Página 3 dos resultados de 8247 itens digitais encontrados em 0.022 segundos

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Kramer, Daniel Bruce; Baker, Matthew Charles; Reynolds, Matthew R.
Fonte: Public Library of Science Publicador: Public Library of Science
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.25936%
Background: Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods: We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results: Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions: Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health...

Trust: A Collision of Paradigms

Camp, L. Jean; McGrath, Cathleen; Nissenbaum, Helen
Fonte: MIT - Massachusetts Institute of Technology Publicador: MIT - Massachusetts Institute of Technology
Formato: 42747 bytes; application/pdf
Português
Relevância na Pesquisa
47.177%
In this work we survey the findings in social psychology and philosophy with respect to trust. We introduce three hypotheses that remain unanswered with respect to the manner in which humans react to computers. We discuss potential design revisions in light of findings from other disciplines. Then we conclude by noting that research which empowers users in order to be their own security manager may be based on a fundamentally flawed view of human-computer interaction. We close by encouraging designers of computer security systems to examine the humans, which these systems are intended to empower, and recommend that any security system be built on the basis of understanding of human trust provided by the social sciences.

IntuiSec : a framework for intuitive user interaction with security in the smart home; Framework for intuitive user interaction with security in the smart home

Shakhshir, Saad Zafer
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 104 p.
Português
Relevância na Pesquisa
47.32001%
This thesis presents IntuiSec, a framework for intuitive user interaction with Smart Home security. The design approach of IntuiSec is to introduce a layer of indirection between user-level intent and the system-level security infrastructure. This layer is implemented by a collection of distributed middleware and user-level tools. It encapsulates system-level security events and exposes only concepts and real-world metaphors that are intuitive to non-expert users. It also translates user intent to the appropriate system-level security actions. The IntuiSec framework presents the user with intuitive steps for setting up a secure home network, establishing trusted relationships between devices, and granting temporal, selective access for both home occupants and visitors to devices within the home. The middleware exposes APIs that allow other applications to present the user with meaningful visualizations of security-related parameters and concepts. I present the IntuiSec system design and an example proof-of-concept implementation, which demonstrates the user experience and provides more insight into the framework.; by Saad Safer Shakhshir.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science...

Data Protection and the Prevention of Cybercrime: A dual role for security policy in the EU?

PORCEDDA, Maria Grazia
Fonte: Instituto Universitário Europeu Publicador: Instituto Universitário Europeu
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
47.277153%
Cybercrime and cyber-security are attracting increasing attention, both for the relevance of Critical Information Infrastructure to the national economy, and the interplay of the policies tackling them with ‘ICT sensitive’ liberties, such as privacy and data protection. As such, the subject falls in the ‘security vs. privacy’ debate. The objective of this study is twofold. On the one hand, it is descriptive: it aims to cast light on the (legal substantive) nature of, and relationship between, cybercrime and cyber security, which are currently ‘terms of hype’. On the other, it explores the possibility of reconciling data protection and privacy with the prevention of cybercrime and the pursuit of a cyber-security policy, and therefore wishes to explore causation. The latter is a subset of the wider question of whether it is possible to build ‘human rights by design’, i.e. a security policy that reconciles both security and human rights. I argue that narrow or online crimes and broad or off-line crimes are profoundly different in terms of underlying logics while facing the same procedural challenges, and that only narrow cybercrime pertains to cyber-security, understood as a policy. Yet, the current policy debate is focussing too much on broad cybercrimes...

A Video Game for Cyber Security Training and Awareness

Cone, Benjamin D.; Irvine, Cynthia E.; Thompson, Michael F.; Nguyen, Thuy D.
Fonte: Computers and Security Publicador: Computers and Security
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.210757%
Although many of the concepts included in cyber security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do not require users to think about and apply security concepts. A flexible, highly interactive video game, CyberCIEGE, is described as a security awareness tool that can support organizational security training objectives while engaging typical users in an engaging security adventure. The game is now being successfully utilized for information assurance education and training by a variety of organizations. Preliminary results indicate the game can also be an effective addition to basic information awareness training programs for general computer users (e.g., annual awareness training.)

