To see the other types of publications on this topic, follow the link: LTE Security.
Dissertations / Theses on the topic 'LTE Security'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'LTE Security.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Hussein, Soran. "Lightweight Security Solutions for LTE/LTE-A Networks." Thesis, Paris 11, 2014. http://www.theses.fr/2014PA112366/document.
Full textAbstract:
Récemment, le 3GPP (3rd Generation Partnership Project) a standardisé les systèmes LTE/LTE-A (Long Term Evolution/LTE-Advanced) qui ont été approuvés par l'UIT (Union Internationale des Télécommunications) comme des réseaux de télécommunications mobiles de 4éme génération. La sécurité est l'une des questions essentielles qui doivent être traitées avec soin pour protéger les informations de l'opérateur et des utilisateurs. Aussi, le 3GPP a normalisé plusieurs algorithmes et protocoles afin de sécuriser les communications entre les différentes entités du réseau. Cependant, l'augmentation du niveau de sécurité dans ces systèmes ne devrait pas leur imposer des contraintes lourdes telles qu’une grande complexité de calcul ou encore une forte consommation d'énergie. En effet, l'efficacité énergétique est devenue récemment un besoin critique pour les opérateurs afin de réduire l’empreinte écologique et les coûts opérationnels de ces systèmes. Les services de sécurité dans les réseaux mobiles tels que l'authentification, la confidentialité et l'intégrité des données sont le plus souvent effectués en utilisant des techniques cryptographiques. Toutefois, la plupart des solutions standardisées déjà adoptées par le 3GPP dépendent des algorithmes de chiffrement qui possèdent une grande complexité, induisant une consommation énergétique plus élevée dans les différentes entités communicantes du réseau. La confidentialité des données, qui se réfère principalement au fait de s'assurer que l'information n'est accessible qu'à ceux dont l'accès est autorisé, est réalisée au niveau de la sous-couche PDCP (Packet Data Convergence Protocol) de la pile protocolaire de LTE/LTE-A par l'un des trois algorithmes normalisés (EEA1, EEA2 et EEA3). Or, chacun des trois algorithmes exige une forte complexité de calcul car ils reposent sur la théorie de chiffrement de Shannon qui utilise les fonctions de confusion et de diffusion sur plusieurs itérations. Dans cette thèse, nous proposons un nouvel algorithme de confidentialité en utilisant le concept de substitution et de diffusion dans lequel le niveau de sécurité requis est atteint en un seul tour. Par conséquent, la complexité de calcul est considérablement réduite ce qui entraîne une réduction de la consommation d'énergie par les fonctions de chiffrement et de déchiffrement. De plus, la même approche est utilisée pour réduire la complexité des algorithmes 3GPP d'intégrité des données (EIA1, EIA2 et EIA3) dont le concept de chiffrement repose sur les mêmes fonctions complexes. Enfin, nous étudions dans cette thèse le problème d'authentification dans le contexte du paradigme D2D (Device to Device communications) introduit dans les systèmes 4G. Le concept D2D se réfère à la communication directe entre deux terminaux mobiles sans passer par le cœur du réseau. Il constitue un moyen prometteur pour améliorer les performances et réduire la consommation d'énergie dans les réseaux LTE/LTE-A. Toutefois, l'authentification et la dérivation de clé entre deux terminaux mobiles dans le contexte D2D n’ont pas fait l’objet d’études. Aussi, nous proposons un nouveau protocole léger d’authentification et de dérivation de clé permettant d’authentifier les terminaux D2D et de dériver les clés nécessaires à la fois pour le cryptage et pour la protection de l'intégrité des donnéesRecently, the 3rd Group Project Partnership (3GPP) has developed Long Term Evolution/ Long Term Evolution-Advanced (LTE/LTE-A) systems which have been approved by the International Telecommunication Union (ITU) as 4th Generation (4G) mobile telecommunication networks. Security is one of critical issues which should be handled carefully to protect user's and mobile operator's information. Thus, the 3GPP has standardized algorithms and protocols in order to secure the communications between different entities of the mobile network. However, increasing the security level in such networks should not compel heavy constrains on these networks such as complexity and energy. Indeed, energy efficiency has become recently a critical need for mobile network operators for reduced carbon emissions and operational costs. The security services in mobile networks such as authentication, data confidentiality and data integrity are mostly performed using cryptographic techniques.However, most of the standardized solutions already adopted by the3GPP depend on encryption algorithms which possess high computational complexity which in turn contributes in consuming further energy at the different network communication parties.Data confidentiality which mainly refers to the protection of the user’s information privacy is achieved at the Packet Data Convergence Protocol (PDCP) sub-layer in the LTE/LTE-A protocol stack by one of the three standardized algorithms (EEA1, EEA2 and EEA3). However, each of the three algorithms requires high computational complexity since they rely on Shannon’s theory of encryption algorithms by applying confusion and diffusion for several rounds. In our thesis we propose a novel confidentiality algorithm using the concept of substitution and diffusion in which the required security level is attained in only one round. Consequently the computational complexity is considerably reduced which in return results in reducing the energy consumption during both encryption and decryption procedures. Similarly, the same approach is used to reduce the complexity of 3GPP data integrity algorithms (EIA1, EIA2 and EIA3) which the core cipher rely on the same complex functions. Finally, we investigate in this thesis the authentication issue in Device to Device paradigms proposal in 4G systems. Device to Device communications refer to direct communications between two mobile devices without passing through the core network. They constitute a promising mean to increase the performance and reduce energy consumptions in LTE/LTE-A networks. In such context, the authentication and key derivation between two mobile devices have not been well investigated. Thus, a novel lightweight authentication and key derivation protocol is proposed to authenticate two communicating devices during session establishments as well as deriving necessary keys for both data encryption and integrity protection
2
DeMarinis, Nicholas AF. "On LTE Security: Closing the Gap Between Standards and Implementation." Digital WPI, 2015. https://digitalcommons.wpi.edu/etd-theses/791.
Full textAbstract:
Modern cellular networks including LTE (Long Term Evolution) and the evolving LTE- Advanced provide high-speed and high-capacity data services for mobile users. As we become more reliant on wireless connectivity, the security of voice and data transmissions on the network becomes increasingly important. While the LTE network standards provide strict security guidelines, these requirements may not be completely followed when LTE networks are deployed in practice. This project provides a method for improving the security of LTE networks by 1) characterizing a gap between security requirements defined in the standards and practical implementations, 2) designing a language to express the encoding formats of one of LTE’s network-layer protocols, 3) developing a compiler to translate a protocol description in our language into an implementation, and 4) providing recommendations on lessons learned during development of the language and compiler to support development of future protocols that employ formal representations. In this way, our work demonstrates how a formal language can be utilized to represent a cellular network protocol and serves as an example for further research on how adding formalism to network standards can help ensure that the security goals defined in the standards can be upheld in an implementation.
3
Pfeffer, Katharina. "Formal Verification of a LTE Security Protocol for Dual-Connectivity : An Evaluation of Automatic Model Checking Tools." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-148047.
Full textAbstract:
Security protocols are ubiquitously used in various applications with the intention to ensure secure and private communication. To achieve this goal, a mechanism offering reliable and systematic protocol verification is needed. Accordingly, a major interest in academic research on formal methods for protocol analysis has been apparent for the last two decades. Such methods formalize the operational semantics of a protocol, laying the base for protocol verification with automatic model checking tools. So far, little work in this field has focused on protocol standardization. Within this thesis a security analysis of a novel Authenticated Key-Exchange (AKE) protocol for secure association handover between two Long-Term Evolution (LTE) base stations (which support dual-connectivity) is carried out by applying two state-of-the-art tools for automated model checking (Scyther and Tamarin Prover). In the course of this a formal protocol model and tool input models are developed. Finally, the suitability of the used tools for LTE protocol analysis is evaluated. The major outcome is that none of the two applied tools is capable to accurately model and verify the dual-connectivity protocol in such detail that it would make them particularly useful in the considered setting. The reason for this are restrictions in the syntax of Scyther and a degraded performance of Tamarin when using complex protocol input models. However, the use of formal methods in protocol standardization can be highly beneficial, since it implies a careful consideration of a protocol’s fundamentals. Hence, formal methods are helpful to improve and structure a protocol’s design process when applied in conjunction to current practices.Säkerhetsprotokoll används i många typer av applikationer för att säkerställa säkerhet och integritet för kommunikation. För att uppnå detta mål behövs en behövs mekanismer som tillhandahåller pålitlig och systematisk verifiering av protokollen. Därför har det visats stort akademiskt intresse för forskning inom formell verifiering av säkerhetsprotokoll de senaste två decennierna. Sådana metoder formaliserar protokollsemantiken, vilket lägger grunden till automatiserad verifiering med modellverifieringsverktyg. Än så la¨nge har det inte varit stort focus på praktiska tilla¨mpningar, som t.ex. hur väl metoderna fungerar för de problem som dyker upp under en standardiseringsprocess. I detta examensarbete konstrueras en formell modell för ett säkerhetsprotokoll som etablerar en säkerhetsassociation mellan en terminal och två Long-Term Evolution (LTE) basstationer i ett delsystem kallat Dual Connectivity. Detta delsystem standardiseras för närvarande i 3GPP. Den formella modellen verifieras sedan med bästa tillgängliga verktyg för automatiserad modellverifiering (Scyther och Tamarin Prover). För att åstadkomma detta har den formella modellen implementerats i inmatningsspråken för de två verktygen. Slutligen ha de två verktygen evaluerats. Huvudslutsatsen är att inget av de två verktygen tillräckligt väl kan modellera de koncept där maskinstödd verifiering som mest behövs. Skälen till detta är Scythers begränsade syntax, och Tamarins begränsade prestanda och möjlighet att terminera för komplexa protokollmodeller. Trots detta är formella metoder andvändbara i standardiseringsprocessen eftersom de tvingar fram väldigt noggrann granskning av protokollens fundamentala delar. Därför kan formella metoder bidra till att förbättra strukturen på protokollkonstruktionsprocessen om det kombineras med nuvarande metoder.
4
Alzaabi, Mohamed Abdulla Hasan Saif. "New cryptanalysis and modelling for wireless networking." Thesis, University of Hertfordshire, 2015. http://hdl.handle.net/2299/17115.
Full textAbstract:
High data rates and interoperability of vender devices have made WiMAX a prime desire for use worldwide. WiMAX is based on the IEEE 802.16 standard. IEEE 802.16a, b, c & d versions were updated within three years of the first launch of WiMAX. However, during those early years reports were published that highlighted the security weaknesses of the standard. These weaknesses prompted the IEEE to issue a new version, 802.16e to tackle the security issues. Despite this security enhancement, WiMAX remains vulnerable. This research project looks at the vulnerability of WiMAX 802.16e Subscriber Station/Mobile Station authentication at the initial entry and proposes approaches to the prevention of Denial of Service (DoS) attacks at this point in order to secure the Media Access Control (MAC) layer from such threats. A new protocol has been designed and developed to provide confidentiality, authentication and integrity to WiMAX users. This new protocol is integrated with Z algorithm (an algorithm described later in this paper) to provide: • Confidentiality of management messages • Message Authentication code • ID to provide for message integrity and user authentication. A simulation package was also required, to prove that a linear load of DoS attack would disable or exhaust the capacity of the base station of a WiMAX network, as well as providing other simulation functions. The freely available simulation tool NIST (NIST IPSec (Internet Protocol Security) and IKE (Internet Key Exchange) Simulation) is oriented towards fixed network communications (NIIST, 2003). There are no other relevant simulation tools; hence the purpose of this research project is to develop a new tool to simulate WiMAX security vulnerabilities and test the new protocol.
5
Shahriar, Chowdhury M. R. "Resilient Waveform Design for OFDM-MIMO Communication Systems." Diss., Virginia Tech, 2015. http://hdl.handle.net/10919/56973.
Full textAbstract:
This dissertation addresses physical layer security concerns, resiliency of the Orthogonal Frequency Division Multiplexing (OFDM) and the Multiple Input Multiple Output (MIMO) systems; the `de-facto' air-interface of most wireless broadband standards including LTE and WiMAX. The major contributions of this dissertation are: 1) developing jamming taxonomy, 2) proposing OFDM and MIMO equalization jamming attacks and countermeasures, 3) developing antijam (AJ) MIMO systems, and 4) designing null space projected overlapped-MIMO radar waveform for spectrum sharing between radar and communications system.
