Página 9 dos resultados de 8247 itens digitais encontrados em 0.017 segundos

Common object request broker architecture (CORBA)-based security services for the Virtual Radiology Environment

Martinez, Ralph; Cole, Colin; Rozenblit, Jerzy; Cook, Jay F.; Chacko, Anna K.
Fonte: Springer-Verlag Publicador: Springer-Verlag
Tipo: Artigo de Revista Científica
Publicado em /05/2000 Português
Relevância na Pesquisa
37.36708%
The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, “Trusted Network Interpretation.” These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VREProject. The goal of the security policy is to provide, for a C2-level of information protection while also satisfying the functional needs of the GPRMC’s user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE...

The paradigm of partial erasures

Lim, Dah-Yoh, 1978-
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 145 p.
Português
Relevância na Pesquisa
37.346956%
This thesis is a study of erasures in cryptographic protocols. Erasing old data and keys is an important capability of honest parties in cryptographic protocols. It is useful in many settings, including proactive security in the presence of a mobile adversary, adaptive security in the presence of an adaptive adversary, forward security, and intrusion resilience. Some of these settings, such as achieving proactive security, is provably impossible without some form of erasures. Other settings, such as designing protocols that are secure against adaptive adversaries, are much simpler to achieve when erasures are allowed. Protocols for all these contexts typically assume the ability to perfectly erase information. Unfortunately, as amply demonstrated in the systems literature, perfect erasures are hard to implement in practice. We propose a model of imperfect or partial erasures where erasure instructions are only partially effective and leave almost all the data intact, thus giving the honest parties only a limited capability to dispose old data. Nonetheless, we show how to design protocols for all of the above settings (including proactive security, adaptive security, forward security, and intrusion resilience) for which this weak form of erasures suffices. We do not have to invent entirely new protocols...

A brief comparative study on analytical models of computer system dependability and security

Zhang, Z.; Shen, H.; Defago, X.; Sang, Y.
Fonte: IEEE Computer Society; Washington DC Publicador: IEEE Computer Society; Washington DC
Tipo: Conference paper
Publicado em //2005 Português
Relevância na Pesquisa
37.352827%
As two different research topics with much overlap, dependability and security of computer/communication systems have respective long and rich history. The development of the techniques for their modeling and analysis thus have followed distinct but convergent paths. In essence, diverse attributes and the fundamental difference between the nature of the failures bring in different concerns for dependability and security analysis during their modeling process. Taking the understanding of the basic concepts/attributes as a point of departure, this paper intend to carry out a comparative study on the analytical models of computer system dependability and security. Also, by examining the state-of-the-art quantitative techniques and sound modeling methodologies for dependability evaluation, e.g., combinatorial and stochastic methods, we attempt to explore why and how those methods can be extended to evaluate computer system security. Furthermore, we take our developed autonomic detection coordinator (for intrusion detection) as a case study to conduct the comparative analysis.; Zonghua Zhang, Hong Shen, Xavier Defago and Yingpeng Sang

Using biological models to improve innovation systems: The case of computer anti-viral software

Rice, J.; Martin, N.
Fonte: Emerald Group Publishing Limited Publicador: Emerald Group Publishing Limited
Tipo: Artigo de Revista Científica
Publicado em //2007 Português
Relevância na Pesquisa
37.322673%
Purpose – A strong and fast-cycle innovation system has been developed to counter the ongoing threat of computer viruses within computer systems employing vulnerable operating systems. Generally, however, the innovative applications that develop in response to each generation of computer virus can be seen as a reactive, rather than proactive, critical response. The paper seeks to present a critique of the innovation system that has emerged to combat computer viruses by comparing it with its natural system namesake, the human anti-viral immune system. It is proposed that the relevance of this analogy extends beyond this case to innovation systems more generally. Design/methodology/approach – This paper discusses the biological theory related to the human body's immune system and how immune systems might be mimicked in the development of security systems and anti-virus software. The paper then outlines the biomimicry framework that can be used for scoping the development and features of the security systems and software, including the population of the framework segments. The implications of biomimetic approaches in the wider innovation management literature are discussed. Findings – Some commercial security products that are undergoing evolutionary development and current research and development activities are used to augment the biomimetic development framework and explicate its use in practice. The paper has implications for the manner in which the objectives of innovation systems are defined. There is implicit criticism of linear models of innovation...

