Página 4 dos resultados de 8247 itens digitais encontrados em 0.016 segundos

An attack signature model to computer security intrusion detection

Cansian, Adriano M.; Da Silva, Artur R.A.; De Souza, Marcelo
Fonte: Universidade Estadual Paulista Publicador: Universidade Estadual Paulista
Tipo: Conferência ou Objeto de Conferência Formato: 1368-1373
Português
Relevância na Pesquisa
47.08393%
Internal and external computer network attacks or security threats occur according to standards and follow a set of subsequent steps, allowing to establish profiles or patterns. This well-known behavior is the basis of signature analysis intrusion detection systems. This work presents a new attack signature model to be applied on network-based intrusion detection systems engines. The AISF (ACME! Intrusion Signature Format) model is built upon XML technology and works on intrusion signatures handling and analysis, from storage to manipulation. Using this new model, the process of storing and analyzing information about intrusion signatures for further use by an IDS become a less difficult and standardized process.

Aspects of computer security: A primer

Langer, Steve; Stewart, Brent
Fonte: Springer-Verlag Publicador: Springer-Verlag
Tipo: Artigo de Revista Científica
Publicado em /08/1999 Português
Relevância na Pesquisa
47.08393%
As health care organizations continue on the path toward total digital operations, a topic often raised but not clearly understood is that of computer security. The reason for this is simply the vastness of the topic. Computers and networks are complex, and each service offered is a potential security hole. This article describes for the lay person the fundamental points of computer operation, how these can be points attacked, and how these attacks can be foiled—or at least detected. In addition, a taxonomy that should aid system administrators to evaluate and strengthen their systems is described.

Dynamic security for medical record sharing

Cody, Patrick M. (Patrick Michael), 1980-
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 53 p.; 3234030 bytes; 3238342 bytes; application/pdf; application/pdf
Português
Relevância na Pesquisa
47.177%
Information routinely collected by health care organizations is used by researchers to analyze the causes of illness and evaluate the effectiveness of potential cures. Medical information sharing systems are built to encourage hospitals to contribute patient data for use in clinical studies. These organizations possess a wide variety of environments and risk assessments, and require sufficient assurances of patient privacy. This thesis introduces mechanisms to dynamically generate an applicable security policy for medical information sharing systems. We present implementation-independent mechanisms that are capable of interoperating with different security settings at different sites to produce security configurations with significantly different characteristics and vulnerabilities. We also present a rules-based agent to assist in the selection process. This approach gives maximum freedom to generate the appropriate system according to the tradeoffs between cost, patient privacy, and data accessibility.; by Patrick M. Cody.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2003.; Includes bibliographical references (p. 52-53).

Enhancing availability and security through boundless memory blocks

Cadar, Cristian
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 52 leaves; 2070965 bytes; 2071920 bytes; application/pdf; application/pdf
Português
Relevância na Pesquisa
47.08393%
We present a new technique, boundless memory blocks, that automatically eliminates buffer overflow errors, enabling programs to continue to execute through memory errors without memory corruption. Buffer overflow vulnerabilities are caused by programming errors that allow an attacker to cause the program to write beyond the bounds of an allocated memory block to corrupt other data structures. The standard way to exploit a buffer overflow vulnerability involves a request that is too large for the buffer intended to hold it. The buffer overflow error causes the program to write part of the request beyond the bounds of the buffer, corrupting the address space of the program and causing the program to execute injected code contained in the request. Our boundless memory blocks compiler inserts checks that dynamically detect all out of bounds accesses. When it detects an out of bounds write, it stores the value away in a hash. Our compiler can then return the stored value as the result of an out of bounds read to that address. In the case of uninitialized addresses, our compiler simply returns a predefined value. We have acquired several widely used open source applications (Apache, Sendmail, Pine, Mutt, and Midnight Commander). With standard compilers...

Mandatory security and performance of services in Asbestos

Ziegler, David Patrick
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 66 p.; 2890479 bytes; 2893146 bytes; application/pdf; application/pdf
Português
Relevância na Pesquisa
47.08393%
This thesis presents the design and implementation for several system services, including network access and database storage, on a new operating system design, Asbestos. Using the security mechanism provided by Asbestos, Asbestos labels, these services are used to support the construction of secure Web applications. The network and database services serve as the foundation for a Web server that supports mandatory security policies, such that even a compromised Web application cannot improperly disclose private data. The methods used in this thesis allow Web application developers to be freed from worries about flawed applications, if developers are willing to place trust in the underlying services used.; by David Patrick Ziegler.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.; Includes bibliographical references (p. 61-66).