Use of Evaluation Criteria in Security Education

Nguyen, Thuy D.; Irvine, Cynthia E.
Fonte: International Conference on Information Warfare and Security (ICIW 2008), April 2008, Omaha, Nebraska, USA Publicador: International Conference on Information Warfare and Security (ICIW 2008), April 2008, Omaha, Nebraska, USA
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.340464%
Success in information warfare will depend on resilient, reconstitutable cyber assets and the ability to assess and respond to attacks. A cornerstone of this success will be the ability of Information Assurance professionals to develop sound security requirements and determine the suitability of evaluated security products for mission-specific systems. Recognizing the pedagogical value of applying security evaluation criteria such as the Common Criteria (CC) to information security education, we recently introduced a graduate-level Computer Science course focusing on methodical security requirements engineering based on the CC. This course aims to provide students with an understanding of how security evaluation criteria can be used to specify system security objectives, derive security requirements from security objectives, establish life cycle and development processes, and provide an organizational framework for research and development. Although imperfect, the paradigmatic process of the CC provides a usable framework for in-depth study of various tasks relating to system requirements derivation and verification activities: system requirements elicitation, threat analysis, security objectives definition and security requirements expression. In-class discussions address fundamental security design principles and disciplines for information and software assurance (e.g....

Amplifying Security Education in the Laboratory

Irvine, Cynthia E.,
Fonte: INFOSEC Publicador: INFOSEC
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.244233%
Computer and network security have become concerns for enterprises ranging from sole proprietorships run from home offices to global corporations and government agencies with hundred of thousands of employees. These concerns are reflected in the growing demand for computer security professionals to design, manage, and administer systems. Here a case is built for significant use of laboratory work to complement classroom and reading activities in computer security education.

Teaching introductory computer security at a Department of Defense university

Irvine, Cynthia E.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Relatório
Português
Relevância na Pesquisa
47.307285%
The Naval Postgraduate School Center for Information Systems Security (INFOSEC) Studies and Research (NPS CISR) has developed an instructional program in computer security. Its objective is to insure that students not only understand practical aspects of computer security associated with current technology, but also learn the fundamental principles that can be applied to the development of systems for which high confidence in policy enforcement can be achieved. Introduction to Computer Security, the cornerstone course for our program is described here.

Security issues for automated information systems

Irvine, Cynthia E.
Fonte: Escola de Pós-Graduação Naval Publicador: Escola de Pós-Graduação Naval
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.24005%
The growing interconnectivity of computer systems has dramatically increased the risk of exposure or corruption of information through the exploitation of system security vulnerabilities. Many aspects of organizational operations and of the national infrastructure depend upon the correct operation of computers and networks. Security is a fundamental requirement for the health of the public enterprise, but it is often ignored. This essay will review fundamental concepts of computer security. Some of the costs and benefits of investment in security will be discussed. The notion of organizational information policy, mechanisms for its enforcement, and the value of assurance will be presented.

Naval Postgraduate School Center for Infosec Studies and Research: Teaching the Science of Computer Security (U)

Irvine, Cynthia E.
Fonte: Escola de Pós-Graduação Naval Publicador: Escola de Pós-Graduação Naval
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.307285%
(U) The Naval Postgraduate School Center for Information Systems Security (INFOSEC) Studies and Research (NPS CISR) is developing a comprehensive program in INFOSEC education and research that can become a resource for DoN/DoD and U.S Government in terms of educational materials and research. A security track within the Computer Science curriculum has been established. Its philosophical core is the abstract notion of conceptually complete security mechanism, the Reference Monitor Concept. Building upon a core curriculum of computer science and engineering, the security courses convey vital concepts and techniques associated with INFOSEC today.

This is Not a Game: Early Observations on Using Alternate Reality Games for Teaching Security Concepts to First-Year Undergraduates

Flushman, Tanya R.; Gondree, Mark; Peterson, Zachary N. J.
Fonte: Escola de Pós-Graduação Naval Publicador: Escola de Pós-Graduação Naval
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.307285%
We describe a novel approach to delivering an introductory computer science course for first-year undergraduates, using computer security topics to explore core CS concepts. Our course is a first attempt at merging aspects of capture the flag-style challenges, puzzle-based learning, and alternate reality games (ARGs), with the goal of improving student engagement, increasing awareness of security as a discipline and professional opportunity, and providing context for the social relevance of security to our lives. Our challenges synthesize hands-on problemsolving, immediate feedback on incremental progress, scaffolded learning, a loosely-connective narrative, and a sense of intrigue to draw students into active engagement with course material. In this paper, we motivate the use of ARG characteristics to connect course tasks, we discuss our goals, course design, and a mixed-method evaluation of our objectives (using reflective journaling, cognitive interviews, and pre- and post-surveys using an adaptation of the Computer Attitude Scale instrument), and summarize our preliminary findings.; This work was supported, in part, through an Intel-NSF-GTISC Security Education Micro-grant, by Google through a CS Engagement Small Award...

