The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly.; by Joshua W. Baratz.; Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.; Includes bibliographical references (p. 51-54).
Information routinely collected by health care organizations is used by researchers to analyze the causes of illness and evaluate the effectiveness of potential cures. Medical information sharing systems are built to encourage hospitals to contribute patient data for use in clinical studies. These organizations possess a wide variety of environments and risk assessments, and require sufficient assurances of patient privacy. This thesis introduces mechanisms to dynamically generate an applicable security policy for medical information sharing systems. We present implementation-independent mechanisms that are capable of interoperating with different security settings at different sites to produce security configurations with significantly different characteristics and vulnerabilities. We also present a rules-based agent to assist in the selection process. This approach gives maximum freedom to generate the appropriate system according to the tradeoffs between cost, patient privacy, and data accessibility.; by Patrick M. Cody.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2003.; Includes bibliographical references (p. 52-53).
We present a new technique, boundless memory blocks, that automatically eliminates buffer overflow errors, enabling programs to continue to execute through memory errors without memory corruption. Buffer overflow vulnerabilities are caused by programming errors that allow an attacker to cause the program to write beyond the bounds of an allocated memory block to corrupt other data structures. The standard way to exploit a buffer overflow vulnerability involves a request that is too large for the buffer intended to hold it. The buffer overflow error causes the program to write part of the request beyond the bounds of the buffer, corrupting the address space of the program and causing the program to execute injected code contained in the request. Our boundless memory blocks compiler inserts checks that dynamically detect all out of bounds accesses. When it detects an out of bounds write, it stores the value away in a hash. Our compiler can then return the stored value as the result of an out of bounds read to that address. In the case of uninitialized addresses, our compiler simply returns a predefined value. We have acquired several widely used open source applications (Apache, Sendmail, Pine, Mutt, and Midnight Commander). With standard compilers...
This thesis presents the design and implementation for several system services, including network access and database storage, on a new operating system design, Asbestos. Using the security mechanism provided by Asbestos, Asbestos labels, these services are used to support the construction of secure Web applications. The network and database services serve as the foundation for a Web server that supports mandatory security policies, such that even a compromised Web application cannot improperly disclose private data. The methods used in this thesis allow Web application developers to be freed from worries about flawed applications, if developers are willing to place trust in the underlying services used.; by David Patrick Ziegler.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.; Includes bibliographical references (p. 61-66).
Voice over Internet Protocol (VoIP) systems enable efficient communications over data networks, but security of VoIP and the impact of that security on communications quality has not been quantitatively modeled. A conversational model is adapted for VoIP and a computational model of communication quality - the Z-Model - is developed. VolIP conversations are simulated for networks with a range of performance characteristics including differing bandwidth, latency and bit error rates to evaluate the impact of security on communication quality. Results show that improving conficlentiality via encryption of conversation data packets does not introduce significant delays, but does increase bandwidth. In certain restricted-bandwidth environments this results in dramatic reductions of perceived conversation quality.; by Cory L. Zue.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.; Includes bibliographical references (p. 102-106).
This thesis presents the design and implementation of a port of the Asbestos operating system to the ARM processor. The port to the ARM allows Asbestos to run on mobile devices such as cell phones and personal digital assistants. These mobile, wireless-enabled devices are at risk for data attacks because they store private data but often roam in public networks. The Asbestos operating system is designed to prevent disclosure of such data. The port includes a file system and a network driver, which together enable future development of Asbestos applications on the ARM platform. This thesis evaluates the port with a performance comparison between Asbestos running on an HP iPAQ hand held computer and the original x86 Asbestos.; by Martijn Stevenson.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.; Includes bibliographical references (p. 75-78).
This thesis describes the development of a system of sensate active RFID tags for supply-chain management and security applications, necessitated by the current lack of commercial platforms capable of monitoring the state of shipments at the crate and case level. To make a practical prototype, off-the-shelf components and custom-designed circuits that minimize power consumption and cost were assembled and integrated into an interrupt-driven, quasi-passive system that can monitor, log, and report environmental conditions inside a shipping crate while consuming only 23.7 microwatts of average power. To prove the feasibility of the system, the tags were tested in the laboratory and aboard transport conveyances.; by Mateusz Ksawery Malinowski.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.; Includes bibliographical references (p. 109-113).
