Página 1 dos resultados de 7467 itens digitais encontrados em 0.026 segundos

Regions Security Policy (RSP) : applying regions to network security; RSP : applying regions to network security

Baratz, Joshua W. (Joshua William), 1981-
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 65 p.; 3243771 bytes; 3243575 bytes; application/pdf; application/pdf
Português
Relevância na Pesquisa
57.499185%
The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly.; by Joshua W. Baratz.; Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.; Includes bibliographical references (p. 51-54).

Investigation and development of a hypervisor-based security architecture utilising a state-of-the-art hardware trust anchor

Schramm, Martin
Fonte: University of Limerick Publicador: University of Limerick
Tipo: Master thesis (Research); all_ul_research; ul_published_reviewed; ul_theses_dissertations; none
Português
Relevância na Pesquisa
57.48114%
peer-reviewed; Trusted Computing is a relatively new approach to computer security in which a system should be permanently maintained in a well-defined state - and therefore it will reside in a trustworthy state. The word "trustworthy" in this context means that the system always behaves in a specific way as defined by the platform manufacturer and/or the administrator/owner. A key element of this approach is to employ a security module, which is implemented in hardware, and which is tied to the platform so as to serve as a trust anchor. Based on that ’root of trust’ and other features, an effective security architecture is proposed in this research. Virtualization techniques, which were formerly developed for server consolidation, cost reduction, and conservation of energy are now gaining more and more interest in the field of trusted computing. Virtualization can greatly enhance the security of a system by isolating applications, or even whole operating systems, by splitting the computer system into smaller parts, whose integrity can be more easily assured. This project is concerned with the development of a system that will effectively combine the isolation features of the virtualization schemes with a state-of-the-art hardware security module. This system will provide reliable protection against sophisticated software-based attacks and will withstand elementary hardware-based attacks. The building block approach of this proposed security architecture makes sure that many different application fields can archive a high level of security by combining the appropriate components. The research examines some emerging approaches to computer security and proposes a novel security architecture based on a hardware trust anchor. An experimental system is developed to provide a ’proof-of-concept’ model for evaluation. The target application area for the architecture is the embedded computing space...

The Reference Monitor Concept as a Unifying Principle in Computer Security Education

Irvine, Cynthia E.
Fonte: Proceeding IFIP TC11 WC11.8 First World Conference on INFOSEC Education Publicador: Proceeding IFIP TC11 WC11.8 First World Conference on INFOSEC Education
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
57.352827%
For over twenty-five years, the Reference Monitor Concept [1] has proved itself to be a useful tool for computer security practitioners. It can also be used as a conceptual tool in computer security education. This paper describes a computer security education program at the Naval Postgraduate School that has used the Reference Monitor concept as a unifying principle for courses, laboratory work, and student research. The intent of the program is to produce graduates who will think critically about the design and implementation of systems intended to enforce security policies.

Monitoring information systems to enforce computer security policies

Graham, Scott W.; Mills, Stephen E.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
57.51002%
Approved for public release; distribution is unlimited; Many computer security policies are written relatively vaguely. In many ways this is intentional to allow for easier access to all the functionality of the computer network. However, too much leeway allows users, without a need to access many of the network functions, the ability to execute functions that might cause harm to the system or provide access to information they have no need to see. With this in mind, this paper takes a look at computer security. We start with a brief history of computer security and continue with a look at internal security. Since our focus is on computer misuse and detection, a look at internal security provides a look at the reasons why we should attempt to monitor the activities of users. Misuse detection requires at least two features. These are audit reduction and profiling ability. When audit features are enabled in the operating system, massive files can build up. By establishing profiles of personnel usage, the automated audit features can quickly scan audit files, look for usage that falls outside what is determined to be normal, notify administrators, and delete old audit data. A misuse detection system, such as the Computer Misuse Detection System marketed by ODS Networks...

Introduction to the Applications of Evolutionary Computation in Computer Security and Cryptography

Isasi, Pedro; Hernández, Julio C.
Fonte: Blackwell Publicador: Blackwell
Tipo: Artigo de Revista Científica Formato: application/pdf
Publicado em /08/2004 Português
Relevância na Pesquisa
67.307285%
Provides information on the applications of evolutionary computation in computer security and cryptography. Main applications of evolutionary computations in cryptology; Achievements of several researchers in the field of artificial intelligence applications to computer security and cryptology; Examples of successful research.

