Página 1 dos resultados de 8247 itens digitais encontrados em 0.017 segundos
Resultados filtrados por Publicador: Monterey, California. Naval Postgraduate School

Monitoring information systems to enforce computer security policies

Graham, Scott W.; Mills, Stephen E.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
579.8934%
Approved for public release; distribution is unlimited; Many computer security policies are written relatively vaguely. In many ways this is intentional to allow for easier access to all the functionality of the computer network. However, too much leeway allows users, without a need to access many of the network functions, the ability to execute functions that might cause harm to the system or provide access to information they have no need to see. With this in mind, this paper takes a look at computer security. We start with a brief history of computer security and continue with a look at internal security. Since our focus is on computer misuse and detection, a look at internal security provides a look at the reasons why we should attempt to monitor the activities of users. Misuse detection requires at least two features. These are audit reduction and profiling ability. When audit features are enabled in the operating system, massive files can build up. By establishing profiles of personnel usage, the automated audit features can quickly scan audit files, look for usage that falls outside what is determined to be normal, notify administrators, and delete old audit data. A misuse detection system, such as the Computer Misuse Detection System marketed by ODS Networks...

A study of computer security policies for the Indonesian Navy

Herusutopo, Antonius
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: 126 p.
Português
Relevância na Pesquisa
781.2491%
Approved for public release; distribution is unlimited.; The Indonesian Navy recognized the need for a computer security program over ten years ago. They published their first computer security regulation in 1981. But that regulation is now obsolete because of the advances in technology and the increased availability of powerful computer systems. As computer systems become bigger, more complicated, easier to use, more interconnected, and more important, they become more vulnerable to hackers, terrorist, and disgruntled employees. This thesis demonstrates the need for an updated computer security regulation. To add in meeting that need, the thesis proposes a security program for the Indonesian Navy that is based on the multilevel trusted computer criteria published by the NCSC in the 'Orange Book', the Canadian Trusted Product Evaluation Criteria and ITSEC. The proposed program includes additional regulations concerning physical security, data security, integrity and availability, and recommended trusted evaluation guide; http://archive.org/details/studyofcomputers00heru; Major, Indonesian Navy

Security aspects of computer supported collaborative work

Haroutunian, George V.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: 79 p.
Português
Relevância na Pesquisa
572.8833%
Approved for public release; distribution is unlimited; Computer Supported Collaborative Work (CSCW) is a topic of considerable academic inquiry and rapid commercial development. Meeting Room Systems, Conferencing System, Co-authoring and Argumentation Systems, Message Systems and Autonomous Agents which support group collaboration currently exist; however, Department of Defense (DoD) computer security requirements as they impact CSCW system design has received little attention. This thesis describes CSCW systems and relates group dynamic issues to predict the form of the sophisticated CSCW which will probably become commonplace in the future. Next the Trusted Computer security Evaluation criteria (TCSEC) with which all DoD systems must comply are synopsized. An extension of the Bell-LaPadula model underlying the TCSEC requirements is proposed which would allow 'Functionally Trusted CSCW' (FT-CSCW), CSCW which would meet many but not all of the TCSEC requirements. Possible first order (efficiency) effects of FT-CSCW, including the effect of sparse group domains, the breakdown of compartmentation, and organizational stratification are discussed. Second order (social) effects are also discussed, as are possible FT-CSCW problems (unstable group membership...

Assumptions, trust, and names in computer security protocols

Shearer, Charles Dylan
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xii, 71 p. ;
Português
Relevância na Pesquisa
671.3003%
Approved for public release; distribution is unlimited.; A major goal of using any security protocol is to create certain beliefs in the participants. A security protocol will use techniques like cryptography to guarantee some things, but it will still require a participant to make assumptions about other things that the protocol cannot guarantee; such assumptions often constitute trust in other participants. In this thesis, we attempt to precisely identify the required assumptions of some example protocols. In the process, we find that we must consider the names that participants use to reason about each other. It turns out that naming is a complex topic with a rich body of philosophical work, and we apply some ideas from this work to the problem of identifying security protocols' required assumptions. Finally, we begin work on a mathematical model of protocols and beliefs to which a formal logic of belief could be applied. The model is left incomplete because of some unresolved problems with modeling belief caused by the design requirement that the model's elements have clear operational meanings. The solution of these problems is left as future work.

Cyberciege scenario illustrating integrity risks to a military like facility

Fielk, Klaus W.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xviii, 106 p. ;
Português
Relevância na Pesquisa
574.7219%
Approved for public release; distribution is unlimited.; Note: the appendix file for this item is not available.; As the number of computer users continues to grow, attacks on assets stored on computer devices have increased. Despite an increase in computer security awareness, many users and policy makers still do not implement security principles in their daily lives. Ineffective education and the lack of personal experience and tacit understanding might be a main cause. The CyberCIEGE game can be used to convey requisite facts and to generate tacit understanding of general computer security concepts to a broad audience. This thesis asked if a Scenario Definition File (SDF) for the CyberCIEGE game could be developed to educate and train players in Information Assurance on matters related to information integrity in a networking environment. The primary educational concern is the protection of stored data. Another goal was to test whether the game engine properly simulates real world behavior. The research concluded that it is possible to create SDFs for the CyberCIEGE game engine to teach specifically about integrity issues. Three specific SDFs were developed for teaching purposes. Several SDFs were developed to demonstrate the game engine's ability to simulate real world behavior for specific...

Human factors in Coast Guard Computer Security - an analysis of current awareness and potential techniques to improve security program viability

Whalen, Timothy J.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xxi, 106 p. ; 28 cm.
Português
Relevância na Pesquisa
573.84555%
The Coast Guard is becoming increasingly reliant upon our nation's information infrastructure. As such, our ability to ensure the security of those systems is also increasing in import. Traditional information security measures tend to be system-oriented and often fail to address the human element that is critical to system success. In order to ensure information system security, both system and human factors requirements must be addressed. This thesis attempts to identify both the susceptibility of Coast Guard information systems to human factors-based security risks and possible means for increasing user awareness of those risks. This research is meant to aid the Coast Guard in continuing to capitalize on emerging technologies while simultaneously providing a secure information systems environment.; US Coast Guard (USCG) author