Página 8 dos resultados de 8247 itens digitais encontrados em 0.019 segundos

Proposta e implementação de uma Camada de Integração de Serviços de Segurança (CISS) em SoC e multiplataforma.; Proposal and Implementation of an Security Services Integration Layer (ISSL) in SoC and multiplatform.

Pereira, Fábio Dacêncio
Fonte: Biblioteca Digitais de Teses e Dissertações da USP Publicador: Biblioteca Digitais de Teses e Dissertações da USP
Tipo: Tese de Doutorado Formato: application/pdf
Publicado em 09/11/2009 Português
Relevância na Pesquisa
37.492627%
As redes de computadores são ambientes cada vez mais complexos e dotados de novos serviços, usuários e infra-estruturas. A segurança e a privacidade de informações tornam-se fundamentais para a evolução destes ambientes. O anonimato, a fragilidade e outros fatores muitas vezes estimulam indivíduos mal intencionados a criar ferramentas e técnicas de ataques a informações e a sistemas computacionais. Isto pode gerar desde pequenas inconveniências até prejuízos financeiros e morais. Nesse sentido, a detecção de intrusão aliada a outras ferramentas de segurança pode proteger e evitar ataques maliciosos e anomalias em sistemas computacionais. Porém, considerada a complexidade e robustez de tais sistemas, os serviços de segurança muitas vezes não são capazes de analisar e auditar todo o fluxo de informações, gerando pontos falhos de segurança que podem ser descobertos e explorados. Neste contexto, esta tese de doutorado propõe, projeta, implementa e analisa o desempenho de uma camada de integração de serviços de segurança (CISS). Na CISS foram implementados e integrados serviços de segurança como Firewall, IDS, Antivírus, ferramentas de autenticação, ferramentas proprietárias e serviços de criptografia. Além disso...

Design de interação visando segurança em sistemas de computação; Interaction design aiming security in computer systems

Moura, Dionatan de Souza
Fonte: Universidade Federal do Rio Grande do Sul Publicador: Universidade Federal do Rio Grande do Sul
Tipo: Trabalho de Conclusão de Curso Formato: application/pdf
Português
Relevância na Pesquisa
37.43585%
Com o alto crescimento do uso de sistemas de computação para diversos tipos de tarefas, a necessidade de segurança desses sistemas aumentou na mesma proporção. No contexto de software, segurança é a área que estuda diversas formas de proteger tais dados e informações contra o acesso não autorizado, bem como contra ações inseguras de usuários. Embora existam muitos procedimentos que podem ser realizados durante o desenvolvimento para aumentar a segurança do sistema sendo desenvolvido, uma possibilidade nem sempre levada em conta é a melhoria da interação do usuário com o sistema. Neste trabalho discutiremos por que a interação do usuário no sistema é relevante para a segurança do sistema e deve ser considerada no desenvolvimento de software de qualidade, onde segurança é um fator-chave. Este trabalho descreve os princípios de design de interação visando segurança de sistemas de computação através de fatores e critérios de usabilidade. Cada princípio é descrito e posteriormente exemplificado para um melhor entendimento. Esses princípios formam um conjunto de recomendações que visam auxiliar o processo de design de interação de sistemas com foco nos aspectos relacionados à segurança do software...

Policy Viewer : ferramenta para visualização de politicas de segurança em grafos; Policy Viewer: a tool for security policy visualization using graphs

Diogo Ditzel Kropiwiec
Fonte: Biblioteca Digital da Unicamp Publicador: Biblioteca Digital da Unicamp
Tipo: Dissertação de Mestrado Formato: application/pdf
Publicado em 23/03/2005 Português
Relevância na Pesquisa
37.387246%
A Internet trouxe grandes benefícios às organizações e usuários de computadores, porém causou também uma maior exposição dos sistemas computacionais interligados em rede. Inúmeros têm sido os esforços para conter o crescente aumento dos ataques que ocorrem no mundo todo, dentre os quais inclui-se o desenvolvimento de sistemas operacionais mais seguros. Entretanto, a adoção desses sistemas ainda é incipiente, devido a várias dificul-dades envolvidas no processo, dentre as quais destaca-se a complexidade de configuração e gerenciamento de políticas de segurança. Nesta dissertação, são apresentados os aspectos estudados durante o desenvolvimento do mestrado, que permitiram a identificação dos problemas atuais associados a segu-rança de sistemas operacionais e políticas de segurança. Isso resultou no projeto e imple-mentação do Policy Viewer, uma ferramenta de visualização de políticas de segurança. Sua finalidade é auxiliar o administrador de políticas na compreensão, visualização e verificação das políticas de segurança especificadas para o sistema operacional. Utilizando as características apresentadas no projeto, foi desenvolvida uma imple-mentação parcial da ferramenta contendo um subconjunto das funcionalidades previstas...

