Página 1 dos resultados de 2273 itens digitais encontrados em 0.016 segundos

Gerenciamento baseado em modelos da configuração de sistemas de segurança em ambientes de redes complexos; Model-based configuration management of security systems in complex network environments

João Porto de Albuquerque Pereira
Fonte: Biblioteca Digital da Unicamp Publicador: Biblioteca Digital da Unicamp
Tipo: Tese de Doutorado Formato: application/pdf
Publicado em 24/05/2006 Português
Relevância na Pesquisa
58.16468%
Os mecanismos de segurança empregados em ambientes de redes atuais têm complexidade crescente e o gerenciamento de suas configurações adquire um papel fundamental para proteção desses ambientes. Particularmente em redes de computadores de larga escala, os administradores de segurança se vêem confrontados com o desafio de projetar, implementar, manter e monitorar um elevado número de mecanismos, os quais possuem sintaxes de configuração heterogêneas e complicadas. Uma conseqüência dessa situação é que erros de configuração são causas freqüentes de vulnerabilidades de segurança. O presente trabalho oferece uma sistemática para o gerenciamento da configuração de sistemas de segurança de redes que corresponde especialmente às necessidades dos ambientes complexos encontrados em organizações atuais. A abordagem, construída segundo o paradigma de Gerenciamento Baseado em Modelos, inclui uma técnica de modelagem que trata uniformemente diferentes tipos de mecanismos e permite que o projeto de suas configurações seja executado de forma modular, mediante um modelo orientado a objetos. Esse modelo é segmentado em Subsistemas Abstratos, os quais encerram um grupo de mecanismos de segurança e outras entidades relevantes do sistema ? incluindo seus diferentes tipos de mecanismo e as inter-relações recíprocas entre eles. Uma ferramenta de software apóia a abordagem...

Trust: A Collision of Paradigms

Camp, L. Jean; McGrath, Cathleen; Nissenbaum, Helen
Fonte: MIT - Massachusetts Institute of Technology Publicador: MIT - Massachusetts Institute of Technology
Formato: 42747 bytes; application/pdf
Português
Relevância na Pesquisa
67.88587%
In this work we survey the findings in social psychology and philosophy with respect to trust. We introduce three hypotheses that remain unanswered with respect to the manner in which humans react to computers. We discuss potential design revisions in light of findings from other disciplines. Then we conclude by noting that research which empowers users in order to be their own security manager may be based on a fundamentally flawed view of human-computer interaction. We close by encouraging designers of computer security systems to examine the humans, which these systems are intended to empower, and recommend that any security system be built on the basis of understanding of human trust provided by the social sciences.

Regions Security Policy (RSP) : applying regions to network security; RSP : applying regions to network security

Baratz, Joshua W. (Joshua William), 1981-
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 65 p.; 3243771 bytes; 3243575 bytes; application/pdf; application/pdf
Português
Relevância na Pesquisa
68.119443%
The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly.; by Joshua W. Baratz.; Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.; Includes bibliographical references (p. 51-54).

Investigation and development of a hypervisor-based security architecture utilising a state-of-the-art hardware trust anchor

Schramm, Martin
Fonte: University of Limerick Publicador: University of Limerick
Tipo: Master thesis (Research); all_ul_research; ul_published_reviewed; ul_theses_dissertations; none
Português
Relevância na Pesquisa
57.932236%
peer-reviewed; Trusted Computing is a relatively new approach to computer security in which a system should be permanently maintained in a well-defined state - and therefore it will reside in a trustworthy state. The word "trustworthy" in this context means that the system always behaves in a specific way as defined by the platform manufacturer and/or the administrator/owner. A key element of this approach is to employ a security module, which is implemented in hardware, and which is tied to the platform so as to serve as a trust anchor. Based on that ’root of trust’ and other features, an effective security architecture is proposed in this research. Virtualization techniques, which were formerly developed for server consolidation, cost reduction, and conservation of energy are now gaining more and more interest in the field of trusted computing. Virtualization can greatly enhance the security of a system by isolating applications, or even whole operating systems, by splitting the computer system into smaller parts, whose integrity can be more easily assured. This project is concerned with the development of a system that will effectively combine the isolation features of the virtualization schemes with a state-of-the-art hardware security module. This system will provide reliable protection against sophisticated software-based attacks and will withstand elementary hardware-based attacks. The building block approach of this proposed security architecture makes sure that many different application fields can archive a high level of security by combining the appropriate components. The research examines some emerging approaches to computer security and proposes a novel security architecture based on a hardware trust anchor. An experimental system is developed to provide a ’proof-of-concept’ model for evaluation. The target application area for the architecture is the embedded computing space...