CargoNet : micropower sensate tags for supply-chain management and security; Micropower sensate tags for supply-chain management and security

Malinowski, Mateusz Ksawery
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 113 p.
Português
Relevância na Pesquisa
47.08393%
This thesis describes the development of a system of sensate active RFID tags for supply-chain management and security applications, necessitated by the current lack of commercial platforms capable of monitoring the state of shipments at the crate and case level. To make a practical prototype, off-the-shelf components and custom-designed circuits that minimize power consumption and cost were assembled and integrated into an interrupt-driven, quasi-passive system that can monitor, log, and report environmental conditions inside a shipping crate while consuming only 23.7 microwatts of average power. To prove the feasibility of the system, the tags were tested in the laboratory and aboard transport conveyances.; by Mateusz Ksawery Malinowski.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.; Includes bibliographical references (p. 109-113).

Security proofs for the MD6 hash function mode of operation

Crutchfield, Christopher Yale
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 84 p.
Português
Relevância na Pesquisa
47.08393%
In recent years there have been a series of serious and alarming cryptanalytic attacks on several commonly-used hash functions, such as MD4, MD5, SHA-0, and SHA1 [13, 38]. These culminated with the celebrated work of Wang, Yin, and Yu from 2005, which demonstrated relatively efficient methods for finding collisions in the SHA-1 hash function [37]. Although there are several cryptographic hash functions - such as the SHA-2 family [28] - that have not yet succumbed to such attacks, the U.S. National Institute of Standards and Technology (NIST) put out a call in 2007 for candidate proposals for a new cryptographic hash function family, to be dubbed SHA-3 [29]. Hash functions are algorithms for converting an arbitrarily large input into a fixed-length message digest. They are typically composed of a compression function or block cipher that operate on fixed-length pieces of the input and a mode of operation that governs how apply the compression function or block cipher repeatedly on these pieces in order to allow for arbitrary-length inputs. Cryptographic hash functions are furthermore required to have several important and stringent security properties including (but not limited to) first-preimage resistance, second-preimage resistance...

Challenges in Computer Security Education

Irvine, Cynthia E.
Fonte: News, IEEE Publicador: News, IEEE
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.17633%
For three days last January, an international group met to discuss some of the issues at the First ACM Workshop on Education in Computer Security, held in Monterey, California. Representatives from 20 universities and a sprinkling of information systems security employers from industry and government were invited to attend based on position papers they had written. The group�s task was to discuss ways to address the impending crisis in information security education. Among the questions addressed were articulating the diversity of information security education requirements for different careers and the need for training and retaining security experts in education.

Estudio de sistemas de seguridad basado en la detección de intrusos física y tecnológica; Study of security sistems based intrudion detection physical and technological

Aranda Luengo, Ricardo
Fonte: Universidade de Cantabria Publicador: Universidade de Cantabria
Tipo: Dissertação de Mestrado
Português
Relevância na Pesquisa
47.106924%
RESUMEN: Toda persona u organización requiere de seguridad tanto física como tecnológica. A lo largo de estos últimos años han aumentado las tecnologías y los sistemas de seguridad empleados son cada vez más eficaces. El objetivo de este proyecto es el análisis y estudio de todos los sistemas de seguridad cuya finalidad es la misma: prevenir y actuar ante cualquier intrusión física y lógica. Desde hace unos meses formo parte del equipo de Ingeniería de Seguridad de la empresa ITM Sistemas: empresa con una dilatada experiencia en la seguridad integral de todo tipo de instalaciones. Este estudio es una motivación personal como ampliación a mis conocimientos de la seguridad física y aplicaciones actuales de la seguridad privada. Esta motivación deriva del interés y adquisición de conocimientos de seguridad informática dada su relación con la seguridad física pero en su aplicación lógica. Un claro ejemplo de aplicación de los dos tipos de seguridad es la integración de las grabaciones de las cámaras de tecnología IP a través de la nube. Con el avance de las tecnologías de la información y, con ello, la integridad, confidencialidad y disponibilidad de las mismas en redes internas y externas, es necesaria la implantación de medidas cada vez más complejas que garanticen la seguridad tanto física como lógica de toda información de vital importancia. Como objeto de este proyecto se analizará y estudiará la propuesta de un Sistema de Seguridad Integral como un único sistema...

Security through Play

Gondree, Mark; Peterson, Zachary N. J.; Denning, Tamara
Fonte: Escola de Pós-Graduação Naval Publicador: Escola de Pós-Graduação Naval
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.177%
Precollege classrooms have neither the support nor the room to explore computer security topics. At best, students are the targets of in-school safety campaigns, absorbing rules and best practices that only hint at the rich landscape of security problems. How to expose young students to cybersecurity outside the classroom!to computer security technology, concepts, and careers!is a challenge. Unfortunately, popular media might give more visibility to cyber careers, albeit in the form of outlandish movie-plot cyber capers, than any precollege STEM (science, technology, engineering, and mathematics) program does.; The US National Science Foundation (NSF) provided partial support for [d0x3d!] under award 1140561 and for Control-Alt-Hack under award 0846065.