Gerenciamento baseado em modelos da configuração de sistemas de segurança em ambientes de redes complexos; Model-based configuration management of security systems in complex network environments

João Porto de Albuquerque Pereira
Fonte: Biblioteca Digital da Unicamp Publicador: Biblioteca Digital da Unicamp
Tipo: Tese de Doutorado Formato: application/pdf
Publicado em 24/05/2006 Português
Relevância na Pesquisa
37.401284%
Os mecanismos de segurança empregados em ambientes de redes atuais têm complexidade crescente e o gerenciamento de suas configurações adquire um papel fundamental para proteção desses ambientes. Particularmente em redes de computadores de larga escala, os administradores de segurança se vêem confrontados com o desafio de projetar, implementar, manter e monitorar um elevado número de mecanismos, os quais possuem sintaxes de configuração heterogêneas e complicadas. Uma conseqüência dessa situação é que erros de configuração são causas freqüentes de vulnerabilidades de segurança. O presente trabalho oferece uma sistemática para o gerenciamento da configuração de sistemas de segurança de redes que corresponde especialmente às necessidades dos ambientes complexos encontrados em organizações atuais. A abordagem, construída segundo o paradigma de Gerenciamento Baseado em Modelos, inclui uma técnica de modelagem que trata uniformemente diferentes tipos de mecanismos e permite que o projeto de suas configurações seja executado de forma modular, mediante um modelo orientado a objetos. Esse modelo é segmentado em Subsistemas Abstratos, os quais encerram um grupo de mecanismos de segurança e outras entidades relevantes do sistema ? incluindo seus diferentes tipos de mecanismo e as inter-relações recíprocas entre eles. Uma ferramenta de software apóia a abordagem...

Expressing an Information Security Policy Within a Security Simulation Game

Irvine, Cynthia E.; Thompson, Michael F.
Fonte: Naval Postgraduate School (U.S.) Publicador: Naval Postgraduate School (U.S.)
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.398362%
The Center for the Information Systems Studies and Research (CISR) at the Naval Postgraduate School has established a broad program in computer and network security education. The program, founded on a core in traditional computer science, is extended by a progression of specialized courses and a broad set of information assurance research projects. A CISR objective has been improvement of information assurance education and training for the U.S. military and government. Pursuant to that objective, CISR is developing a computer simulation game, CyberCIEGE, to teach computer security principles. CyberCIEGE players construct computer networks and make choices affecting the ability of these networks and the game�s virtual users to protect valuable assets from attack by both vandals and well motivated professionals [1]. CyberCIEGE includes a language for expressing different security related scenarios. A central part of this language is an ability to express a variety of different information security policies.

Framework de Kernel para um sistema de segurança imunologica

Martim d'Orey Posser de Andrade Carbone
Fonte: Biblioteca Digital da Unicamp Publicador: Biblioteca Digital da Unicamp
Tipo: Dissertação de Mestrado Formato: application/pdf
Publicado em 23/06/2006 Português
Relevância na Pesquisa
37.459734%
O crescimento alarmante da quantidade e da sofisticação dos ataques aos quais estão sujeitos os sistemas computacionais modernos traz à tona a necessidade por novos sistemas de segurança mais eficientes. Na natureza, há um sistema biológico que realiza esta tarefa com notável eficácia: o sistema imunológico humano. Este sistema é capaz de garantir a sobrevivência de um ser humano por décadas, além de ser capaz de aprender sobre novas ameaças e criar defesas para combatê-Ias. Sua eficácia, somada à semelhança entre o cenário da segurança biológica e o da segurança computacional, motivou a criação do projeto Imuno, cujo objetivo é a construção de um sistema de segurança para computadores baseado nos princípios do sistema imunológico humano. Após o estudo inicial, a modelagem conceitual do sistema e a implementação de protótipos restritos de certas funcionalidades do sistema Imuno, este trabalho tem como objetivo avançar rumo à construção de um sistema de segurança imunológico completo, de escopo geral. Para isso, torna-se necessária a implementação de uma framework em nível de sistema operacional, que suporte as funcionalidades relacionadas à prevenção, detecção e resposta que serão utilizadas por este sistema de segurança. Projetada para o kernel Linux 2.6...