This thesis presents IntuiSec, a framework for intuitive user interaction with Smart Home security. The design approach of IntuiSec is to introduce a layer of indirection between user-level intent and the system-level security infrastructure. This layer is implemented by a collection of distributed middleware and user-level tools. It encapsulates system-level security events and exposes only concepts and real-world metaphors that are intuitive to non-expert users. It also translates user intent to the appropriate system-level security actions. The IntuiSec framework presents the user with intuitive steps for setting up a secure home network, establishing trusted relationships between devices, and granting temporal, selective access for both home occupants and visitors to devices within the home. The middleware exposes APIs that allow other applications to present the user with meaningful visualizations of security-related parameters and concepts. I present the IntuiSec system design and an example proof-of-concept implementation, which demonstrates the user experience and provides more insight into the framework.; by Saad Safer Shakhshir.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science...
In recent years there have been a series of serious and alarming cryptanalytic attacks on several commonly-used hash functions, such as MD4, MD5, SHA-0, and SHA1 [13, 38]. These culminated with the celebrated work of Wang, Yin, and Yu from 2005, which demonstrated relatively efficient methods for finding collisions in the SHA-1 hash function . Although there are several cryptographic hash functions - such as the SHA-2 family  - that have not yet succumbed to such attacks, the U.S. National Institute of Standards and Technology (NIST) put out a call in 2007 for candidate proposals for a new cryptographic hash function family, to be dubbed SHA-3 . Hash functions are algorithms for converting an arbitrarily large input into a fixed-length message digest. They are typically composed of a compression function or block cipher that operate on fixed-length pieces of the input and a mode of operation that governs how apply the compression function or block cipher repeatedly on these pieces in order to allow for arbitrary-length inputs. Cryptographic hash functions are furthermore required to have several important and stringent security properties including (but not limited to) first-preimage resistance, second-preimage resistance...
A puzzle only solvable by humans, or POSH, is a prompt or question with three important properties: it can be generated by a computer, it can be answered consistently by a human, and a human answer cannot be efficiently predicted by a computer. In fact, a POSH does not necessarily have to be verifiable by a computer at all. One application of POSHes is a scheme proposed by Canetti et al. that limits on-line dictionary attacks against password-protected local storage, without the use of any secure hardware or secret storage. We explore the area of POSHes, implement several candidate POSHes and have users solve them, to evaluate their effectiveness. Given these data, we then implement the above scheme as an extension to the Mozilla Firefox web browser, where it is used to protect user certificates and saved passwords. In the course of doing so, we also define certain aspects of the threat model for our implementation (and the scheme) more precisely.; by Waseem S. Daher.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2008.; This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.; Includes bibliographical references (p. 51-53).
Fonte: International Conference on Information Warfare and Security (ICIW 2008), April 2008, Omaha, Nebraska, USAPublicador: International Conference on Information Warfare and Security (ICIW 2008), April 2008, Omaha, Nebraska, USA
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
Success in information warfare will depend on resilient, reconstitutable cyber assets and the ability to assess and respond to attacks. A cornerstone of this success will be the ability of Information Assurance professionals to develop sound security requirements and determine the suitability of evaluated security products for mission-specific systems. Recognizing the pedagogical value of applying security evaluation criteria such as the Common Criteria (CC) to information security education, we recently introduced a graduate-level Computer Science course focusing on methodical security requirements engineering based on the CC. This course aims to provide students with an understanding of how security evaluation criteria can be used to specify system security objectives, derive security requirements from security objectives, establish life cycle and development processes, and provide an organizational framework for research and development. Although imperfect, the paradigmatic process of
the CC provides a usable framework for in-depth study of various tasks relating to system requirements derivation and verification activities: system requirements elicitation, threat analysis, security objectives definition and security requirements expression. In-class discussions address fundamental security design principles and disciplines for information and software assurance (e.g....
