To see the other types of publications on this topic, follow the link: Component Security.
Dissertations / Theses on the topic 'Component Security'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Component Security.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Hetherington, Christopher John. "Private security as an essential component of Homeland Security /." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Jun%5FHetherington.pdf.
Full textAbstract:
Thesis (M.A. in Security Studies (Homeland Security and Defense))--Naval Postgraduate School, June 2004.Thesis advisor(s): Maria Rasmussen. Includes bibliographical references (p. 57-59). Also available online.
2
Bond, Anders, and Nils Påhlsson. "A Quantitative Evaluation Framework for Component Security in Distributed Information Systems." Thesis, Linköping University, Department of Electrical Engineering, 2004. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-2410.
Full textAbstract:
The Heimdal Framework presented in this thesis is a step towards an unambiguous framework that reveals the objective strength and weaknesses of the security of components. It provides a way to combine different aspects affecting the security of components - such as category requirements, implemented security functionality and the environment in which it operates - in a modular way, making each module replaceable in the event that a more accurate module is developed.
The environment is assessed and quantified through a methodology presented as a part of the Heimdal Framework. The result of the evaluation is quantitative data, which can be presented with varying degrees of detail, reflecting the needs of the evaluator.
The framework is flexible and divides the problem space into smaller, more accomplishable subtasks with the means to focus on specific problems, aspects or system scopes. The evaluation method is focusing on technological components and is based on, but not limited to, the Security Functional Requirements (SFR) of the Common Criteria.
3
Sohrakoff, Karen A. "Immigrant integration a missing component of Homeland Security strategy and policy /." Thesis, Monterey, California : Naval Postgraduate School, 2010. http://edocs.nps.edu/npspubs/scholarly/theses/2010/Mar/10Mar%5FSohrakoff.pdf.
Full textAbstract:
Thesis (M.A. in Security Studies (Homeland Security and Defense))--Naval Postgraduate School, March 2010.Thesis Advisor(s): Rollins, John ; Wollman, Lauren. "March 2010." Description based on title screen as viewed on April 23, 2010. Author(s) subject terms: Immigration, Integration, Radicalization, Identity, International, U.S. Citizenship and Immigration Services (USCIS), Citizenship and Immigration Canada Includes bibliographical references (p. 79-89). Also available in print.
4
Ben, Said Najah. "Information Flow Security in Component-Based Models : From verification to Implementation." Thesis, Université Grenoble Alpes (ComUE), 2016. http://www.theses.fr/2016GREAM053/document.
Full textAbstract:
La sécurité des systèmes d'information sont primordiales dans la vie d'aujourd'hui, en particulier avec la croissance des systèmes informatiques complexes et fortement interconnectés. Par exemple, les systèmes bancaires ont l'obligation de garantir l'intégrité et la confidentialité de leurs comptes clients. Le vote électronique, des ventes aux enchères et le commerce doit aussi assurer leurs la confidentialité et l'intégrité.Cependant, la vérification de la sécurité et sa mise en œuvre en distribuée sont des processus lourds en général, les compétences de sécurité avancées sont nécessaires puisque les deux configuration de sécurité et l'implementation de systèmes distribué sont complexes et sujette d'erreurs. Avec les attaques de sécurité divers menés par l'environnement Internet, comment pouvons-nous être sûrs que les systèmes informatiques que nous construisons ne satisfont la propriété de sécurité prévu?La propriété de la sécurité que nous étudions dans cette thèse est la non-ingérence, qui est une propriété globale qui permet de suivre les informations sensibles dans l'ensemble du système et de garantir la confidentialité et l'intégrité. La non-ingérence est exprimée par l'exigence selon laquelle aucune information sur des données secrètes est une fuite à travers l'observation de la variation des données publiques. Cette définition est plus subtile qu'une spécification de base de l'accès légitime pour les informations sensibles, ce qui permet d'exploiter et de détecter les dysfonctionnements et malveillants programmes intrusions pour les données sensibles (par exemple, un cheval de Troie qui envoie des données confidentielles aux utilisateurs non fiables). Cependant, comme une propriété globale, la non-interférence est difficile à vérifier et à mettre en œuvre.À cette fin, nous proposons un flux de conception basée sur un modèle qui assure la propriété non-interference dans un logiciel d'application de son modèle de haut niveau conduisant à la mise en œuvre sécurisée décentralisée. Nous présentons la plateforme secureBIP, qui est une extension pour le modèle à base de composants avec des interactions multi-partie pour la sécurité. La non-interference est garantie à l'aide de deux manières pratiques: (1) nous annotons les variables et les ports du modèle, puis selon un ensemble défini de contraintes syntaxiques suffisantes, nous vérifions la satisfaction de la propriété, (2), nous annotons partiellement le modèle, puis en extrayant ses graphes de dépendances de composition nous appliquons un algorithme de synthèse qui calcule la configuration sécurisée moins restrictive du modèle si elle existe.Une fois que la sécurité des flux d'information est établie et la non-interference est établie sur un modèle de haut niveau du système, nous suivons une méthode automatisée pratique pour construire une application distribuée sécurisée. Un ensemble de transformations sont appliquées sur le modèle abstrait de transformer progressivement en bas niveau des modèles distribués et enfin à la mise en œuvre distribuée, tout en préservant la sécurité des flux d'information. La transformations du modèles remplacent coordination de haut niveau en utilisant des interactions multi-partites par des protocoles en utilisant des envoies et reception de messages asynchrone. La distribution est donc prouvé "sécuriser par construction" qui est, le code final est conforme à la politique de sécurité souhaitée. Pour montrer la facilité d'utilisation de notre méthode, nous appliquons et d'expérimenter sur des études et des exemples de cas réels de domaines d'application distinctsThe security of information systems are paramount in today’s life, especially with the growth of complex and highly interconnected computer systems. For instance, bank systems have the obligation to guarantee the integrity and confidentiality of their costumers accounts. The electronic voting, auctions and commerce also needs confidentiality and integrity preservation.However, security verification and its distributed implementation are heavy processes in general, advanced security skills are required since both security configuration and coding distributed systems are complex and error-prone. With the diverse security attacks leaded by the Internet advent, how can we be sure that computer systems that we are building do satisfy the intended security property?The security property that we investigate in this thesis is the noninterference, which is a global property that tracks sensitive information in the entire system and ensures confidentiality and integrity. Non-interference is expressed by the requirement that no information about secret data is leaked through the observation of public data variation. Such definition is more subtle than a basic specification of legitimate access for sensitive information, allowing to exploit and detect malfunctioning and malicious programs intrusions for sensitive data (e.g, Trojan horse that sends confidential data to untrusted users). However as a global property, the noninterference is hard to verify and implement.To this end, we propose a model-based design flow that ensures the noninterference property in an application software from its high-level model leading to decentralized secure implementation. We present the secureBIP framework that is an extension for the component-based model with multyparty interactions for security. Non-interference is guaranteed using two practical manners: (1) we annotate the entire variables and ports of the model and then according to a defined set of sufficient syntactic constraints we check the satisfaction of the property, (2) we partially annotate the model way and then by extracting its compositional dependency graphswe apply a synthesis algorithm that computes the less restrictive secure configuration of the model if it exists.Once the information flow security is established and non-interference is established on an high-level model of the system, we follow a practical automated method to build a secure distributed implementation. A set of transformations are applied on the abstract model to progressively transform it into low-level distributed models and finally to distributed implementation, while preserving information flow security. Model transformations replace high-level coordination using multiparty interactions by protocols using asynchronous Send/Receive message-passing. The distributedimplementation is therefore proven ”secure-by-construction” that is, the final code conforms to the desired security policy. To show the usability of our method, we apply and experiment it on real case studies and examples from distinct application domains
5
Tran, Tam M. Allen James O. "Interoperability and security support for heterogeneous Cots/Gots/legacy component-based architecture." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2000. http://handle.dtic.mil/100.2/ADA383767.
Full textAbstract:
Thesis (M.S. in Software Engineering) Naval Postgraduate School, Sept. 2000.Thesis advisor(s): LuQi; Shing, Mantak. "September 2000." Includes bibliographical references (p. 63-65). Also available in print.
6
Sousa, Goncalo. "A legal reasoning component of a network security command and control system." Thesis, Monterey, California. Naval Postgraduate School, 2010. http://hdl.handle.net/10945/5457.
