rivest and Lampson. Abadi's logic does not correspond precisely to SDSI, however; it draws conclusions about local names that do not follow from SDSI's name resolution algorithm. Moreover, its semantics is somewhat unintuitive. This paper presents the Logic of Local Name Containment, which does not suffer from these deficiencies. It has a clear semantics and provides a tight characterization of SDSI name resolution. The semantics is shown to be closely related to that of logic programs, leading to an approach to the efficient implementation of queries concerning local names. A complete axiomatization of the logic is also provided.; Comment: To appear, Journal of Computer Security

Epistemic Temporal Logic for Information Flow Security

Balliu, Musard; Dam, Mads; Guernic, Gurvan Le
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 30/08/2012 Português
Relevância na Pesquisa
37.151167%
Temporal epistemic logic is a well-established framework for expressing agents knowledge and how it evolves over time. Within language-based security these are central issues, for instance in the context of declassification. We propose to bring these two areas together. The paper presents a computational model and an epistemic temporal logic used to reason about knowledge acquired by observing program outputs. This approach is shown to elegantly capture standard notions of noninterference and declassification in the literature as well as information flow properties where sensitive and public data intermingle in delicate ways.; Comment: Published in PLAS 2011

Increased security through open source

Hoepman, Jaap-Henk; Jacobs, Bart
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 25/01/2008 Português
Relevância na Pesquisa
37.151167%
In this paper we discuss the impact of open source on both the security and transparency of a software system. We focus on the more technical aspects of this issue, combining and extending arguments developed over the years. We stress that our discussion of the problem only applies to software for general purpose computing systems. For embedded systems, where the software usually cannot easily be patched or upgraded, different considerations may apply.

Security Games with Ambiguous Beliefs of Agents

Khani, Hossein; Afsharchi, Mohsen
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 09/08/2015 Português
Relevância na Pesquisa
37.151167%
Currently the Dempster-Shafer based algorithm and Uniform Random Probability based algorithm are the preferred method of resolving security games, in which defenders are able to identify attackers and only strategy remained ambiguous. However this model is inefficient in situations where resources are limited and both the identity of the attackers and their strategies are ambiguous. The intent of this study is to find a more effective algorithm to guide the defenders in choosing which outside agents with which to cooperate given both ambiguities. We designed an experiment where defenders were compelled to engage with outside agents in order to maximize protection of their targets. We introduced two important notions: the behavior of each agent in target protection and the tolerance threshold in the target protection process. From these, we proposed an algorithm that was applied by each defender to determine the best potential assistant(s) with which to cooperate. Our results showed that our proposed algorithm is safer than the Dempster-Shafer based algorithm.

Firewall strategies using network processors

Mariani, Matthew
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
37.176328%
The emergence of network processors provides a broad range of new applications, particularly in the field of network security. Firewalls have become one of the basic building blocks of implementing a network's security policy; however, the security of a firewall can potentially lead to a bottleneck in the network. Therefore, improving the performance of the firewall means also improving the performance of the protected network. With the ability to direcdy monitor and modify packet information at wire speeds, the network processor provides a new avenue for the pursuit of faster, more efficient firewall products. This paper describes the implementation of two simulated network processor based firewalls. The first architecture, a basic packet filtering firewall, utilizes tree-based structures for manipulating IP and transport level firewall rules while also utilizing parallelism available in the network processor during firewall rule look-ups. In the second architecture, a parallel firewall is created using a network processor based, load-balancing switch along with two network processor based firewall machines, both utilizing the basic packet filter operations of the first architecture. When added to existing routing software, these implementations demonstrate the feasibility of creating dynamic packet-filtering routers using network processor technology.