Defending IEEE 802.11-based networks against denial of service attacks

Tan, Boon Hwed
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xiv, 117 p. : ill. (some col.)
Português
Relevância na Pesquisa
47.151167%
Approved for public release, distribution is unlimited; The convenience of IEEE 802.11-based wireless access networks has led to widespread deployment in the consumer, industrial and military sectors. However, this use is predicated on an implicit assumption of confidentiality and availability. In addition to widely publicized security flaws in IEEE 802.11's basic confidentially mechanisms, the threats to network availability presents any equal, if not greater danger to users of IEEE 802.11-based networks. It has been successfully demonstrated that IEEE 802.11 is highly susceptible to malicious denial-of-service (DoS) attacks targeting its management and media access protocols. Computer simulation models have proven to be effective tools in the study of cause and effect in numerous fields. This thesis involved the design and implementation of a IEEE 802.11-based simulation model using OMNeT++, to investigate the effects of different types of DoS attacks on a IEEE 802.11 network, and the effectiveness of corresponding countermeasures.; Major, Republic of Singapore Navy

Risk assessment of LAN communications

Paylor, Mark Alan
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: 72 p.
Português
Relevância na Pesquisa
47.08393%
Approved for public release; distribution is unlimited; The National Computer Security Center's (NCSC) Computer Security Requirements -- Guidance for Applying the DoD TCSEC in Specific Environments (CSC-STD-003-85) describes an environmental evaluation process which can be utilized to determine the level of trust required in a given Local Area Network (LAN) system for processing sensitive information. This thesis investigates the environmental evaluation process and applies it to the LAN environment of a hypothetical naval aviation squadron.; Lieutenant Commander, United States Navy

Integrating Security into the Curriculum

Irvine, Cynthia E.; Chin, Shiu-Kai; Frincke, Deborah
Fonte: IEEE Publicador: IEEE
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.151167%
Computer security can be used as a vehicle to achieve accreditation goals for computer science and engineering programs, while at the same time engaging students with relevant, exciting topics. The authors' approach, based on educational outcomes, illustrates that security topics can contribute to an engineering program by fostering all skills required to produce graduates capable of critical thinking.

Information Security and Wireless alternate approaches for controlling access to critical information

Nandram, Winsome
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xiv, 75 p. : ill. (some col.) ;
Português
Relevância na Pesquisa
47.17633%
Approved for public release; distribution is unlimited; The advent of Wireless Local Area Networking (WLAN) has seen a widespread adoption of its technology and functionality in many different areas. Many studies show more and more organizations are extending their networks to incorporate wireless devices and their applications. Permitting wireless devices to access private networks however, further complicates the tasks of protecting the network and its resources from unauthorized access. Now that they have become a significant element in today's networks, selecting and deploying adequate security measures have become the focus of many research efforts. Typically, network managers implement countermeasures to augment security. The goal of this thesis is to research approaches that compliment existing security measures with fine grain access control measures. The Extensible Markup Language (XML) is adopted to accommodate such granular access control as it provides the mechanisms for scaling security down to the document content level.; Captain, United States Marine Corps

Validating network security policies via static analysis of router ACL configuration

Wong, Eric Gregory Wen Wie
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xvi, 151 p. ;
Português
Relevância na Pesquisa
47.130796%
Approved for public release, distribution unlimited; The security of a network depends on how its design fulfills the organization's security policy. One aspect of security is reachability: whether two hosts can communicate. Network designers and operators face a very difficult problem in verifying the reachability of a network, because of the lack of automated tools, and calculations by hand are impractical because of the often sheer size of networks. The reachability of a network is influenced by packet filters, routing protocols, and packet transformations. A general framework for calculating the joint effort of these three factors was published recently. This thesis partially validates that framework through a detailed Java implementation, with the creation of an automated solution which demonstrates that the effect of statically configured packet filters on the reachability upper bounds of a network can be computed efficiently. The automated solution performs its computations purely based on the data obtained from parsing router configuration files. Mapping all packet filter rules into a data structure called PacketSet, consisting of tuples of permitted ranges of packet header fields, is the key to easy manipulation of the data obtained from the router configurations files. This novel approach facilitates the validation of the security policies of very large networks...