This MENG thesis implements a security system for a classroom presentation system called the Classroom Learning Partner (CLP). The goal of the security system is to prevent cheating on electronic quizzes. CLP is a system that uses Tablet PCs in the classroom to enhance learning and encourage interaction between the instructor and students. The instructor creates exercises which are displayed on slides on the students' Tablet PCs. The students complete the exercises and submit them to the instructor and to a central database. The security implementation makes it possible to extend this framework for electronic quiz administration. This thesis discusses current cheating prevention methodologies and extends them to account for electronic quiz-taking scenarios. The basis of the security system is SQL Server authentication for authentication to a central database, and SSL for encryption of network traffic.; by Karin Iancu.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.; Includes bibliographical references (p. 43-44).
Steganography, the hiding of covert messages inside innocuous communication, is an active area of cryptographic research. Recent research has shown that provably undetectable steganography is possible in a wide variety of settings. We believe that the existence of such undetectable steganography will have far reaching implications. In this thesis, we investigate the impact of steganography on the design of cryptographic protocols. In particular, we show that that all existing cryptographic protocols allow malicious players to collude and coordinate their actions by steganographicly hiding covert messages inside legitimate protocol traffic. Such collusion is devastating in many settings, and thus we argue that it's elimination is an important direction for cryptographic research. Defeating such steganographic collusion requires not only new cryptographic protocols, but also a new notion of protocol security. Traditional notions of protocol security attempt to minimize the injuries to privacy and correctness inflicted by malicious participants who collude during run-time. They do not, however, prevent malicious parties from colluding and coordinating their actions in the first place! We therefore put forward the notion of a collusion-free protocol which guarantees that no set of players can use the protocol to maliciously coordinate their actions.; (cont.) As should be expected...
Attacks on security systems within the past decade have revealed that security Application Programming Interfaces (APIs) expose a large and real attack surface but remain to be a relatively unexplored problem. In 2000, Bond et al. discovered API- chaining and type-confusion attacks on hardware security modules used in large banking systems. While these first attacks were found through human inspection of the API specifications, we take the approach of modeling these APIs formally and using an automated-reasoning tool to discover attacks. In particular, we discuss the techniques we used to model the Trusted Platform Module (TPM) v1.2 API and how we used OTTER, a theorem-prover, and ALLOY, a model-finder, to find both API- chaining attacks and to manage API complexity. Using ALLOY, we also developed techniques to capture attacks that weaken, but not fully compromise, a system's security. Finally, we demonstrate a number of real and "near-miss" vulnerabilities that were discovered against the TPM.; by Amerson H. Lin.; Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.; Includes bibliographical references (p. 123-124).
The need for improved security requires the development of better monitoring systems. These systems must manage large numbers of images sent over communication networks. For example, a high transmission load results when security cameras continuously transmit images. Operators are bored and fatigued from viewing cycled images on a few monitors. In this thesis, we present a smart camera network that reduces transmission load and provides operators with relevant images. A smart camera is capable of compressing and processing images. Our 3D compression method (based on Mizuki's 2D method) retains features (contour, color, depth, and motion) that form the basis of object detection. The compressed image is used directly in segmentation. To reduce transmission loads, we use mobile agents to filter the network. Mobile agents are dispatched to smart cameras with user defined goals that conditionally allow image transmission. For traffic monitoring, smart cameras determine traffic flow and accidents. Mobile agents send images or information based on image content. The contribution of this work is the 3D compression method designed for processing compressed image data and the design of a system to improve camera centered networks using smart cameras and mobile agents. Our system can be used in security systems...
It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications. Specific design principles and patterns are presented that can accomplish this goal. Patterns are presented that minimize the release of confidential information through remnant and remanent data left on hard drives, in web browsers, and in documents. These patterns are based on a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of information leakage in documents. Patterns are presented that enable secure messaging through the adoption of new key management techniques. These patterns are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals. Patterns are presented for promoting secure operation and for reducing the danger of covert monitoring. These patterns are supported by the literature review and an analysis of current systems.; (cont.) In every case considered...