First, we consider OFDM systems under various jamming attacks. Previous research is focused on jamming OFDM data transmissions. We focus on energy efficient attacks that can disrupt communication severely by exploiting the knowledge of target waveform. Specifically, these attacks seek to manipulate information used by the equalization algorithm to cause errors to a significant number of symbols, i.e., pilot tones jamming and nulling. Potential countermeasures are presented in an attempt to make OFDM waveform robust and resilient. The threats were mitigated by randomizing the location and value of pilot tones, causing the optimal attack to devolve into barrage jamming.
We also address the security aspects of MIMO systems in this dissertation. All MIMO systems need a method to estimate and equalize channel, whether through channel reciprocity or sounding. Most OFDM-based MIMO systems use sounding via pilot tones. Like OFDM attacks, this research introduces MIMO channel sounding attack, which attempts to manipulate pilot tones to skew the channel state information (CSI) at the receiver.
We describe methods of designing AJ MIMO system. The key insight is that many of the theoretical concepts learned from transmit beamforming and interference alignment (IA) in MIMO systems can be applied to the field of AJ and robust communications in the presence of jammers. We consider a realistic jamming scenario and provide a `receiver-only' and a transmitter `precoding' technique that allow a pair of two-antenna transceivers to communicate while being jammed by a malicious non-cooperative single-antenna adversary.
Finally, we consider designing a collocated MIMO radar waveform, which employs a new MIMO architecture where antenna arrays are allowed to overlap. This overlapped-MIMO radar poses many advantages including superior beampattern and improvement in SNR gain. We combine this radar architecture with a projection-based algorithm that allows the radar waveform to project onto the null space of the interference channel of MIMO communications system, thus enabling the coexistence of radar and communications system.Ph. D.
6
Pestrea, Anna. "Fuzz testing on eNodeB over the air interface : Using fuzz testing as a means of testing security." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-176074.
Full textAbstract:
In modern society, security has become an increasingly important subject, as technologyhas become an integrated part of everyday life. The security of a system can be tested withthe help of fuzzing, where incoming messages to the system are altered. In this thesis, afuzzer was developed targeting an E-UTRAN Node B (eNB) in the Long-Term Evolution(LTE) landscape. The eNB is current prototype and is from the company Ericsson. Thefuzzer is particularly designed for testing the Medium Access Control (MAC) layer of theeNB. The fuzzer uses a genetic method where all of the fuzzer’s flags (the R, F2, E, LCID, Fand L flags) are triggered during the fuzzing period. Depending on the output of the firstgeneration of fuzzed values, new values are generated either by choosing a value close tothe original value, or by choosing a value that belong to the same subgroup as the originalvalue. Four test cases are made, where first test case is the base line of the program and theother three test cases fuzzes the eNB, using different parts of the fuzzer. The results show that depending on which parts of the fuzzer are used, the connectionbecomes different. For test two and three, the connection became increasingly unstable andmore data was present in the connection. Test case four did not however deviate so muchfrom the baseline, if compared to test two and three.
7
Parvez, Imtiaz. "Spectrum Sharing, Latency, and Security in 5G Networks with Application to IoT and Smart Grid." FIU Digital Commons, 2018. https://digitalcommons.fiu.edu/etd/3879.
Full textAbstract:
The surge of mobile devices, such as smartphones, and tables, demands additional capacity. On the other hand, Internet-of-Things (IoT) and smart grid, which connects numerous sensors, devices, and machines require ubiquitous connectivity and data security. Additionally, some use cases, such as automated manufacturing process, automated transportation, and smart grid, require latency as low as 1 ms, and reliability as high as 99.99\%. To enhance throughput and support massive connectivity, sharing of the unlicensed spectrum (3.5 GHz, 5GHz, and mmWave) is a potential solution. On the other hand, to address the latency, drastic changes in the network architecture is required. The fifth generation (5G) cellular networks will embrace the spectrum sharing and network architecture modifications to address the throughput enhancement, massive connectivity, and low latency.
To utilize the unlicensed spectrum, we propose a fixed duty cycle based coexistence of LTE and WiFi, in which the duty cycle of LTE transmission can be adjusted based on the amount of data. In the second approach, a multi-arm bandit learning based coexistence of LTE and WiFi has been developed. The duty cycle of transmission and downlink power are adapted through the exploration and exploitation. This approach improves the aggregated capacity by 33\%, along with cell edge and energy efficiency enhancement. We also investigate the performance of LTE and ZigBee coexistence using smart grid as a scenario.
In case of low latency, we summarize the existing works into three domains in the context of 5G networks: core, radio and caching networks. Along with this, fundamental constraints for achieving low latency are identified followed by a general overview of exemplary 5G networks. Besides that, a loop-free, low latency and local-decision based routing protocol is derived in the context of smart grid. This approach ensures low latency and reliable data communication for stationary devices.
To address data security in wireless communication, we introduce a geo-location based data encryption, along with node authentication by k-nearest neighbor algorithm. In the second approach, node authentication by the support vector machine, along with public-private key management, is proposed. Both approaches ensure data security without increasing the packet overhead compared to the existing approaches.
8
Legonkov, Pavel, and Vasily Prokopov. "Small Cell Wireless Backhaul in Mobile Heterogeneous Networks." Thesis, KTH, Kommunikationssystem, CoS, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-99010.
Full textAbstract:
Small cells are deployed in a crowded areas with a high demand for both coverage and capacity. It is hard to address both of these requirements simultaneous with a conventional mobile network architecture based on macro cells. In many case a wire is not available to connect the small cell to the core of the mobile network. Under these circumstances a wireless link could be a convenient solution for the backhaul. In this master’s thesis IEEE 802.11n technology was evaluated to assess its suitability for backhaul from a small wireless cell. The performance of wireless equipment manufactured by several vendors has been measured. The results of these measurements were analyzed and compared to a set of requirements established for small cell backhaul. The analysis has affirmed that IEEE 802.11n is capable of providing sufficient performance to be used for small cell backhaul in various deployment scenarios. Note that in this thesis we include femtocells, picocells, wireless LAN access points, and other technologies in the category of "small cells". Another research questions of this master’s thesis is security of small cell backhaul. In addition to protecting the backhaul link itself, the security research investigated the safety of the whole mobile network architecture remodeled with the introduction of small cells. A mechanism to integrate secure small cells into a mobile network was developed. The results obtained during the project will be used as an input for product development activities in the company hosting the project. The resulting product could become the target of future wireless system performance measurements.Små celler sätts ut i områden med höga krav på täckning och kapacitet. Det är svårt att adressera båda dessa krav samtidigt med en konventionell mobil nätverksarkitektur baserad på makro-celler. I många fall finns ingen kabel tillgänglig att koppla den lilla cellen till kärnan i det mobila nätverket. Under dessa omständigheter kan en trådlös länk vara en lämplig lösning för backhaul. I denna avhandling utvärderas IEEE 802.11n-teknikens lämplighet för backhaul av små celler. Prestandan hos trådlös utrustning tillverkad av flera olika tillverkare har mätts. Resultaten av dessa mätningar analyserades och jämfördes med en mängd krav uppsatta för backhaul av små celler. Analysen har förankrat att IEEE 802.11n är kapabel till att tillhandahålla tillräcklig prestanda för backhaul av små celler i diverse miljöer. Notera att i denna avhandling så inkluderas femto-celler, pico-celler, Wireless LAN-åtkomstpunkter, och andra teknologier i kategorin små celler". Andra forskningsfrågor berörda i avhandlingen är säkerhet vid backhaul av små celler. Utöver att skydda backhaul-länken själv så undersökte säkerhetsforskningen säkerheten av hela mobilnätsarkitekturen när små celler används i arkitekturen. En mekanism för att integrera säkra små celler i ett mobilnät utvecklades. De resultat som införskaffades under projektets genomförande kommer att användas som input till produktutvecklingsaktiviteter hos företaget som sponsrade projektet. Den resulterande produkten skulle kunna bli mål för framtida prestandamätningar av trådlösa system.
9
Potnuru, Srinath. "Fuzzing Radio Resource Control messages in 5G and LTE systems : To test telecommunication systems with ASN.1 grammar rules based adaptive fuzzer." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-294140.
Full textAbstract:
5G telecommunication systems must be ultra-reliable to meet the needs of the next evolution in communication. The systems deployed must be thoroughly tested and must conform to their standards. Software and network protocols are commonly tested with techniques like fuzzing, penetration testing, code review, conformance testing. With fuzzing, testers can send crafted inputs to monitor the System Under Test (SUT) for a response. 3GPP, the standardization body for the telecom system, produces new versions of specifications as part of continuously evolving features and enhancements. This leads to many versions of specifications for a network protocol like Radio Resource Control (RRC), and testers need to constantly update the testing tools and the testing environment. In this work, it is shown that by using the generic nature of RRC specifications, which are given in Abstract Syntax Notation One (ASN.1) description language, one can design a testing tool to adapt to all versions of 3GPP specifications. This thesis work introduces an ASN.1 based adaptive fuzzer that can be used for testing RRC and other network protocols based on ASN.1 description language. The fuzzer extracts knowledge about ongoing RRC messages using protocol description files of RRC, i.e., RRC ASN.1 schema from 3GPP, and uses the knowledge to fuzz RRC messages. The adaptive fuzzer identifies individual fields, sub-messages, and custom data types according to specifications when mutating the content of existing messages. Furthermore, the adaptive fuzzer has identified a previously unidentified vulnerability in Evolved Packet Core (EPC) of srsLTE and openLTE, two open-source LTE implementations, confirming the applicability to robustness testing of RRC and other network protocols.5G-telekommunikationssystem måste vara extremt tillförlitliga för att möta behoven för den kommande utvecklingen inom kommunikation. Systemen som används måste testas noggrant och måste överensstämma med deras standarder. Programvara och nätverksprotokoll testas ofta med tekniker som fuzzing, penetrationstest, kodgranskning, testning av överensstämmelse. Med fuzzing kan testare skicka utformade input för att övervaka System Under Test (SUT) för ett svar. 3GPP, standardiseringsorganet för telekomsystemet, producerar ofta nya versioner av specifikationer för att möta kraven och bristerna från tidigare utgåvor. Detta leder till många versioner av specifikationer för ett nätverksprotokoll som Radio Resource Control (RRC) och testare behöver ständigt uppdatera testverktygen och testmiljön. I detta arbete visar vi att genom att använda den generiska karaktären av RRC-specifikationer, som ges i beskrivningsspråket Abstract Syntax Notation One (ASN.1), kan man designa ett testverktyg för att anpassa sig till alla versioner av 3GPP-specifikationer. Detta uppsatsarbete introducerar en ASN.1-baserad adaptiv fuzzer som kan användas för att testa RRC och andra nätverksprotokoll baserat på ASN.1- beskrivningsspråk. Fuzzer extraherar kunskap om pågående RRC meddelanden med användning av protokollbeskrivningsfiler för RRC, dvs RRC ASN.1 schema från 3GPP, och använder kunskapen för att fuzz RRC meddelanden. Den adaptiva fuzzer identifierar enskilda fält, delmeddelanden och anpassade datatyper enligt specifikationer när innehållet i befintliga meddelanden muteras. Dessutom har den adaptiva fuzzer identifierat en tidigare oidentifierad sårbarhet i Evolved Packet Core (EPC) för srsLTE och openLTE, två opensource LTE-implementeringar, vilket bekräftar tillämpligheten för robusthetsprovning av RRC och andra nätverksprotokoll.
10
Hutchinson, Simon James. "Investigation of late time response analysis for security applications." Thesis, Manchester Metropolitan University, 2015. http://e-space.mmu.ac.uk/608771/.