Full textAbstract:
Approved for public release; distribution is unlimitedThere are numerous computer-aided tools to enable Computer Network Defense. However, their effectiveness in countering attacks is less than optimal when they are used independently of one another. Research has identified the requirements for an integrated command and control (C2) system that is able to conduct full-spectrum operations in the cyberspace environment. The most notable of that research revolves around the development and experimentation with the prototype system known as Cyber Command, Control and Information Operations System (C3IOS). C3IOS provides for a loose confederation of the cooperating systems with interaction between systems going through C2 interfaces. In this thesis, the authors introduce into C3IOS a means to support the commander's ability to take measured responses to coercive actions in a timely manner, specifically to facilitate the interaction between experts in the law of information conflict and information warriors responding to a cyber attack. The authors' research results in a set of use cases and requirements for the C2 understanding, planning, and deciding activities involved in such a capability, using Schmitt's analysis as an example.
7
Tran, Tam M., and James O. Allen. "Interoperability and security support for heterogeneous Cots/Gots/legacy component-based architecture." Thesis, Monterey, California. Naval Postgraduate School, 2000. http://hdl.handle.net/10945/9419.
Full textAbstract:
There is a need for Commercial-off-the-shelf (COTS), Government-off- the-shelf (GOTS) and legacy components to interoperate in a secure distributed computing environment in order to facilitate the development of evolving applications. This thesis researches existing open standards solutions to the distributed component integration problem and proposes an application framework that supports application wrappers and a uniform security policy external to the components. This application framework adopts an Object Request Broker (ORB) standard based on Microsoft Distributed Component Object Model (DCOM). Application wrapper architectures are used to make components conform to the ORB standard. The application framework is shown to operate in a common network architecture. A portion of the Naval Integrated Tactical Environmental System I (NITES I) is used as a case study to demonstrate the utility of this distributed component integration methodology (DCIM).
8
Dementis, Georgios Sousa Goncalo. "A legal reasoning component of a network security command and control system." Monterey, California : Naval Postgraduate School, 2010. http://edocs.nps.edu/npspubs/scholarly/theses/2010/Mar/10Mar%5FDementis.pdf.
Full textAbstract:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, March 2010.Thesis Advisor(s): Michael, James B. Second Reader: Wingfield, Thomas C. ; Sarkesain, John F. "March 2010." Description based on title screen as viewed on April 26, 2010. Author(s) subject terms: Cyberspace, Cyberspace Defense, Network Defense, Distributed Systems, Command and Control, Battle Management, Information Assurance, Situational Awareness. Includes bibliographical references (p. 73-77). Also available in print.
9
Kukuruzovic, Naida. "Security Management : Fulfillment of the Government Requirements for a component assurance process." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-189983.
Full textAbstract:
Protecting organization’s assets from various security threats is a necessity for every organization. Efficient security management is vital to effectively protect the organization’s assets. However, the process of implementing efficient security management is complex and needs to address many requirements. The problem that this master’s thesis project addressed was to propose a component assurance process for the Swedish Armed Forces. This process has to be followed in order for a solution or product to be approved at a specific component assurance level. This problem was solved by first performing market research regarding security management. Various security management approaches were examined and the top security management solutions were selected. These solutions were then compared with the assurance requirements stated in Swedish Armed Forces’ KSF v3.1 (Swedish: “Krav på IT-säkerhetsförmågor hos IT-system”, English: Requirements for IT security capabilities of IT systems). This documentation lists the requirements for information technology (IT) security capabilities of IT systems. The solution that satisfied the most of these requirements was selected and modified in order to satisfy the full set of requirements. Finally, a component assurance process is proposed. This process may be used to decide which solutions or products can be used, along with the manner in which each solution or product should be used. The impact of having a component assurance process is that all the solutions and products are approved to a specific component assurance level exclusively based on this process. The ability to include such requirements in the acquisition of any product or service provides the Swedish Armed Forces with assurance that all products or services are approved to specific assurance levels in the same manner and hence provides the Swedish society with assurance that procedures within the Swedish Armed Forces are documented and protect the interests of the country and its citizens.För varje organisation är det nödvändigt att skydda information från olika säkerhetshot. Att ha en effektiv säkerhetshantering är avgörande för att kunna skydda informationen. Denna process är komplex och många krav måste tillfredsställas. Problemet som detta examensarbete avser att lösa handlar om hur införandet av en assuransprocess kommer påverka Försvarsmakten. Denna process måste följas för att en lösning eller produkt ska godkännas till en specifik komponents säkerhetsnivå. Frågeställningen besvaras i första hand av en marknadsundersökning om säkerhetshantering. Olika säkerhetshanteringsstrategier undersöktes och de bästa säkerhetslösningar valdes. Lösningarna jämfördes därefter med de assuranskrav som anges i Försvarsmaktens KSF V3.1 (Krav på IT säkerhetsförmågor hos IT – system) som är den dokumentation som anger kraven för IT säkerhetsfunktioner i ett IT system. Lösningen som uppfyllde de flesta kraven valdes och modifierades för att uppfylla samtliga kraven. Slutligen rekommenderades en komponent assuransprocess, vilken skulle kunna användas för att avgöra vilken lösning eller produkt som skulle kunna användas samt på vilket sätt det skulle kunna användas. Möjligheten att införa sådana krav i förvärvet av vilken produkt eller tjänst det än gäller förser Försvarsmakten med garantier för att alla produkter eller tjänster är godkända enligt särskilda säkringsnivåer på samma sätt och därmed försäkras det svenska samhället att förfaranden inom svenska väpnade krafter dokumenteras samt skyddar landet och dess medborgare.
Säkerhetshantering, informationssäkerhet, autentisering, auktorisering, styrning, riskhantering, följsamhet, användaradministration
10
Peterson, Mikael. "CAESAR : A proposed method for evaluating security in component-based distributed information systems." Thesis, Linköping University, Department of Electrical Engineering, 2004. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-2470.
Full textAbstract:
Background: The network-centric defense requires a method for securing vast dynamic distributed information systems. Currently, there are no efficient methods for establishing the level of IT security in vast dynamic distributed information systems.
Purpose: The target of this thesis was to design a method, capable of determining the level of IT security of vast dynamic component-based distributed information systems.
Method: The work was carried out by first defining concepts of IT security and distributed information systems and by reviewing basic measurement and modeling theory. Thereafter, previous evaluation methods aimed at determining the level of IT security of distributed information systems were reviewed. Last, by using the theoretic foundation and the ideas from reviewed efforts, a new evaluation method, aimed at determining the level of IT security of vast dynamic component-based distributed information systems, was developed.
Results: This thesis outlines a new method, CAESAR, capable of predicting the security level in parts of, or an entire, component-based distributed information system. The CAESAR method consists of a modeling technique and an evaluation algorithm. In addition, a Microsoft Windows compliant software, ROME, which allows the user to easily model and evaluate distributed systems using the CAESAR method, is made available.
11
Vorobiev, Artem. "An architectural approach to achieving higher-level security for component (service) based software systems." Swinburne Research Bank, 2008. http://hdl.handle.net/1959.3/47779.
Full textAbstract:
Thesis (Ph.D) - Swinburne University of Technology, Faculty of Information & Communication Technologies, 2008.Submitted in fulfillment of the requirements of for the degree of Doctor of Philosophy, Faculty of Information and Communication Technologies, Swinburne University of Technology, 2008. Typescript. Includes bibliographical references (p. 228-238)
12
Elish, Karim Omar Mahmoud. "User-Intention Based Program Analysis for Android Security." Diss., Virginia Tech, 2015. http://hdl.handle.net/10919/54943.
Full textAbstract:
The number of mobile applications (i.e., apps) is rapidly growing, as the mobile computing becomes an integral part of the modern user experience. Malicious apps have infiltrated open marketplaces for mobile platforms. These malicious apps can exfiltrate user's private data, abuse of system resources, or disrupting regular services. Despite the recent advances on mobile security, the problem of detecting vulnerable and malicious mobile apps with high detection accuracy remains an open problem.
