To see the other types of publications on this topic, follow the link: App Security.
Dissertations / Theses on the topic 'App Security'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'App Security.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Taylor, Vincent. "Security and privacy in app ecosystems." Thesis, University of Oxford, 2017. https://ora.ox.ac.uk/objects/uuid:01f3b0ca-b24e-4949-9efa-ec56dfba7a36.
Full textAbstract:
Smartphones are highly-capable mobile computing devices that have dramatically changed how people do business, interact with online services, and receive entertainment. Smartphone functionality is enhanced by an ecosystem of apps seemingly covering the entire gamut of functionality. While smartphone apps have undoubtedly provided immeasurable benefit to users, they also contribute their fair share of drawbacks, such as increases in security risks and the erosion of user privacy. In this thesis, I focus on the Android smartphone operating system, and pave the way for improving the security and privacy of its app ecosystem. Chapter 3 starts by doing a comprehensive study on how Android apps have evolved over a three-year period, both in terms of their dangerous permission usage and the vulnerabilities they contain. It uncovers a trend whereby apps are using increasing numbers of dangerous permissions over time and at the same time becoming increasingly vulnerable to attack by adversaries. By analysing the Google Play Store, Android's official app marketplace, Chapter 4 shows that many general-purpose apps can be replaced with functionallysimilar alternatives to the benefit of the user. This confirms that users still wield power to improve their own security and privacy. Chapter 5 combines this insight with real-world data from approximately 30,000 smartphones to understand the actual risk that the average user faces as a result of their use of apps, and takes an important first step in measuring the improvements that can be made. Users, however, are not always aware of the risks they face and thus Chapter 6 demonstrates the feasibility of a classification system that can transparently and unobtrusively identify and alert users to the presence of apps of concern on their devices. This classification system identifies apps from features in the network traffic they generate, without itself analysing the payload of their traffic, thus maintaining a high threshold of privacy. While the work presented in this thesis has uncovered undesirable trends in app evolution, and shows that a large fraction of users are exposed to non-trivial risk from the apps they use, in many cases there is suficient diversity in the offerings of general-purpose apps in the Google Play Store to empower users to mitigate the risks coming from the apps they use. This work takes us a step further in keeping users safe as they navigate and enjoy app ecosystems.
2
Chia, Pern Hui. "Information Security on the Web and App Platforms : An Economic and Socio-Behavioral Perspective." Doctoral thesis, Norges teknisk-naturvitenskapelige universitet, Centre for Quantifiable Quality of Service in Communication Systems, 2012. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-19751.
Full textAbstract:
Various security measures are ineffective having been designed without adequate usability and economic considerations. The primary objective of this thesis is to add an economic and socio-behavioral perspective to the traditional computer science research in information security. The resulting research is interdisciplinary, and the papers combine different approaches, ranging from analytic modeling to empirical measurements and user studies. Contributing to the fields of usable security and security economics, this thesis fulfills three motivations. First, it provides a realistic game theoretical model for analyzing the dynamics of attack and defense on the Web. Adapted from the classical Colonel Blotto games, our Colonel Blotto Phishing model captures the asymmetric conflict (resource, information, action) between a resource-constrained attacker and a defender. It also factors in the practical scenario where the attacker creates large numbers of phishing websites (endogenous dimensionality), while the defender reactively detects and strives to take them down promptly. Second, the thesis challenges the conventional view that users are always the weakest link or liability in security. It explores the feasibility of leveraging inputs from expert and ordinary users for improving information security. While several potential challenges are identified, we find that community inputs are more comprehensive and relevant than automated assessments. This does not imply that users should be made liable to protect themselves; it demonstrates the potentials of community efforts in complementing conventional security measures. We further analyze the contribution characteristics of serious and casual security volunteers, and suggest ways for improvement. Third, following the rise of third party applications (apps), the thesis explores the security and privacy risks and challenges with both centralized and decentralized app control models. Centralized app control can lead to the risk of central judgment and the risk of habituation, while the increasingly widespread decentralized user-consent permission model also suffers from the lack of effective risk signaling. We find the tendency of popular apps requesting more permissions than average. Compound with the absence of alternative risk signals, users will habitually click through the permission request dialogs. In addition, we find the free apps, apps with mature content, and apps with names mimicking the popular ones, request more permissions than typical. These indicate possible attempts to trick the users into compromising their privacy.
3
Nguyen, Duc Cuong [Verfasser]. "Improving Android app security and privacy with developers / Duc Cuong Nguyen." Saarbrücken : Saarländische Universitäts- und Landesbibliothek, 2020. http://d-nb.info/1241117314/34.
Full text
4
Dell'Aguzzo, Paolo. "The secret life of software applications." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2014. http://amslaurea.unibo.it/7405/.
Full textAbstract:
One of the most undervalued problems by smartphone users is the security of data on their mobile devices. Today smartphones and tablets are used to send messages and photos and especially to stay connected with social networks, forums and other platforms. These devices contain a lot of private information like passwords, phone numbers, private photos, emails, etc. and an attacker may choose to steal or destroy this information.
The main topic of this thesis is the security of the applications present on the most popular stores (App Store for iOS and Play Store for Android) and of their mechanisms for the management of security.
The analysis is focused on how the architecture of the two systems protects users from threats and highlights the real presence of malware and spyware in their respective application stores. The work described in subsequent chapters explains the study of the behavior of 50 Android applications and 50 iOS applications performed using network analysis software. Furthermore, this thesis presents some statistics about malware and spyware present on the respective stores and the permissions they require. At the end the reader will be able to understand how to recognize malicious applications and which of the two systems is more suitable for him. This is how this thesis is structured. The first chapter introduces the security mechanisms of the Android and iOS platform architectures and the security mechanisms of their respective application stores. The Second chapter explains the work done, what, why and how we have chosen the tools needed to complete our analysis. The third chapter discusses about the execution of tests, the protocol followed and the approach to assess the “level of danger” of each application that has been checked. The fourth chapter explains the results of the tests and introduces some statistics on the presence of malicious applications on Play Store and App Store. The fifth chapter is devoted to the study of the users, what they think about and how they might avoid malicious applications. The sixth chapter seeks to establish, following our methodology, what application store is safer. In the end, the seventh chapter concludes the thesis.
5
Pujari, Medha Rani. "PortableVN: A Generic Mobile Application for Security Testbeds." University of Toledo / OhioLINK, 2019. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1564680092560925.
Full text
6
Barreto, Razquin Oscar Maximiliano, Torpoco Karem Angelli Cardenas, Espinoza Cinthia Alejandra Rojas, Alvarado Sebastian Sanchez, and Quiroz Nicole Suheid Serna. "Proyecto Pulsos App." Bachelor's thesis, Universidad Peruana de Ciencias Aplicadas (UPC), 2020. http://hdl.handle.net/10757/654648.
Full textAbstract:
El presente documento de investigación contiene la implementación de un proyecto de emprendimiento orientado hacia la venta de un servicio aplicativo móvil que reduzca la cantidad de mujeres que sufren de acoso de cualquier tipo en la ciudad de Lima, Perú. Dicha investigación se realizó dentro de los NSE “A” y “B” que posean Smartphone en Lima Metropolitana. Se considera a este proyecto como una idea disruptiva debido a la escasez de competencias, falta de productos similares, aparición de nuevas tecnologías y tendencias. Así mismo, se considera importante abordar esta problemática con un producto efectivo debido a la continua aparición de incidencias, quejas y noticias que se manifiestan día a día en el país.