A study of computer security policies for the Indonesian Navy

Herusutopo, Antonius
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: 126 p.
Português
Relevância na Pesquisa
77.552607%
Approved for public release; distribution is unlimited.; The Indonesian Navy recognized the need for a computer security program over ten years ago. They published their first computer security regulation in 1981. But that regulation is now obsolete because of the advances in technology and the increased availability of powerful computer systems. As computer systems become bigger, more complicated, easier to use, more interconnected, and more important, they become more vulnerable to hackers, terrorist, and disgruntled employees. This thesis demonstrates the need for an updated computer security regulation. To add in meeting that need, the thesis proposes a security program for the Indonesian Navy that is based on the multilevel trusted computer criteria published by the NCSC in the 'Orange Book', the Canadian Trusted Product Evaluation Criteria and ITSEC. The proposed program includes additional regulations concerning physical security, data security, integrity and availability, and recommended trusted evaluation guide; http://archive.org/details/studyofcomputers00heru; Major, Indonesian Navy

Modeling and analyzing intrusion attempts to a computer network operating in a defense-in-depth posture

Givens, Mark Allen
Fonte: Monterey California. Naval Postgraduate School Publicador: Monterey California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xvi, 91 p. : ill. (some col.) ;
Português
Relevância na Pesquisa
57.28978%
Approved for public release; distribution is unlimited; In order to ensure the confidentially, integrity, and availability of networked resources operating on the Global Information Grid, the Department of Defense has incorporated a "Defense-in-Depth" posture. This posture includes the use of network security mechanisms and does not rely on a single defense for protection. Firewalls, Intrusion Detection Systems (IDS's), Anti-Virus (AV) software, and routers are such tools used. In recent years, computer security discussion groups have included IDS's as one of their most relevant issues. These systems help identify intruders that exploit vulnerabilities associated with operating systems, application software, and computing hardware. When IDS's are utilized on a host computer or network, there are two primary approaches to detecting and / or preventing attacks. Traditional IDS's, like most AV software, rely on known "signatures" to detect attacks. This thesis will focus on the secondary approach: Anomaly or "behavioral based" IDS's look for abnormal patterns of activity on a network to identify suspicious behavior.; Major, United States Marine Corps

Framework for managing metadata security tags as the basis for making security decisions

Aposporis, Panagiotis.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xii, 274 p. : ill. (some col.) ;
Português
Relevância na Pesquisa
57.2377%
Approved for public release; distribution is unlimited; This thesis presents an analysis of a capability to employ CAPCO (Controlled Access Program Coordination Office) compliant Metadata security tags as the basis for making security decisions. My research covers all the security aspects of the related technologies, such as XML, Web Services, Java API's for XML, .NET Architecture to help determine how security conscious enterprises such as the Intelligence Community can implement this approach in the real insecure world, with commercial off-the-self products, to meet their needs. There were many concerns about using the XML Metadata Label Tags as the basis for making security decisions, due to an un -trusted environment. By using appropriate trusted parts, when really necessary, and new technologies , we can find secure solutions for creating, storing and disseminating XML documents. Besides the theoretical research, this thesis also presents a prototype development of a Web Service that can handle most of the tasks (save, save locally, review etc), which are required to securely manage XML documents. In order to implement the above Web Service, open -source products, such as Java and Apache Tomcat Web Server, are used. These are not only available free...

Assumptions, trust, and names in computer security protocols

Shearer, Charles Dylan
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xii, 71 p. ;
Português
Relevância na Pesquisa
67.24005%
Approved for public release; distribution is unlimited.; A major goal of using any security protocol is to create certain beliefs in the participants. A security protocol will use techniques like cryptography to guarantee some things, but it will still require a participant to make assumptions about other things that the protocol cannot guarantee; such assumptions often constitute trust in other participants. In this thesis, we attempt to precisely identify the required assumptions of some example protocols. In the process, we find that we must consider the names that participants use to reason about each other. It turns out that naming is a complex topic with a rich body of philosophical work, and we apply some ideas from this work to the problem of identifying security protocols' required assumptions. Finally, we begin work on a mathematical model of protocols and beliefs to which a formal logic of belief could be applied. The model is left incomplete because of some unresolved problems with modeling belief caused by the design requirement that the model's elements have clear operational meanings. The solution of these problems is left as future work.

Cyberciege scenario illustrating integrity risks to a military like facility

Fielk, Klaus W.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xviii, 106 p. ;
Português
Relevância na Pesquisa
57.347544%
Approved for public release; distribution is unlimited.; Note: the appendix file for this item is not available.; As the number of computer users continues to grow, attacks on assets stored on computer devices have increased. Despite an increase in computer security awareness, many users and policy makers still do not implement security principles in their daily lives. Ineffective education and the lack of personal experience and tacit understanding might be a main cause. The CyberCIEGE game can be used to convey requisite facts and to generate tacit understanding of general computer security concepts to a broad audience. This thesis asked if a Scenario Definition File (SDF) for the CyberCIEGE game could be developed to educate and train players in Information Assurance on matters related to information integrity in a networking environment. The primary educational concern is the protection of stored data. Another goal was to test whether the game engine properly simulates real world behavior. The research concluded that it is possible to create SDFs for the CyberCIEGE game engine to teach specifically about integrity issues. Three specific SDFs were developed for teaching purposes. Several SDFs were developed to demonstrate the game engine's ability to simulate real world behavior for specific...