In this thesis, we address the problem of Android security by presenting a new quantitative program analysis framework for security vetting of Android apps. We first introduce a highly accurate proactive detection solution for detecting individual malicious apps. Our approach enforces benign property as opposed of chasing malware signatures, and uses one complex feature rather than multi-feature as in the existing malware detection methods. In particular, we statically extract a data-flow feature on how user inputs trigger sensitive critical operations, a property referred to as the user-trigger dependence. This feature is extracted through nontrivial Android-specific static program analysis, which can be used in various quantitative analytical methods. Our evaluation on thousands of malicious apps and free popular apps gives a detection accuracy (2% false negative rate and false positive rate) that is better than, or at least competitive against, the state-of-the-art. Furthermore, our method discovers new malicious apps available in the Google Play store that have not been previously detected by anti-virus scanning tools.
Second, we present a new app collusion detection approach and algorithms to analyze pairs or groups of communicating apps. App collusion is a new technique utilized by the attackers to evade standard detection. It is a new threat where two or more apps, appearing benign, communicate to perform malicious task. Most of the existing solutions assume the attack model of a stand-alone malicious app, and hence cannot detect app collusion. We first demonstrate experimental evidence on the technical challenges associated with detecting app collusion. Then, we address these challenges by introducing a scalable and an in-depth cross-app static flow analysis approach to identify the risk level associated with communicating apps. Our approach statically analyzes the sensitivity and the context of each inter-app communication with low analysis complexity, and defines fine-grained security policies for the inter-app communication risk detection. Our evaluation results on thousands of free popular apps indicate that our technique is effective. It generates four times fewer false positives compared to the state-of-the-art collusion-detection solution, enhancing the detection capability. The advantages of our inter-app communication analysis approach are the analysis scalability with low complexity, and the substantially improved detection accuracy compared to the state-of-the-art solution. These types of proactive defenses solutions allow defenders to stay proactive when defending against constantly evolving malware threats.Ph. D.
13
Rempfer, Thomas L. "Anthrax vaccine as a component of the strategic national stockpile: a dilemma for Homeland Security." Thesis, Monterey, California : Naval Postgraduate School, 2009. http://edocs.nps.edu/npspubs/scholarly/theses/2009/Dec/09Dec%5FRempfer.pdf.
Full textAbstract:
Thesis (Master of Arts in Security Studies(Homeland Security and Defense))--Naval Postgraduate School, December 2009.Thesis Advisor: Supinski, Stanley. Second Reader: Lynch, Dean. "December 2009." Description based on title screen as viewed on January 29, 2010. Author(s) subject terms: Anthrax Vaccine Adsorbed; AVA; BioThrax; Homeland Security; Strategic National Stockpile; biodefense; bioterrorism; biological warfare; Amerithrax; Anthrax Vaccine Immunization Program; AVIP; Gulf War Illness; Gulf War Syndrome; Investigational New Drug, IND; Experimental; Civilian Control of the Military, Presidential Study Directive; PSD; Presidential Policy Directive; PPD. Includes bibliographical references (p. 195-237). Also available in print.
14
Rich, Ronald P., and Jonathan S. Holmgren. "Metric methodology for the creation of environments and processes to certify a component : specifically the Naval Research Laboratory Pump." Thesis, Monterey, California. Naval Postgraduate School, 2003. http://hdl.handle.net/10945/1102.
Full textAbstract:
This thesis was completed in cooperation with the Cebrowski Institute for
Information Innovation and Superiority.Approved for public release; distribution is unlimited
A of the NP, but the key requirement for Certification and Accreditation is the creation of a Protection Profile and an understanding of the DITSCAP requirements and process. This thesis creates a Protection Profile for the NP along with a draft Type SSAA for Certification and Accreditation of the NP.
Lieutenant, United States Navy
Lieutenant, United States Navy
15
Kulkarni, Keyur. "Android Malware Detection through Permission and App Component Analysis using Machine Learning Algorithms." University of Toledo / OhioLINK, 2018. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1525454213460236.
Full text
16
Kaufman, Jason R. "Digital video watermarking using singular value decomposition and two-dimensional principal component analysis." Ohio : Ohio University, 2006. http://www.ohiolink.edu/etd/view.cgi?ohiou1141855950.
Full text
17
Sahd, Lize-Marie. "A structured approach to the identification of the significant risks related to enterprise mobile solutions at a mobile technology component level." Thesis, Stellenbosch : Stellenbosch University, 2015. http://hdl.handle.net/10019.1/96674.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2015.ENGLISH ABSTRACT: The consumerisation of mobile technology is driving the mobile revolution and enterprises are forced to incorporate mobile solutions into their business processes in order to remain competitive. While there are many benefits relating to the investment in and use of mobile technology, significant risks are also being introduced into the business. The fast pace of technological innovation and the rate of adoption of mobile technology by employees has, however, created an environment where enterprises are deploying mobile solutions on an ad hoc basis. Enterprises are only addressing the risks as they are occurring and resulting in losses. The key contributing factor to this lack of governance and management is the fact that those charged with governance do not understand the underlying mobile technology components. The purpose of this research is to improve the understanding of the underlying components of mobile technology. The research further proposes to use this understanding to identify the significant risks related to mobile technology and to formulate appropriate internal controls to address these risks. The findings of the research identified the following underlying components of mobile technology: mobile devices; mobile infrastructure, data delivery mechanisms and enabling technologies; and mobile applications. Based on an understanding of the components and subcategories of mobile technology, a control framework was used to identify the significant risks related to each component and subcategory. The significant risks identified included both risks to the users (including interoperability, user experience, connectivity and IT support) as well as risks to the enterprise’s strategies (including continuity, security, cost and data ownership). The research concludes by formulating internal controls that the enterprise can implement to mitigate the significant risks. This resulted in two matrixes that serve as quick-reference guides to enterprises in the identification of significant risks at an enterprise specific mobile technology component level, as well as the relevant internal controls to consider. The matrixes also assist enterprises in determining the best mobile solutions to deploy in their business, given their strategies, risk evaluation and control environment.
AFRIKAANSE OPSOMMING: Die mobiele revolusie word deur die verbruiker van mobiele tegnologie aangedryf en, ten einde kompeterend te bly, word ondernemings gedwing om mobiele tegnologie in hul besigheidsprosesse te implementeer. Terwyl daar baie voordele verbonde is aan die investering in en gebruik van mobiele tegnologie, word die besigheid egter ook blootgestel aan wesenlike risiko’s. Die vinnige tempo waarteen mobiele tegnologie ontwikkel en deur werknemers aangeneem word, het egter ʼn omgewing geskep waarin ondernemings mobiele tegnologie op ʼn ad hoc basis ontplooi. Besighede spreek eers die risiko’s aan nadat dit reeds voorgekom het en verliese as gevolg gehad het. Die hoof bydraende faktor tot die tekort aan beheer en bestuur van mobiele tegnologie is die feit dat diegene verantwoordelik vir beheer, nie onderliggend mobiele tegnologie komponente verstaan nie. Die doel van hierdie navorsing is om die begrip van die onderliggende komponente van mobiele tegnologie te verbeter. Die navorsing poog verder om die wesenlike risiko’s verbonde aan mobiele tegnologie te identifiseer en om toepaslike interne beheermaatreëls te formuleer wat die risiko’s sal aanspreek. Die bevindinge van die navorsing het die volgende onderliggende komponente van mobiele tegnologie geïdentifiseer: mobiele toestelle; mobiele infrastruktuur, data afleweringsmeganismes, en bemagtigende tegnologieë; en mobiele toepassings. Gebaseer op ʼn begrip van die komponente en subkategorieë van mobiele tegnologie, is ʼn kontrole raamwerk gebruik om die wesenlike risiko’s verbonde aan elke komponent en subkategorie van die tegnologie, te identifiseer. Die wesenlike risiko’s sluit beide risiko’s vir die gebruiker (insluitend kontinuïteit, gebruikerservaring, konnektiwiteit en IT ondersteuning) sowel as risiko’s vir die onderneming se strategieë (insluitend kontinuïteit, sekuriteit, koste en data eienaarskap) in. Die navorsing sluit af met die formulering van die beheermaatreëls wat geïmplementeer kan word om die wesenlike risiko’s aan te spreek. Dit het gelei tot twee tabelle wat as vinnige verwysingsraamwerke deur ondernemings gebruik kan word in die identifisering van wesenlike risiko’s op ʼn onderneming-spesifieke tegnologie komponentvlak asook die oorweging van relevante interne beheermaatreëls. Die tabelle help ondernemings ook om die beste mobiele tegnologie vir hul besigheid te implementeer, gebaseer op hul strategie, risiko evaluering en beheeromgewing.