Para concretar este proyecto, se logró efectuar un análisis a detalle para poder validar la rentabilidad, escalabilidad y viabilidad de nuestro servicio con los siguientes temas: Validación del modelo de negocio, Desarrollo del plan de negocios, Plan de operaciones, Plan de recursos humanos, Plan de marketing, Plan de responsabilidad social empresarial, Plan financiero y presupuestos.
Por último, la aplicación de este servicio al mercado empresarial puede despertar intereses en organizaciones sin fines de lucro, organizaciones civiles, políticas y gubernamentales con la finalidad que generen un cambio en la sociedad tras la problemática existente.This research document contains the implementation of an entrepreneurial project aimed at selling a mobile application service that will reduce the number of women suffering from harassment of any kind in the city of Lima, Peru. This research was conducted within the NSE "A" and "B" that have smartphones in Metropolitan Lima. This project is considered a disruptive idea due to the shortage of skills, lack of similar products, emergence of new technologies and trends. Likewise, it is considered important to address this issue with an effective product due to the continuous appearance of incidents, complaints and news that are manifested every day in the country. In order to make this project concrete, a detailed analysis was carried out to validate the profitability, scalability and viability of our service with the following topics: Validation of the business model, Development of the business plan, Operations plan, Human resources plan, Marketing plan, Corporate social responsibility plan, Financial plan and budgets. Finally, the application of this service to the business market can arouse interest in nonprofit organizations, civil organizations, political and government in order to generate a change in society after the existing problems.
Trabajo de investigación
7
Amini, Shahriyar. "Analyzing Mobile App Privacy Using Computation and Crowdsourcing." Research Showcase @ CMU, 2014. http://repository.cmu.edu/dissertations/327.
Full textAbstract:
Mobile apps can make use of the rich data and sensors available on smartphones to offer compelling services. However, the use of sensitive resources by apps is not always justified, which has led to new kinds of privacy risks and challenges. While it is possible for app market owners and third-parties to analyze the privacy-related behaviors of apps, present approaches are difficult and tedious.
I present two iterations of the design, implementation, and evaluation of a system, Gort, which enables more efficient app analysis, by reducing the burden of instrumenting apps, making it easier to find potential privacy problems, and presenting sensitive behavior in context. Gort interacts with apps while instrumenting them to detect sensitive information transmissions. It then presents this information along with the associated app context to a crowd of users to obtain their expectations and comfort regarding the privacy implications of using the app. Gort also runs a set of heuristics on the app to flag potential privacy problems. Finally, Gort synthesizes the information obtained through its analysis and presents it in an interactive GUI, built specifically for privacy analysts.
This work offers three distinct new advances over the state of the art. First, Gort uses a set of heuristics, elicited through interviews with 12 experts, to identify potential app privacy problems. Gort heuristics present high-level privacy problems instead of the overwhelming amount of information offered through existing tools. Second, Gort automatically interacts with apps by discovering and interacting with UI elements while instrumenting app behavior. This eliminates the need for analysts to manually interact with apps or to script interactions. Third, Gort uses crowdsourcing in a novel way to determine whether app privacy leaks are legitimate and desirable and raises red flags about potentially suspicious app behavior. While existing tools can detect privacy leaks, they cannot determine whether the privacy leaks are beneficial or desirable to the user. Gort was evaluated through two separate user studies. The experiences from building Gort and the insights from the user studies guide the creation of future systems, especially systems intended for the inspection and analysis of software.
8
Barton, Daniel John Trevino. "Usable Post-Classification Visualizations for Android Collusion Detection and Inspection." Thesis, Virginia Tech, 2016. http://hdl.handle.net/10919/72286.
Full textAbstract:
Android malware collusion is a new threat model that occurs when multiple Android apps communicate in order to execute an attack. This threat model threatens all Android users' private information and system resource security. Although recent research has made advances in collusion detection and classification, security analysts still do not have robust tools which allow them to definitively identify colluding Android applications. Specifically, in order to determine whether an alert produced by a tool scanning for Android collusion is a true-positive or a false-positive, the analyst must perform manual analysis of the suspected apps, which is both time consuming and prone to human errors. In this thesis, we present a new approach to definitive Android collusion detection and confirmation by rendering inter-component communications between a set of potentially collusive Android applications. Inter-component communications (abbreviated to ICCs), are a feature of the Android framework that allows components from different applications to communicate with one another. Our approach allows Android security analysts to inspect all ICCs within a set of suspicious Android applications and subsequently identify collusive attacks which utilize ICCs. Furthermore, our approach also visualizes all potentially collusive data-flows within each component within a set of apps. This allows analysts to inspect, step-by-step, the the data-flows that are currently used by collusive attacks, or the data-flows that could be used for future collusive attacks. Our tool effectively visualizes the malicious and benign ICCs in sets of proof-of-concept and real-world colluding applications. We conducted a user study which revealed that our approach allows for accurate and efficient identification of true- and false-positive collusive ICCs while still maintaining usability.Master of Science
9
Gutierrez, Ramirez Pedro Reynaldo, Gago Jesus Martin Lopez, Cayo Alvaro Martin Peschiera, Robles Celia Elizabeth Torres, and Huby Johana Alexandra Vega. "Emprendimiento de negocio: jala a tu pata." Bachelor's thesis, Universidad Peruana de Ciencias Aplicadas (UPC), 2019. http://hdl.handle.net/10757/626550.
Full textAbstract:
Nuestro proyecto consiste es crear una aplicación que sea intermediaria entre los estudiantes actuando como clientes, que necesiten llegar a su destino a través de carros particulares de manera segura, cómoda y rápida, con conductores, los cuales serán otros estudiantes que dispongan de vehículos y vayan por rutas similares o iguales. Nuestro mercado objetivo son jóvenes universitarios de la ciudad de Lima de 18 a 24 años de un nivel socioeconómico A, B y C. Además, nuestro servicio se diferencia de la competencia, ya que tenemos como política desarrollar actividades de RSE para preservar el cuidado del medio ambiente. Asimismo, cabe resaltar que el mercado limeño es altamente atractivo por la creciente demanda en donde dice que este año y el próximo año la demanda de carros aumentará en 250 mil carros cada año. Para el desarrollo del proyecto, se han realizado análisis cualitativo y cuantitativo, utilizando herramientas como entrevistas y aplicación de encuestas, teniendo como fin determinar el comportamiento de los usuarios y medir el nivel de aceptación de nuestro proyecto. Finalmente, se explicará y se desarrollará el plan financiero y los principales KPI´s de rentabilidad de negocio, la cual permitirá demostrar la sostenibilidad, rentabilidad y escalabilidad del negocio.Our Business Entrepreneurship Assignment is about creating an app that is an intermediary between students acting as customers, who need to reach their destination through private cars safely, comfortably and quickly and students with cars playing as drivers that go by similar routes. We set as target market is young university students in the city of Lima from 18 to 24 years of socioeconomic level A, B and C. In addition, our service differs from the competition, since we have as policy to develop CSR activities to preserve the care of the environment. Also, it should be noted that the limeño market is highly attractive due to the growing demand where it says that this year and next year the demand for cars will increase by 250 thousand cars each year. For the development of the project, qualitative and quantitative analysis has been carried out, using tools such as interviews and survey application, with the purpose of determining the behavior of users and measuring the level of acceptance of our project. Finally, the financial plan and the main KPIs of business profitability will be explained and developed, which will allow demonstrating the sustainability, profitability and scalability of the business.