Teaching Objectives of a Simulation Game for Computer Security

Irvine, Cynthia E.; Thompson, Michael
Fonte: Informing Science and Information Technology Joint Conference Publicador: Informing Science and Information Technology Joint Conference
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
67.352827%
This paper describes a computer simulation game being developed to teach computer security principles. The player of the game constructs computer networks and makes choices affecting the ability of these networks and the game's virtual users to protect valuable assets from attack by both vandals and well-motivated professionals. The game introduces the player to the need for well formed information security policies, allowing the player to deploy a variety of means to enforce security policies, including authentication, audit and access controls. The game will depict a number of vulnerabilities ranging from trivial passwords to trap doors planted by highly skilled, well-funded adversaries.

Human factors in Coast Guard Computer Security - an analysis of current awareness and potential techniques to improve security program viability

Whalen, Timothy J.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xxi, 106 p. ; 28 cm.
Português
Relevância na Pesquisa
57.32001%
The Coast Guard is becoming increasingly reliant upon our nation's information infrastructure. As such, our ability to ensure the security of those systems is also increasing in import. Traditional information security measures tend to be system-oriented and often fail to address the human element that is critical to system success. In order to ensure information system security, both system and human factors requirements must be addressed. This thesis attempts to identify both the susceptibility of Coast Guard information systems to human factors-based security risks and possible means for increasing user awareness of those risks. This research is meant to aid the Coast Guard in continuing to capitalize on emerging technologies while simultaneously providing a secure information systems environment.; US Coast Guard (USCG) author

Defining and enforcing hardware security requirements

Bilzor, Michael B.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Formato: xxiv, 141 p. : col. ill. ; 28 cm.
Português
Relevância na Pesquisa
57.210757%
Security in computing systems to date has focused mostly on software. In this research, we explore the application and enforceability of well-defined security requirements in hardware designs. The principal threats to hardware systems demonstrated in the academic literature to date involve some type of subversion, often called a Hardware Trojan or malicious inclusion. Detecting these has proved very difficult. We demonstrate a method whereby the dynamic enforcement of a processor's security requirements can be used to detect the presence of some of these malicious inclusions. Although there are theoretical limits on which security properties can be dynamically enforced using the techniques we describe, our research does provide a novel method for expressing and enforcing security requirements at runtime in hardware designs. While the method does not guarantee the detection of all possible malicious inclusions in a given processor, it addresses a large class of inclusions-those detectable as violations of behavioral restrictions in the architectural specification-which provides significant progress against the general case, given a suitably complete set of checkers.; US Navy (USN) author

STP/HAMPI and Computer Security

Ganesh, Vijay
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 12/04/2012 Português
Relevância na Pesquisa
57.322676%
In the past several years I have written two SMT solvers called STP and HAMPI that have found widespread use in computer security research by leading groups in academia, industry and the government. In this brief note I summarize the features of STP/HAMPI that make them particularly suited for computer security research, and a listing of some of the more important projects that use them.

Password Cracking and Countermeasures in Computer Security: A Survey

Han, Aaron L. -F.; Wong, Derek F.; Chao, Lidia S.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 28/11/2014 Português
Relevância na Pesquisa
57.244233%
With the rapid development of internet technologies, social networks, and other related areas, user authentication becomes more and more important to protect the data of the users. Password authentication is one of the widely used methods to achieve authentication for legal users and defense against intruders. There have been many password cracking methods developed during the past years, and people have been designing the countermeasures against password cracking all the time. However, we find that the survey work on the password cracking research has not been done very much. This paper is mainly to give a brief review of the password cracking methods, import technologies of password cracking, and the countermeasures against password cracking that are usually designed at two stages including the password design stage (e.g. user education, dynamic password, use of tokens, computer generations) and after the design (e.g. reactive password checking, proactive password checking, password encryption, access control). The main objective of this work is offering the abecedarian IT security professionals and the common audiences with some knowledge about the computer security and password cracking, and promoting the development of this area.