18
Holmgren, Jonathan S. Rich Ronald P. "Metric methodology for the creation of environments and processes to certify a component : specifically the Naval Research Laboratory Pump /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Mar%5FHolmgren.pdf.
Full textAbstract:
Thesis (M.S. in Information Technology Management)--Naval Postgraduate School, March 2003.Thesis advisor(s): George Dinolt, Craig Rasmussen. Includes bibliographical references (p. 155-157). Also available online.
19
Steiner, Max [Verfasser], and Peter [Akademischer Betreuer] Liggesmeyer. "Integrating Security Concerns into Safety Analysis of Embedded Systems Using Component Fault Trees / Max Steiner ; Betreuer: Peter Liggesmeyer." Kaiserslautern : Technische Universität Kaiserslautern, 2016. http://d-nb.info/1115183664/34.
Full text
20
Bo, Yibo. "Liquidity measurements and the return-liquidity relationship : empirical evidence from Germany, the UK, the US and China." Thesis, Brunel University, 2017. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.707764.
Full textAbstract:
With reference to the existing literature on liquidity, three key questions have emerged during the last several decades: (i) How to measure liquidity in the most efficient way? (ii) What is the empirical pattern in the relation between market liquidity and stock returns? (iii) What are the determinants of the changes in the Return-Liquidity Relationship? This thesis take the above three questions as its principal focus and studies them by undertaking three separate empirical chapters, using a substantial dataset that covers all the listed firms in these four global economies – Germany, the UK, the US and China from 2001 to 2013. The empirical results imply the following: (i) The Transaction-Cost based liquidity measures, particularly the Quoted Proportional Spread, should be regarded as the most representative liquidity measurement. (ii) There is no evidence consistent with a fixed empirical pattern in the Return-Liquidity Relationship across these four countries as market liquidity is preferred in both Germany and UK, while the opposite results have been obtained for the Chinese stock market. That is, higher market leads to higher stock returns in these two European countries as the higher market liquidity facilitates capital movements to more efficient investments. However in China, the huge number of individual investors generates higher market liquidity through speculative trading rather than as a result of value-related investments, which heightens market risk and thus results in a decrease in stock prices. (iii) There is weak evidence that stock market returns have positive determinant effects on both MLIs (the market impact of liquidity on stock returns) and FLIs, (the firm-level impact of liquidity on stock returns) Return-Liquidity relation on market and firm level respectively. While only FLIs are positively correlated with stock market volatility and the inflation rate and negatively affected by the short-term interest rate.
21
Lin, Jenglung. "The Implementation and Integration of the Interactive Markup Language to the Distributed Component Object Model Protocol in the Application of Distributed File System Security." NSUWorks, 1999. http://nsuworks.nova.edu/gscis_etd/671.
Full textAbstract:
This dissertation is about the implementation and integration of the interactive markup language to the distributed component object model protocol with the application to modeling distributed file system security. Among the numerous researches in network security, the file system usually plays in the least important role of the spectrum. From the simple Disk Operating System (DOS) to modern Network Operating System (NOS), the file system relies only on one or more login passwords to protect it from being misused. Today the most thorough protection scheme for the file system is from virus protection and removal application, but it does not prevent a hostile but well-behaved program from deleting files or formatting hard disk. There are several network-monitoring systems that provide packet-level examination, although they suffer significant degradation in system performance.
In order to accomplish this objective, the implementation and integration of an interactive markup language to the distributed component object model protocol is created. The framework is also associated with the network security model for protecting the file system against unfriendly users or programs. The research will utilize a comprehensive set of methods that include software signature, caller identification, backup for vital files, and encryption for selected system files. It is expected that the results of this work are sufficient so those component objects can be implemented to support the integration definitions defined in this dissertation. In addition, it is expected that the extensions and techniques defined in this work may have further utilization in similar theoretical and applied problem domains.
22
Setréus, Johan. "Identifying critical components for system reliability in power transmission systems." Doctoral thesis, KTH, Elektroteknisk teori och konstruktion, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-40389.
Full textAbstract:
Large interruptions of power supply in the transmission system have considerable impact on modern society. The goal for the transmission system operator (TSO) is to prevent and mitigate such events with optimal decisions in design, planning, operation and maintenance. Identifying critical power components for system reliability provides one important input to this decision-making. This thesis develops quantitative component reliability importance indices applicable for identifying critical components in real transmission systems. Probabilistic models with component failure statistics are combined with detailed power system models evaluated with the AC power flow technique. In the presented method each system component is assigned three importance indices based on outage events expected probability and consequence to (i) reduced system security margin, (ii) interrupted load supply and (iii) disconnected generation units. By ranking components by each of the three interests, a more complete view of the risks to system reliability can be assessed than if, as traditionally, only (ii) is modelled. The impact on security margin is studied in well established critical transfer sections (CTS) supervised by the TSO. TSOs set the CTSs limits [MW] based on deterministic security criteria, with regard to thermal, voltage level, and system stability limits, and the CTSs' condition at post-contingency state is in the method used as an indicator of the system security margin. The methodology is extended with three indices modified to quantify the component importance for common-cause events initiated by acts of sabotage. The developed methods are applied on a significant part of the Great Britain transmission system, modelling 7000 components and 107 substation layouts. The study includes several load demand scenarios, 200 million initiating outage events and non-functioning protection equipment. The resulting component ranking provides an important input to the TSO's decision-making, and could be implemented as a complement to the existing deterministic N-1 criterion. With the methods applied a TSO can perform further and more detailed assessments on a few critical components in order to enhance system reliability for equipment failures and strengthen the system vulnerability against sabotage.QC 20110920
23
Martinez, Salvador. "Automatic reconstruction and analysis of security policies from deployed security components." Phd thesis, Ecole des Mines de Nantes, 2014. http://tel.archives-ouvertes.fr/tel-01065944.
Full textAbstract:
Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed by a number of heterogeneous subsystems, each subsystem plays a key role in the global system security. For the specific case of access-control, access-control policies may be found in several components (databases, networksand applications) all, supposedly, working together. Nevertheless since most times these policies have been manually implemented and/or evolved separately they easily become inconsistent. In this context, discovering and understanding which security policies are actually being enforced by the information system comes out as a critical necessity. The main challenge to solve is bridging the gap between the vendor-dependent security features and a higher-level representation that express these policies in a way that abstracts from the specificities of concrete system components, and thus, it's easier to understand and reason with. This high-level representation would also allow us to implement all evolution/refactoring/manipulation operations on the security policies in a reusable way. In this work we propose such a reverse engineering and integration mechanism for access-control policies. We rely on model-driven technologies to achieve this goal.
24
Blackwood, Matthew J. "Homeland security within state departments of agriculture : components of an effective security program." Thesis, Monterey, California. Naval Postgraduate School, 2010. http://hdl.handle.net/10945/5128.
Full textAbstract:
CHDS State/LocalApproved for public release; distribution is unlimited
ttle understanding of the abilities and capabilities of state departments of agriculture related to homeland security initiatives. The challenge is that these programs tend to fall between agriculture and homeland security programs. This research involved interviewing representatives of 24 state departments of agriculture to identify success factors and barriers related to homeland security programs. Respondents reported multi-state agriculture groups, public-private partnerships, and organizational structure as success factors in building successful homeland security programs. This research found that lack of information sharing, a disconnect between the federal and state government, and inadequate funding created barriers to the implementation of constructive homeland security programs. To better position the homeland security programs within state departments of agriculture, this research provides several recommendations. Given the diversity of the roles and responsibilities in agriculture agencies, it is not possible to develop a model program for every state. These recommendations identify components of a model program that agencies could selectively use to enhance the effectiveness of homeland security programs.
25
Schönefeld, Marc. "Refactoring of security antipatterns in distributed Java components." Bamberg Univ. of Bamberg Press, 2010. http://d-nb.info/1003208398/34.
Full text
26
Cheung, Lai-sze, and 張麗詩. "Delegation of rights using PKI-based components." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2004. http://hub.hku.hk/bib/B29973053.
Full text
27
Andersson, Richard. "Evaluation of the Security of Components in Distributed Information Systems." Thesis, Linköping University, Department of Electrical Engineering, 2003. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-2091.