Trabajo de investigación
10
Wei, Fengguo. "Precise, General, and Efficient Data-flow Analysis for Security Vetting of Android Apps." Scholar Commons, 2018. https://scholarcommons.usf.edu/etd/7377.
Full textAbstract:
This dissertation presents a new approach to static analysis for security vetting of Android apps, and a general framework called Argus-SAF. Argus-SAF determines points-to information for all objects in an Android app component in a flow and context-sensitive (user-configurable) way and performs data-flow and data dependence analysis for the component. Argus-SAF also tracks inter-component communication activities. It can stitch the component-level information into the app- level information to perform intra-app or inter-app analysis. Moreover, Argus-SAF is NDK/JNI- aware and can efficiently track precise data-flow across language boundary. This dissertation shows that, (a) the aforementioned type of comprehensive app analysis is utterly feasible in terms of computing resources with modern hardware, (b) one can easily leverage the results from this general analysis to build various types of specialized security analyses – in many cases the amount of additional coding needed is around 100 lines of code, and (c) the result of those specialized analyses leveraging Argus-SAF is at least on par and often exceeds prior works designed for the specific problems, which this dissertation demonstrate by comparing Argus-SAF’s results with those of prior works whenever the tool can be obtained. Since Argus-SAF’s analysis directly handles intercomponent and inter-language control and data flows, it can be used to address security problems that result from interactions among multiple components from either the same or different apps and among java code and native code. Argus-SAF’s analysis is sound in that it can assure the absence of the specified security problems in an app with well-specified and reasonable assumptions on Android runtime system and its library.
11
Kulkarni, Keyur. "Android Malware Detection through Permission and App Component Analysis using Machine Learning Algorithms." University of Toledo / OhioLINK, 2018. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1525454213460236.
Full text
12
Solimeo, Alfonso. "Framework per l'analisi dinamica di vulnerabilità e penetration testing di App iOS." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2017. http://amslaurea.unibo.it/14827/.
Full textAbstract:
La sicurezza dell'informazione è ormai attore principale nell'era digitale in cui viviamo. Le tecnologie mobili (e.g. smartphone, tablet, etc) sono pervasive nella vita di tutti i giorni, manipolando ogni sorta di dati: da semplici foto, a delicati dati come quelli bancari.
Le Mobile App, gli applicativi software che animano i device mobili, sono i principali vettori di questi dati: la sicurezza attorno ad esse è fondamentale.
iOS è tra i principali sistemi operativi mobili, ma nonostante ciò non può contare su molti strumenti di analisi ai fini della sicurezza: questo a causa sia dell'erronea idea di immunità del sistema, sia a causa di sfide tecniche in cui si può incorrere, come il jailbreak, la procedura per acquisire i diritti di amministratore nel sistema operativo. Questa procedura diviene giorno dopo giorno più difficile e la maggioranza dei tool di analisi esistenti si basano su di essa.
Il lavoro di tesi presenta lo sviluppo di MAD-IOS, un framework per l'analisi dinamica di vulnerabilità e penetration testing, il quale, pur sfruttando strumenti tipici di ambienti jailbroken, esegue su dispositivi iOS puri, liberandosi in questo modo dalla dipendenza dal jailbreak.
13
Bjurling, Patrik. "Design and Implementation of a Secure In-app Credit Card Payment System." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-112745.
Full textAbstract:
Smartphones are often used in order to make purchases today and mobile payments are estimated to continue growing in numbers the following years. This makes mobile payment systems attractive to companies as a new business platform. It also increases the number of malicious users trying to exploit the systems for financial gain. This thesis is conducted for the company TaxiCaller which desires to integrate mobile payments into their existing service. It discusses the current security standards for mobile payments and evaluates existing mobile payment solutions. The focus of the evaluation is on the security of the solutions and vulnerabilities, as well as mitigations of identified vulnerabilities, are discussed. Based on the evaluation, a mobile payment solution is designed and implemented. This system fully integrates with TaxiCaller’s existing system. A threat analysis of the implemented mobile payment solution is performed to provide confidence in the security. This thesis also provides an insight into the ecosystem of mobile payments including the stakeholders, the regulations, the security standards and difficulties during implementations.
14
MUTTI, Simone. "Policy and Security Conguration Management in Distributed Systems." Doctoral thesis, Università degli studi di Bergamo, 2015. http://hdl.handle.net/10446/49849.
Full textAbstract:
The evolution of information system sees a continuously increasing need of flexible and sophisticated approaches for the management of security requirements. On one hand, systems are increasingly more integrated (e.g., Bring Your Own Device) and present interfaces for the invocation of services accessible through network connections. On the other hand, system administrators have the responsibility to guarantee that this integration and the consequent exposure of internal resources does not introduce vulnerabilities. The need to prove that the system correctly manages the security requirements is not only motivated by the increased exposure, but also by the need to show compliance with respect to the many regulations promulgated by governments and commercial bodies.
In modern information systems a particular area of security requirement is access control management, with security policies that describe how resources and services should be protected. These policies offer a classification of the actions on the system that distinguishes them into authorized and forbidden, depending on a variety of parameters. Given the critical role of security and their large size and complexity, concerns arise about the correctness of the policy. It is not possible anymore to rely on the security designer to have a guarantee that the policy correctly represents how the system should protect the access to resources.
The research documented in this thesis investigates new approaches for the development of a collection of both methodologies and tools, which are flexible enough to help the system administrators, or generally users, in the correct management of security requirements. Due to the complexity of this topic, the research was focused on (i) enterprise and (ii) mobile scenario.
15
Lu, Can. "Revisiting the Evolution of Android Permissions." University of Cincinnati / OhioLINK, 2018. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1535377084768501.
Full text
16
Valera, Gómez Gloria Cecilia. "APP de entrenamiento en realidad aumentada para Prevención de Riesgos Laborales." Master's thesis, Universidad Peruana de Ciencias Aplicadas (UPC), 2020. http://hdl.handle.net/10757/654484.
Full textAbstract:
El presente trabajo consiste en un plan de negocios para la comercialización de un aplicativo móvil de entrenamiento en realidad aumentada para Prevención de Riesgos a través de los Smartphones y iPhone en la ciudad de Lima. La validación de la propuesta se obtuvo en base a entrevistas a líderes de opinión y encuestas a los colaboradores que oscilan entre los 18 y 60 años, además, se realizó el análisis de la segmentación del mercado donde se logró determinar cuántas empresas se pueden beneficiar con el APP.
Por consiguiente, se realizó la segmentación y la delimitación del mercado objetivo. Por ello, se determinó que el mercado objetivo es el sector industrial con el segmento empresarial Gran y Mediana empresa que representa el 0.99% del total de empresas de Lima Metropolitana. Se ha decidido captar al 2.33% del total de empresas industriales identificadas.
Con relación a las estrategias de marketing, cabe señalar que el canal de distribución será directo, a través de vendedores propios y también por canales digitales. Con esta propuesta, se espera que el APP de entrenamiento en realidad aumentada para Prevención de Riesgos en un mediano plazo se convierta en líder del mercado de capacitaciones en RA con alto manejo de flexibilidad en el tiempo y eficiencia.