The ACS has prepared this response to the discussion paper to assist with the design of the cyber whitepaper expected in 2012. The ACS also welcomes the opportunity to promote discussion and support of our digital economy to position Australia for the future. Drawing from its membership of ICT professionals, and academics - particularly in areas of cyber resilience and security - the ACS established a Cyber Taskforce for this purpose. The ACS recommends: greater focus on education - noting that ICT education in primary and secondary schooling is essential - to developing ICT skills of the future and that school level educational activity forms the base on which appropriate tertiary level education programs can function for the education and training of ICT professionals; greater assistance to small and medium sized business as this is the engine room of the Australian economy; policy coordination on trusted identities; better coordination of cyber related education and research; providing consumers and businesses with resources directed to the everyday real-life challenges they face; global Internet governance changes designed to underpin and deliver trustworthy people, processes and systems including, where appropriate, a legislated mandatory baseline of trustworthiness attributes analogous to the non-excludable warranties implied in consumer contacts.
This paper sets out to examine the skills gaps between the industrial
application of Information Technology and university academic programmes
(curriculum). It looks at some of the causes, and considers the probable
solutions for bridging the gap between them and suggests the possibilities of
exploring a new role for our universities and employers of labor. It also
highlights strategies to abolish the misalignment between university and
industry. The main concept is to blend the academic rigidity with the
industrial relevance.; Comment: 10 pages IEEE Format, International Journal of Computer Science and
Information Security, IJCSIS 2009, ISSN 1947 5500, Impact factor 0.423,
Security in any of the networks became an important issue in this paper we
have implemented a security mechanism on Medium Access Control layer by Assured
Neighbor based Security Protocol to provide authentication and confidentiality
of packets along with High speed transmission for Ad hoc networks. Here we have
divided the protocol into two different parts. The first part deals with
Routing layer information; in this part we have tried to implement a possible
strategy for detecting and isolating the malicious nodes. A trust counter for
each node is determined which can be actively increased and decreased depending
upon the trust value for the purpose of forwarding the packets from source node
to destination node with the help of intermediate nodes. A threshold level is
also predetermined to detect the malicious nodes. If the value of the node in
trust counter is less than the threshold value then the node is denoted
'malicious'. The second part of our protocol deals with the security in the
link layer. For this security reason we have used CTR (Counter) approach for
authentication and encryption. We have simulated all our strategies and schemes
in NS-2, the result of which gives a conclusion that our proposed protocol i.e.
Assured Neighbor based Security Protocol can perform high packet delivery
against various intruders and also packet delivery ratio against mobility with
low delays and low overheads.; Comment: 11 pages...
The Voice over Internet Protocol (VoIP) is becoming a more available and
popular way of communicating for Internet users. This also applies to
Peer-to-Peer (P2P) systems and merging these two have already proven to be
successful (e.g. Skype). Even the existing standards of VoIP provide an
assurance of security and Quality of Service (QoS), however, these features are
usually optional and supported by limited number of implementations. As a
result, the lack of mandatory and widely applicable QoS and security guaranties
makes the contemporary VoIP systems vulnerable to attacks and network
disturbances. In this paper we are facing these issues and propose the SecMon
system, which simultaneously provides a lightweight security mechanism and
improves quality parameters of the call. SecMon is intended specially for VoIP
service over P2P networks and its main advantage is that it provides
authentication, data integrity services, adaptive QoS and (D)DoS attack
detection. Moreover, the SecMon approach represents a low-bandwidth consumption
solution that is transparent to the users and possesses a self-organizing
capability. The above-mentioned features are accomplished mainly by utilizing
two information hiding techniques: digital audio watermarking and network
steganography. These techniques are used to create covert channels that serve
as transport channels for lightweight QoS measurement's results. Furthermore...