A Comparison of Password Techniques for Multilevel Authentication Mechanisms

Zviran, Moshe; Haga, William James
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Relatório Formato: NA
Português
Relevância na Pesquisa
47.08393%
Various mechanisms for authenticating users of computer-based information systems have been proposed. These include traditional, user-selected passwords, system-generated passwords, passphrases, cognitive passwords and associative passwords. While the mechanisms employed im primary passwords are determined by the operating systems' manufacturers, system designers can select any password mechanism for secondary passwords, to further protect sensitive applications and data files. This paper reports on the results of an empirically based study of passwords characteristics. It provides a comparative evaluation on the memorability and users' subjective preferences of the various passwords mechanisms, and suggest that cognitive passwords and associative passwords seem the most appropriate for secondary passwords. Keywords: Computer security. (kr); Research Council of the Naval Postgraduate School.; http://archive.org/details/comparisonofpass00zvir; O&MN, Direct Funding; NA

Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor

Robin, John Scott; Irvine, Cynthia E.
Fonte: Proceedings of the 9th USENIX Security Symposium, Denver, CO. Publicador: Proceedings of the 9th USENIX Security Symposium, Denver, CO.
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
47.130796%
This paper examines the architectural and security impact of using commercially available, popular terminal servers to support thin clients within the context of a high assurance multilevel network. Seven potential local area network architectures were analyzed for security and utility. Three secure configurations were identified: Multiple Terminal Servers in Series; Multiple Trusted Computing Base Extension-Enhanced Terminal Servers; and Terminal Servers on a High Assurance Virtual Machine Monitor

Data Protection and the Prevention of Cybercrime: The EU as an area of security?

PORCEDDA, Maria Grazia
Fonte: Instituto Universitário Europeu Publicador: Instituto Universitário Europeu
Tipo: Trabalho em Andamento Formato: application/pdf
Português
Relevância na Pesquisa
47.13189%
(This working paper is a revised version of Ms. Porcedda's EUI LL.M. thesis, 2012.); Cybercrime and cyber-security are attracting increasing attention, both for the relevance of Critical Information Infrastructure to the national economy and security, and the interplay of the policies tackling them with ‘ICT sensitive’ liberties, such as privacy and data protection. This study addresses the subject in two ways. On the one hand, it aims to cast light on the (legal substantive) nature of, and relationship between, cybercrime and cyber security, which are currently ‘terms of hype’ (and therefore it is descriptive). On the other, it explores the possibility of reconciling data protection and privacy with the prevention of cybercrime and the pursuit of a cyber-security policy (and therefore it explores causation). As such, the subject falls in the ‘security vs. privacy’ debate, and wishes in particular to investigate whether it is possible to build ‘human rights by design’ security policies, i.e. a security policy that reconciles both security and human rights. My argument hinges on a clarification of the term ‘cybercrime’ (and cyber-security), both by building on the literature – which recognises the mix of traditional crimes committed by electronic means (broad cybercrime or off-line crimes)...

A Novel Multifactor Authentication System Ensuring Usability and Security

Mathew, Gloriya; Thomas, Shiney
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 16/11/2013 Português
Relevância na Pesquisa
47.17633%
User authentication is one of the most important part of information security. Computer security most commonly depends on passwords to authenticate human users. Password authentication systems will be either been usable but not secure, or secure but not usable. While there are different types of authentication systems available alphanumeric password is the most commonly used authentication mechanism. But this method has significant drawbacks. An alternative solution to the text based authentication is Graphical User Authentication based on the fact that humans tends to remember images better than text. Graphical password authentication systems provide passwords which are easy to be created and remembered by the user. However, the main issues of simple graphical password techniques are shoulder surfing attack and image gallery attack. Studies reveals that most of the graphical passwords are either secure but not usable or usable but not secure. In this paper, a new technique that uses cued click point graphical password method along with the one-time session key is proposed. The goal is to propose a new authentication mechanism using graphical password to achieve higher security and better usability levels. The result of the system testing is evaluated and it reveals that the proposed system ensures security and usability to a great extent.; Comment: 10 pages...

Trusted software engine and PCB design for data consistency checking of commercial off-the-shelf (COTS) hardware

DelVecchio, Raymond
Fonte: University of Delaware Publicador: University of Delaware
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
47.151167%
Kiamilev, Fouad; Recent trends in technology have pushed the majority of ASIC fabrication overseas. This high volume market leaves devices vulnerable to attack by adversaries who could potentially alter the design at the hardware level while at the foundry. This type of emerging threat, known as a hardware Trojan, can leave mission critical government or financial systems vulnerable to attacks that can lead to system failure. For much of the previous decade, software was the main focus of computer security, but the past few years have ushered in a new wave of hardware security research to safeguard against such attacks. This thesis provides insight into how hardware Trojans are classified, in addition to providing examples of exploits that can lead to sensitive information leakage in an encryption system. A Trojan detection system is proposed for a COTS AES encryption component, which is accompanied by a modular stacked PCB design to implement such a system.; University of Delaware, Department of Electrical and Computer Engineering; M.S.