Full textAbstract:
This thesis suggests a security evaluation framework for distributed information systems, responsible for generating a system modelling technique and an evaluation method. The framework is flexible and divides the problem space into smaller, more accomplishable subtasks with the means to focus on specific problems, aspects or system scopes. The information system is modelled by dividing it into increasingly smaller parts, evaluate the separate parts and then build up the system “bottom up” by combining the components. Evaluated components are stored as reusable instances in a component library. The evaluation method is focusing on technological components and is based on the Security Functional Requirements (SFR) of the Common Criteria. The method consists of the following steps: (1) define several security values with different aspects, to get variable evaluations (2) change and establish the set of SFR to fit the thesis, (3) interpret evaluated security functions, and possibly translate them to CIA or PDR, (4) map characteristics from system components to SFR and (5) combine evaluated components into an evaluated subsystem. An ontology is used to, in a versatile and dynamic way, structure the taxonomy and relations of the system components, the security functions, the security values and the risk handling. It is also a step towards defining a common terminology for IT security.
28
Yao, Ming. "A security architecture for protecting dynamic components of mobile agents." Queensland University of Technology, 2004. http://eprints.qut.edu.au/15913/.
Full textAbstract:
New techniques,languages and paradigms have facilitated the creation of distributed applications in several areas. Perhaps the most promising paradigm is the one that incorporates the mobile agent concept. A mobile agent in a large scale network can be viewed as a software program that travels through a heterogeneous network, crossing various security domains and executing autonomously in its destination. Mobile agent technology extends the traditional network communication model by including mobile processes, which can autonomously migrate to new remote servers. This basic idea results in numerous benefits including flexible, dynamic customisation of the behavior of clients and servers and robust interaction over unreliable networks. In spite of its advantages, widespread adoption of the mobile agent paradigm is being delayed due to various security concerns. Currently available mechanisms for reducing the security risks of this technology do not e±ciently cover all the existing threats. Due to the characteristics of the mobile agent paradigm and the threats to which it is exposed, security mechanisms must be designed to protect both agent hosting servers and agents. Protection to agent-hosting servers' security is a reasonably well researched issue, and many viable mechanisms have been developed to address it. Protecting agents is technically more challenging and solutions to do so are far less developed. The primary added complication is that, as an agent traverses multiple servers that are trusted to different degrees, the agent's owner has no control over the behaviors of the agent-hosting servers. Consequently the hosting servers can subvert the computation of the passing agent. Since it is infeasible to enforce the remote servers to enact the security policy that may prevent the server from corrupting agent's data, cryptographic mechanisms defined by the agent's owner may be one of the feasible solutions to protect agent's data.Hence the focus of this thesis is the development and deployment of cryptographic mechanisms for securing mobile agents in an open environment. Firstly, requirements for securing mobile agents' data are presented. For a sound mobile agent application, the data in an agent that is collected from each visiting server must be provided integrity. In some applications where servers intend to keep anonymous and will reveal their identities only under certain cir- cumstances, privacy is also necessitated. Aimed at these properties, four new schemes are designed to achieve different security levels: two schemes direct at preserving integrity for the agent's data, the other two focus on attaining data privacy. There are four new security techniques designed to support these new schemes. The first one is joint keys to discourage two servers from colluding to forge a victim server's signature. The second one is recoverable key commitment to enable detection of any illegal operation of hosting servers on an agent's data. The third one is conditionally anonymous digital signature schemes, utilising anonymous public-key certificates, to allow any server to digitally sign a document without leaking its identity. The fourth one is servers' pseudonyms that are analogues of identities, to enable servers to be recognised as legitimate servers while their identities remain unknown to anyone. Pseudonyms can be deanonymised with the assistance of authorities. Apart from these new techniques, other mechanisms such as hash chaining relationship and mandatory verification process are adopted in the new schemes. To enable the inter-operability of these mechanisms, a security architecture is therefore developed to integrate compatible techniques to provide a generic solution for securing an agent's data. The architecture can be used independently of the particular mobile agent application under consideration. It can be used for guiding and supporting developers in the analysis of security issues during the design and implementation of services and applications based on mobile agents technology.
29
Schönefeld, Marc [Verfasser]. "Refactoring of security antipatterns in distributed Java components / von Marc Schönefeld." Bamberg : Univ. of Bamberg Press, 2010. http://d-nb.info/1003208398/34.
Full text
30
Youssef, Lilia. "Construction de systèmes répartis sécurisés à base de composants." Phd thesis, Université de Grenoble, 2012. http://tel.archives-ouvertes.fr/tel-00721746.
Full textAbstract:
L'objectif de ce travail est de fournir des modèles et outils pour simplifier la construction des systèmes distribués à base de composants sécurisés, ainsi que la gestion des propriétés de sécurité, en utilisant des outils de haut niveau d'abstraction pour la configuration et la reconfiguration dynamique. En plus des propriétés d'accessibilité et de communications sécurisées classiques, nous focalisons notre travail sur une propriété des systèmes répartis plus générale : la non-interférence. Cette propriété atteste qu'il ne doit pas y avoir de flux d'information entre des parties publiques et privées du système. Ce qui implique le suivi de l'acheminement de l'information entre les différentes composantes du système distribué. Notre objectif principal est donc de proposer un modèle, accompagné d'un ensemble d'outils, garantissant la propriété de la non-interférence à la construction du système, et ce à une plus grosse granularité : celle des composants. Ces outils permettent de (1) configurer les paramètres de sécurité des composants et des liaisons entre eux, (2) vérifier la propriété de non-interférence dans le code d'un composant et entre les différents composants du système et (3) générer automatiquement le code nécessaire pour appliquer ces propriétés de sécurité. D'autre part, nous proposons une architecture permettant de vérifier dynamiquement la propriété de non-interférence dans un système réparti.
31
Nimgaonkar, Satyajeet. "Secure and Energy Efficient Execution Frameworks Using Virtualization and Light-weight Cryptographic Components." Thesis, University of North Texas, 2014. https://digital.library.unt.edu/ark:/67531/metadc699986/.
Full textAbstract:
Security is a primary concern in this era of pervasive computing. Hardware based security mechanisms facilitate the construction of trustworthy secure systems; however, existing hardware security approaches require modifications to the micro-architecture of the processor and such changes are extremely time consuming and expensive to test and implement. Additionally, they incorporate cryptographic security mechanisms that are computationally intensive and account for excessive energy consumption, which significantly degrades the performance of the system. In this dissertation, I explore the domain of hardware based security approaches with an objective to overcome the issues that impede their usability. I have proposed viable solutions to successfully test and implement hardware security mechanisms in real world computing systems. Moreover, with an emphasis on cryptographic memory integrity verification technique and embedded systems as the target application, I have presented energy efficient architectures that considerably reduce the energy consumption of the security mechanisms, thereby improving the performance of the system. The detailed simulation results show that the average energy savings are in the range of 36% to 99% during the memory integrity verification phase, whereas the total power savings of the entire embedded processor are approximately 57%.
32
Torri, Stephen A. Hamilton John A. "Generic reverse engineering architecture with compiler and compression classification components." Auburn, Ala, 2009. http://hdl.handle.net/10415/1583.
Full text
33
Dan, Yufang. "SECURITY AND SELF-HEALABILITY ENFORCEMENT OF DYNAMIC COMPONENTS IN A SERVICE-ORIENTED SYSTEM." Phd thesis, INSA de Lyon, 2014. http://tel.archives-ouvertes.fr/tel-00994833.