Text Entry Method Affects Password Security

Yang, Yulong; Lindqvist, Janne; Oulasvirta, Antti
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 07/03/2014 Português
Relevância na Pesquisa
37.352817%
Text-based passwords continue to be the prime form of authentication to computer systems. Today, they are increasingly created and used with mobile text entry methods, such as touchscreens and mobile keyboards, in addition to traditional physical keyboards. This raises a foundational question for usable security: whether text entry methods affect password generation and password security. This paper presents results from a between-group study with 63 participants, in which each group generated passwords for multiple virtual accounts using a different text entry method. Participants were also asked to recall their passwords afterwards. We applied analysis of structures and probabilities, with standard and recent security metrics and also performed cracking attacks on the collected data. The results show a significant effect of text entry methods on passwords. In particular, one of the experimental groups created passwords with significantly more lowercase letters per password than the control group ($t(60) = 2.99, p = 0.004$). The choices for character types in each group were also significantly different ($p=0.048, FET$). Our cracking attacks consequently expose significantly different resistance across groups ($p=0.031, FET$) and text entry method vulnerabilities. Our findings contribute to the understanding of password security in the context of usable interfaces.

Towards Enhanced Usability of IT Security Mechanisms - How to Design Usable IT Security Mechanisms Using the Example of Email Encryption

Hof, Hans-Joachim
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 23/06/2015 Português
Relevância na Pesquisa
37.346958%
Nowadays, advanced security mechanisms exist to protect data, systems, and networks. Most of these mechanisms are effective, and security experts can handle them to achieve a sufficient level of security for any given system. However, most of these systems have not been designed with focus on good usability for the average end user. Today, the average end user often struggles with understanding and using security mecha-nisms. Other security mechanisms are simply annoying for end users. As the overall security of any system is only as strong as the weakest link in this system, bad usability of IT security mechanisms may result in operating errors, resulting in inse-cure systems. Buying decisions of end users may be affected by the usability of security mechanisms. Hence, software provid-ers may decide to better have no security mechanism then one with a bad usability. Usability of IT security mechanisms is one of the most underestimated properties of applications and sys-tems. Even IT security itself is often only an afterthought. Hence, usability of security mechanisms is often the after-thought of an afterthought. This paper presents some guide-lines that should help software developers to improve end user usability of security-related mechanisms...

Closing the Price of Anarchy Gap in the Interdependent Security Game

Naghizadeh, Parinaz; Liu, Mingyan
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.320012%
The reliability and security of a user in an interconnected system depends on all users' collective effort in security. Consequently, investments in security technologies by strategic users is typically modeled as a public good problem, known as the Interdependent Security (IDS) game. The equilibria for such games are often inefficient, as selfish users free-ride on positive externalities of others' contributions. In this paper, we present a mechanism that implements the socially optimal equilibrium in an IDS game through a message exchange process, in which users submit proposals about the security investment and tax/price profiles of one another. This mechanism is different from existing solutions in that (1) it results in socially optimal levels of investment, closing the Price of Anarchy gap in the IDS game, (2) it is applicable to a general model of user interdependencies. We further consider the issue of individual rationality, often a trivial condition to satisfy in many resource allocation problems, and argue that with positive externality, the incentive to stay out and free-ride on others' investment can make individual rationality much harder to satisfy in designing a mechanism.; Comment: 8 pages, 1 figure

On the Equivalence of Two Security Notions for Hierarchical Key Assignment Schemes in the Unconditional Setting

Cafaro, Massimo; Civino, Roberto; Masucci, Barbara
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
37.324915%
The access control problem in a hierarchy can be solved by using a hierarchical key assignment scheme, where each class is assigned an encryption key and some private information. A formal security analysis for hierarchical key assignment schemes has been traditionally considered in two different settings, i.e., the unconditionally secure and the computationally secure setting, and with respect to two different notions: security against key recovery (KR-security) and security with respect to key indistinguishability (KI-security), with the latter notion being cryptographically stronger. Recently, Freire, Paterson and Poettering proposed strong key indistinguishability (SKI-security) as a new security notion in the computationally secure setting, arguing that SKI-security is strictly stronger than KI-security in such a setting. In this paper we consider the unconditionally secure setting for hierarchical key assignment schemes. In such a setting the security of the schemes is not based on specific unproven computational assumptions, i.e., it relies on the theoretical impossibility of breaking them, despite the computational power of an adversary coalition. We prove that, in this setting, SKI-security is not stronger than KI-security...