Full textAbstract:
The risk of armed attack by individual’s intent on causing mass casualties against soft targets, such as transport hubs continues. This has led to an increased need for a robust, reliable and accurate detection system for concealed threat items. This new system will need to improve upon existing detection systems including portal based scanners, x-ray scanners and hand held metal detectors as these all suffer from drawbacks of limited detection range and relatively long scanning times. A literature appraisal has been completed to assess the work being undertaken in the relevant field of Concealed Threat Detection (CTD). From this Ultra-Wide Band (UWB) radar has been selected as the most promising technology available for CTD at the present. UWB radar is provided by using Frequency Modulated Continuous Waves (FMCW) from laboratory test equipment over a multi gigahertz bandwidth. This gives the UWB radar the ability to detect both metallic and dielectric objects. Current published results have shown that it is possible to use the LTR technique to detect and discriminate both single objects isolated in air and multiple objects present within the same environment. A Vector Network Analyser (VNA) has been used to provide the Ultra-Wide Band (UWB) Frequency Modulated Continuous Wave (FMCW) radar signal required for the LTR technique. This thesis presents the application of the Generalized Pencil-of-Function (GPOF), Dual Tree Wavelet Transform (DTWT) and the Continuous Wavelet Transform (CWT), both real and complex valued, in Late Time Response (LTR) security analysis to produce a viable detection algorithm. Supervised and unsupervised Artificial Neural Networks (ANN) have been applied to develop a successful classification scheme for Concealed Threat Detection (CTD) in on body security screening. Signal deconvolution and other techniques have been applied in post processing to allow for extraction of the LTR signal from the scattered return. Data vectorization has been applied to the extracted LTR signal using an unsupervised learning based ANN to prepare data for classification. Classification results for both binary threat/non-threat classifiers and a group classifier are presented. The GPOF method presented true positive classification results approaching 72% with wavelet based methods offering between 98% and 100%.
11
Guedj, Michaël. "BSP algorithms for LTL & CTL model checking of security protocols." Thesis, Paris Est, 2012. http://www.theses.fr/2012PEST1081.
Full textAbstract:
Dans un monde fortement dépendant de la communication de données distribuées, la conception d’infrastructures sécurisées est une tâche cruciale. Les systèmes et réseaux distribués prennent de plus en plus d’importance, car la plupart des services et des possibilités qui caractérisent la société moderne sont basés sur ces technologies.La communication entre les agents sur les réseaux a donc suscité un grand intérêt pour la recherche. Afin de fournir des moyens de communication efficaces et fiables, de plus en plus de protocoles de communication sont inventés, et pour la plupart d’entre eux, la sécurité est un objectif importantIn a world strongly dependent on distributed data communication, the design of secure infrastructures is a crucial task. Distributed systems and networks are becoming increasingly important, as most of the services and opportunities that characterise the modern society are based on these technologies. Communication among agents over networks has therefore acquired a great deal of research interest. In order to provide effective and reliable means of communication, more and more communication protocols are invented, and for most of them, security is a significant goal
12
Yao, Håkansson Jonathan, and Niklas Rosencrantz. "Formal Verification of Hardware Peripheral with Security Property." Thesis, KTH, Skolan för datavetenskap och kommunikation (CSC), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-209807.
Full textAbstract:
One problem with computers is that the operating system automatically trusts any externallyconnected peripheral. This can result in abuse when a peripheral technically can violate the security model because the peripheral is trusted. Because of that the security is an important issue to look at.The aim of our project is to see in which cases hardware peripherals can be trusted. We built amodel of the universal asynchronous transmitter/receiver (UART), a model of the main memory(RAM) and a model of a DMA controller. We analysed interaction between hardware peripherals,user processes and the main memory.One of our results is that connections with hardware peripherals are secure if the hardware is properly configured. A threat scenario could be an eavesdropper or man-in-the-middle trying to steal data or change a cryptographic key.We consider the use-cases of DMA and protecting a cryptographic key. We prove the well-behavior of the algorithm. Some error-traces resulted from incorrect modelling that was resolved by adjusting the models. Benchmarks were done for different memory sizes.The result is that a peripheral can be trusted provided a configuration is done. Our models consist of finite state machines and their corresponding SMV modules. The models represent computer hardware with DMA. We verified the SMV models using the model checkers NuSMV and nuXmv.Målet med vårt projekt är att verifiera olika specifikationer av externa enheter som ansluts till datorn. Vi utför formell verifikation av sådan datorutrustning och virtuellt minne. Verifikation med temporal logik, LTL, utförs. Specifikt verifierar vi 4 olika use-case och 9 formler för seriell datakommunikation, DMA och virtuellt minne. Slutsatsen är att anslutning av extern hårdvara är säker om den är ordentligt konfigurerad.Vi gör jämförelser mellan olika minnesstorlekar och mätte tidsåtgången för att verifiera olika system. Vi ser att tidsåtgången för verifikation är långsammare än linjärt beroende och att relativt små system tar relativt lång tid att verifiera.
13
Eneroth, Nathanael. "Securing LBO VoLTE roaming with multiple Escrow Agents : A dynamic approach to distribute cryptographic keys to Escrow Agents." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-240425.
Full textAbstract:
The fourth generation cellular mobile broadband, Long-Term Evolution (LTE), provides high speed Internet via Internet Protocol (IP). Today’s wireless infrastructure paves the way to a connected society where high speed Internet is seamlessly available at all times for anyone to use. To achieve this, a mobile service subscriber can no longer be bound to a single network provided by a single operator. Thus, roaming constitutes a key pillar in shaping the connected society Local Breakout (LBO) Voice over Long-Term Evolution (VoLTE) roaming enables a mobile service subscriber to breakout from its home network, and to use network services in a visited network. LBO requires control signalling and user data to be routed over several Public Land Mobile Networks (PLMNs), thus making mobile service subscriber’s the subject of Lawful Intercept (LI) across multiple networks. This thesis project investigates the possibility of using Multimedia Internet KEYing (MIKEY) and Secure Real-Time Transport Protocol (SRTP) to encrypt the payload of VoLTE media packets. More specifically, a Law Enforcement Monitoring Provider (LEMP) is designed, implemented, and evaluated. LEMP is deployed within a cell phone and serves to distribute cryptographic key shares to Trusted Third Parties (TTPs), i.e. multiple escrow agents, entrusted to store these cryptographic key shares. The result preserves the requirements for LI despite the fact that there may be multiple network operators involved. Moreover, the experiments show that the distribution time depends primarily on network latency rather than the time required to split the cryptographic key in chunks; hence the approach is usable in practice.Den fjärde generationens mobila bredband, Long-Term Evolution (LTE), möjliggör användandet av höghastighetsinternet över Internet Protocol (IP). Dagens trådlösa infrastrukturer banar väg för ett fritt och lättillgängligt digitalt samhälle där alla kan vara uppkopplade samtidigt. För att uppnå global trådlös infrastruktur måste mobilabonnenten ha möjlighet att utnyttja flera andra trådlösa nätverk än det nätverk som teleoperatören binder dem till. Därför utgör fri roaming en viktig del i utvecklingen av framtidens globala trådlösa infrastrukturer. Local Breakout (LBO) Voice over Long-Term Evolution (VoLTE) är en roamingarkitektur som gör det möjligt för en mobilabonnent att kopplas upp från en teleoperatörs nät till en annans. LBO kräver att kontrollsignaler och användardata skickas mellan flera operatörer innan trafiken når sitt mål, och därmed utsätts mobilabonnenten för laglig avlyssning av elektronisk information på flera platser samtidigt. Det här examensarbetet undersöker möjligheten att använda Multimedia Internet KEYing (MIKEY) och Secure Real-Time Transport Protocol (SRTP) för att kryptera mediatrafik i VoLTE. Under arbetets gång utvecklas och utvärderas en Law Enforcement Monitoring Provider (LEMP). LEMP är placerad i en mobiltelefon och distribuerar delar av krypteringsnycklar till flera betrodda tredje parter (till flera escrow agents). Detta gör det möjligt att uppfylla kraven för laglig avlyssning av elektronisk information även när flera teleoperatörer avlyssnar användardata och kontrollsignaler. Resultatet visar att distribueringstiden primärt beror på nätverkslatens, och inte på den tid det tar att fördela krypteringsnyckeln i mindre delar. Därför kan den här metoden användas i praktiken.
14
Alegre, Alberto. "Parental behaviors and late adolescents' adjustment: The role of emotional security and emotional intelligence." Diss., Virginia Tech, 2008. http://hdl.handle.net/10919/26056.
Full textAbstract:
Based on hypothesized relations advanced by Cummings and Davies (1995), the current study tests the hypothesis that parental availability and parental control, experienced during middle adolescence, relate to late adolescentsâ adjustment through influence on their emotional security. The study also examines the role of late adolescentsâ emotional intelligence and its relationship with parental behaviors, emotional security, and adolescentsâ adjustment. This study proposes a model of relationships where emotional security and emotional intelligence influence each other and mediate the relationship between parental behaviors and late adolescentsâ adjustment. Regression analyses show partial support for the hypotheses.Ph. D.
15
Dykas, Matthew Jason. "Attachment security and the processing of attachment-relevant social information in late adolescence." College Park, Md. : University of Maryland, 2006. http://hdl.handle.net/1903/3488.
Full textAbstract:
Thesis (Ph. D.) -- University of Maryland, College Park, 2006.Thesis research directed by: Psychology. Title from t.p. of PDF. Includes bibliographical references. Published by UMI Dissertation Services, Ann Arbor, Mich. Also available in paper.
16
Lee, Andrew Wei Tien. "A framework for supporting anonymity in text-based online conversations /." Gold Coast, QLD : Bond University, 2001. http://epublications.bond.edu.au/theses/lee.
Full textAbstract:
Thesis (MSc(CompSc) -- Bond University, 2001."A thesis submitted to Bond University in fulfillment of the requirements for the degree of Masters of Science in Computer Science"-- t.p. Bibliography: leaves 124-125. Also available via the World Wide Web.
17
Frenn, Evan. "Towards a Trustworthy Thin Terminal for Securing Enterprise Networks." Digital WPI, 2013. https://digitalcommons.wpi.edu/etd-theses/300.
Full textAbstract:
Organizations have many employees that lack the technical knowledge to securely operate their machines. These users may open malicious email attachments/links or install unverified software such as P2P programs. These actions introduce significant risk to an organization's network since they allow attackers to exploit the trust and access given to a client machine. However, system administrators currently lack the control of client machines needed to prevent these security risks. A possible solution to address this issue lies in attestation. With respect to computer science, attestation is the ability of a machine to prove its current state. This capability can be used by client machines to remotely attest to their state, which can be used by other machines in the network when making trust decisions. Previous research in this area has focused on the use of a static root of trust (RoT), requiring the use of a chain of trust over the entire software stack. We would argue this approach is limited in feasibility, because it requires an understanding and evaluation of the all the previous states of a machine. With the use of late launch, a dynamic root of trust introduced in the Trusted Platform Module (TPM) v1.2 specification, the required chain of trust is drastically shortened, minimizing the previous states of a machine that must be evaluated. This reduced chain of trust may allow a dynamic RoT to address the limitations of a static RoT. We are implementing a client terminal service that utilizes late launch to attest to its execution. Further, the minimal functional requirements of the service facilitate strong software verification. The goal in designing this service is not to increase the security of the network, but rather to push the functionality, and therefore the security risks and responsibilities, of client machines to the network€™s servers. In doing so, we create a platform that can more easily be administered by those individuals best equipped to do so with the expectation that this will lead to better security practices. Through the use of late launch and remote attestation in our terminal service, the system administrators have a strong guarantee the clients connecting to their system are secure and can therefore focus their efforts on securing the server architecture. This effectively addresses our motivating problem as it forces user actions to occur under the control of system administrators.
18
Cook, Joshua Lee. "Employees' Perceptions About the Deterrence Effect of Polygraph Examination Against Security Compromises." ScholarWorks, 2015. https://scholarworks.waldenu.edu/dissertations/1844.
Full textAbstract:
Controversy continues over the use of polygraph testing to deter and detect potential leakers as critics argue that the technique is based on faulty assumptions. The purpose of this descriptive and exploratory research study was to determine whether there was a perceived deterrence effect related to the use of polygraphs between a group of participants who were subjected to a polygraph examination within the past year compared to those who have not experienced a polygraph examination within the same time period. Paternoster and Simpson's, as well as Vance and Siponen's, rational choice models and Bandura's social learning theory served as the theoretical foundation for this study. Specifically, this study assessed groups' perceptions about adhering to security regulations if a polygraph is required, changes in their behavior and attitude, and beliefs about polygraph deterrent effect. Data were obtained through a 15-minute researcher- created survey with a cluster sample of 326 participants. Data were analyzed with a t test to determine whether there was a statistically significant difference between the groups. A factor analysis was also conducted. Results indicated that there was a statistically significant difference (p < .001) between the groups, suggesting that participants perceive a deterrent effect associated with the use of polygraphs as well as a change of behavior and attitude if a polygraph can be randomly administered at work. The implications for positive social change stemming from this study include recommendations to the nation's national security agencies to continue enforcing the polygraph examinations required of certain security personnel and exploring the possibility of expanding the use of such strategies in order to fortify the national intelligence infrastructure.