Full textAbstract:
Les architectures dynamiques orientées services ( D-SOA) se concentrent sur les interactions client-serveur à couplage faible, où les deux peuvent apparaître et disparaître à l'exécution. Notre objectif est de concevoir des systèmes de surveillance pour ces architectures. Comme les systèmes de surveillance classiques sont statiquement injectés dans les services surveillés, ils ne peuvent pas gérer correctement le cycle de vie des services d'exécution. En outre, quand un service est remplacé par un autre service, d'autres services peuvent toujours utiliser l'ancienne référence. Cette référence vers un service absent, lorsqu'elle est gardée en mémoire, peut induire des comportements non désirés. Cette thèse contribue à la conception d'un système de surveillance de l'utilisation des services, qui soit résistant à la dynamique de la plateforme et qui soit en mesure de faire face à l'utilisation des références obsolètes. Ce but est atteint en trois étapes. Tout d'abord, en considérant le caractère dynamique des systèmes SOA dans un environnement ouvert, nous concevons une approche de monitoring résistant au la dynamique de la plateforme. Nous identifions deux propriétés clés du système de surveillance à couplage faible: résilience à la dynamicité, c'est-à-dire qu'un moniteur d'interface et son état sont maintenus en mémoire et transférés à un nouveau service lors de la disparition d'un service utilisé, et exhaustivité, c'est-à-dire qu'un service surveillé ne peut pas contourner les observations du moniteur. Ensuite, pour éviter l'usage de références vers des services qui ne sont plus actifs, nous proposons un service de sécurité côté client (SSU Layer), qui permet de traiter ce problème de manière transparente. Si un service utilisé disparaît, la couche SSU peut soit substituer le service de manière transparente, soit lever une exception pour avertir explicitement le client. Cette couche SSU est basée sur une approche transactionnelle qui vise à préserver la cohérence des services actifs. Enfin, nous proposons d'intégrer les deux approches dans un nouveau système de surveillance (NewMS). Les NewMS hérite des principes des deux systèmes précédents: la résilience à la dynamicité, l'exhaustivité et la tolérance aux fautes. Il peut dynamiquement surveiller l'utilisation de services et traiter les références obsolètes de manière transparente. Ces trois propositions sont implémentées dans la plateforme OSGi. Nous avons développé une application simple qui simule un système de réservation de place, qui est monitoré par notre systèmes. Nous avons également proposé différentes spécifications pour ce système. Nos résultats démontrent que le coût d'observation de notre moniteur est proche du coût d'un monitor classique, ne prenant pas en compte les problématiques liées à la dynamique.
34
Motyka, Matt. "Risk measurement of mortgage-backed security portfolios via principal components and regression analyses." Link to electronic thesis, 2003. http://www.wpi.edu/Pubs/ETD/Available/etd-0429103-231210.
Full textAbstract:
Thesis (M.S.)--Worcester Polytechnic Institute.Keywords: portfolio risk decomposition; principal components regression; principal components analysis; mortgage-backed securities. Includes bibliographical references (p. 88-89).
35
Shridevi, Rajesh Jayashankara. "Emerging Security Threats in Modern Digital Computing Systems: A Power Management Perspective." DigitalCommons@USU, 2019. https://digitalcommons.usu.edu/etd/7483.
Full textAbstract:
Design of computing systems — from pocket-sized smart phones to massive cloud based data-centers — have one common daunting challenge : minimizing the power consumption. In this effort, power management sector is undergoing a rapid and profound transformation to promote clean and energy proportional computing. At the hardware end of system design, there is proliferation of specialized, feature rich and complex power management hardware components. Similarly, in the software design layer complex power management suites are growing rapidly. Concurrent to this development, there has been an upsurge in the integration of third-party components to counter the pressures of shorter time-to-market. These trends collectively raise serious concerns about trust and security of power management solutions.
In recent times, problems such as overheating, performance degradation and poor battery life, have dogged the mobile devices market, including the infamous recall of Samsung Note 7. Power outage in the data-center of a major airline left innumerable passengers stranded, with thousands of canceled flights costing over 100 million dollars. This research examines whether such events of unintentional reliability failure, can be replicated using targeted attacks by exploiting the security loopholes in the complex power management infrastructure of a computing system.
At its core, this research answers an imminent research question: How can system designers ensure secure and reliable operation of third-party power management units? Specifically, this work investigates possible attack vectors, and novel non-invasive detection and defense mechanisms to safeguard system against malicious power attacks. By a joint exploration of the threat model and techniques to seamlessly detect and protect against power attacks, this project can have a lasting impact, by enabling the design of secure and cost-effective next generation hardware platforms.
36
TaheriMonfared, Aryan. "Securing the IaaS Service Model of Cloud Computing Against Compromised Components." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for telematikk, 2011. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-13439.
Full textAbstract:
Cloud Computing is a new computing model, and its security aspects require special considerations. New characteristics of the cloud model have introduced new security challenges, and made some of the existing security techniques incompatible. Moreover, existing cloud environments are closed, operated by commercial providers, and their security mechanisms are proprietary as well as confidential. In other words, there is not much chance of observing how a real cloud environment is working, and how their providers adapt security measures to the new model.Therefore, we have chosen an open source cloud platform to build our own cloud environment. The OpenStack cloud software met our requirements, but it was not mature enough. We have done a deep analysis of this platform, identified potential attack targets in it, and discuss impacts of a successful attack.In order to secure our environment, the National Institute of Standards and Technology (NIST) incident handling guideline has been applied to the cloud model, and corresponding actions for each phase has been performed. To complete our study, we have proposed a set of cloud specific approaches that fulfill the incident handling requirements. These approaches address challenges identified in the guideline adaptation process. Additionally, we have studied the feasibility and compatibility of each approach against our deployed environment.Additionally, we also have submitted a paper to IEEE CloudCom 2011 conference, based on my thesis. A draft version of the paper is included in Appendix A.
37
Mennie, David William. "An architecture to support dynamic composition of service components and its applicability to Internet security." Thesis, National Library of Canada = Bibliothèque nationale du Canada, 2000. http://www.collectionscanada.ca/obj/s4/f2/dsk1/tape4/PQDD_0020/MQ57732.pdf.
Full text
38
Mennie, David William Carleton University Dissertation Engineering Systems and Computer. "An architecture to support dynamic composition of service components and its applicability to Internet security." Ottawa, 2000.
Find full text
39
Thakkar, Jatin. "Securing Cognitive Radios with a Policy Enforcer and Secure Inter-component Transport Mechanisms." Thesis, Virginia Tech, 2010. http://hdl.handle.net/10919/34948.
Full textAbstract:
Current wireless communications are confronted with two significant problems with regard to spectrum use --- spectrum scarcity and deployment difficulties. It is widely believed that Software Defined Radios (SDRs) and Cognitive Radios (CRs) are the key enabling technologies to address these problems.
The reconfigurability of SDRs combined with the decoupling of policies and the platform in policy-based radios poses a new technical problem --- viz, enforcing policy conformance. Each DARPA XG radio is equipped with a set of policy conformance components (PCCs) which are responsible for ensuring that the radio is policy-conformant and does not cause harmful interference. The Policy Reasoner (PR) is the inference component of the PCCs whereas the Policy Enforcer (PE) performs enforcement.
DARPAâ s XG program prescribes the Software Communications Architecture (SCA) as the model for SDR/CR architectures. Distributed processing is a fundamental aspect of the SCA, and it uses the Common Object Resource Broker Architecture (CORBA). It is reasonable to assume that some of the SDRs will be implemented as distributed systems, irrelevant of whether they are SCA compliant devices. It is thus obvious that middleware has to be secured for complete security.
This thesis enumerates the requirements of an â idealâ PE. We have described the design and implementation of two possible implementations, which can fulfill some of these requirements. The PE can function similar to a firewall, and be at the very boundary of software and hardware components. The PE can also be implemented as a â man-in-the-middleâ between the System Strategy Reasoner and the transmission hardware. We further describe a novel method of providing cache coherency for a cache-based PE.
We also perform an in-depth analysis of the security requirements in a distributed implementation of a policy-based radio. To this end, we describe the design and implementation of such a system using CORBA middleware. We identify potential vulnerabilities due to the use of CORBA, and describe countermeasures for them. We compare the performance of transport and security mechanisms of two commercial, off-the-shelf (COTS) Object Request Brokers. We show that the magnitude of performance degradation can be reduced by the use of a cleverly selected combination of transport and security mechanisms.Master of Science
40
Regateiro, Diogo José Domingues. "A secure, distributed and dynamic RBAC for relational applications." Master's thesis, Universidade de Aveiro, 2014. http://hdl.handle.net/10773/14045.