Para el inicio del proyecto se requiere una inversión inicial de S/.63,936.00, con préstamo bancario de 70% y un aporte de capital de 30%. Se estima obtener un VAN de s/. 750, 111 con valor de TIR de 50%.This paper is a business plan for the marketing of a mobile application for augmented reality training in risk prevention through smartphones in the city of Lima. The proposal was validated by interviews to opinion leaders and surveys to people aged 18 to 60 years. In addition, a market segmentation analysis was performed to determine how many companies could benefit from the app. Through market segmentation and definition, it was determined that the target market is large and medium-sized enterprises of the industrial sector, which represent 0.99% of the total number in Lima Metropolitan Area. It was decided to target 2.33% of the enterprises identified. As regards marketing strategies, the distribution channel will be direct, through sellers and digital channels. With this proposal, the app for augmented reality training in risk prevention is expected to become a market leader in AR training in the medium term, offering high time flexibility and efficiency. To execute the Project, an initial investment of PEN 63,936.00 is required, which will be obtained through bank loan (70%) and capital contribution (30%). It is estimated to achieve a NPV of PEN 750,111 with an IRR of 50%.
Trabajo de investigación
17
Forsman, Robin, and Michal Sisak. "Challenges in software development of mobile apps in e-health." Thesis, Malmö universitet, Fakulteten för teknik och samhälle (TS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20487.
Full textAbstract:
Throughout the development process within organizations, various complications can appear that can reduce the quality of a software or contribute to immense costs to organizations. This is especially true for organizations that operate in fields such as the health industry where stern rules and requirements are often a fact. This paper explores challenges that can arise during the development process of health applications as well as what effects these can have on the applications and organizations. The paper then examines how these difficulties can be prevented or mitigated. The intention is that this thesis should help organizations and developers to be able to go through a development process effectively without being overwhelmed by difficulties that can arise during the development process of health applications.
18
Bocanegra, Farfán Silvia Lorena, Fernandez Amy Herrera, Muga Mariela Platas, and de León Rodriguez Tamara Nicole Ponce. "Venta de medidor digital de GLP y aplicación móvil." Bachelor's thesis, Universidad Peruana de Ciencias Aplicadas (UPC), 2020. http://hdl.handle.net/10757/652922.
Full textAbstract:
Los cambios que ha traído consigo la tecnología han ocasionado que muchos negocios sean más exigentes en el control de sus procesos y que busquen contantemente reducir sus costos a través de esta. Por ello la innovación es un punto importante en estos cambios que llamamos transformación digital – entendida como la capacidad digital en los procesos, productos y activos para mejorar la eficiencia- permitiendo que las empresas busquen nuevas maneras de hacer las cosas.
Todos esos indicadores fueron un punto clave para identificar una oportunidad de negocio y ubicar nuestro nicho de mercado. Los negocios como restaurantes, hoteles y servicios en general, que su producción depende del gas GLP, no cuentan con una herramienta para medir su consumo ni saber cuándo deben volver a solicitar nuevamente gas.
El presente negocio consiste en comercializar medidores digitales de gas GLP que sean compatibles con tanques estacionarios de hasta 1,320 GLN el cual trabaja junto con una aplicación móvil, ambos te permiten saber en tiempo real cuál es tu consumo actual, el consumo mensual promedio y cuando debes solicitar nuevamente gas. Por lo que podemos concluir que este emprendimiento satisface las necesidades de nuestro mercado objetivo.Changes brought by new technology have made many businesses worry more about keeping control of their processes and constantly search for new ways to reduce cost through it. That is why innovation is an important point in these changes we call digital transformation – understood as the digital capacity of processes, products and assets to improve efficiency –allowing companies to find new ways to achieve their objectives. All the facts mentioned before, were the key point to identify a business opportunity and the right market niche to develop it. Businesses like restaurants, hotels and other service providers, with a need of GLP gas to operate, don’t have a precise way to measure their consumption nor know when they need to call for a refill to avoid unwanted pauses on their operations. The presented business plan proposes the marketing of digital GLP gas meter compatible with stationary tanks under 1,320 GLN capacity. This meter will work along with a custom designed mobile app, letting the business owner know in real time the tank occupancy level, as well as the present consumption, monthly average and estimated date to place a new purchase order for a refill. Considering this, we can conclude the present proposal covers and exceeds the needs and expectations of the target market.
Trabajo de investigación
19
Dahlberg, Daniel, Tim Irmel, and Jacob Forsström. "Android-användaren och appbehörigheter : Attityder och beteenden kopplat till säkerhet på mobilen." Thesis, Umeå universitet, Institutionen för informatik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:umu:diva-148004.
Full textAbstract:
The Android OS is ever growing on the global market, reaching more and more people. This have led to the distribution of millions of applications, that the Android user can interact with. However, the usage of Android apps is not risk free and there are various methods deployed by Google Play to protect the privacy of the Android owner. One of these protective measures are permissions. However, as permissions are controlled by the user, there is a need of comprehending the user behaviour and attitude to the permissions. Lack of understanding the importance, and of the permission itself, could present a real danger of privacy trespassing to the user. In this paper we evaluate the rate of attitude and behaviour by questionnaire and empirical quality-driven interviews. We compare and scrutinize our data with older studies. We identify factors contributing the failure to comply with permission warnings. Also, we find that there are connections between factors such as gender and age, for how the user behaviour and attitude conclude with permissions. In the end we present an exhaustive analysis and discussion to our results, ending with a conclusion that there are differences to be found from older studies and that there are connections in gender and age with how the user acts by permissions.
20
Bengtsson, Filip, and Matteo Madrusan. "Near Field Communication Security concerns & applicable security in Android." Thesis, Högskolan Kristianstad, Fakulteten för naturvetenskap, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:hkr:diva-20996.
Full textAbstract:
Near Field Communication (NFC) is being used more frequent in smart devices, this raises security concerns whether the users information is secure from attackers. The thesis examines the threats that NFC on Android smartphones are exposed to, its countermeasures, as well as existing protocols that ensures the integrity and confidentiality of the users data. The results were achieved by a literature study, a questionnaire sent to companies that create products related to the subject as well as an experiment that was divided into two parts. The first part examined what information can be extracted from a debit card stored on an Android smartphone. The second part included a relay attack in which a purchase would be made with a victim’s debit card by using Android smartphones. The results shows that it is difficult to conduct any attack on the smart devices because of the limited range of NFC as well as the protocols available for making purchases with debit cards stored on smart devices disallows unauthorized applications and hardware to attack cards stored in smart devices.
21
Ozment, James Andrew. "Vulnerability discovery & software security." Thesis, University of Cambridge, 2007. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.613340.
Full text
22
Viklund, Åsa. "National Security, Gendered Insecurity : Feminist Perspectives on Militarism, Masculinities & Security." Thesis, Teologiska högskolan Stockholm, Avdelningen för mänskliga rättigheter, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:ths:diva-219.
Full textAbstract:
I denna uppsats granskas militariserad säkerhet i relation till kvinnors osäkerhet. Uppsatsen genomsyras av ett genusperspektiv och berör skadliga sociala normer såsom våldsuttryck knutna till maskulinitetsideal, nationens betydelse, maskuliniseringen av den säkerhetspolitiska arenan och hur den Amerikanska armén använde sig av feminisering som förhörsmetod i det skandalomsusade Irakiska fängelset Abu Ghraib. Uppsatsen finner att militariserad säkerhet utgör ett hot mot kvinnors säkerhet i och med den könsmaktsordning som upprätthålls och förstärks i samband med konflikt och militär närvaro och som resulterar i specifikt våld riktat mot kvinnor och feminiserade grupper.