The Reference Monitor Concept as a Unifying Principle in Computer Security Education

Irvine, Cynthia E.
Fonte: Proceeding IFIP TC11 WC11.8 First World Conference on INFOSEC Education Publicador: Proceeding IFIP TC11 WC11.8 First World Conference on INFOSEC Education
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
57.803926%
For over twenty-five years, the Reference Monitor Concept [1] has proved itself to be a useful tool for computer security practitioners. It can also be used as a conceptual tool in computer security education. This paper describes a computer security education program at the Naval Postgraduate School that has used the Reference Monitor concept as a unifying principle for courses, laboratory work, and student research. The intent of the program is to produce graduates who will think critically about the design and implementation of systems intended to enforce security policies.

Monitoring information systems to enforce computer security policies

Graham, Scott W.; Mills, Stephen E.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
57.961113%
Approved for public release; distribution is unlimited; Many computer security policies are written relatively vaguely. In many ways this is intentional to allow for easier access to all the functionality of the computer network. However, too much leeway allows users, without a need to access many of the network functions, the ability to execute functions that might cause harm to the system or provide access to information they have no need to see. With this in mind, this paper takes a look at computer security. We start with a brief history of computer security and continue with a look at internal security. Since our focus is on computer misuse and detection, a look at internal security provides a look at the reasons why we should attempt to monitor the activities of users. Misuse detection requires at least two features. These are audit reduction and profiling ability. When audit features are enabled in the operating system, massive files can build up. By establishing profiles of personnel usage, the automated audit features can quickly scan audit files, look for usage that falls outside what is determined to be normal, notify administrators, and delete old audit data. A misuse detection system, such as the Computer Misuse Detection System marketed by ODS Networks...

Toward a taxonomy and costing method for security services

Irvine, Cynthia; Levin, Timothy
Fonte: Naval Postgraduate School Publicador: Naval Postgraduate School
Tipo: Relatório
Português
Relevância na Pesquisa
57.79805%
A wide range of security services may be available to applications in a heterogeneous computer network. Resource Management Systems (RMSs) responsible for assigning computing and network resources to tasks need to know the resource-utilization costs associated with the various network security services. In order to understand the range of security services and RMS needs to manage, a preliminary security service taxonomy is defined. The taxonomy is used as framework for a preliminary method for defining the costs associated with network security services.

Introduction to the Applications of Evolutionary Computation in Computer Security and Cryptography

Isasi, Pedro; Hernández, Julio C.
Fonte: Blackwell Publicador: Blackwell
Tipo: Artigo de Revista Científica Formato: application/pdf
Publicado em /08/2004 Português
Relevância na Pesquisa
67.75838%
Provides information on the applications of evolutionary computation in computer security and cryptography. Main applications of evolutionary computations in cryptology; Achievements of several researchers in the field of artificial intelligence applications to computer security and cryptology; Examples of successful research.

A study of computer security policies for the Indonesian Navy

Herusutopo, Antonius
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: 126 p.
Português
Relevância na Pesquisa
78.172866%
Approved for public release; distribution is unlimited.; The Indonesian Navy recognized the need for a computer security program over ten years ago. They published their first computer security regulation in 1981. But that regulation is now obsolete because of the advances in technology and the increased availability of powerful computer systems. As computer systems become bigger, more complicated, easier to use, more interconnected, and more important, they become more vulnerable to hackers, terrorist, and disgruntled employees. This thesis demonstrates the need for an updated computer security regulation. To add in meeting that need, the thesis proposes a security program for the Indonesian Navy that is based on the multilevel trusted computer criteria published by the NCSC in the 'Orange Book', the Canadian Trusted Product Evaluation Criteria and ITSEC. The proposed program includes additional regulations concerning physical security, data security, integrity and availability, and recommended trusted evaluation guide; http://archive.org/details/studyofcomputers00heru; Major, Indonesian Navy

Modeling and analyzing intrusion attempts to a computer network operating in a defense-in-depth posture

Givens, Mark Allen
Fonte: Monterey California. Naval Postgraduate School Publicador: Monterey California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xvi, 91 p. : ill. (some col.) ;
Português
Relevância na Pesquisa
57.998647%
Approved for public release; distribution is unlimited; In order to ensure the confidentially, integrity, and availability of networked resources operating on the Global Information Grid, the Department of Defense has incorporated a "Defense-in-Depth" posture. This posture includes the use of network security mechanisms and does not rely on a single defense for protection. Firewalls, Intrusion Detection Systems (IDS's), Anti-Virus (AV) software, and routers are such tools used. In recent years, computer security discussion groups have included IDS's as one of their most relevant issues. These systems help identify intruders that exploit vulnerabilities associated with operating systems, application software, and computing hardware. When IDS's are utilized on a host computer or network, there are two primary approaches to detecting and / or preventing attacks. Traditional IDS's, like most AV software, rely on known "signatures" to detect attacks. This thesis will focus on the secondary approach: Anomaly or "behavioral based" IDS's look for abnormal patterns of activity on a network to identify suspicious behavior.; Major, United States Marine Corps