19
Tyler, Lamonte Bryant. "Exploring the Implementation of Cloud Security to Minimize Electronic Health Records Cyberattacks." ScholarWorks, 2018. https://scholarworks.waldenu.edu/dissertations/5281.
Full textAbstract:
Health care leaders lack the strategies to implement cloud security for electronic medical records to prevent a breach of patient data. The purpose of this qualitative case study was to explore strategies senior information technology leaders in the healthcare industry use to implement cloud security to minimize electronic health record cyberattacks. The theory supporting this study was routine activities theory. Routine activities theory is a theory of criminal events that can be applied to technology. The study's population consisted of senior information technology leaders from a medical facility in a large northeastern city. Data collection included semistructured interviews, phone interviews, and analysis of organizational documents. The use of member checking and methodological triangulation increased the validity of this study's findings among all participants. There were 5 major themes that emerged from the study (a) requirement of coordination with the electronic health record vendor and the private cloud vendor, (b) protection of the organization, (c) requirements based on government and organizational regulations, (d) access management, (e) a focus on continuous improvement. The results of this study may create awareness of the necessity to secure electronic health records in the cloud to minimize cyberattacks. Cloud security is essential because of its social impact on the ability to protect confidential data and information. The results of this study will further serve as a foundation for positive social change by increasing awareness in support of the implementation of electronic health record cloud security.
20
Yoon, Seongwon. "Distorted security discourses : the ROK's securitisation of the Korean nuclear crisis, 2003-2013." Thesis, University of Bradford, 2016. http://hdl.handle.net/10454/15865.
Full textAbstract:
South Korea’s security discourse on the nuclear threat posed by North Korea has been dichotomised by its position within the political spectrum between the progressives and conservatives. By drawing upon Securitisation Theory (ST), this study challenges the current security discourse in South Korea, which has divided and misled the public as well as securitising actors. This study examines the security discourses of the Roh Moo-hyun (2003–2008) and Lee Myung-bak (2008–2013) administrations, since they represent the archetypes of the progressives and conservatives respectively. The results of the analysis suggest that the current security discourses that have been prevalent in South Korea do not correspond with reality and, subsequently, the discourses were not able to deal with real challenges that the nuclear threat posed. This research also explains the root cause of the distorted security discourses by applying a ‘discursive chasm’ as a preliminary concept, which indicates a discursive structure that fundamentally impedes the performance of securitising actors’ articulation, and that distorts the discursive formation (securitisation processes). The chasms consist of three elusive discourses: first, a discourse on threats that cannot simply be said to be either imminent or not imminent (nuclear weapons as materiality and discourse); second, a discourse on the other that cannot easily be defined (the difficulty of representation of North Korea); and third, a discourse on measures that cannot easily be realised (intangible extraordinary measures).
21
Yoon, Seongwon. "Distorted Security Discourses. The ROK’s Securitisation of the Korean Nuclear Crisis, 2003–2013." Thesis, University of Bradford, 2016. http://hdl.handle.net/10454/15865.
Full textAbstract:
South Korea’s security discourse on the nuclear threat posed by North Korea has been dichotomised by its position within the political spectrum between the progressives and conservatives. By drawing upon Securitisation Theory (ST), this study challenges the current security discourse in South Korea, which has divided and misled the public as well as securitising actors. This study examines the security discourses of the Roh Moo-hyun (2003–2008) and Lee Myung-bak (2008–2013) administrations, since they represent the archetypes of the progressives and conservatives respectively. The results of the analysis suggest that the current security discourses that have been prevalent in South Korea do not correspond with reality and, subsequently, the discourses were not able to deal with real challenges that the nuclear threat posed. This research also explains the root cause of the distorted security discourses by applying a ‘discursive chasm’ as a preliminary concept, which indicates a discursive structure that fundamentally impedes the performance of securitising actors’ articulation, and that distorts the discursive formation (securitisation processes). The chasms consist of three elusive discourses: first, a discourse on threats that cannot simply be said to be either imminent or not imminent (nuclear weapons
as materiality and discourse); second, a discourse on the other that cannot easily be defined (the difficulty of representation of North Korea); and third, a discourse on measures that cannot easily be realised (intangible extraordinary measures).
22
Paulauskas, Nerijus. "Analysis of Computer System Incidents and Security Level Evaluation." Doctoral thesis, Lithuanian Academic Libraries Network (LABT), 2009. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2009~D_20090610_130504-11943.
Full textAbstract:
The problems of incidents arising in computer networks and the computer system security level evaluation are considered in the thesis. The main research objects are incidents arising in computer networks, intrusion detection systems and network scanning types. The aim of the thesis is the investigation of the incidents in the computer networks and computer system security level evaluation.
The following main tasks are solved in the work: classification of attacks and numerical evaluation of the attack severity level evaluation; quantitative evaluation of the computer system security level; investigation of the dependence of the computer system performance and availability on the attacks affecting the system and defense mechanisms used in it; development of the model simulating the computer network horizontal and vertical scanning.
The thesis consists of general characteristic of the research, five chapters and general conclusions. General characteristic of the thesis is dedicated to an introduction of the problem and its topicality. The aims and tasks of the work are also formulated; the used methods and novelty of solutions are described; the author‘s publications and structure of the thesis are presented.
Chapter 1 covers the analysis of existing publications related to the problems of the thesis. The survey of the intrusion detection systems is presented and methods of the intrusion detection are analyzed. The currently existing techniques of the attack classification are... [to full text]Disertacijoje nagrinėjamos incidentų kompiuterių tinkluose ir kompiuterių sistemų saugumo lygio įvertinimo problemos. Pagrindiniai tyrimo objektai yra incidentai kompiuterių tinkluose, atakų atpažinimo sistemos ir kompiuterių tinklo žvalgos būdai. Disertacijos tikslas – incidentų kompiuterių tinkluose tyrimas ir kompiuterių sistemų saugumo lygio įvertinimas. Darbe sprendžiami šie pagrindiniai uždaviniai: atakų klasifikavimas ir jų sunkumo lygio skaitinis įvertinimas; kompiuterių sistemos saugumo lygio kiekybinis įvertinimas; kompiuterių sistemos našumo ir pasiekiamumo priklausomybės nuo sistemą veikiančių atakų ir joje naudojamų apsaugos mechanizmų tyrimas; modelio, imituojančio kompiuterių tinklo horizontalią ir vertikalią žvalgą kūrimas. Disertaciją sudaro įvadas, penki skyriai ir bendrosios išvados. Įvadiniame skyriuje nagrinėjamas problemos aktualumas, formuluojamas darbo tikslas bei uždaviniai, aprašomas mokslinis darbo naujumas, pristatomi autoriaus pranešimai ir publikacijos, disertacijos struktūra. Pirmasis skyrius skirtas literatūros apžvalgai. Jame apžvelgiamos atakų atpažinimo sistemos, analizuojami atakų atpažinimo metodai. Nagrinėjami atakų klasifikavimo būdai. Didelis dėmesys skiriamas kompiuterių sistemos saugumo lygio įvertinimo metodams, kompiuterių prievadų žvalgos būdams ir žvalgos atpažinimo metodams. Skyriaus pabaigoje formuluojamos išvados ir konkretizuojami disertacijos uždaviniai. Antrajame skyriuje pateikta sudaryta atakų nukreiptų į kompiuterių... [toliau žr. visą tekstą]
23
Jastiuginas, Saulius. "Information Security Management: The Study of Lithuanian State Institutions." Doctoral thesis, Lithuanian Academic Libraries Network (LABT), 2012. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2012~D_20121227_090041-07949.
Full textAbstract:
Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information security management in this thesis, and new information security management solutions are searched in the information management sciences. Critical analysis of information management and information security management links, was established a theoretical basis to form an integral information security management model. Integral information security management model, constructed at a theoretical level, shows a complex approach towards information security, integrates information management and information security management. Integral information security management model allows indentifying information security management weaknesses in the Lithuanian State institutions, rectifying deficiencies, provide an integrated and efficient information security management. A practical research and obtained results grounded the constructed model’s applicability both for further theoretical academic research and for practical application in the Lithuanian State institutions.Nuolat augantys informacijos saugumo incidentų atvejai ir mastai iliustruoja, kad informacijos saugumo problemų aktualumas tampa kritinis, o esamos informacijos saugumo valdymo priemonės nėra pakankamos informacijos saugumui valdyti. Siaurą informacijos saugumo, kaip technologinės problemos, supratimą plečia ekonominių, vadybinių, psichologinių, teisinių ir kitų susijusių aspektų įtaka informacijos saugumui. Disertacijoje teigiama, kad informacijos saugumo valdymo objektas yra informacija, todėl informacijos saugumui valdyti pasitelktini informacijos vadybos metodai ir būdai. Identifikavus ir kritiškai įvertinus informacijos vadybos bei informacijos saugumo valdymo diskursų sąsajas sukurtas teorinis pagrindas suformuoti integralų informacijos saugumo valdymo modelį. Teoriniame lygmenyje sukonstruotas integralus informacijos saugumo valdymo modelis atskleidžia kompleksinį požiūrį į informacijos saugumą, integruoja informacijos vadybą ir informacijos saugumo valdymą bei leidžia identifikuoti informacijos saugumo valdymo Lietuvos valstybės institucijose trūkumus, o šiuos trūkumus pašalinus, užtikrinti kompleksišką ir efektyvų informacijos saugumo valdymą. Empirinis tyrimas ir gauti rezultatai pagrindė teoriniame lygmenyje sukonstruoto modelio pritaikomumą tiek tolesniems teoriniams moksliniams tyrimams, tiek praktinėje Lietuvos valstybės institucijų veikloje.
24
Vasileiadis, Alexios. "Security concerns and trust in the adoption of m-commerce." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2014. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2014~D_20140113_131752-55666.
Full textAbstract:
This work is of theoretical and practical importance, that is, generation of new knowledge associated with mobile commerce adoption in terms of security concerns and trust which will help not only future researchers but also e-businesses.
Despite the fact researchers have examined the adoption of m-commerce in a holistic way, the author found there was no research focusing solely and in-depth on the determinants of trust and perceived risk. The problem was to examine how the above determinants affect the intention to adopt m-commerce.
The objects are mobile commerce, security concerns and trust. The purpose of this study is twofold, namely, empirical and explanatory. As for the objectives, it was necessary to review the literature, propose a research model, analyze the results, and verify or reject the proposed hypotheses. When it comes to the hypotheses, there was a test on whether trust, perceived risk, perceived usefulness, and perceived ease of use negatively or positively affect the constructs of the proposed model.
The author used theoretical and empirical collection methods. As for the theoretical ones, analogy, generalization and modeling methods were used. Concerning the empirical ones, due to the fact that quantitative approach was chosen, a survey instrument, that is, questionnaire was used. After the results had been collected, SPSS 22 was used to perform descriptive data analysis of Likert summative scales. At last, the results along with the research limitations... [to full text]Šio darbo teorinė ir praktinė svarba yra naujų žinių, susijusių su saugumo ir pasitikėjimo problemų sprendimais mobilios komercijos kontekste, kūrimas kuris pasitarnaus ne tik mokslinei bendruomenei, bet ir e-verslui. Nepaisant to, jog mobilios komercijos įsisavinimas plačiai analizuotas holistiniu požiūriu, magistrinio darbo autorius nerado atliktų išsamių tyrimų išsamiau aptariančių pasitikėjimo ir saugumo veiksnių poveikio mobilios komercijos kontekste. Darbo problema formuluojama, kaip patikimumo ir saugumo veiksniai daro įtaką mobilios komercijos įsisavinimui. Tiriamieji objektai yra mobili komercija, saugumas ir patikimumas. Šio tyrimo tikslas yra dvejopas: empirinis ir aiškinamasis. Siekiant tyrimo tikslo, buvo išstudijuota literatūra, pasiūlytas mokslinio tyrimo modelis, išanalizuoti rezultatai ir įvertintos suformuluotos hipotezės. Mokslinio tyrimo eigoje autorius panaudojo teorinius ir empirinius duomenų analizės ir rinkimo metodus. Teorinėje dalyje buvo panaudoti panašumo, apibendrinimo ir modeliavimo metodai. Empirinėje dalyje įgyvendintas kiekybinis tyrimas, duomenys renkami apklausos būdu struktūruoto klausimyno pagalba. Surinkti duomenys apdoroti SPSS aplinkoje atliekant aprašomųjų duomenų analizę pagal Likerto suminių vertinimo skales. Galutinis šio tyrimo tikslas buvo patikrinti suformuluotas hipotezes. Kalbant apie išvadas, privatumo rizikos suvokimas, mobilių mokėjimų, mobilios komercijos įstatymų ir gaunamų produktų kokybė turėjo neigiamą įtaką mobilios... [toliau žr. visą tekstą]
25
Ravndal, Ellen Jenny. "A force for peace : expanding the role of the UN Secretary-General under Trygve Lie, 1946-1953." Thesis, University of Oxford, 2015. https://ora.ox.ac.uk/objects/uuid:4524630e-0f72-4169-b3e3-c53d250a3424.