23
Gures, Gulsah. "Security Dimesion Of Turkey'." Master's thesis, METU, 2011. http://etd.lib.metu.edu.tr/upload/12613026/index.pdf.
Full textAbstract:
This thesis aims to examine the security dimension of Turkey&rsquos relations with Russia during the period between 2000 and 2010. In this context, political, military and energy aspects of the security relations between Turkey and Russia are examined in detail. Contrary to the views that conceive the recent rapprochement in Turkish-Russian relations as &lsquo
strategic partnership&rsquo
or a form of cooperation that has the potential of reaching the level of strategic partnership, the thesis argues that these countries have developed their bilateral relations in the form of pragmatic cooperation due to the existing limits to the deeper levels of cooperation in the security field. It seems that the euphoria of rapprochement between two countries is resulted from the diminution of mutual threat levels as well as the proliferation of common interest areas. Nevertheless, despite these developments, both Turkey and Russia continue to consider their relations as a form of pragmatic cooperation rather than strategic partnership.
24
Araya, Cristian, and Manjinder Singh. "Web API protocol and security analysis." Thesis, KTH, Data- och elektroteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-208934.
Full textAbstract:
There is problem that every company has its own customer portal. This problem can be solved by creating a platform that gathers all customers’ portals in one place. For such platform, it is required a web API protocol that is fast, secure and has capacity for many users. Consequently, a survey of various web API protocols has been made by testing their performance and security. The task was to find out which web API protocol offered high security as well as high performance in terms of response time both at low and high load. This included an investigation of previous work to find out if certain protocols could be ruled out. During the work, the platform’s backend was also developed, which needed to implement chosen web API protocols that would later be tested. The performed tests measured the APIs’ connection time and their response time with and without load. The results were analyzed and showed that the protocols had both pros and cons. Finally, a protocol was chosen that was suitable for the platform because it offered high security and fast connection. In addition, the server was not affected negatively by the number of connections. Reactive REST was the web API protocol chosen for this platform.Det finns ett problem i dagens samhälle gällande att varje företag har sin egen kundportal. Detta problem kan lösas genom att skapa en plattform som samlar alla kundportaler på samma plats. För en sådan plattform krävs det ett web API protokoll som är snabb, säker och har kapacitet för många användare. Därför har en undersökning om olika web API protokolls prestanda samt säkerhetstester gjorts. Arbetet gick ut på att ta reda på vilket web API protokoll som erbjuder hög säkerhet och hög prestanda i form av svarstid både vid låg och hög belastning. Det ingick också i arbetet att göra en undersökning av tidigare arbeten för att ta reda på om eventuella protokoll kunde uteslutas. Under arbetet utvecklades också plattformens backend som implementerade de olika web API protokollen för att sedan kunna utföra tester på dessa. Testerna som utfördes var svarstid både med och utan belastning, uppkopplingstid samt belastning. Resultaten analyserades och visade att protokollen hade både för- och nackdelar. Avslutningsvis valdes ett protokoll som var lämpad för plattformen eftersom den hade hög säkerhet samt snabbast uppkopplingstid. Dessutom påverkades inte servern negativt av antalet uppkopplingar. Reactive REST valdes som web API protokoll för denna plattform.
25
Cook, Rowan M. Banking & Finance Australian School of Business UNSW. "Security market design & execution cost." Awarded by:University of New South Wales. School of Banking and Finance, 2007. http://handle.unsw.edu.au/1959.4/31457.
Full textAbstract:
We employ the Reuters database to compare execution costs for 2,330 matched-pair securities across the top 7 equity markets in the Dow Jones STOXX Global 1800 Index. This sample encompasses a wide variety of thirteen market design features. In addition, we investigate execution costs well beyond the most heavily traded stocks to include equities in the sixth through tenth deciles of traded value. Our findings indicate that full transparency of the limit order book to investors and a composite of unique NYSE features (but not the presence of the crowd) unequivocally reduce effective spreads. In contrast, a fully transparent limit order book revealed to brokers, the presence of a market maker, or the mixture of execution systems present on the LSE sharply increase effective spreads in both thickly and thinly-traded stocks. The effect of a physical trading floor is statistically significant but relatively small; it increases effective spreads slightly for thickly-traded firms, and reduces them for thinly-traded stocks. The findings for price impact are the same with three exceptions. First, the presence of a trading floor increases costs, dramatically so for thinlytraded stocks. Second, a fully transparent limit order book for brokers raises price impact for thickly traded stocks, but lowers price impacts for thinly traded firms. Third, in thinly-traded stocks, London???s hybrid market decreases price impact, and in thickly-traded stocks, crowd trading on the NYSE and full transparency to investors decrease price impact. Finally, the results for realised spread are essentially the same as those for effective spread, with the exception that the effect of the presence of a trading floor is to reduce realised spreads. Overall, the London Stock Exchange is the highest execution cost market, and the NYSE is the lowest. This research includes a market-specific study of the effect on execution cost of the Liquidity Provider of Euronext Paris. Euronext Paris affords a natural experimental research design because a third of firms have Liquidity Providers and two thirds do not. Results indicate quoted spreads, effective spreads and realized spreads are significantly affected by the presence of a Liquidity Provider, but price impacts are not. On the one hand, this suggests that the thickly-traded stocks where the Liquidity Providers are prohibited have sufficient liquidity in their absence. On the other hand however, liquidity providers on Euronext Paris reduce effective and realised spreads in essentially all stocks. This finding suggests that the limit order book refreshes much more quickly after developing an imbalance of large size orders when Liquidity Providers can facilitate other liquidity suppliers in assessing picking off risk. The Liquidity Provider increases quoted spreads for thickly-traded firms from the first three traded value deciles while reducing quoted spreads for the lower deciles.
26
Malik, Mohinder Singh. "Human rights & the security forces /." Delhi : Bright Law House, 2004. http://www.gbv.de/dms/spk/sbb/recht/toc/477282911.pdf.
Full text
27
Newswander, Chad B. "Presidential Security: Bodies, Bubbles, & Bunkers." Diss., Virginia Tech, 2009. http://hdl.handle.net/10919/77042.
Full textAbstract:
The purpose of this research is to show how the idea of presidential security is a construct that has taken on several different meanings and rationalities in the American context due to shifting power relations, new practices of presidential security, and the constant re-formulation of the friend/enemy distinction. The United States Service has had to continually think and re-think the concept of presidential security in order to provide suitable protection for the President of the United States. In creating these spaces of protection, the practices of the Secret Service have slowly contributed to re-constituting the sovereign to fit the agency's particular logics and rationalities. The capturing of the Chief Executive Officer does not only rest on disciplinary techniques that restrict, but are also founded on the truth production of the Secret Service: presidents begin to accept and internalize the modus operandi of the Secret Service. They begin to self-monitor their own desires and actions related to security concerns. The walls of protection are coupled with a conscious capitulation to accept the barriers of protection. The cage is no longer only imposed from without, but also emerges internally.