Security aspects of computer supported collaborative work

Haroutunian, George V.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: 79 p.
Português
Relevância na Pesquisa
58.09011%
Approved for public release; distribution is unlimited; Computer Supported Collaborative Work (CSCW) is a topic of considerable academic inquiry and rapid commercial development. Meeting Room Systems, Conferencing System, Co-authoring and Argumentation Systems, Message Systems and Autonomous Agents which support group collaboration currently exist; however, Department of Defense (DoD) computer security requirements as they impact CSCW system design has received little attention. This thesis describes CSCW systems and relates group dynamic issues to predict the form of the sophisticated CSCW which will probably become commonplace in the future. Next the Trusted Computer security Evaluation criteria (TCSEC) with which all DoD systems must comply are synopsized. An extension of the Bell-LaPadula model underlying the TCSEC requirements is proposed which would allow 'Functionally Trusted CSCW' (FT-CSCW), CSCW which would meet many but not all of the TCSEC requirements. Possible first order (efficiency) effects of FT-CSCW, including the effect of sparse group domains, the breakdown of compartmentation, and organizational stratification are discussed. Second order (social) effects are also discussed, as are possible FT-CSCW problems (unstable group membership...

Human factors in Coast Guard Computer Security - an analysis of current awareness and potential techniques to improve security program viability

Whalen, Timothy J.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xxi, 106 p. ; 28 cm.
Português
Relevância na Pesquisa
68.08341%
The Coast Guard is becoming increasingly reliant upon our nation's information infrastructure. As such, our ability to ensure the security of those systems is also increasing in import. Traditional information security measures tend to be system-oriented and often fail to address the human element that is critical to system success. In order to ensure information system security, both system and human factors requirements must be addressed. This thesis attempts to identify both the susceptibility of Coast Guard information systems to human factors-based security risks and possible means for increasing user awareness of those risks. This research is meant to aid the Coast Guard in continuing to capitalize on emerging technologies while simultaneously providing a secure information systems environment.; US Coast Guard (USCG) author

Defining and enforcing hardware security requirements

Bilzor, Michael B.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Formato: xxiv, 141 p. : col. ill. ; 28 cm.
Português
Relevância na Pesquisa
57.831016%
Security in computing systems to date has focused mostly on software. In this research, we explore the application and enforceability of well-defined security requirements in hardware designs. The principal threats to hardware systems demonstrated in the academic literature to date involve some type of subversion, often called a Hardware Trojan or malicious inclusion. Detecting these has proved very difficult. We demonstrate a method whereby the dynamic enforcement of a processor's security requirements can be used to detect the presence of some of these malicious inclusions. Although there are theoretical limits on which security properties can be dynamically enforced using the techniques we describe, our research does provide a novel method for expressing and enforcing security requirements at runtime in hardware designs. While the method does not guarantee the detection of all possible malicious inclusions in a given processor, it addresses a large class of inclusions-those detectable as violations of behavioral restrictions in the architectural specification-which provides significant progress against the general case, given a suitably complete set of checkers.; US Navy (USN) author

Automated analysis of security APIs; Automated analysis of security Application Programming Interfaces

Lin, Amerson H
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 124 p.; 5465732 bytes; 5471913 bytes; application/pdf; application/pdf
Português
Relevância na Pesquisa
57.90584%
Attacks on security systems within the past decade have revealed that security Application Programming Interfaces (APIs) expose a large and real attack surface but remain to be a relatively unexplored problem. In 2000, Bond et al. discovered API- chaining and type-confusion attacks on hardware security modules used in large banking systems. While these first attacks were found through human inspection of the API specifications, we take the approach of modeling these APIs formally and using an automated-reasoning tool to discover attacks. In particular, we discuss the techniques we used to model the Trusted Platform Module (TPM) v1.2 API and how we used OTTER, a theorem-prover, and ALLOY, a model-finder, to find both API- chaining attacks and to manage API complexity. Using ALLOY, we also developed techniques to capture attacks that weaken, but not fully compromise, a system's security. Finally, we demonstrate a number of real and "near-miss" vulnerabilities that were discovered against the TPM.; by Amerson H. Lin.; Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.; Includes bibliographical references (p. 123-124).