Full textAbstract:
Mestrado em Engenharia de Computadores e TelemáticaNowadays, database application use tools like Java Database Connectivity, Hibernate or ADO.NET to access data stored in databases. These tools are designed to bring together the relational database and object-oriented programming paradigms, forsaking applied access control policies. Hence, the application developers must master the established policies as a means to develop software that is conformant with the established access control policies. Furthermore, there are situations where these policies can evolve dynamically. In these cases it becomes hard to adjust the access control mechanisms. This challenge has led to the development of an extension to the role based access control (RBAC) model where permissions are defined as a sequence of create, read, update and delete (CRUD) expressions that can be executed and the interfaces to access them. From these permissions it's possible to generate security artefacts on the client side, i.e. in a distributed manner, which allows the clients to access the stored data while satisfying the security policies defined. On top of this model extension, a security layer has also been created in order to make the access control secure and obligatory. For the RBAC model extension this work leverages a previous work that created a dynamic access control architecture for relational applications, here referred to as DACA (Dynamic Access Control Architecture). DACA uses business logic information and the defined access control policies to build dynamically the security artefacts for the applications. In situations where the access control policies can evolve dynamically, the security artefacts are adjusted automatically. This base work, however, defines as permissions CRUD expressions, which can be executed in any order, and needs an adequate security layer to authenticate users and protect the system form intruders. Hence, this work aims to create a new architecture, called “S-DRACA” (Secure, Dynamic and Distributed Role-based Access Control Architecture), which extends the work done with DACA so that it is capable of enforcing sequences of CRUD expressions that the applications can execute if the sequences are associated with their roles and the development of a security layer to make it secure. We discuss as well the performance of this system and its applicability to other environments outside of relational databases.
Atualmente, aplicações que acedem a bases de dados utilizam ferramentas como o Java Database Connectivity, Hibernate ou ADO.NET para aceder aos dados nelas armazenados. Estas ferramentas estão desenhadas para unir os paradigmas das bases de dados relacionais e da programação orientada a objetos, mas não estão preocupados com as políticas de controlo de acesso a aplicar. Portanto, os programadores de aplicações têm de dominar as políticas estabelecidas a fim de desenvolver aplicações em conformidade com as políticas de controlo de acesso estabelecidas.. Além disso, existem situações em que as políticas de controlo de acesso podem evoluir dinamicamente. Nestes casos, torna-se difícil adequar os mecanismos de controlo de acesso. Este desafio motivou o desenvolvimento de uma extensão ao modelo de controlo de acesso baseado em papeis (RBAC) que define como permissões sequências de expressões para criar, ler, atualizar e apagar (CRUD) informação e as interfaces de acesso a cada uma delas. A partir destas permissões podem ser gerados artefactos de segurança do lado dos clientes, i.e. de uma forma distribuída, que lhes permitem aceder à informação armazenada na base de dados segundo as políticas definidas. Por cima desta extenção também foi criada uma camada de segurança para tornar o controlo de acesso seguro e obrigatório. Para a extensão do modelo RBAC este trabalho baseou-se num trabalho anterior que criou uma arquitectura dinâmica de controlo de acesso para aplicações de bases de dados relacionais, aqui referida como DACA (Dynamic Access Control Architecture). DACA utiliza informação da lógica de negócio e as políticas de controlo de acesso que foram definidos para criar dinamicamente os artefactos de segurança para as aplicações. Em situações onde as políticas de controle de acesso evoluem de forma dinâmica, os artefactos de segurança são ajustados automaticamente. Este trabalho base, no entanto, define como permissões as expressões CRUD, podendo estas ser executadas em qualquer ordem, e necessita de uma camada de segurança adequada para autenticar utilizadores e proteger os dados sensíveis de intrusos. Portanto, neste trabalho, pretende-se criar uma nova arquitectura, chamada “S-DRACA” (Secure, Dynamic and Distributed Role-based Access Control Architecture), que estende o trabalho feito no âmbito do DACA para que este seja capaz de garantir que sejam cumpridas sequência de expressões CRUD que as aplicações podem executar e que estão associados aos seus papéis nas políticas RBAC e desenvolver uma camada de segurança adequada para a tornar segura. Discutimos, também, o seu desempenho e aplicabilidade em outros ambientes sem ser em bases de dados relacionais.
41
Huour, Aranya. "Components of Food Insecurity on a University Campus." CSUSB ScholarWorks, 2019. https://scholarworks.lib.csusb.edu/etd/876.
Full textAbstract:
Many college students across the nation are going hungry and struggling with food insecurity, as their access to food is becoming more challenging to attain. The purpose of this study is to explore the experiences of college students and components that lead them to becoming food insecure. Studies indicate that food insecurity is a critical issue in a college students’ life, but there is not an established approach to adequately help the students address this issue. The data will be collected through self-administered surveys and participant ratings will be reviewed for any common themes and correlations. Results from this study will provide significant material to assist social workers in addressing food insecurity with a systematic approach and influence further research. This study will also present findings to universities to secure supplementary resources and services to prevent food insecurity on campus.
42
Kinkelin, Holger [Verfasser], Georg [Akademischer Betreuer] Carle, and Günter [Akademischer Betreuer] Schäfer. "Autonomous and Robust Components for Security in Network Domains / Holger Kinkelin. Gutachter: Georg Carle ; Günter Schäfer. Betreuer: Georg Carle." München : Universitätsbibliothek der TU München, 2013. http://d-nb.info/1045345679/34.
Full text
43
Nasr, Allah Mounir. "Contrôle de flux d'information par utilisation conjointe d'analyse statique et dynamique accélérée matériellement." Thesis, CentraleSupélec, 2020. http://www.theses.fr/2020CSUP0007.
Full textAbstract:
Les systèmes embarqués étant de plus en plus présents dans nos vies, il est nécessaire de protéger les données personnelles qui y sont stockées. En effet, les concepteurs d’applications peuvent involontairement introduire des vulnérabilités pouvant être exploitées par un attaquant pour compromettre la confidentialité ou l’intégrité du système. Un des moyens de s’en prémunir est l’utilisation d’outils réactifs permettant de surveiller le comportement du système lors de son fonctionnement. Dans le cadre de cette thèse, nous proposons une approche générique de détection d'anomalies combinant des aspects matériels et logiciels et qui repose sur le suivi de flux d’information dynamique (DIFT). Le DIFT consiste à attacher des étiquettes représentant des niveaux de sécurité à des conteneurs d'information, par exemple des fichiers, et à spécifier une politique de flux d'information permettant de décrire les flux autorisés. Pour cela, nous avons tout d’abord développé un moniteur DIFT, flexible et non invasif pour le processeur, en utilisant les composants de traces ARM CoreSight. Pour prendre en compte les flux d’information qui se produisent dans les différentes couches, du système d’exploitation aux instructions processeur, nous avons élaboré des analyses statiques dans le compilateur. Ces analyses génèrent des annotations qui décrivent la dissémination des données dans le système lors de son exécution et qui sont utilisées par le moniteur DIFT. Nous avons également développé un module de sécurité pour le noyau Linux afin de prendre en compte les flux d’information à destination ou en provenance des fichiers. L’approche proposée permet ainsi de détecter un large spectre d'attaques de natures différentesAs embedded systems are more and more present in our lives, it is necessary to protect the personal data stored in such systems. Application developers can unintentionally introduce vulnerabilities that can be exploited by attackers to compromise the confidentiality or integrity of the system. One of the solutions to prevent this is to use reactive mechanisms to monitor the behavior of the system while it is running. In this thesis, we propose a generic anomaly detection approach combining hardware and software aspects, based on dynamic information flow tracking (DIFT). DIFT consists of attaching labels representing security levels to information containers, for example files, and specifying an information flow policy to describe the authorized flows. To implement such an approach, we first developed a DIFT monitor which is flexible and non-invasive for the processor, using ARM CoreSight trace components. To take into account the information flows that occur in the different layers, from the operating system to the processor instructions, we have developed different static analysis into the compiler. These analyses generate annotations, used by the DIFT monitor, that describe the dissemination of data in the system at run-time. We also developed a Linux security module to handle information flows involving files. The proposed approach can thus be used to detect different kinds of attacks
44
Alesand, Elias, and Hanna Sterneling. "A shoulder-surfing resistant graphical password system." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-138163.
Full textAbstract:
The focus of this report is to discuss graphical password systems and how they can contribute to handle security problems that threaten authentication processes. One such threat is shoulder-surfing attacks, which are also reviewed in this report. Three already existing systems that are claimed to be shoulder-surfing resilient are described and a new proposed system is presented and evaluated through a user study. Moreover, the system is compared to the mentioned existing systems to further evaluate the usability, memorability and the time it takes to authenticate. The user study shows that test subjects are able to remember their chosen password one week after having registered and signed in once. It is also shown that the average time to sign in to the system after five minutes of practice is within a range of 3.30 to 5.70 seconds. The participants in the experiments gave the system an average score above 68 on the System Usability Scale, which is the score of an average system.