What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory

Swire, Peter P.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 24/09/2001 Português
Relevância na Pesquisa
57.62478%
"What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory" Peter P. Swire, George Washington University. Imagine a military base. It is defended against possible attack. Do we expect the base to reveal the location of booby traps and other defenses? No. But for many computer applications,a software developer will need to reveal a great deal about the code to get other system owners to trust the code and know how to operate with it. This article examines these conflicting intuitions and develops a theory about what should be open and hidden in computer security. Part I of the paper shows how substantial openness is typical for major computer security topics, such as firewalls, packaged software, and encryption. Part II shows what factors will lead to openness or hiddenness in computer security. Part III presents an economic analysis of the issue of what should be open in computer security. The owner who does not reveal the booby traps is like a monopolist, while the open-source software supplier is in a competitive market. This economic approach allows us to identify possible market failures in how much openness occurs for computer security. Part IV examines the contrasting approaches of Sun Tzu and Clausewitz to the role of hiddenness and deception in military strategy. The computer security...

Computer Security: Competing Concepts

Nissenbaum, Helen; Friedman, Batya; Felten, Edward
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
57.671675%
This paper focuses on a tension we discovered in the philosophical part of our multidisciplinary project on values in web-browser security. Our project draws on the methods and perspectives of empirical social science, computer science, and philosophy to identify values embodied in existing web-browser security and also to prescribe changes to existing systems (in particular, Mozilla) so that values relevant to web-browser systems are better served than presently they are. The tension, which we had not seen explicitly addressed in any other work on computer security, emerged when we set out to extract from the concept of security the set values that ought to guide the shape of web-browser security. We found it impossible to construct an internally consistent set of values until we realized that two robust -- and in places competing -- conceptions of computer security were influencing our thinking. We needed to pry these apart and make a primary commitment to one. One conception of computer security invokes the ordinary meaning of security. According to it, computer security should protect people -- computer users -- against dangers, harms, and threats. Clearly this ordinary conception of security is already informing much of the work and rhetoric surrounding computer security. But another...

An Overview of Computer security

Annam, Shireesh Reddy
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 21/10/2001 Português
Relevância na Pesquisa
57.229604%
As more business activities are being automated and an increasing number of computers are being used to store vital and sensitive information the need for secure computer systems becomes more apparent. These systems can be achieved only through systematic design; they cannot be achieved through haphazard seat-of-the-pants methods.This paper introduces some known threats to the computer security, categorizes the threats, and analyses protection mechanisms and techniques for countering the threats. The threats have been classified more so as definitions and then followed by the classifications of these threats. Also mentioned are the protection mechanisms.; Comment: 11 pages,PDF, Comments about threats to the computer security and their protection mechanisms

War of 2050: a Battle for Information, Communications, and Computer Security

Kott, Alexander; Alberts, David S.; Wang, Cliff
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 27/11/2015 Português
Relevância na Pesquisa
57.151167%
As envisioned in a recent future-casting workshop, warfare will continue to be transformed by advances in information technologies. In fact, information itself will become the decisive domain of warfare. Four developments will significantly change the nature of the battle. The first of these will be a proliferation of intelligent systems; the second, augmented humans; the third, the decisive battle for the information domain; and the fourth, the introduction of new, networked approaches to command and control. Each of these new capabilities possesses the same critical vulnerability - attacks on the information, communications and computers that will enable human-robot teams to make sense of the battlefield and act decisively. Hence, the largely unseen battle for information, communications and computer security will determine the extent to which adversaries will be able to function and succeed on the battlefield of 2050.; Comment: A shorter version of this paper has been accepted for publication in IEEE Computer, December 2015

Distributed virtual environment scalability and security

Miller, John
Fonte: University of Cambridge; Faculty of Computer Science and Technology; Computer Laboratory; Microsoft Research Cambridge Publicador: University of Cambridge; Faculty of Computer Science and Technology; Computer Laboratory; Microsoft Research Cambridge
Tipo: Thesis; doctoral; PhD
Português
Relevância na Pesquisa
57.387246%
Distributed virtual environments (DVEs) have been an active area of research and engineering for more than 20 years. The most widely deployed DVEs are network games such as Quake, Halo, and World of Warcraft (WoW), with millions of users and billions of dollars in annual revenue. Deployed DVEs remain expensive centralized implementations despite significant research outlining ways to distribute DVE workloads. This dissertation shows previous DVE research evaluations are inconsistent with deployed DVE needs. Assumptions about avatar movement and proximity - fundamental scale factors - do not match WoW?s workload, and likely the workload of other deployed DVEs. Alternate workload models are explored and preliminary conclusions presented. Using realistic workloads it is shown that a fully decentralized DVE cannot be deployed to today?s consumers, regardless of its overhead. Residential broadband speeds are improving, and this limitation will eventually disappear. When it does, appropriate security mechanisms will be a fundamental requirement for technology adoption. A trusted auditing system (?Carbon?) is presented which has good security, scalability, and resource characteristics for decentralized DVEs. When performing exhaustive auditing...