Network security and the NPS Internet firewall; NA

Schively, Jody L.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: 105 p.;28 cm.
Português
Relevância na Pesquisa
47.28558%
As the Naval Postgraduate School's (NPS) computer network continues to incorporate computers with a wide variety of security holes, it is vital that an Internet firewall be installed to provide perimeter security for NPS from the Internet. NPS has had systems compromised by unauthorized individuals who have gained access via the Internet. The approach taken by this thesis was to analyze the type of Internet firewalls available and chose a design that provides the protection required at NPS while maintaining the Internet functionality desired. After choosing the appropriate type of firewall, it was tested for functionality and performance. The functionality test successfully validated that the bootp, netwall, tftp, sunrpc, and nfsd packets could he blocked while other network services remained functional. The performance testing process first monitored existing traffic to and from the BARRNET and DDN routers. The second step determined the firewall's performance with a well known network measurement tool, New Test TCP/IP (ntrcp). The existing data rates to and from the Intemet are on average 438 kilobjis per second and the nttcp tests showed that the firewall could run at 600 kilobits per second. These results validated that the firewall could maintain the data rates currently required to the Internet. This thesis resulted in a firewall...

Ensuring a C2 level of trust and interoperability in a networked Windows NT environment

Lucas, Julie A.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: viii, 143 p.
Português
Relevância na Pesquisa
47.254473%
Approved for public release; distribution is unlimited.; With the progression of computer systems to local and wide area networks, the scope of computer security has increased dramatically over the past two decades. Now, more than ever, the use of trusted systems is needed to ensure the secrecy, integrity, and availability of computer resources. However, attaining the levels of trust required has been difficult for a variety of reasons. This paper provides an in-depth look at the government's Trusted Computer System Evaluation Criteria (TCSEC) and its current applicability. An analysis of a military network running Windows NT version 3.51 as the network operating system is provided as a case study. The paper concludes with a discussion of the advantages and disadvantages of the TCSEC criterion. Although products have been certified as meeting the various class requirements, existing problems are preventing the attainment of trusted system from becoming a reality for many government organizations; http://archive.org/details/ensuringc2levelo00luca; Lieutenant, United States Navy

Security and efficiency concerns with distributed collaborative networking environments

Felker, Keith A.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xiv, 101 p. : ill. (some col.) ;
Português
Relevância na Pesquisa
47.32001%
Approved for public release, distribution unlimited; The progression of technology is continuous and the technology that drives interpersonal communication is not an exception. Recent technology advancements in the areas of multicast, firewalls, encryption techniques, and bandwidth availability have made the next level of interpersonal communication possible. This thesis answers why collaborative environments are important in today's online productivity. In doing so, it gives the reader a comprehensive background in distributed collaborative environments, answers how collaborative environments are employed in the Department of Defense and industry, details the effects network security has on multicast protocols, and compares collaborative solutions with a focus on security. The thesis ends by providing a recommendation for collaborative solutions to be utilized by NPS/DoD type networks. Efficient multicast collaboration, in the framework of security is a secondary focus of this research. As such, it takes security and firewall concerns into consideration while comparing and contrasting both multicast-based and non-multicast-based collaborative solutions.

Security for Classroom Learning Partner; Security for CLP

Iancu, Karin
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 44 p.
Português
Relevância na Pesquisa
47.28558%
This MENG thesis implements a security system for a classroom presentation system called the Classroom Learning Partner (CLP). The goal of the security system is to prevent cheating on electronic quizzes. CLP is a system that uses Tablet PCs in the classroom to enhance learning and encourage interaction between the instructor and students. The instructor creates exercises which are displayed on slides on the students' Tablet PCs. The students complete the exercises and submit them to the instructor and to a central database. The security implementation makes it possible to extend this framework for electronic quiz administration. This thesis discusses current cheating prevention methodologies and extends them to account for electronic quiz-taking scenarios. The basis of the security system is SQL Server authentication for authentication to a central database, and SSL for encryption of network traffic.; by Karin Iancu.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.; Includes bibliographical references (p. 43-44).