45
Eskenazi, Sébastien. "On the stability of document analysis algorithms : application to hybrid document hashing technologies." Thesis, La Rochelle, 2016. http://www.theses.fr/2016LAROS019/document.
Full textAbstract:
Un nombre incalculable de documents est imprimé, numérisé, faxé, photographié chaque jour. Ces documents sont hybrides : ils existent sous forme papier et numérique. De plus les documents numériques peuvent être consultés et modifiés simultanément dans de nombreux endroits. Avec la disponibilité des logiciels d’édition d’image, il est devenu très facile de modifier ou de falsifier un document. Cela crée un besoin croissant pour un système d’authentification capable de traiter ces documents hybrides. Les solutions actuelles reposent sur des processus d’authentification séparés pour les documents papiers et numériques. D’autres solutions reposent sur une vérification visuelle et offrent seulement une sécurité partielle. Dans d’autres cas elles nécessitent que les documents sensibles soient stockés à l’extérieur des locaux de l’entreprise et un accès au réseau au moment de la vérification. Afin de surmonter tous ces problèmes, nous proposons de créer un algorithme de hachage sémantique pour les images de documents. Cet algorithme de hachage devrait fournir une signature compacte pour toutes les informations visuellement significatives contenues dans le document. Ce condensé permettra la création de systèmes de sécurité hybrides pour sécuriser tout le document. Ceci peut être réalisé grâce à des algorithmes d’analyse du document. Cependant ceux-ci ont besoin d’être porté à un niveau de performance sans précédent, en particulier leur fiabilité qui dépend de leur stabilité. Après avoir défini le contexte de l’étude et ce qu’est un algorithme stable, nous nous sommes attachés à produire des algorithmes stables pour la description de la mise en page, la segmentation d’un document, la reconnaissance de caractères et la description des zones graphiquesAn innumerable number of documents is being printed, scanned, faxed, photographed every day. These documents are hybrid : they exist as both hard copies and digital copies. Moreover their digital copies can be viewed and modified simultaneously in many places. With the availability of image modification software, it has become very easy to modify or forge a document. This creates a rising need for an authentication scheme capable of handling these hybrid documents. Current solutions rely on separate authentication schemes for paper and digital documents. Other solutions rely on manual visual verification and offer only partial security or require that sensitive documents be stored outside the company’s premises and a network access at the verification time. In order to overcome all these issues we propose to create a semantic hashing algorithm for document images. This hashing algorithm should provide a compact digest for all the visually significant information contained in the document. This digest will allow current hybrid security systems to secure all the document. This can be achieved thanks to document analysis algorithms. However those need to be brought to an unprecedented level of performance, in particular for their reliability which depends on their stability. After defining the context of this study and what is a stable algorithm, we focused on producing stable algorithms for layout description, document segmentation, character recognition and describing the graphical parts of a document
46
Chen, Jin-Cheng, and 陳錦城. "Security Mechanism in Medical Informatics by Using Enhanced CORBA Based Component." Thesis, 2002. http://ndltd.ncl.edu.tw/handle/25803001640446412527.
Full textAbstract:
碩士台北醫學院
醫學資訊研究所
90
Under today’s National Health Insurance (NHI) system, changing of the payment procedures and medical environment are becoming more rapidly and complicated. It has become more and more important to achieve the satisfactory and quality healthcare, to meet expectation of the patients and at the same time to keep the cost under careful, efficient, and effective control. By implementing the inter-hospital medical information exchange, we could avoid the repeating and overlapping wastes of medical resources. In addition, by using the Internet and Electronic Medical Record (EMR), the medical personnel could immediately gather the most complete and up-to-date related medical information of the patients, therefore can be able to make more precise diagnosis, provide timely and appropriate treatments, and as the result raise the quality of healthcare. For this reason, building a complete medical information exchange environment to provide any related medical information and applications are absolutely necessary. However, there are still many problems presented in today’s medical information exchange. Things such as security management of data and information system, the exchanging medical information across different platforms, the security concerns and limits for outsourcing service, the costs of building such an information system, and the complexity of system maintenance are just a few challenges it faced. In this study, we proposed to use the enhanced CORBA as the foundation to implement component-based architecture design. Components such as identification, authentication and security will be conveniently for all medical organizations to reuse and thus reduce the cost of system development. The medical information exchange components, developed by the research organizations that are commissioned by Department of Health (DOH), can be used or enhanced by medical organizations and suppliers’ on their own information systems. Through this method, DOH is able to manage and maintain the quality and security of the medical information exchange.
47
Gong, Hui-hao, and 龔暉皓. "Using COM Component to Build Security Knowledge Management System-For LCD Industry." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/71840831071651411079.
Full textAbstract:
碩士國立中正大學
資訊管理所暨醫療資訊管理所
98
High-tech industry is always the most important factor of promoting economic development in overall industrial enterprises. Owing to computer systems become more complicated progressively, hence how to manage Knowledge document safely and effectively is one important topic today. If we make proper use of Knowledge management system that is not only a lot of use of Knowledge but also more rapid access to acquire it. Especially if a problem occurs, whether to solve the problem quickly is a key point in a complex information system. This study intends to build Knowledge management system base on web-base architecture and reach COM development in the system. In order to ensure data security we will adopt a security mechanism to ensure user profile will not be improper interception during network transmission and then caused business losses. The COM developed by Microsoft and the advantage includes security, reusability and extensibility. The purpose of this study is how to develop COM in 3-tier system and verify it in LCD factory. Establishing one secure and adaptable Knowledge Management System for CIM department in LCD industry.
48
Chou, I. Tsen, and 周怡岑. "Deployment Strategies of Information Security Management -A Case of Electronic Component Distributor Company." Thesis, 2006. http://ndltd.ncl.edu.tw/handle/65674852655586327679.
Full textAbstract:
碩士國立臺灣科技大學
資訊管理系
94
The most Important infrastructure for enterprise is good information environment. The degree of enterprise information relays to maturity and the popularity of electronic commerce, information security events (ex viral dissemination, invasions of hacker, material is divulged and so on) also emerges one after another incessantly. These events have caused enterprises visible and tangible losses. Also therefore enterprises have gradually attached importance to the security of information. Due to the special industrial characteristics of electronics components industry. Its supply chain is continually simplifying and these companies are more and more competitive. The important core value in this industry is to provide the highest quality service of information security. This research discusses "Information Security Management of Deployment Strategy" as the central subject, and chooses a medium electronics components distributor as the research object. So to analyze the suitable deployment strategy for the business of electronic components distributor, allows the deployment work of information security management easier to succeed. This research does refer to the documents of BS7799 PDCA model and the IBM information security management model. After we collected and analyzed these documents, we propose the 5 deployment phases in evaluating, training, planning, implementing, and auditing, to simultaneously consider the key points of the 13 executive items which are the evaluation and analysis of present situation, the classification of information property, the classification of risk, etc. The main goal of this research is to provide the mechanism of information security management for enterprises, electronic components distributor especially, in the future.
49
HUANG, CHIA-SHENG, and 黃家聖. "THE IMPACT OF MARKET COMPONENT AND DIFFERENT PROFITABILITY MEASURES ON THE DETERMINATION OF SECURITY." Thesis, 1996. http://ndltd.ncl.edu.tw/handle/20726086478984862873.
Full text
50
Štumpf, Ondřej. "Bezpečnost a důvěra v komponentovém modelu DEECo." Master's thesis, 2015. http://www.nusl.cz/ntk/nusl-331218.
Full textAbstract:
DEECo represents an example of a Cyber-Physical System (CPS) consisting of potentially vast number of components able to share data with each other. So far, access to data was not restricted, thus enabling components to exploit sensitive data owned by other components. The goal of this work is to analyze security threats in distributed environments such as DEECo and propose a security solution which would provide both physical security of component data and introduce an access control mechanism. However, while confidentiality may be critical to certain applications, data integrity is crucial to almost every one. This work therefore also proposes a trust model, which prevents components operating with defective or malicious data. Both proposed models are realized in jDEECo, a Java implementation of DEECo.