By problematizing how this evolving security bubble encapsulates the president, this dissertation is able to examine how the Secret Service begins to reshape and reformulate key democratic governance values by protecting the public and private body of the president through a disciplinary apparatus that seeks to control and contain as well as display and deliberate. Democratic norms that privilege openness have to be challenged, if not curtailed, to adequately protect the Chief Executive Officer. Everyone and everything is a risk that must be inspected, catalogued, and watched, even the president cannot be trusted with his own safety.
With its mission to protect, the Secret Service has constructed an organizational operation to ostracize the other, permanently put the president behind protective procedures, and present a pleasing public persona fitting to the status of the POTUS. These overt actions have allowed an administrative agency to redefine key democratic governance values. The agency has been able to delineate who is a suspicious other, justify the placement of barricades that separate the president from the people, instill a preventive/security ethos in the Office of the President, and display the president as the apex of a constitutional order. Because of its successes and failures, presidential protection has become normal, acceptable, legitimate, and absolutely necessary, which has provided the Service the ability to give shape to a particular rationality concerning what the president can and cannot do. This constitutive role of a public agency has had a dramatic impact on how the people come to experience and interact with the POTUS.
The development of the Secret Service and its protective procedures, however, has been sporadic and tenuous. For the past 100 years, this emerging rationality was produced by a multitude of sources that have helped construct the idea and practice of presidential security. The subjects of insecurity and security mutually created the idea of POTUS endangerment and safety. Enemies of the state have helped mold state action while friends of the president have sought to project an image of presidential grandeur. In this context, the Service has had to secure territorial spaces in order to conceal and confuse threats while simultaneously having to display and disclose the presidential body to the public. The capacity to control threats and to coordinate the presidential spectacle has enabled the Service to direct the body and mind of the POTUS. With this disciplinary apparatus in place, the Secret Service is able to construct bubbles and bunkers that are designed to protect and trap the president's two bodies.Ph. D.
28
Punjabi, V. (Vikesh). "Security risks:threats & rewards in social media." Master's thesis, University of Oulu, 2015. http://urn.fi/URN:NBN:fi:oulu-201502111069.
Full textAbstract:
In the last decade, without any doubt, social media i.e. social network platforms that are mainly created in order to interact with each other such as Facebook, Twitter, LinkedIn, Google +, Tumblr, Instagram, Flickr, Myspace, Blogs, YouTube, or any user generated content websites gained huge access in public daily life including individuals and organizations. These social network platforms, especially Facebook, Twitter, YouTube, were grown in such fast pace manner that even the big companies including Microsoft, Google, etc. has changed their strategies, and adapted social network platforms very well. That was the time when people, and small organizations who did not have platform for user generated content, had to pay fee to upload their content over Internet. Most of small companies were using privately purchased platform to distribute and share their content; whereas, individuals were limited to post their contents; Emails & IMs were used frequently to share their text, pictures, videos, etc.
By the year 2004, freely/ free social network platforms became so common/easy to use and were hugely successful. Platforms were able to provide users to share content quite easily. Small businesses started using social network to promote their business. Veterans were easily connected with their users & followers to provide help & information they are looking for. Upon such rapid growth of these social media platforms; benefits, rewards & opportunities are uncountable, however, it also came with risks and security issues.
This research is limited, however it provides valuable information presented in scientific articles in digital libraries. There was total of 214 articles found related to research topic. By refining results, number of articles were reduced to 30 which were selected for actual research using SLR steps.
The results were summarized in tabular format and answers the research question in discussion chapter which can be helpful to existing social network platforms, their operators and users.
29
Johan, Boström. "Compliance & Standards - The Journey To Security." Thesis, Uppsala universitet, Institutionen för informationsteknologi, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-446601.
Full textAbstract:
We are in the age of Information Technology (IT) and amazinginnovations are developed. Management systems are now completelydigitalized and it has enabled people to continue working remotely inthe midst of a pandemic. With great innovations there are those thatseek to misuse or destroy systems for personal gain. Therefore IT &Information security is paramount both for organisation and products.To offer both an international approach for common security practicesand provide best results for IT & Information security there existsstandards and frameworks. In this thesis, the standard frameworksgeneral impact and value from both an organisational and a vendorsperspective is evaluated and assessed. To answer the research questionsof this thesis, standards and supporting theory were analysed andinterviewees with security professionals were held. Standards provideorganisational goals for developing a well-functioning and resilientsecurity. Standards also provide a common baseline between customerand vendors, minimising the need for tailoring in products’ securityrequirements. Furthermore, a certification for standards can increasethe confidence of the organisation or product, and generate a businessvalue. Whilst there are many benefits, the standards offer a structure onhow security can be built, but an organisation needs to understand anddevelop a security adapted to their organisation. In addition to setting upa security framework and implementing controls, organisation need tocreate security assurance processes to continuously review and evaluatemeasures to ascertain security posture.
30
Kronschnabl, Stefan. "IT-Security Governance /." Regensburg : Univ.-Verl, 2008. http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&doc_number=017045454&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA.
Full text
31
Yetter, Richard B. "Darknets, cybercrime & the onion router| Anonymity & security in cyberspace." Thesis, Utica College, 2015. http://pqdtopen.proquest.com/#viewpdf?dispub=1586579.
Full textAbstract:
Anonymizing Internet technologies present unique challenges to law enforcement and intelligence organizations. Tor is an anonymity technology that has received extensive media coverage after a virtual black market hidden by its network was seized by the FBI in 2013. Anonymizing technologies have legitimate purposes, and as states increasingly employ sophisticated Internet censorship and surveillance techniques, they are becoming increasingly relevant. This study examines the creation of the modern Internet, explores the drastic changes that have taken place, and takes an in-depth look at intended and unintended uses of anonymizing technologies.
32
Fries, Steven M. "The underwriting of security issues." Thesis, University of Oxford, 1988. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.303557.
Full text
33
Amornraksa, Thumrongrat. "Data security for multimedia communications." Thesis, University of Surrey, 1999. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.298091.
Full text
34
Stendahl, Jonas. "Domain-Driven Security : Injection & Cross-site scripting." Thesis, KTH, Skolan för datavetenskap och kommunikation (CSC), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-189326.
Full textAbstract:
Many web applications are vulnerable to Injection and Cross-site scripting. These attacks are often focused on infrastructural parts of the application. This thesis investigates if Domain-Driven Design can unify existing technical protection mechanisms as well as provide protection for attacks aimed at the business logic of an application. The performance of data validation and transformation performed with components from Domain-Driven Design is evaluated. The evaluation is performed by exposing an E-commerce application to dangerous injection and cross-site scripting strings. The data validation was found to be accurate and flexible and context mapping aided the understanding of correct data treatment depending on where in the application it is located or travelling to.
35
Zhou, He. "High Performance Computing Architecture with Security." Diss., The University of Arizona, 2015. http://hdl.handle.net/10150/578611.