Full textAbstract:
The UN secretary-general plays an important political role in world politics, yet the UN Charter describes him merely as "the chief administrative officer of the Organization". How did such a development come about? The existing narrative tends to emphasise the contribution made by Dag Hammarskjöld, the United Nation's second secretary-general from 1953 to 1961. This thesis argues that there are two problems with this narrative. First, it overlooks the precedents set under the first UN secretary-general, Trygve Lie, who was in office from 1946 to 1953. Second, it places too much emphasis on the personal role played by Hammarskjöld, and fails to adequately consider the importance of institutional factors. The main empirical contribution of this thesis is to highlight the importance of precedents set during the first years of the UN's existence while Lie was secretary-general. Through his active stance on political issues in relation to Iran, Palestine, Berlin, Chinese representation, and Korea, as well as his consistently strong defence of the UN's unity and principles, Trygve Lie succeeded in carving out space for the secretary-general to act autonomously on political issues, which later secretaries-general could build on. The thesis' main theoretical contribution is to emphasise the importance of institutional factors in the development of the UN secretary-general's political role. In a conceptual framework based on institutionalism, the thesis explains how the UN secretary-general should be understood to play a 'role' within the 'institution' of the United Nations, and how this makes change of the role and the institution possible. Furthermore, through an examination of the founding of the United Nations and early expectations for the role of the secretary-general, the thesis shows that the institution of the United Nations had been set up from the start in such a way that it not only allowed for an expansion of the office of UN secretary-general, but also made such an expansion likely. The body of the thesis demonstrates how this process played out over time, by examining Lie's activities as secretary-general, and offering a historical narrative of several episodes where the institution 'pulled' to expand the office, just as much as, or even more than, Lie 'pushed' for the same outcome.
26
Eriksson-Asp, Ebba, and Berglund Katarina Inta. "Betala nu, senare eller lite då och då : En kvalitativ studie om betalningsmetoders betydelse för svenska konsumenters köpprocess online." Thesis, Södertörns högskola, Institutionen för samhällsvetenskaper, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:sh:diva-46039.
Full textAbstract:
The growing e-commerce market has fundamentally changed the consumption behaviors among swedes, and it is more popular than ever for people to carry out their everyday transactions online. These new shopping opportunities place different demands on the consumer compared to traditional shopping, and the consumer behavior has come to include more analysis regarding risk and security especially when it comes to the final payment step. This study therefore aims to create an understanding of consumers' experience of the importance of payment methods during the online buying process. To execute this aqualitative approach was used where the data collection has been carried out through method triangulation, in the form of a combination of observations together with semi-structured interviews. A total of 10 purchase interviews were made with respondents aged 26 - 59, where the participants fictitiously made an optional product purchase online, which they simultaneously verbally described through sharing their thoughts and motivations for their actions in the process. The observations were complemented with interviews to confirm the buying process but also to achieve an in-depth understanding of their behavior. Results show that most of the respondents generally value the benefits that different payment methods provide when buying online, because it facilitates smooth and secure online transactions. Half of the participants prefer to pay directly for online purchases, while the other half prefer to pay after the product has been delivered, but it varies in what way these preferences affect their behavior during the buying process. Most of the respondents appear to place less emphasis on specific payment options during the buying process and devote more focus to other factors. It is shown that only three out of ten respondents value the payment method (invoice via Klarna) as a significant factor in their buying process in a way that they experience this influencing their choice of website. Part of the conclusion is that the result shows tendencies that the importance of payment methods in the online buying process varies with the type of purchase situation the payment takes place in, related to the consumer's perceived uncertainty about the purchase.
27
Ališauskaitė, Vaida. "Kompiuterių tinklų saugos modelių sudarymas." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2008. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2008~D_20080128_103419-62847.
Full textAbstract:
Magistriniame darbe išanalizuoti įvairios paskirties saugos modeliai. Pagal gautus rezultatus sudarytas apibendrintas informacijos saugos praradimo riziką įvertitnantis kompiuterių tinklų saugos modelis. Sukurta grėsmę keliančius įvykius aptinkanti sistema.The master's work analysis different types of security models. It also proposes a new computer network security reference model, which includes risk management process. A suspicious network events detection system is designed to make network monitoring easier.
28
Miškelevičius, Andrius. "Bankinių apmokėjimų pranešimų perdavimo sauga." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2010. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2010~D_20100825_102917-11422.
Full textAbstract:
Šiais laikais daugelis bankinių atsiskaitymų vyksta elektroninėje erdvėje. Operatyvumas bei patogumas per kelis dešimtmečius bankines sistemas integravo į viso pasaulio verslą. Vis populiarėjant e. komercijai elektroninės bankininkystės sistemos integravosi į WEB aplikacijas, kuriomis gali naudotis visi elektroninės erdvės vartotojai. Atsiskaitymai elektroninėje erdvėje sukuria didelę pridėtinę vertę visai ekonomikai tačiau dėl didelio panaudojimo masto išaugo ir opios saugumo grėsmės. Dėl piktavališkų veiksmų el.erdvėje per metus padaroma žala siekia 1 trilijoną dolerių, dėl šių patiriamų didelių nuostolių mažėja investicijos į naujų technologijų diegimą ko pasėkoje dar labiau sumažėja saugos lygis. Bankinių apmokėjimų programinė įranga, kuri apdoroja bankinius atsiskaitymus yra laikoma atskira sistemos dalimi, į kurią ji yra integruota. Ši posistemė lanksčiai ir paprastai integruojasi į bendrą sistemą ir efektyviai atlieka svarbias funkcijas susijusias su apmokėjimų apdorojimu. Bankinių apmokėjimų sistema skirta, operatyviai bei lanksčiai apdoroti mokėjimus bei apie įvykusius apmokėjimus informuoti tiek siuntėją, tiek ir gavėją.Nowadays, many banking payments takes place in cyberspace. Timeliness and convenience through several decades integrated banking systems in the business world. However e.commerce popularity integrated electronic banking systems into Web applications that are available to all users of electronic space. Payments in cyberspace creates significant added value to the economy as a whole but on a large spread banking systems increase sensitive security threat. The hostile actions in e.space damage per year increase to 1 trillion dollars, for the losses incurred by major reduction in investment in new technologies it resulting in further decrease in the level of safety. All IT professionals can help create a safer online space, because the future of electronic payments become more closely associated with our business and life. The purpose of this work is to analyze banking systems safety and threats. In this work I designed and tested several banking systems and choose the best security solutions, to reduce security threats of electronic payments.
29
Aleksa, Karolis. "The Impact of the US Military Transformation on Russian and Chinese Security Policy." Doctoral thesis, Lithuanian Academic Libraries Network (LABT), 2012. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2012~D_20121211_095626-96389.
Full textAbstract:
Although US remained the strongest military power in international system after the Cold War, it was still deeply concerned how to retain its military dominance in the longer term, that could guarantee US further predominance in solving major international issues. Three US military transformation initiatives, namely the transformation of the US conventional forces, the development of missile defence systems and long-range conventional precision-strike capability, are considered as the main instruments to maintain US military dominance in the future. Considering that for Russia and China, which are perceived as the major US opponents, the US military transformation emerged as a big challenge, the research problem is formulated as an attempt to understand whether and how the US military transformation poses a threat to Russia and China’s security and in turn, how this affects Russian and Chinese security policy towards the United States. Accordingly, the goal of the dissertation is to examine the impact of the US military transformation on Russian and Chinese security policy since the end of the Cold War and until 2010. The offence-defence balance theory provides the theoretical and analytical basis for the research. The results of the research have shown that US has managed to achieve an offensive advantage in the conventional offence-defence balance against Russia and China and has had a real possibility to gain such an advantage in the nuclear offense-defence balance... [to full text]Po Šaltojo karo JAV išliko stipriausia kariniu požiūriu valstybė, tačiau, nepaisant to, JAV buvo itin susirūpinusi savo karinio pranašumo išlaikymu ateityje, kuris leistų užtikrinti tolesnę JAV lyderystę sprendžiant svarbiausius tarptautinius klausimus. JAV karinio pranašumo išlaikymo priemonėmis po Šaltojo karo tapo trys karinės JAV tranformacijos iniciatyvos: konvencinių pajėgų transformacija, priešraketinių gynybos sistemų ir ilgo nuotolio tikslaus konvencinio smūgio pajėgumų kūrimas. Atsižvelgiant į tai, kad Rusijai ir Kinijai – oponuojančioms JAV valstybėms, JAV karinė transformacija tapo dideliu iššūkiu, disertacijoje tyrimo problema apibrėžta kaip siekis suprasti, ar ir kaip JAV karinė transformacija kelia grėsmę Rusijos ir Kinijos saugumui, ir kaip tai veikia Rusijos ir Kinijos saugumo politiką JAV atžvilgiu. Atitinkamai darbo tikslas buvo ištirti JAV karinės transformacijos poveikį Rusijos ir Kinijos saugumo politikai nuo Šaltojo karo pabaigos iki 2010 m. Puolimo-gynybos balanso teorija buvo pasirinkta kaip disertacijos tyrimo teorinė ir analitinė prieiga. Disertacijos tyrimas parodė, kad, nepaisant įgyto konvencinio puolimo pranašumo ir realios galimybės siekti branduolinio puolimo pranašumo, JAV nevykdė agresyvios saugumo politikos Rusijos ir Kinijos atžvilgiu. Rusija ir Kinija jautriai reagavo į JAV karinę transformaciją, stengdamosi įgyti konvencinį puolimo pranašumą, išsaugoti branduolinį puolimo-gynybos balansą, o taip pat užkirsti kelią JAV susikurti... [toliau žr. visą tekstą]
30
Tauginas, Tomas. "Lieutva Europos ir euroatlantinėje saugumo sistemose: raida, dabartis, ateities perspektyvos." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2006. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2006~D_20061227_094852-62582.
Full textAbstract:
This Final Paper consists of analysis of NATO and EU role to Lithuanian security by identifying our days and future threats to Lithuanian security and identification of the future of the Lithuanian security policy.
In the first part of this final paper was glanced through NATO and EU CFSP and DP history, highlighting problems of EU integration to Euroatlantic security. It can be assumed that more then half of continuing Cold War century NATO has assured the creation and the welfare of Eastern Europe. The collective defense remains further of one’s NATO functions, by that time EU is not responsible of European collective defense. EU stands just in crisis management. The NATO��s and EU’ intercourse problem maintains historical and national color.
The second part was dedicated to analyze the evolution of Lithuanian membership in NATO, EU CFSP and DP. It was noticeable that Lithuanian NATO membership gives security to country against straight military invasion by discouraging potential threats. The EU membership gives economical sanctions to threat object just de facto i. m. after, for example, the invasion to Lithuania. But according to NATO and EU agreements, nations which belong to these organizations are allowed to choose the way of reaction so it’s might depend on relationship of each of them and Lithuania.
The type and the spectrum of threats were identified in the last part and there was made an analysis which of them and in what time dimension might occur against... [to full text]
31
Grabliauskaitė, Aušra. "ES šiaurinio regiono vaidmuo įgyvendinant ES energetinį saugumą XXI amžiuje." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2009. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2009~D_20090612_103411-39900.
Full textAbstract:
Pagrindinis darbo tikslas yra išanalizuoti Europos Sąjungos šiaurinio regiono, akcentuojant Rusijos Federacijos ir Norvegijos Karalystės įtaką regione, vaidmenį, užtikrinant energetinį saugumą Europos Sąjungoje, bei numatyti galimas ES energetikos politikos perspektyvas netolimoje ateityje. Siekiant geriau atskleisti darbo tikslą, keliami šie uždaviniai: apibrėžti saugumo sąvokos pagrindines dimensijas, veiksnius bei regioninio saugumo komplekso svarbą ir reikšmę Europos Sąjungos kontekste; atskleisti Europos Sąjungos šiaurinio ir Arkties regionų vaidmenį ES energetikos politikoje; išanalizuoti dabartinę ES energetinę padėtį ir priklausomybę nuo energetinių išteklių importo; išsiaiškinti Rusijos Federacijos ir Norvegijos Karalystės vietą ES energetinio saugumo kontekste; numatyti ES kaip galimo energetinio saugumo komplekso energetikos politikos ateities gaires.