An Immune Inspired Approach to Anomaly Detection

Twycross, Jamie; Aickelin, Uwe
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 16/10/2009 Português
Relevância na Pesquisa
37.385723%
The immune system provides a rich metaphor for computer security: anomaly detection that works in nature should work for machines. However, early artificial immune system approaches for computer security had only limited success. Arguably, this was due to these artificial systems being based on too simplistic a view of the immune system. We present here a second generation artificial immune system for process anomaly detection. It improves on earlier systems by having different artificial cell types that process information. Following detailed information about how to build such second generation systems, we find that communication between cells types is key to performance. Through realistic testing and validation we show that second generation artificial immune systems are capable of anomaly detection beyond generic system policies. The paper concludes with a discussion and outline of the next steps in this exciting area of computer security.; Comment: 19 pages, 4 tables, 2 figures, Handbook of Research on Information Security and Assurance

Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions

Pavlovic, Dusko; Meadows, Catherine
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.514287%
As computation spreads from computers to networks of computers, and migrates into cyberspace, it ceases to be globally programmable, but it remains programmable indirectly: network computations cannot be controlled, but they can be steered by local constraints on network nodes. The tasks of "programming" global behaviors through local constraints belong to the area of security. The "program particles" that assure that a system of local interactions leads towards some desired global goals are called security protocols. As computation spreads beyond cyberspace, into physical and social spaces, new security tasks and problems arise. As networks are extended by physical sensors and controllers, including the humans, and interlaced with social networks, the engineering concepts and techniques of computer security blend with the social processes of security. These new connectors for computational and social software require a new "discipline of programming" of global behaviors through local constraints. Since the new discipline seems to be emerging from a combination of established models of security protocols with older methods of procedural programming, we use the name procedures for these new connectors, that generalize protocols. In the present paper we propose actor-networks as a formal model of computation in heterogenous networks of computers...

Security-aware selection of Web Services for Reliable Composition

Khani, Shahedeh; Gacek, Cristina; Popov, Peter
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 07/10/2015 Português
Relevância na Pesquisa
37.43279%
Dependability is an important characteristic that a trustworthy computer system should have. It is a measure of Availability, Reliability, Maintainability, Safety and Security. The focus of our research is on security of web services. Web services enable the composition of independent services with complementary functionalities to produce value-added services, which allows organizations to implement their core business only and outsource other service components over the Internet, either pre-selected or on-the-fly. The selected third party web services may have security vulnerabilities. Vulnerable web services are of limited practical use. We propose to use an intrusion-tolerant composite web service for each functionality that should be fulfilled by a third party web service. The third party services employed in this approach should be selected based on their security vulnerabilities in addition to their performance. The security vulnerabilities of the third party services are assessed using a penetration testing tool. In this paper we present our preliminary research work.; Comment: Yann Busnel. 11th European Dependable Computing Conference (EDCC 2015), Sep 2015, Paris, France. 2015, Proceedings of Student Forum - EDCC 2015

Performance Evaluation of Java File Security System (JFSS)

Kahanwal, Brijender; Singh, Dr. Tejinder Pal; Tuteja, Dr. R. K.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 13/11/2013 Português
Relevância na Pesquisa
37.368616%
Security is a critical issue of the modern file and storage systems, it is imperative to protect the stored data from unauthorized access. We have developed a file security system named as Java File Security System (JFSS) [1] that guarantee the security to files on the demand of all users. It has been developed on Java platform. Java has been used as programming language in order to provide portability, but it enforces some performance limitations. It is developed in FUSE (File System in User space) [3]. Many efforts have been done over the years for developing file systems in user space (FUSE). All have their own merits and demerits. In this paper we have evaluated the performance of Java File Security System (JFSS). Over and over again, the increased security comes at the expense of user convenience, performance or compatibility with other systems. JFSS system performance evaluations show that encryption overheads are modest as compared to security.; Comment: 7 pages, 5 figures, journal

A Tutorial on Network Security: Attacks and Controls

Meghanathan, Natarajan
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 07/12/2014 Português
Relevância na Pesquisa
37.385723%
With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks.; Comment: 21 pages, 19 figures