Globally reasoning about localised security policies in distributed systems

Hernandez, Alejandro Mario
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 29/05/2012 Português
Relevância na Pesquisa
37.346956%
In this report, we aim at establishing proper ways for model checking the global security of distributed systems, which are designed consisting of set of localised security policies that enforce specific issues about the security expected. The systems are formally specified following a syntax, defined in detail in this report, and their behaviour is clearly established by the Semantics, also defined in detail in this report. The systems include the formal attachment of security policies into their locations, whose intended interactions are trapped by the policies, aiming at taking access control decisions of the system, and the Semantics also takes care of this. Using the Semantics, a Labelled Transition System (LTS) can be induced for every particular system, and over this LTS some model checking tasks could be done. We identify how this LTS is indeed obtained, and propose an alternative way of model checking the not-yet-induced LTS, by using the system design directly. This may lead to over-approximation thereby producing imprecise, though safe, results. We restrict ourselves to finite systems, in the sake of being certain about the decidability of the proposed method. To illustrate the usefulness and validity of our proposal...

Tailored Security: Building Nonrepudiable Security Service-Level Agreements

Takahashi, Takeshi; Harju, Jarmo; Kannisto, Joona; Silverajan, Bilhanan; Harju, Jarmo; Matsuo, Shin'ichiro
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 26/03/2014 Português
Relevância na Pesquisa
37.346956%
The security features of current digital services are mostly defined and dictated by the service provider (SP). A user can always decline to use a service whose terms do not fulfill the expected criteria, but in many cases, even a simple negotiation might result in a more satisfying outcome. This article aims at building nonrepudiable security service-level agreements (SSLAs) between a user and an SP. The proposed mechanism provides a means to describe security requirements and capabilities in different dimensions, from overall targets and risks to technical specifications, and it also helps in translating between the dimensions. A negotiation protocol and a decision algorithm are then used to let the parties agree on the security features used in the service. This article demonstrates the feasibility and usability of the mechanism by describing its usage scenario and proof-of-concept implementation and analyzes its nonrepudiability and security aspects.; Comment: This is a preprint version of our article posted to IEEE Vehicular Technology Magazine

Principles of Security: Human, Cyber, and Biological

Stacey, Blake C.; Bar-Yam, Yaneer
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 11/03/2013 Português
Relevância na Pesquisa
37.346956%
Cybersecurity attacks are a major and increasing burden to economic and social systems globally. Here we analyze the principles of security in different domains and demonstrate an architectural flaw in current cybersecurity. Cybersecurity is inherently weak because it is missing the ability to defend the overall system instead of individual computers. The current architecture enables all nodes in the computer network to communicate transparently with one another, so security would require protecting every computer in the network from all possible attacks. In contrast, other systems depend on system-wide protections. In providing conventional security, police patrol neighborhoods and the military secures borders, rather than defending each individual household. Likewise, in biology, the immune system provides security against viruses and bacteria using primarily action at the skin, membranes, and blood, rather than requiring each cell to defend itself. We propose applying these same principles to address the cybersecurity challenge. This will require: (a) Enabling pervasive distribution of self-propagating securityware and creating a developer community for such securityware, and (b) Modifying the protocols of internet routers to accommodate adaptive security software that would regulate internet traffic. The analysis of the immune system architecture provides many other principles that should be applied to cybersecurity. Among these principles is a careful interplay of detection and action that includes evolutionary improvement. However...