Parašius darbą pavyko patvirtinti iškeltą ginamąjį teiginį, jog nacionalinių valstybių kova dėl energetinių išteklių ir individualūs sprendimai sudaro sąlygas energetiniam nesaugumui Europos Sąjungoje, kadangi ES deklaruojamas siekis kalbėti „vienu balsu“ ir įgyvendinti bendrą energetinę politiką, prasilenkia su valstybių nacionaliniais interesais ir lieka neįgyvendintas. Nors Europos Sąjunga gali būti laikoma energetiniu saugumo kompleksu, kuriame energetinės priklausomybės santykis tarp šalių yra suvokiamas kaip grėsmė (kurios šaltinis iš esmės yra vienas – Rusijos Federacija), tačiau didėjantis vartojimas ir... [toliau žr. visą tekstą]The main object of this study is to analyze the role of the North region of European Union, ensuring energy security in the EU and foresee the possible perspectives of the EU’s energy policy in the nearest future. The North region is analyzed emphasizing two countries which are main energy suppliers for Europe – Russian Federation and Norway. For a better understanding of the object, the specific proposition has been formulated: the struggle of the national states for energy resources and individual decisions allow energy insecurity in the European Union since the EU’s declared objective „to speak in one voice“ is inconsistent with national interests of EU’s member states. Although the European Union can be defined as the complex of energy security in which the relation of dependence is comprehended as a threat (the main source of this threat is the Russian Federation’s energy monopoly), however the growing consumption and competition for energy resources encourage the countries to search for alternative energy resources and its suppliers. These actions disrupt the initiatives of the common European Union’s energy policy. The political consciousness is not yet grown in the EU’s countries and it determinates the weakness of the EU as a political construct in case of competition with the rising economical powers (such as India and China) for energy resources. On the other hand the consumption is growing in the Russian market as well, which implies possible insecurity of supply... [to full text]
32
Brobliauskas, Žilvinas. "Reliacinių duomenų bazių saugumo modelio tyrimas." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2009. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2009~D_20090828_133828-02790.
Full textAbstract:
Žilvino Brobliausko magistro studijų baigiamajame darbe atliekamas daugiašalio reliacinių duomenų bazių saugumo modelio teorinis tyrimas: suformuluojami pagrindiniai reikalavimai, keliami tokio tipo modeliui; pasiūlomas modelis, leidžiantis vykdyti paiešką ir taikyti sumos, bei vidurkio agregatines funkcijas neiššifruojant skaitinių duomenų RDBVS pusėje; nurodomi pateikto modelio privalumai ir trūkumai. Pateikiama demonstracinė programa, realizuojanti pasiūlytą modelį.The multilateral security model of relational databases is analyzed in master thesis of Žilvinas Brobliauskas. The results of research includes: the formulated requirements for multilateral security model of relational databases, proposed model, which allows range queries and aggregation functions over encrypted data without decrypting them at RDBMS level, and determined advantages and disadvantages of it. The program which realizes proposed model is given as proof of concept.
33
Cipière, Sébastien. "Un système de médiation distribué pour l'e-santé et l'épidémiologie." Thesis, Clermont-Ferrand 2, 2016. http://www.theses.fr/2016CLF22716/document.
Full textAbstract:
À ce jour, les mesures de risque des cancers ou d’efficacité de leur suivi, se font à partir de recueils de données médicales spécifiques initiés par les médecins épidémiologistes. Ces recueils disposent néanmoins de certaines limites : perte d’information, biais de déclaration, absence de données pour un risque non connu, biais de mesure (par exemple pour les données de nature médico-économiques). Le partage sécurisé de données médicales entre différentes structures médicales publiques et/ou privées est à ce jour en pleine mutation technologique. Les technologies proposées doivent rendre possible un partage électronique et sécurisé de ces données de manière à les rendre disponible à tout instant dans le cadre de l’observation sanitaire à l’évaluation de prises en charge ou de politiques de santé. Pour répondre à ces besoins, l’infrastructure GINSENG se base sur des informations produites dans le cadre des soins, sans nouvelles modalités de recueil, permettant à la fois une vitesse d’accès à l’information et une exhaustivité accrue. Ce recueil se fait par ailleurs avec de meilleures garanties d’anonymat et un chaînage de l’information médicale pour chaque patient. Une autorisation de la CNIL a été octroyée à l’infrastructure informatique du projet ainsi qu’à son utilisation pour le suivi des cancers en octobre 2013. Depuis le portail web e-ginseng.com, les médecins habilités s’authentifient grâce à leur Carte de Professionnel de Santé (CPS). Chaque patient, dont les données médicales sont réparties dans les établissements de santé, est identifié avec son accord, par les attributs suivants : nom, prénom, année et mois de naissance ainsi que son code postal de résidence avant d’être assigné à un numéro d’identification unique et anonyme. La mise à jour des données médicales de chaque patient est réalisée une fois par semaine ; chaque médecin peut alors consulter toutes les informations médicales relatives à chaque patient par une simple connexion au réseau. Ces informations lui apparaissent sous forme d’une arborescence d’évènements médicaux. Par exemple, un médecin chargé du suivi des patients dans le cadre du dépistage organisé pourra accéder directement depuis le portail web aux informations médicales dont il aura besoin pour établir une fiche médicale exhaustive du parcours du patient pour lequel un cancer aurait été détecté ou bien une suspicion de cancer qui se serait avérée négative suite à plusieurs examens médicaux. Un médecin épidémiologiste peut également réaliser des requêtes statistiques d’envergure sur les données médicales afin de répondre à des questions d’intérêt en santé publique. Pour aller plus loin, les requêtes épidémiologiques lancées sur les données médicales peuvent être couplées à des informations d’utilité publique recueillies sur d’autres bases de données en accès libre sur internet. L’infrastructure informatique GINSENG est actuellement déployée pour le suivi des cancers en région Auvergne entre les structures de gestion du dépistage organisé du cancer (SGDO) et le cabinet d’anatomie et cytologie pathologiques (ACP) Sipath-Unilabs. Le recours à un hébergeur de données de santé (HADS), nommé Informatique de sécurité (IDS), est également proposé pour le stockage des informations confidentielles des patients. Cette infrastructure permet actuellement de collecter toutes les informations médicales d’intérêt pour le suivi des cancers et l’évaluation des pratiques médicales. Les équipes de bio-statistiques et de santé publique du CHU de Clermont-Ferrand établissent actuellement les analyses épidémiologiques d’intérêt à partir des données collectées par le réseauThe implementation of a grid network to support large-scale epidemiology analysis (based on distributed medical data sources) and medical data sharing require medical data integration and semantic alignment. In this thesis, we present the GINSENG (Global Initiative for Sentinel eHealth Network on Grid) network that federates existing Electronic Health Records through a rich metamodel (FedEHR), a semantic data model (SemEHR) and distributed query toolkits. A query interface based on the VIP platform, and available through the e-ginseng.com web portal helps medical end-users in the design of epidemiological studies and the retrieval of relevant medical data sets
34
Delettre, Christian. "Plateforme ouverte, évolutive, sécurisée et orientée utilisateur pour l'e-commerce." Thesis, Nice, 2014. http://www.theses.fr/2014NICE4111/document.
Full textAbstract:
De nos jours, l’e-commerce est devenu un écosystème complexe où de multiples solutions (en termes de plateforme) sont possibles et réalisables pour un e-commerçant. En parallèle, un nouveau paradigme a fait son apparition, celui du Cloud Computing. Malgré les avantages certains qu’il apporte, peu des plateformes existantes sont pensées pour fonctionner sur une architecture Cloud. De plus, face à la complexité d’obtenir une plateforme d’e-commerce (PE) sécurisée, flexible et évolutive s’appuyant sur des applications et services hétérogènes existants et répondant aux besoins des e-commerçants, il est légitime de se demander si une PE basée sur le Cloud permettrait de réellement simplifier les difficultés rencontrées par les e-commerçants. Cette thèse propose de valider la pertinence de l’utilisation du Cloud dans un contexte d’e-commerce avant de proposer les principes architecturaux d’une PE ouverte, évolutive et sécurisée basée sur une architecture de Cloud. De plus, la mise en œuvre d’une PE par un e-commerçant, n’est pas orientée utilisateur. Face à ceci, nous proposons un mécanisme orienté utilisateur simplifiant la mise en œuvre d’une PE tout en assurant un haut degré de sécurité au sein de celle-ci. Enfin, nous nous sommes également intéressés à répondre à la question suivante dans un contexte d’e-commerce : Comment assurer qu’aucune inférence d’activités sur une taille constatée d’une BD ne puisse être réalisée par des entités non autorisées ? Pour y répondre, nous proposons une solution de sécurité de dissimulation de données orientée utilisateur permettant de résoudre la propriété de confidentialité forte des données au sein des SGBDRNowadays, e-commerce has become a complex ecosystem where multiple solutions (in terms of platforms) are possible and feasible for e-merchant. Concurrently, a new paradigm called Cloud Computing has emerged. Despite some advantages it brings, few of these platforms have been designed to operate on a Cloud architecture. Thus, because of the complexity to design a flexible and scalable e-commerce platform (EP), based on existing heterogeneous applications/services and fulfilling the needs of e-merchants, it is legitimate to ask ourself if a PE based on the Cloud would really simplify the difficulties faced by e-merchants. This thesis aims to validate the relevance of using the Cloud Computing in the e-commerce context and propose the architectural principles of an open, scalable and secure EP based on a Cloud architecture. In addition, the EP used by e-merchants are not user-centric EP. As a consequence, we propose a user-centric mechanism simplifying the design and implementation of an EP while ensuring a high security level. Finally, we tried to answer the following question: How to ensure that no activity inference on a database size, in an e-commerce context, can be achieved by unauthorized entities? As a response, we propose a user-centric security solution of data concealment to resolve the property of strong data confidentiality within relational database management system (RDBMS)
35
Raižys, Artūras. "Duomenų apsaugos metodai CD/DVD laikmenoms." Bachelor's thesis, Lithuanian Academic Libraries Network (LABT), 2011. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2011~D_20110831_114615-63291.
Full textAbstract:
Šiandieniniame pasaulyje duomenys yra viena vertingiausių prekių. Svarbių ar slaptų duomenų praradimai gali padaryti didelę materialinę žalą. Duomenų apsaugos priemonėms yra išleidžiamos milžiniškos pinigų sumos. Darbo metu analizuojami esami duomenų apsaugos įrankiai ir metodai, gilinantis į duomenų apsaugą pernešamose laikmenose, CD ir DVD diskuose. Analizės metu surinkti duomenys apie duomenų apsaugą nuo kopijavimo ir peržiūrėjimo bei panaudojimo naudojami eksperimente siekiant nustatyti tinkamiausius metodus būsimai programinei įrangai, skirtai duomenims apsaugoti. Vykdant eksperimentą siekiama patikrinti šifravimo algoritmų laiko sąnaudas. Tam tikslui atliekamos šifravimo ir dešifravimo operacijos su 10 MB ir 100 MB failais. Sukurta sistema leidžia apsaugoti duomenis CD ir DVD diskuose nuo neteisėto peržiūrėjimo ar panaudojimo. Sistemos pagalba sukurti apsaugoti duomenų diskai, be jokios papildomos programinės įrangos, yra panaudojami kituose kompiuteriuose, kuriuose įdiegta Windows XP/Vista/Win7 operacinė sistema.In the current world data is one the most valued items. Loss of relevant and secret data may cause huge material harm. Grant sums of money are spent for data security methods. In the paper the available tools and methods of data security are analyzed, security methods for CD and DVD media are discussed. The information collected on the data copy-protect and cryptography as well as use security is used in an experiment aiming to identify the most fitting methods for software of data security. The implementation of the experiment is aimed at checking the time input for cryptography algorithms. For this purpose the crypt and decrypt operations with 10 MB and100 MB files are performed. The developed system allows to keep data safe from illegal review and use in CD and DVD. Safety data records developed with the help of the system may be used without any extra software in other computers in which Windows XP/Vista/Win7 operation system is installed.