Computing Optimal Security Strategies for Interdependent Assets

Letchford, Joshua; Vorobeychik, Yevgeniy
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 16/10/2012 Português
Relevância na Pesquisa
37.368616%
We introduce a novel framework for computing optimal randomized security policies in networked domains which extends previous approaches in several ways. First, we extend previous linear programming techniques for Stackelberg security games to incorporate benefits and costs of arbitrary security configurations on individual assets. Second, we offer a principled model of failure cascades that allows us to capture both the direct and indirect value of assets, and extend this model to capture uncertainty about the structure of the interdependency network. Third, we extend the linear programming formulation to account for exogenous (random) failures in addition to targeted attacks. The goal of our work is two-fold. First, we aim to develop techniques for computing optimal security strategies in realistic settings involving interdependent security. To this end, we evaluate the value of our technical contributions in comparison with previous approaches, and show that our approach yields much better defense policies and scales to realistic graphs. Second, our computational framework enables us to attain theoretical insights about security on networks. As an example, we study how allowing security to be endogenous impacts the relative resilience of different network topologies.; Comment: Appears in Proceedings of the Twenty-Eighth Conference on Uncertainty in Artificial Intelligence (UAI2012)

A Learning-Based Approach to Reactive Security

Barth, Adam; Rubinstein, Benjamin I. P.; Sundararajan, Mukund; Mitchell, John C.; Song, Dawn; Bartlett, Peter L.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.41419%
Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker's incentives and knowledge.; Comment: 22 pages, 4 figures; full version of paper to be published in Financial Cryptography and Data Security 2010 (FC'10)

Comparing Decision Support Approaches for Cyber Security Investment

Fielder, Andrew; Panaousis, Emmanouil; Malacaria, Pasquale; Hankin, Chris; Smeraldi, Fabrizio
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 19/02/2015 Português
Relevância na Pesquisa
37.401284%
When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security investment challenge. In this paper, we consider three possible decision-support methodologies for security managers to tackle this challenge. We consider methods based on game theory, combinatorial optimisation and a hybrid of the two. Our modelling starts by building a framework where we can investigate the effectiveness of a cyber security control regarding the protection of different assets seen as targets in presence of commodity threats. In terms of game theory we consider a 2-person control game between the security manager who has to choose among different implementation levels of a cyber security control, and a commodity attacker who chooses among different targets to attack. The pure game theoretical methodology consists of a large game including all controls and all threats. In the hybrid methodology the game solutions of individual control-games along with their direct costs (e.g. financial) are combined with a knapsack algorithm to derive an optimal investment strategy. The combinatorial optimisation technique consists of a multi-objective multiple choice knapsack based strategy. We compare these approaches on a case study that was built on SANS top critical controls. The main achievements of this work is to highlight the weaknesses and strengths of different investment methodologies for cyber security...

Semiring-based Specification Approaches for Quantitative Security

Martinelli, Fabio; Matteucci, Ilaria; Santini, Francesco
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 28/09/2015 Português
Relevância na Pesquisa
37.398362%
Our goal is to provide different semiring-based formal tools for the specification of security requirements: we quantitatively enhance the open-system approach, according to which a system is partially specified. Therefore, we suppose the existence of an unknown and possibly malicious agent that interacts in parallel with the system. Two specification frameworks are designed along two different (but still related) lines. First, by comparing the behaviour of a system with the expected one, or by checking if such system satisfies some security requirements: we investigate a novel approximate behavioural-equivalence for comparing processes behaviour, thus extending the Generalised Non Deducibility on Composition (GNDC) approach with scores. As a second result, we equip a modal logic with semiring values with the purpose to have a weight related to the satisfaction of a formula that specifies some requested property. Finally, we generalise the classical partial model-checking function, and we name it as quantitative partial model-checking in such a way to point out the necessary and sufficient conditions that a system has to satisfy in order to be considered as secure, with respect to a fixed security/functionality threshold-value.; Comment: In Proceedings QAPL 2015...

A Method in Security of Wireless Sensor Network based on Optimized Artificial immune system in Multi-Agent Environments

Morteza, Jaderian; Hossein, Moradzadeh; Kasra, Madadipouya; Mohammad, Firoozinia; Shahaboddin, Shamshirband
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 07/08/2015 Português
Relevância na Pesquisa
37.398362%
Security in computer networks is one of the most interesting aspects of computer systems. It is typically represented by the initials CIA: confidentiality, integrity, and authentication or availability. Although, many access levels for data protection have been identified in computer networks, the intruders would still find lots of ways to harm sites and systems. The accommodation proceedings and the security supervision in the network systems, especially wireless sensor networks have been changed into a challenging point. One of the newest security algorithms for wireless sensor networks is Artificial Immune System (AIS) algorithm. Human lymphocytes play the main role in recognizing and destroying the unknown elements. In this article, we focus on the inspiration of these defective systems to guarantee the complications security using two algorithms; the first algorithms proposed to distinguish self-nodes from non-self ones by the related factors and the second one is to eliminate the enemy node danger.The results showed a high rate success and good rate of detecting for unknown object; it could present the best nodes with high affinity and fitness to be selected to confront the unknown agents.; Comment: 8 pages