Security Policy Consistency

Ribeiro, Carlos; Zuquete, Andre; Ferreira, Paulo; Guedes, Paulo
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 30/06/2000 Português
Relevância na Pesquisa
37.346956%
With the advent of wide security platforms able to express simultaneously all the policies comprising an organization's global security policy, the problem of inconsistencies within security policies become harder and more relevant. We have defined a tool based on the CHR language which is able to detect several types of inconsistencies within and between security policies and other specifications, namely workflow specifications. Although the problem of security conflicts has been addressed by several authors, to our knowledge none has addressed the general problem of security inconsistencies, on its several definitions and target specifications.; Comment: To appear in the first CL2000 workshop on Rule-Based Constraint Reasoning and Programming

Cyberspace security: How to develop a security strategy

Raggad, Bel G.; Sidhom, Sahbi
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 27/12/2007 Português
Relevância na Pesquisa
37.340464%
Despite all visible dividers, the Internet is getting us closer and closer, but with a great price. Our security is the price. The international community is fully aware of the urgent need to secure the cyberspace as you see the multiplication of security standards and national schemes interpreting them beyond borders: ISO 15408, ISO 17799, and ISO 27001. Even though some countries, including the Security Big Six (SB6), are equipped with their security books and may feel relatively safe; this remains a wrong sense of security as long as they share their networks with entities of less security. The standards impose security best practices and system specifications for the development of information security management systems. Partners beyond borders have to be secure as this is only possible if all entities connected to the partnership remain secure. Unfortunately, there is no way to verify the continuous security of partners without periodic security auditing and certification, and members who do not comply should be barred from the partnership. This concept also applies to the cyber space or the electronic society. In order to clean our society from cyber crimes and cyber terrorism we need to impose strict security policies and enforce them in a cooperative manner. The paper discusses a country's effort in the development of a national security strategy given its security economic intelligence position...

Proceedings 7th International Workshop on Security Issues in Concurrency

Boreale, Michele; Kremer, Steve
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 22/10/2009 Português
Relevância na Pesquisa
37.352817%
This volume contains the proceedings of the 7th Workshop on Security Issues in Concurrency (SecCo'09). The workshop was held in Bologna, Italy on September 5th 2009, as a satellite workshop of CONCUR'09. The aim of the SecCo workshop series is to cover the gap between the security and the concurrency communities. More precisely, the workshop promotes the exchange of ideas, trying to focus on common interests and stimulating discussions on central research questions. In particular, we called for papers dealing with security issues (such as authentication, integrity, privacy, confidentiality, access control, denial of service, service availability, safety aspects, fault tolerance, trust, language-based security, probabilistic and information theoretic models) in emerging fields like web services, mobile ad-hoc networks, agent-based infrastructures, peer-to-peer systems, context-aware computing, global/ubiquitous/pervasive computing.

HTTPI Based Web Service Security over SOAP

Choudhary, Pankaj; Aaseri, Rajendra; Roberts, Nirmal
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 07/06/2013 Português
Relevância na Pesquisa
37.368616%
Now a days, a new family of web applications open applications, are emerging (e.g., Social Networking, News and Blogging). Generally, these open applications are non-confidential. The security needs of these applications are only client/server authentication and data integrity. For securing these open applications, effectively and efficiently, HTTPI, a new transport protocol is proposed, which ensures the entire security requirements of open applications. Benefit of using the HTTPI is that it is economical in use, well-suited for cache proxies, like HTTP is, and provides security against many Internet attacks (Server Impersonation and Message Modification) like HTTPS does. In terms of performance HTTPI is very close to the HTTP, but much better than HTTPS. A Web service is a method of communication between two ends over the Internet. These web services are developed over XML and HTTP. Today, most of the open applications use web services for most of their operations. For securing these web services, security design based on HTTPI is proposed. Our work involves securing the web services over SOAP, based on the HTTPI. This secure web service might be applicable for open applications, where authentication and integrity is needed, but no confidentiality required. In our paper...

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

Zou, Yulong; Wang, Xianbin; Hanzo, Lajos
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 29/05/2015 Português
Relevância na Pesquisa
37.33317%
This paper is motivated to examine the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. Several physical-layer security techniques are reviewed and compared, including information-theoretic security, artificial noise aided security, security-oriented beamforming, diversity assisted security, and physical-layer key generation approaches. Additionally...