36
Radzevičius, Vitalius. "Žiniatinklio turinio valdymo sistemų saugumo tyrimas." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2013. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2012~D_20131105_095111-64553.
Full textAbstract:
Internete galima rasti nemažai svetainių, kurios yra sukurtos naudojantis viena iš daugelio šiuo metu prieinamų žiniatinklio turinio valdymo sistemų (TVS). TVS paprastai nereikalauja išsamių techninių žinių, jos ir kuriamos su idėja, kad bet kuris naudotojas galėtų nesunkiai sukurti ir paskelbti savo interneto svetainę. Deja, eiliniai TVS naudotojai dažnai turi nedaug žinių informacijos saugumo srityje. Turinio valdymo sistemų pagrindu sukurtoms svetainėms, kaip ir nuo pagrindų suprogramuotiems tinklalapiams, kyla panašios bendrosios su saugumu susiję grėsmės. Tačiau be bendrųjų grėsmių dar egzistuoja ir specifinės, kurias įprastinės saugumo tikrinimo-vertinimo priemonės sunkiai aptinka. Šios problemos dažnai būna konfigūracijos lygmenyje, todėl iš esmės kiekvienai turinio valdymo sistemai ir jos versijai reikia individualiai pritaikyto saugumo vertinimo taisyklių rinkinio. Šiame darbe buvo sudarytas specifinių TVS saugumo kriterijų sąrašas, pateiktas šių kriterijų atitikimą vertinančios programos modelis, suprogramuoti du kriterijų vertinimo algoritmai, įvertinantys dviejų populiarių žiniatinklio TVS (Drupal bei Joomla) reikalavimų atitikimą, bei atliktas eksperimentinis tyrimas su minėtomis žiniatinklio turinio valdymo sistemomis. Tyrimas atliktas su ką tik įdiegtomis turinio valdymo sistemomis ir pakartotas po sistemų parametrų konfigūravimo. Taip pat įvertintos dvi internetu prieinamos ir lankomos Drupal TVS pagrindu sukurtos svetainės.There are quite a few websites online that use one of many currently available web content management systems (CMS). CMS usually do not require in-depth technological knowledge. In fact, they are designed with an idea that any user can create and publish their website. Unfortunately, ordinary CMS users often lack knowledge in security area. CMS-based websites, same as those that are created from scratch, experience similar common security threats. In addition to common security threats, there are some CMS-specific ones that are hardly discovered by standard security assessment programs, generally called web vulnerability scanners. Security problems often lie in configuration level and, in order to discover them, CMS-specific security checking rules are required. In this paper, CMS-specific security requirements list was compiled and model of the programs that checks if CMS complies with requirements was provided. Then two algorithms were programmed that helped assess how Joomla and Drupal web content management systems comply with security requirements. Experimental study was carried out with two aforementioned content management systems. The study was carried out with the freshly installed content management systems, and then repeated after system configuration parameters adjustment. Finally, two Drupal CMS-based and online-accessible websites were assessed.
37
Kavaliūnaitė, Sigita. "Soft security in the context of Eastern Dimension of European neighbourhood policy: a management approach." Doctoral thesis, Lithuanian Academic Libraries Network (LABT), 2013. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2013~D_20130206_095551-32509.
Full textAbstract:
The subject matter of this research is content, features, role and prospects of soft security in the context of Eastern Dimension of European Neighbourhood Policy by identifying and analysing soft security as a component of the European Union initiated joint project management in the area of Eastern Dimension of European Neighbourhood Policy covering Armenia, Azerbaijan, Belarus, Georgia, Moldova and Ukraine, as well as Russian Federation. The objective of this research is to define ability of soft security component to effectively facilitate the process of security governance leading to increasing level of regional security and stability.Šios disertacijos tyrimo objektas – minkštasis saugumas Europos kaimynystės politikos Rytų dimensijos kontekste, identifikuojant ir analizuojant minkštąjį saugumą kaip Europos Sąjungos inicijuojamų bendrų projektų ES Kaimynystės politikos Rytų dimensijos erdvėje, apimančioje Armėniją, Azerbaidžaną, Baltarusiją, Gruziją, Moldovą ir Ukrainą, o taip pat ir Rusijos Federaciją,valdymo komponentą. Siekiama, analizuojant minkštąjį saugumo komponentą, atskeisti jo gebėjimą skatinti, įgalinti ir lengvinti regiono saugumo ir stabilumo efektyvaus valdymo procesą.
38
Milkeraitytė, Kristina. "Private Military and Security Companies and Their Personnel in the Context of International Humanitarian Law." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2009. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2009~D_20090629_101808-18164.
Full textAbstract:
The tendency after the end of the Cold war to downsize national armies on the one hand and persistent armed conflicts in unstable African, Near East and Balkan regions on the other created opening conditions for the revival and rapid evolvement of the private business structures that provide military and security services. Prevailing viewpoint that PMSCs and their personnel represent the new form of the mercenary is not correct from the IHL perspective and could lead to serious human rights abuses. Numerous cases and analysis of the scholar literature shows that inaccurate qualification of the PMSCs’ employees’ status results into deprivation of certain scope of protection from private contractors. Moreover, since there are no accountability and control mechanisms, a high risk for the abuses and impunity for violations of the IHL occurs.
Present master thesis aims to analyze international legal status of the PMSCs and their personnel in the context of armed conflict. It also assesses conformity of the existing practice to the IHL norms. In order to conclude a comprehensive research, author provides historical perspective of the warfare privatization, surveys factors that contributed to the outsourcing of military functions, defines what is PMSC, what are their types and capacity of each type, highlights distinguishing features between mercenaries and private contractors and gives a review of the contemporary practice of their use in the armed conflicts.
Hypothesis that... [to full text]Pasibaigus Šaltajam karui išryškėjusi tendencija valstybėms mažinti savo ginkluotąsias pajėgas ir nuolatiniai kariniai konfliktai nestabiliuose Afrikos, Artimųjų Rytų, Balkanų regionuose sudarė palankias sąlygas atgyti ir sparčiai plėtotis privačių, karines ir saugumo paslaugas teikiančių, kompanijų verslui. Vyraujantis požiūris, kad PKSK-jų darbuotojai atstovauja naują samdinystės formą nėra teisiškai korektiškas ir gali lemti grubius žmogaus teisių pažeidimus. Gausi praktika bei mokslinės literatūros analizė rodo, kad privačių kompanijų darbuotojų teisinis statusas klaidingai ir skirtingai kvalifikuojamas pagal tarptautinę humanitarinę teisę. Viena vertus tai sąlygoja kad kompanijų darbuotojams nesuteikiama jiems priklausanti apsauga. Antra vertus, nesant aiškių tarptautinės PKSK-jų atskaitomybės ir kontrolės mechanizmų, susidaro sąlygos piktnaudžiavimui bei nebaudžiamumui už įvykdytus nusikaltimus. Šiame magistro baigiamajame darbe siekiama išanalizuoti PKSK-jų ir jų darbuotojų tarptautinį teisinį statusą ginkluotų konfliktų metu ir įvertinti egzistuojančios praktikos atitikimą tarptautinės humanitarinės teisės normoms. Siekiant atlikti išsamų tyrimą, iškelti uždaviniai pateikti istorinę karo privatizacijos apžvalgą, aptarti procesą skatinančius faktorius, apibrėžti, kas yra PKSK, kokie jų tipai ir kiekvieno iš jų kompetencija, išryškinti skiriamuosius privačių karių ir samdinių bruožus bei apžvelgti dabartinę praktiką šioje srityje. Remiantis pirmine literatūros analize... [toliau žr. visą tekstą]
39
Lanne, Jean-Baptiste. "Des vies en veille : géographies abandonnées des acteurs quotidiens de la sécurité à Nairobi." Thesis, Bordeaux 3, 2018. http://www.theses.fr/2018BOR30050/document.
Full textAbstract:
Cette thèse porte sur la place dans la ville des acteurs quotidiens de la sécurité à Nairobi, au Kenya. Ces acteurs, appelés génériquement « les veilleurs » afin de signifier du même coup leur tâche professionnelle (surveiller la ville) et leur condition incertaine (« être en veille », vivre dans une forme de suspens), sont entrevus au prisme de deux groupes particuliers : les gardiens de sécurité privée aux portes des résidences de la ville planifiée et les jeunes recrues des youthgroups dans les quartiers de bidonvilles. Privilégiant une approche par les individus et le quotidien, je m’inscris dans le champ renouvelé de la sécurité, sensible depuis une dizaine d’années aux effets « micro » produits par les dispositifs sécuritaires, notamment sur les subjectivités particulières, les affects, les corps et les pratiques routinières. La capitale kenyane présente un double caractère me permettant de mettre en lumière l’acuité de la condition des veilleurs dans la ville : une fragmentation urbaine iconique, voire « cliché » en termes d’imaginaire et une atmosphère générale d’inquiétude, relative au contexte traumatique des violences politiques récentes et à l’émergence de la menace terroriste. Cette recherche s’appuie sur une méthode qualitative de type ethnographique, combinée à l’expérimentation d’une méthodologie de création poétique, afin de lever l’inhibition de la parole. Elle appréhende la condition des veilleurs à trois niveaux de lecture : la condition politique d’individus maintenus dans un registre d’ambiguïté vis-à-vis des communautés qu’ils protègent, la vie quotidienne dérivant de cette condition, enfin le sens que ces individus s’efforcent d’en extraire. Ces trois niveaux me permettent de développer une approche spatiale des concepts d’abandon, désignant cette puissance sécuritaire ambiguë qui assigne les veilleurs dans un « ni dedans, ni dehors » (sur la ligne de démarcation entre le Familier et l’Étranger) ; de vies en attente, pour souligner le poids de l’incertitude au sein de leur quotidien ; enfin de place complexe afin de signifier la puissance des imaginaires spatiaux et temporels par lesquels les veilleurs s’approprient leur conditionThis PhD thesis aims at analysing the place within the city of everyday security actors in Nairobi, Kenya. I call them “veilleurs” (sentinels of the city), playing on the double meaning of the word in French : referring both to their professional activity (watching over the city) and their feeling of living a passive life (watching all day long can be considered as a non-action). The study focuses on two groups in particular : private security guards at the gate of residential compounds in the planned city, and youthgroups members in slum areas. Adopting an individual and everyday-centred approach, this work fits in with the recent renewal of security studies. For the last ten years, those have been advocating a closer attention to “micro” effects produced by security assemblages, especially on subjectivities, affects, bodies, and everyday routines. The city of Nairobi displays a double feature that sheds new light on the sensitive question of the veilleurs. First, its urban fragmentation appears as particularly iconic in terms of imaginaries. Second, Nairobi can be qualified as an “anxious city” in light of the recent political violence (2007-2008) and the emerging terrorist threat. This study is based on both an ethnographic approach and a creative methodology using poetry as a way to free the speech of my interlocutors. It seeks to analyse the place of the veilleurs through three layered readings: their ambiguous political condition (being “on the line” between familiarity and otherness: neither inside nor outside the community they are supposed to watch over), the uncertain everyday life resulting from this condition, and the diverse imaginaries they produce to make sense of it. These three layers allow me to develop both a spatial and social reading of the key concepts of abandonment, lives on hold, and complex place to better understand this particular category of urban workers
40
Dailidė, Martynas. "Interneto paslaugų saugumo užtikrinimo metodų tyrimas." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2004. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2004~D_20040611_154830-55239.
Full textAbstract:
A functional ASP.NET application relies on the successful interoperation of many different elements and technologies. Each solution component provides security capabilities designed to meet its own requirements. However, it is not enough to look at security purely from the perspective of individual components. To provide security for the overall solution you must also consider how the components interact. This paper describes the common characteristics of .NET Web applications from a security perspective. It contains a detail analysis of the key elements of authentication, authorization, and secure communication models, mechanisms (including NTLM, Kerberos and Certificates technologies). It also describes a set of specifications and scenarios that show how these elements might be used together to improve a better Web-Services security.
41
Žabinskas, Vidas. "Interneto serverių apsaugos priemonių tyrimas." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2004. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2004~D_20040601_222038-85803.
Full textAbstract:
Transferring the activities to electronic space, each Internet user could be involved in a risk that the information accessed and transmitted by network might be read, retrieved and, supposedly, trespassed. Therefore, the preventive protection of personal computer and computer system security is relevant in order security gaps in a computer system would appear as less as possible.