Coordination in Network Security Games: a Monotone Comparative Statics Approach

Lelarge, Marc
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 20/08/2012 Português
Relevância na Pesquisa
37.43585%
Malicious softwares or malwares for short have become a major security threat. While originating in criminal behavior, their impact are also influenced by the decisions of legitimate end users. Getting agents in the Internet, and in networks in general, to invest in and deploy security features and protocols is a challenge, in particular because of economic reasons arising from the presence of network externalities. In this paper, we focus on the question of incentive alignment for agents of a large network towards a better security. We start with an economic model for a single agent, that determines the optimal amount to invest in protection. The model takes into account the vulnerability of the agent to a security breach and the potential loss if a security breach occurs. We derive conditions on the quality of the protection to ensure that the optimal amount spent on security is an increasing function of the agent's vulnerability and potential loss. We also show that for a large class of risks, only a small fraction of the expected loss should be invested. Building on these results, we study a network of interconnected agents subject to epidemic risks. We derive conditions to ensure that the incentives of all agents are aligned towards a better security. When agents are strategic...

Gaming security by obscurity

Pavlovic, Dusko
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.517498%
Shannon sought security against the attacker with unlimited computational powers: *if an information source conveys some information, then Shannon's attacker will surely extract that information*. Diffie and Hellman refined Shannon's attacker model by taking into account the fact that the real attackers are computationally limited. This idea became one of the greatest new paradigms in computer science, and led to modern cryptography. Shannon also sought security against the attacker with unlimited logical and observational powers, expressed through the maxim that "the enemy knows the system". This view is still endorsed in cryptography. The popular formulation, going back to Kerckhoffs, is that "there is no security by obscurity", meaning that the algorithms cannot be kept obscured from the attacker, and that security should only rely upon the secret keys. In fact, modern cryptography goes even further than Shannon or Kerckhoffs in tacitly assuming that *if there is an algorithm that can break the system, then the attacker will surely find that algorithm*. The attacker is not viewed as an omnipotent computer any more, but he is still construed as an omnipotent programmer. So the Diffie-Hellman step from unlimited to limited computational powers has not been extended into a step from unlimited to limited logical or programming powers. Is the assumption that all feasible algorithms will eventually be discovered and implemented really different from the assumption that everything that is computable will eventually be computed? The present paper explores some ways to refine the current models of the attacker...

Windows And Linux Operating Systems From A Security Perspective

Bassil, Youssef
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 01/04/2012 Português
Relevância na Pesquisa
37.385723%
Operating systems are vital system software that, without them, humans would not be able to manage and use computer systems. In essence, an operating system is a collection of software programs whose role is to manage computer resources and provide an interface for client applications to interact with the different computer hardware. Most of the commercial operating systems available today on the market have buggy code and they exhibit security flaws and vulnerabilities. In effect, building a trusted operating system that can mostly resist attacks and provide a secure computing environment to protect the important assets of a computer is the goal of every operating system manufacturer. This paper deeply investigates the various security features of the two most widespread and successful operating systems, Microsoft Windows and Linux. The different security features, designs, and components of the two systems are to be covered elaborately, pin-pointing the key similarities and differences between them. In due course, a head-to-head comparison is to be drawn for each security aspect, exposing the advantage of one system over the other.; Comment: LACSC - Lebanese Association for Computational Sciences, http://www.lacsc.org/; Journal of Global Research in Computer Science...

Network security: Risk assessment of information systems

Lurain, Sher
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
37.468518%
This paper investigates fundamental security issues and the growing impact of security breaches on computer networks. Cost-effective security measures, such as asset-threat analysis, enable monitoring of security levels in complex systems. An evaluation of one technique, called the Livermore Risk Analysis Methodology (LRAM) is documentedC 1 ] . Untrusted communication lines, unauthorized access and unauthorized dissemination of information must be contained. The complexity and corresponding sophistication of todays' systems and the reliance of management on information generated by these systems make them attractive targets for computer related crimes. A profile of computer criminals and their crimes emphasize the importance of management involvement and social ethics as determents to crime. An overview of system security, control concepts, communication and transmission security, and a discussion of threats, vulnerabilities, and countermeasures is provided. The growing need for risk management models is presented as well as an overview of LRAM. Risk assessment of a specific system case study and risk profiles are developed using LRAM.