Design principles and patterns for computer systems that are simultaneously secure and usable

Garfinkel, Simson
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 472 p.; 29543936 bytes; 31405031 bytes; application/pdf; application/pdf
Português
Relevância na Pesquisa
58.053174%
It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications. Specific design principles and patterns are presented that can accomplish this goal. Patterns are presented that minimize the release of confidential information through remnant and remanent data left on hard drives, in web browsers, and in documents. These patterns are based on a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of information leakage in documents. Patterns are presented that enable secure messaging through the adoption of new key management techniques. These patterns are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals. Patterns are presented for promoting secure operation and for reducing the danger of covert monitoring. These patterns are supported by the literature review and an analysis of current systems.; (cont.) In every case considered...

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

Martínez Monterrubio, Sergio Mauricio; Frausto Solis, Juan; Monroy Borja, Raúl
Fonte: Hindawi Publishing Corporation Publicador: Hindawi Publishing Corporation
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
58.09459%
The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

Hilker, Michael; Schommer, Christoph
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 07/05/2008 Português
Relevância na Pesquisa
58.02276%
Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is distinguished. The security system then checks the node from outside and the right security components are provided through a service oriented architecture. Due to the running in a virtual machine, the infected nodes can be halted, duplicated, and moved to other nodes for further analysis and legal aspects. This organisation is in this article analysed and a preliminary implementation showing promising results are discussed.; Comment: 4 pages

Computer Security: Competing Concepts

Nissenbaum, Helen; Friedman, Batya; Felten, Edward
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
58.291934%
This paper focuses on a tension we discovered in the philosophical part of our multidisciplinary project on values in web-browser security. Our project draws on the methods and perspectives of empirical social science, computer science, and philosophy to identify values embodied in existing web-browser security and also to prescribe changes to existing systems (in particular, Mozilla) so that values relevant to web-browser systems are better served than presently they are. The tension, which we had not seen explicitly addressed in any other work on computer security, emerged when we set out to extract from the concept of security the set values that ought to guide the shape of web-browser security. We found it impossible to construct an internally consistent set of values until we realized that two robust -- and in places competing -- conceptions of computer security were influencing our thinking. We needed to pry these apart and make a primary commitment to one. One conception of computer security invokes the ordinary meaning of security. According to it, computer security should protect people -- computer users -- against dangers, harms, and threats. Clearly this ordinary conception of security is already informing much of the work and rhetoric surrounding computer security. But another...

An Overview of Computer security

Annam, Shireesh Reddy
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 21/10/2001 Português
Relevância na Pesquisa
57.849863%
As more business activities are being automated and an increasing number of computers are being used to store vital and sensitive information the need for secure computer systems becomes more apparent. These systems can be achieved only through systematic design; they cannot be achieved through haphazard seat-of-the-pants methods.This paper introduces some known threats to the computer security, categorizes the threats, and analyses protection mechanisms and techniques for countering the threats. The threats have been classified more so as definitions and then followed by the classifications of these threats. Also mentioned are the protection mechanisms.; Comment: 11 pages,PDF, Comments about threats to the computer security and their protection mechanisms

Distributed virtual environment scalability and security

Miller, John
Fonte: University of Cambridge; Faculty of Computer Science and Technology; Computer Laboratory; Microsoft Research Cambridge Publicador: University of Cambridge; Faculty of Computer Science and Technology; Computer Laboratory; Microsoft Research Cambridge
Tipo: Thesis; doctoral; PhD
Português
Relevância na Pesquisa
67.83834%
Distributed virtual environments (DVEs) have been an active area of research and engineering for more than 20 years. The most widely deployed DVEs are network games such as Quake, Halo, and World of Warcraft (WoW), with millions of users and billions of dollars in annual revenue. Deployed DVEs remain expensive centralized implementations despite significant research outlining ways to distribute DVE workloads. This dissertation shows previous DVE research evaluations are inconsistent with deployed DVE needs. Assumptions about avatar movement and proximity - fundamental scale factors - do not match WoW?s workload, and likely the workload of other deployed DVEs. Alternate workload models are explored and preliminary conclusions presented. Using realistic workloads it is shown that a fully decentralized DVE cannot be deployed to today?s consumers, regardless of its overhead. Residential broadband speeds are improving, and this limitation will eventually disappear. When it does, appropriate security mechanisms will be a fundamental requirement for technology adoption. A trusted auditing system (?Carbon?) is presented which has good security, scalability, and resource characteristics for decentralized DVEs. When performing exhaustive auditing...