Full textAbstract:
Multi-processor embedded system is the future promise of high performance computing architecture. However, it still suffers low network efficiency and security threat. Simply upgrading to multi-core systems has been proven to provide only minor speedup compared with single core systems. Router architecture of network-on-chip (NoC) uses shared input buffers such as virtual channels and crossbar switches that only allow sequential data access. The speed and efficiency of on-chip communication is limited. In addition, the performance of conventional NoC topology is limited by routing latency and energy consumption due to its network diameter increases with the rising number of nodes. The security concern has also become a serious problem for embedded systems. Even with cryptographic algorithms, embedded systems are still very vulnerable to side channel attacks (SCAs). Among SCA approaches, power analysis is an efficient and powerful attack. Once the encryption location in an instruction sequence is identified, power analysis can be applied to exploit the embedded system. To improve on-chip network parallelism, this dissertation proposes a new router microarchitecture based on a new data structure called virtual collision array. Sequential data requests are partially eliminated in the virtual collision array before entering router pipeline. To facilitate the new router architecture, new workload assignment is applied to increase data request elimination. Through a task flow partitioning algorithm, we minimize sequential data access and then schedule tasks while minimizing the total router delay. For NoC topology, this dissertation presents a new hybrid NoC (HyNoC) architecture. We introduce an adaptive routing scheme to provide reconfigurable on-chip communication with both wired and wireless links. In addition, based on a mathematical model which established on cross-correlation, this dissertation proposes two obfuscation methodologies: Real Instruction Insertion and AES Mimic to prevent SCAs power analysis attack.
36
Folke, Fredrik. "Security for home, small & medium sized enterprises IPv6 networks : Security using simple network equipment." Thesis, KTH, Kommunikationssystem, CoS, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-98295.
Full textAbstract:
This theses project investigates and presents different threats that a network can be exposed to and the common protection techniques that can be applied, with a focus on the network perimeter – specifically the router/firewall between the local area network and the Internet. All Internet connected devices and networks are exposed to and affected by security threats to some degree, hence security is important in almost every type of network. With the constant growth of the Internet the 32-bit addressing scheme ipv4 is proving to be inadequate, and therefore the transition to the 128-bit addressing scheme ipv6 is becoming critical. With ipv6 comes new security threats (while still old threats remain) that requires an understanding of perimeter security. In this thesis we secure a home router and describe these steps to enable home and small business owners to secure their IPv6 network at a relatively low cost.Detta projekt kommer att undersöka och presentera olika hot som ett IPv6 nätverk kan utsättas för samt de vanligaste skydds mekanismer som används idag, med fokus på nätverkets skallskydd mellan det interna lokala nätet och det yttre publika Internet. I stort sätt all Internet ansluten utrustning och nätverk är exponerad och påverkad i någon grad av säkerhets brister, säkerhet är en viktig del i stort sätt alla nätverk oavsett syfte eller verksamhet. Genom ett ständigt växande Internet börjar de 32-bitar adresser tillhörande IPv4 nätet ta slut, vilket gör behovet av att immigrera till 128-bitar adresser på IPv6 nätet allt mer kritiskt. Med IPv6 kommer nya säkerhetshot, samt att även vissa äldre hot kvarstår, som kräver en förståelse av perimeter skydd. I denna rapport säkrar vi en hemma router och beskriver för varje steg tillvägagångssättet för att hem och små företagare ska få möjlighet att skydda sina IPv6 nätverk till en relativt låg kostnad.
37
Wulf, Lars. "Interaction and security in distributed computing." Thesis, University of Oxford, 1997. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.362116.
Full text
38
Shafie-Pour, A. R. "Real-time power system security assessment." Thesis, Durham University, 1989. http://etheses.dur.ac.uk/9303/.
Full textAbstract:
The increasing complexity of modern power systems has led to a greater dependence on automatic control at all levels of operation. Large scale systems of which a power system is a prime example, is an area in which a wide gap exists between theoretical mathematically based research and engineering practice. The research programme at Durham is directed towards bridging this gap by linking some of the available and new theoretical techniques with the practical requirements of on-line computer control in power systems. This thesis is concerned with the assessment of security of power systems in real-time operation. The main objective of this work was to develop a package to be incorporated in the University of Durham On line Control of Electrical Power Systems (OCEPS) suite to cater for network islanding and analyse the features and the feasibility of a real-time 'security package’ for modern energy control centres. The real-time power systems simulator developed at Durham was used to test the algorithms and numerical results obtained are presented.
39
O'Neill, Mark Thomas. "The Security Layer." BYU ScholarsArchive, 2019. https://scholarsarchive.byu.edu/etd/7761.
Full textAbstract:
Transport Layer Security (TLS) is a vital component to the security ecosystem and the most popular security protocol used on the Internet today. Despite the strengths of the protocol, numerous vulnerabilities result from its improper use in practice. Some of these vulnerabilities arise from weaknesses in authentication, from the rigidity of the trusted authority system to the complexities of client certificates. Others result from the misuse of TLS by developers, who misuse complicated TLS libraries, improperly validate server certificates, employ outdated cipher suites, or deploy other features insecurely. To make matters worse, system administrators and users are powerless to fix these issues, and lack the ability to properly control how their own machines communicate securely online.
In this dissertation we argue that the problems described are the result of an improper placement of security responsibilities. We show that by placing TLS services in the operating system, both new and existing applications can be automatically secured, developers can easily use TLS without intimate knowledge of security, and security settings can be controlled by administrators. This is demonstrated through three explorations that provide TLS features through the operating system. First, we describe and assess TrustBase, a service that repairs and strengthens certificate-based authentication for TLS connections. TrustBase uses traffic interception and a policy engine to provide administrators fine-tuned control over the trust decisions made by all applications on their systems. Second, we introduce and evaluate the Secure Socket API (SSA), which provides TLS as an operating system service through the native POSIX socket API. The SSA enables developers to use modern TLS securely, with as little as one line of code, and also allows custom tailoring of security settings by administrators. Finally, we further explore a modern approach to TLS client authentication, leveraging the operating system to provide a generic platform for strong authentication that supports easy deployment of client authentication features and protects user privacy. We conclude with a discussion of the reasons for the success of our efforts, and note avenues for future work that leverage the principles exhibited in this work, both in and beyond TLS.
40
Schnarz, Pierre [Verfasser]. "Security Patterns for AMP-based Embedded Systems / Pierre Schnarz." München : Verlag Dr. Hut, 2019. http://d-nb.info/118851640X/34.
Full text
41
Söder, Rickard. "Climate Change & (In)Security : Practical Implications of Securitization." Thesis, Uppsala universitet, Institutionen för freds- och konfliktforskning, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-385728.
Full textAbstract:
This study explores different perceptions of security and investigates if recognition of climate change as a security issue has implications for countries’ armed forces. I use a securitization framework to understand how discursive positions are created, and by making the framework more dynamic I investigate how similar security matters are represented in different ways. I argue that securitization of climate change in national contexts changes the armed forces’ strategies to bring about security and that their activities are affected by the underlying logics of the discursive arguments. To investigate the proposed relation, I conduct a comparative case study of Norway and Sweden, and find that different ideas about the security dimension of climate change have different implications for the armed forces’ practices and organization.
42
Soewito, Benfano. "Adaptive Security In Computer Networks." Available to subscribers only, 2009. http://proquest.umi.com/pqdweb?did=1879096201&sid=3&Fmt=2&clientId=1509&RQT=309&VName=PQD.
Full textAbstract:
Thesis (Ph. D.)--Southern Illinois University Carbondale, 2009."Department of Electrical and Computer Engineering." Keywords: Adaptive security, Computer networks, Intrusion detection. Includes bibliographical references (p. 78-84). Also available online.
43
Turkoglu, Burcin. "Russia'." Master's thesis, METU, 2009. http://etd.lib.metu.edu.tr/upload/2/12610615/index.pdf.