Software Security Rules, SDLC Perspective

Banerjee, C.; Pandey, S. K.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 02/11/2009 Português
Relevância na Pesquisa
37.346956%
Software has become an integral part of everyday life. Everyday, millions of people perform transaction through internet, ATM, mobile phone, they send email and Egreetings, and use word processing and spreadsheet for various purpose. People use software bearing in mind that it is reliable and can be trust upon and the operation they perform is secured. Now, if these software have exploitable security hole then how can they be safe for use. Security brings value to software in terms of peoples trust. The value provided by secure software is of vital importance because many critical functions are entirely dependent on the software. That is why security is a serious topic which should be given proper attention during the entire SDLC, right from the beginning. For the proper implementation of security in the software, twenty one security rules are proposed in this paper along with validation results. It is found that by applying these rules as per given implementation mechanism, most of the vulnerabilities are eliminated in the software and a more secure software can be built.; Comment: 6 pages IEEE format, International Journal of Computer Science and Information Security, IJCSIS 2009, ISSN 1947 5500, Impact Factor 0.423, http://sites.google.com/site/ijcsis/

An Overview of the Security Concerns in Enterprise Cloud Computing

Bisong, Anthony; Syed; Rahman, M.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 28/01/2011 Português
Relevância na Pesquisa
37.352817%
Deploying cloud computing in an enterprise infrastructure bring significant security concerns. Successful implementation of cloud computing in an enterprise requires proper planning and understanding of emerging risks, threats, vulnerabilities, and possible countermeasures. We believe enterprise should analyze the company/organization security risks, threats, and available countermeasures before adopting this technology. In this paper, we have discussed security risks and concerns in cloud computing and enlightened steps that an enterprise can take to reduce security risks and protect their resources. We have also explained cloud computing strengths/benefits, weaknesses, and applicable areas in information risk management.

Design and analysis of information fusion, dynamic sensor management rules for cyber security systems using simulation

McConky, Katie
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
37.322673%
Computer networks are vulnerable to attacks from outside threats. Intrusion detection systems are used to monitor computer networks for attacker activity. Intrusion detection systems consist of a set of sensors placed strategically throughout a computer network. The large amounts of data produced by intrusion detection system sensors may be sent to and processed by information fusion engines. Information fusion engines correlate alerts and identify attack paths of attackers. Sensor management strategies are developed to minimize the time taken to process attack data, minimize the bandwidth used by the security system of a network, and maximize the number of attacks successfully tracked. An experimental performance evaluation is conducted on sensor management strategies utilizing a variety of representative network topologies, network sizes, alert rates and attack scenarios so that a robust sensor management strategy can be identified. Performance measures of interest include the average time taken to process a real alert at the fusion engine, the percentage of real alerts processed, the percentage of noise alerts processed, the average bandwidth used to transfer alerts, and ability of a sensor management rule to successfully track multiple attacks consistently. Results indicate rules that attempt to meet but not exceed network constraints outperform rules that disregard network constraints. Additionally...

Development of a cyber attack simulator for network modeling and cyber security analysis

Costantini, Kevin
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
37.322673%
Computer networks are now relied on more than ever before for gathering information and performing essential business functions. In addition, cyber crime is frequently used as a means of exploiting these networks to obtain useful and private information. Although intrusion detection tools are available to assist in detecting malicious activity within a network, these tools often lack the ability to clearly identify cyber attacks. This limitation makes the development of effective tools an imperative task to assist in both detecting and taking action against cyber attacks as they occur. In developing such tools, reliable test data must be provided that accurately represents the activities of networks and attackers without the large overhead of setting up physical networks and cyber attacks. The intent of this thesis is to use operation research and simulation techniques to provide both data and data-generation tools representative of real-world computer networks, cyber attacks, and security intrusion detection systems. A simulation model is developed to represent the structure of networks, the unique details of network devices, and the aspects of intrusion detection systems used within networks. The simulation is also capable of generating representative cyber attacks that accurately portray the capabilities of attackers and the intrusion detection alerts associated with the attacks. To ensure that the data provided is reliable...