Automated analysis of security APIs; Automated analysis of security Application Programming Interfaces

Lin, Amerson H
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 124 p.; 5465732 bytes; 5471913 bytes; application/pdf; application/pdf
Português
Relevância na Pesquisa
47.28558%
Attacks on security systems within the past decade have revealed that security Application Programming Interfaces (APIs) expose a large and real attack surface but remain to be a relatively unexplored problem. In 2000, Bond et al. discovered API- chaining and type-confusion attacks on hardware security modules used in large banking systems. While these first attacks were found through human inspection of the API specifications, we take the approach of modeling these APIs formally and using an automated-reasoning tool to discover attacks. In particular, we discuss the techniques we used to model the Trusted Platform Module (TPM) v1.2 API and how we used OTTER, a theorem-prover, and ALLOY, a model-finder, to find both API- chaining attacks and to manage API complexity. Using ALLOY, we also developed techniques to capture attacks that weaken, but not fully compromise, a system's security. Finally, we demonstrate a number of real and "near-miss" vulnerabilities that were discovered against the TPM.; by Amerson H. Lin.; Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.; Includes bibliographical references (p. 123-124).

A Security Domain Model to Assess Software for Exploitable Covert Channels

Auguston, Mikhail; Levin, Timothy; Shaffer, Alan; Irvine, Cynthia E.
Fonte: Association for Computing Machinery (ACM) Publicador: Association for Computing Machinery (ACM)
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.210757%
Within a multilevel secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control (MAC) policy enforcement mechanisms. These subjects are trusted not to conduct malicious activity or degrade system security. We present a formal definition for trusted subject behaviors, which depends upon a representation of information flow and control dependencies generated during a program execution. We describe a security Domain Model (DM) designed in the Alloy specification language for conducting static analysis of programs to identify illicit information flows, access control flaws and covert channel vulnerabilities. The DM is compiled from a representation of a target program, written in an intermediate Implementation Modeling Language (IML), and a specification of the security policy written in Alloy. The Alloy Analyzer tool is used to perform static analysis of the DM to detect potential security policy violations in the target program. In particular, since the operating system upon which the trusted subject runs has limited ability to control its actions, static analysis of trusted subject operations can contribute to the security of the system.

Darwin inside the machines: Malware evolution and the consequences for computer security

Iliopoulos, D.; Adami, C.; Szor, P.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 10/11/2011 Português
Relevância na Pesquisa
47.244233%
Recent advances in anti-malware technologies have steered the security industry away from maintaining vast signature databases and into newer defence technologies such as behaviour blocking, application whitelisting and others. Most would agree that the reasoning behind this is to keep up with the arms race established between malware writers and the security community almost three decades ago. Still, malware writers have not as yet created new paradigms. Indeed, malicious code development is still largely limited to code pattern changes utilizing polymorphic and metamorphic engines, as well as executable packer and wrapper technologies. Each new malware instance retains the exact same core functionality as its ancestor and only alters the way it looks. What if, instead, malware were able to change its function or behaviour autonomously? What if, in the absence of human intervention, computer viruses resembled biological viruses in their ability to adapt to new defence technologies as soon as they came into effect? In this paper, we will provide the theoretical proof behind malware implementation that closely models Darwinian evolution.; Comment: 13 pages

Security practices: A Mixed approach

Dass, Sourabh
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
47.210757%
Consistency of information is ideally maintained by adhering to the best practices and policies. However, statistics show trends of rising threats in information security in global landscape. It leads us to believe that there may be scope for improvement in transforming a good policy on paper into a better practice. This thesis research identifies various points of failure that arise out of improper implementation of a good policy. This research provides basic guidelines for implementation of usable security policies.

Policy driven security architectures for eBusiness

Cutts, Marcus
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
47.304653%
The dawning of the twenty-first century and genesis of a new millennium has been extremely kind to technological advance. Industries and society alike have reaped the extreme benefits of technology at its finest. Technological progress has also proven to be extraordinarily beneficial to businesses and their bottom lines when properly employed. The need for automated business logic and functionality has spawned numerous concepts and efforts to capitalize on advanced business requirements. Probably the most popular and revolutionary to date of all initiatives is the advent of eBusiness. A direct descendant of Electronic Data Interchange (EDI), eBusiness has and continues to evolve into more than a phenomenon, but rather a sound component of successful corporations and organizations. The evolution and acceptance of eBusiness has created a ripple effect throughout the technical and business worlds. The promise of this wonderful concept and its accompanying technology has forced companies to completely rethink strategic planning efforts, and to sit up and pay full attention to this ever-growing development. One area that has been extremely affected by the wide spread acceptance of eBusiness and its counterparts are the architectures and infrastructures now utilized to support these efforts. Enterprise architectures that had originally been designed to shield internal business activities from the public eye of the Internet and other domains have been either replaced...