Full textAbstract:
This thesis aims to study Russian soft security policy under Vladimir Putin and examines the basic soft security threats which Russia has encountered and how it fought against these threats in the post-Soviet era. Contrary to the mainstream literature suggesting that Russia has focused exclusively on hard security issues within its national security policies due to its historical background and geo-political factors, the thesis argues that Russia started to give more importance to soft security besides hard security in its national security policies since Putin&rsquos presidency. Among soft security challenges, Russia prioritizes especially terrorism, transnational organized crime and energy security. The thesis is composed of six chapters. The introductory first chapter is followed by the second chapter examining the role of soft security in Russian national security. The following three chapters discuss Russia&rsquo
s soft security challenges of terrorism, transnational organized crime and energy security respectively whereas the sixth chapter concludes the thesis.
44
Yialelis, Nikolaos. "Domain-based security for distributed object systems." Thesis, Imperial College London, 1996. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.244056.
Full text
45
Karger, Paul Ashley. "Improving security and performance for capability systems." Thesis, University of Cambridge, 1988. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.293032.
Full text
46
Asghar, Gulfam, and Qanit Jawed Azmi. "Security Issues of SIP." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-6018.
Full textAbstract:
Voice over IP (VoIP) services based on Session Initiation Protocol (SIP) has gained much attention as compared to other protocols like H.323 or MGCP over the last decade. SIP is the most favorite signaling protocol for the current and future IP telephony services, and it‘s also becoming the real competitor for traditional telephony services. However, the open architecture of SIP results the provided services vulnerable to different types of security threats which are similar in nature to those currently existing on the Internet. For this reason, there is an obvious need to provide some kind of security mechanisms to SIP based VOIP implementations. In this research, we will discuss the security threats to SIP and will highlight the related open issues. Although there are many threats to SIP security but we will focus mainly on the session hijacking and DoS attacks. We will demonstrate these types of attacks by introducing a model/practical test environment. We will also analyze the effect and performance of some the proposed solutions that is the use of Network Address Translation (NAT), IPSec, Virtual Private Networks (VPNs) and Firewalls (IDS/IPS) with the help of a test scenario.
47
Ahmad, Nadeem, and M. Kashif Habib. "Analysis of Network Security Threats and Vulnerabilities by Development & Implementation of a Security Network Monitoring Solution." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5327.
Full textAbstract:
Communication of confidential data over the internet is becoming more frequent every day. Individuals and organizations are sending their confidential data electronically. It is also common that hackers target these networks. In current times, protecting the data, software and hardware from viruses is, now more than ever, a need and not just a concern. What you need to know about networks these days? How security is implemented to ensure a network? How is security managed? In this paper we will try to address the above questions and give an idea of where we are now standing with the security of the network.Konfidentiella uppgifter via Internet blir vanligare varje dag. Personer och organisationer skickar sina konfidentiella uppgifter elektroniskt. Det är också vanligt att hackare mot dessa nät. I dagens tider, skydd av data, programvara och hårdvara från virus är, nu mer än någonsin ett behov och inte bara en oro. Vad du behöver veta om nätverk i dessa dagar? Hur säkerheten genomförs för att säkerställa ett nätverk? Hur säkerheten hanteras? I denna skrift kommer vi att försöka ta itu med dessa frågor och ge en uppfattning om var vi nu står med säkerheten för nätet.
48
Ghorbanian, Sara, and Glenn Fryklund. "Improving DLP system security." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5453.
Full textAbstract:
Context. Data leakage prevention (DLP), a system designed to prevent leakage and loss of secret sensitive data and at the same time not affect employees workflow. The aim is to have a system covering every possible leakage point that exist. Even if these are covered, there are ways of hiding information such as obfuscating a zip archive within an image file, detecting this hidden information and preventing it from leaking is a difficult task. Companies pay a great deal for these solutions and yet, as we uncover, the information is not safe. Objectives. In this thesis we evaluate four different existing types of DLP systems out on the market today, disclosing their weaknesses and found ways of improving their security. Methods. The four DLP systems tested in this study cover agentless, agent based, hybrids and regular expression DLP tools. The test cases simulate potential leakage points via every day used file transfer applications and media such as USB, Skype, email, etc. Results. We present a hypothetical solution in order to amend these weaknesses and to improve the efficiency of DLP systems today. In addition to these evaluations and experiments, a complementing proof of concept solution has been developed that can be integrated with other DLP solutions. Conclusions. We conclude that the exisiting DLP systems are still in need of improvement, none of the tested DLP solutions fully covered the possible leakage points that could exist in the corporate world. There is a need for continued evaluation of DLP systems, aspects and leakage points not covered in this thesis as well as a follow up on our suggested solution.
49
Kravchenko, Maxim. "Evaluation of Security of ServiceWorker and Related APIs." Thesis, Linnéuniversitetet, Institutionen för datavetenskap och medieteknik (DM), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-75875.
Full textAbstract:
The Service Worker is a programmable proxy that allows the clients to keep offline parts of websites or even the whole domains, receive push notifications, have back-ground synchronization and other features. All of these features are available to the user without having to install an application - the user only visits a website. The service worker has gained popularity due to being a key component in the Progressive Web Applications (PWAs). PWAs have already proven to drastically increase the number of visits and the duration of browsing for websites such as Forbes [1], Twitter [2], and many others. The Service Worker is a powerful tool, yet it is hard for clients to understand the security implications of it. Therefore, all modern browser install the service workers without asking the client. While this offers many conveniences to the user, this powerful technology introduces new security risks. This thesis takes a closer look at the structure of the service worker and focuses on the vulnerabilities of its components. After the literature analysis and some testing using the demonstrator developed during this project, the vulnerabilities of the service worker components are classified and presented in the form of the vulnerability matrix; the mitigations to the vulnerabilities are then outlined, and the two are summarized in the form of security guidelines.
50
Akbari, Koochaksaraee Amir. "End-User Security & Privacy Behaviour on Social Media: Exploring Posture, Proficiency & Practice." Thesis, Université d'Ottawa / University of Ottawa, 2019. http://hdl.handle.net/10393/39310.
Full textAbstract:
Security and privacy practices of end-users on social media are an important area of research, as well as a top-of-mind concern for individuals as well as organizations. In recent years, we have seen a sharp increase in data breaches and cyber security threats that have targeted social media users. Hence, it is imperative that we try to better understand factors that affect an end-user’s adoption of effective security safeguards and privacy protection practices.
In this research, we propose and validate a theoretical model that posits several determinants of end-user security and privacy practices on social media. We hypothesize relationships among various cognitive, affective and behavioral factors identified under the themes of posture, proficiency, and practices. These constructs and hypotheses are validated through empirical research comprising an online survey questionnaire, and structural equation modeling (SEM) analysis.
The key findings of this study highlight the importance of cyber threat awareness and social media security and privacy self-efficacy, which have a direct impact on end-user security and privacy practices. Additionally, our research shows that use of general technology applications for security and privacy impacts the adoption of security and privacy practices on social media. In totality, our research findings indicate that proficiency is a better predictor or security and privacy practices as compared to the posture of an end-user. Factors such as privacy disposition, privacy concerns, and perceived risk of privacy violations do not have as significant or direct effect on security and privacy practices.
Based on our research findings, we provide some key take-aways in the form of theoretical contributions, suggestions for future research, as well as recommendations for organizational security awareness training programs.