Subject of the Work: “PC Security” Internet service website designated to check-out personal computer system security by users on their own.
Goal of the Work: computer security measures analysis and computer security control system development.
The current study contain the analysis of measures that support system to be more attack-resistant: rules necessary for network security resistance; information coding measures; actions disturbing normal system operation; actions to be undertaken in case of successful intruder attack. Requirements for the models of Internet server security and testing system were set therein. Observing the aforementioned requirements computer system security testing system was designed and implemented, system testing carried out, and system user specifications described. For flexibility purposes two check-out options were involved in the testing system: system user performs the computer IP testing himself/herself or testing is performed by a system operator with report sending.
This particular testing system should be very useful for the users because the latter would be... [to full text]
42
Pachomov, Artiom. "Serverių saugumo užtikrinimo sistema Šiaulių valstybinei kolegijai." Bachelor's thesis, Lithuanian Academic Libraries Network (LABT), 2012. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2012~D_20120702_124451-96789.
Full textAbstract:
Šiame darbe analizuojami populiarūs įsilaužimo būdai, apsaugos būdai bei viena įdomesnių apsaugos sprendimų technologijų. Taikant įprastus apsaugos būdus, yra analizuojamas naujas apsaugos būdas ir jo galimybės kurios padės efektyviau apsaugoti serverio nuotolinį administravimą ir palengvinti programinės apsaugos įrangos naudojimą, nereikalaujant didelių papildomų finansinių kaštų.This project is about computer network server security vulnerabilities, basic security options and “Honey Pot” technology solution. This project analyzes by applying basic security options to the presented system, how it makes remote administration security more effective, making it easier and more reliable as well as not requiring big financial investments.
43
Valinčius, Tomas. "Programinės įrangos ir duomenų saugumas: grėsmės ir jų valdymas, šifravimo algoritmai." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2008. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2008~D_20080811_151738-05648.
Full textAbstract:
Darbo tikslas – išnagrinėti būdus darbo kompiuteriu keliamoms grėsmėms valdyti: (1) Aptarti, pažinti grėsmes kompiuterinių sistemų saugumui; (2) Suprasti, kas sukelia šias grėsmes, nagrinėjant programinės įrangos kūrimo procesą; (3) Nustatyti būdus, kurie gali sumažinti ar eliminuoti grėsmes.
Darbe pirmiausiai aptariamos techninės priežastys, lemiančios saugumo spragų programinėje įrangoje pasirodymą; piktavališkų programų tipai bei jų daroma žala. Toliau aptarti šiuo metu naudojami metodai programinės įrangos saugumui ir kokybei užtikrinti, suformuluoti pagrindiniai saugios programinės įrangos kūrimo principai.
Kadangi duomenys yra viena iš trijų kompiuterinės sistemos sudedamųjų dalių (programinė įranga, techninė įranga, duomenys), svarbią dalį darbe užima informacijos slaptumo, konfidencialumo užtikrinimo problema. Aptarti pagrindiniai dalykai, užtikrinantys asmens privatumą darbo kompiuteriu metu; pasiūlyti būdai, kaip tinkamai saugoti privačius/slaptus duomenis; paminėtos teisinės priemonės šioje srityje. Taip pat aptarti saugaus darbo internete principai.
Saugumui užtikrinti labai svarbūs organizaciniai veiksniai. Šiame darbe aptartos organizacinės priemonės duomenų bei programinės įrangos saugumui užtikrinti, saugumo politika, grėsmių analizės priemonės.
Darbe taip pat išnagrinėti šifravimo ir dešifravimo algoritmai – pagrindinės techninės priemonės daugeliui su saugumu susijusių problemų spręsti. Aptarti ne tik šiuo metu naudojami, bet ir patys pirmieji šifravimo... [toliau žr. visą tekstą]Is security in computing a problem? There are many methods and ways developed to help in software quality management. However, the need to quickly release a new software or its version is often more important than software security requirements or threats analysis. The main goal of this work is to analyse the threats in computing and methods to manage software security. The main objectives are: (1) To recognize and discuss the threats in computing; (2) To find the reasons that are causing security problems while studying the software development process; (3) To find ways to eliminate the threats or minimize their impact. First of all, there is a study of technical reasons that are causing vulnerabilities and threats in software to appear. Then there is a review of existing methods to manage software security and quality. An important part of this work is dedicated to privacy, private data management problem. There are methods discussed that ensures privacy in computing. After the review of technical aspects of security, there are methods discussed that insures security from organization’s point of view. Finally, there is a review of encryption systems, there types, differences and measures.
44
Timofejevaitė, Raminta. "Socialinės apsaugos priemonės nedarbo rizikos atveju: Lietuvos ir užsienio valstybių patirtis." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2014. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2012~D_20140627_180528-10323.
Full textAbstract:
Šiame darbe nagrinėjamas socialinės apsaugos priemonių nedarbo rizikos atveju taikymas. Atskleidžiama nedarbo, kaip socialinės rizikos, samprata ir neigiama įtaka valstybės ekonominei raidai ir gerovei. Apžvelgiamas valstybės garantuojamos socialinės apsaugos nedarbo atveju teisinis reguliavimas Lietuvos Respublikos ir tarptautiniuose teisės aktuose. Aptariami šio instituto teisinio reglamentavimo trūkumai. Darbe analizuojama ne tik Lietuvos, bet ir užsienio valstybių patirtis taikant socialinės apsaugos priemones nedarbo rizikos atveju. Remiantis Statistikos depatamento pateiktais 2010-2011 metų Lietuvos gyventojų emigracijos duomenimis, tyrimo objektu pasirinktos Didžiosios Britanijos, Airijos ir Norvegijos valstybių socialinės apsaugos sistemos, kadangi šių šalių teikiamos garantijos ypač aktualios ten gyvenantiems ir dirbantiems Lietuvos piliečiams. Išsamiai apžvelgiamos Lietuvos ir minėtų užsienio valstybių teikiamos aktyvios ir pasyvios socialinės apsaugos priemonės nedarbo rizikos atveju, analizuojamas jų turinys, apimtis, efektyvumas, trūkumai, apžvelgiami naujausi priimtų teisės aktų, reglamentuojančių socialinę apsaugą nedarbo atveju, pakeitimai, juos įtakojusios aplinkybės. Atsižvelgiant į šių ekonomiškai stiprių užsienio valstybių patirtį taikant socialinės apsaugos priemones, pateikiami pasiūlymai dėl Lietuvos socialinės apsaugos sistemos tobulinimo.This paper analyses application of social protection measures in relation to risk of unemployment. Conception of unemployment as of a social risk is exposed together with its negative effect on economic development and welfare of the state. Legal regulation of the state guaranteed social protection in case of unemployment provided for in legislative acts of the Republic of Lithuania and international legislative acts is reviewed. Drawbacks of legal regulation of this institute are discussed. The paper analyses not only Lithuanian experience, but also experience of foreign countries in applying social protection measures in relation to risk of unemployment. Invoking the data provided by the Statistics Lithuania on emigration of Lithuanian residents over years 2010-2011, social security systems of Great Britain, Ireland and Norway were chosen for survey, because social guarantees provided by those countries are especially relevant to Lithuanian citizens who work or reside there. Thorough review of active and passive social security measures in relation to risk of unemployment provided by Lithuania and the aforementioned countries is made, analyzing its content, amount, effectiveness, drawbacks; new amendments of adopted legislative acts, regulating social security in case of unemployment are reviewed together with circumstances that conditioned the amendments. Considering the experience of these economically strong foreign counties in application of social protection measures... [to full text]
45
Kranauskienė, Regina. "Informacijos saugumo valdymas X organizacijoje." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2005. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2005~D_20050518_105648-27939.
Full textAbstract:
In 2001, the Lithuanian Government, considering EU’s eEurope 2005 and eEurope+ Action Plans, approved Lithuania’s strategic plan of information society development, which set a goal to ensure the IT security at public institutions and offices. The same year saw the State’s strategy of technological security approved, which enforced legal regulation of general data security requirements. On December 31st, 2002, the General data security requirements treat information security policy as a sum of different documents (rules and detailed instructions), while commercial IT providers offer organizations only one general document of IT security policy, which reflects ISO/IEC standard 17799 word-to-word, but is not approvable by the order of organization’s head. Therefore the problem is how to use projects prepared by commercial companies, meet the accepted standards and, without contradicting the existing legal acts, create the organization’s security management structure, plus approve the information security policy or rules, usable by organization’s heads and staff. This written work is aimed to analyze Lithuanian and EU legal requirements for information security at public administration institutions and present the student‘s own suggestions on the desirable ideal of organization‘s information security management structure, strategy and policies; administrative, organizational and technological tools of bringing these policies‘ to reality.
46
Chlapotinaitė, Jurgita. "Duomenų apsaugos sistemos analizė." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2005. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2005~D_20050615_123415-57036.
Full textAbstract:
The security system of AES data has been analyzed in this work. The basics of Galue fields, which are related to the mathematical model of the AES algorithm, are also presented in this work. The transformations of The AES algorithm have been analyzed and illustrated with examples. The programmes of the AES algorithm performing these transformations are also presented here. In this piece of paper you will also find some suggestions and their realizations concerning the possibility of the modification of the AES algorithm. Moreover, the restrictions of the key and block of the AES algorithm are submitted. In the last part of the work you will find a program of AES algorithm, as well as sub-keys, S-tables, programs of modified S-tables, and the results of displayed the programs.
47
Ramoška, Aidas. "Apsaugos nuo SQL injekcijų el.verslo svetainėse metodikos sudarymas ir tyrimas." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2013. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2012~D_20131104_105203-08297.
Full textAbstract:
SQL injekcijos atakos taikinys – interaktyvios interneto programos, kurios naudoja duomenų bazės serverius. Šios programos leidžia vartotojams įvesti informaciją ir ją įvedus formuojamos SQL užklausos, kurios siunčiamos į duomenų bazės serverį. Darydamas SQL injekcijos ataką, atakuotojas per įvesties laukus suformuoja kenksmingą SQL užklausos segmentą, kuris modifikuoja buvusią užklausą. Naudodamas SQL injekcijos ataką, atakuotojas gali prieiti prie konfidencialios informacijos, ją modifikuoti ar, apeidamas autorizacijos scenarijų, prisijungti prie sistemos nežinodamas slaptažodžio. Šiame darbe pasiūlytas saugos modulis perima visą vartotojo įvedamą informaciją, pritaiko saugumo taisykles ir taip padidina saugumą apsisaugant nuo SQL injekcijų el. verslo žiniatinklio programose bei registruoja potencialius bandymus sutrikdyti normalų sistemos darbą. Norint įdiegti pasiūlytą saugos modulį, nereikia konfigūruoti serverio ar jo programinės įrangos – modulio diegimo metu keičiasi tik žiniatinklio programos failai. Darbui atlikti pasirinkta PHP programavimo kalba ir MySQL duomenų bazė. Tyrimo metu atlikti testavimo rezultatai parodo, kokius saugos modulio konfigūravimo parametrus reikia taikyti norint užtikrinti maksimalų saugumo lygį.The target of SQL injection attack – interactive web programs, which use database servers. Those programs allow users to input information and as it is imputed, it forms SQL queries, which are sent into database server. With SQL injection help, the attacker using input fields forms harmful section of SQL query, which modifies previous query. Exploiting attack of SQL injection, the attacker may learn confidential information, modify it or connect to system without knowing the password by authorisation bypass. In this research-paper the proposed security model takes over all information inputted by user, adjusts the safety rules and that way it improves the safety in order to guard from SQL injections at electronic business web systems as well as it register potential attempts to disrupt normal work of the system. In order to install the proposed safety model there is no need to configure the server or its software because in the moment of installation it changes only files of website programs. For purpose of executing this work, we use PHP programming language and MySQL database. During the analysis, the received test results show what configuration parameters of safety model we need to use in order to guarantee the maximum level of safety.
48
Čereška, Nerijus. "RFID žymų apsaugos nuo klastojimo metodo sudarymas ir tyrimas." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2013. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2013~D_20130821_135039-15742.
Full textAbstract:
Šiame darbe yra sprendžiama RFID žymų apsaugos nuo klastojimo problema, t.y. kaip neleisti žymų klastotojui išgauti originalios žymos ar visos RFID sistemos identifikacinius ir kitus svarbius duomenis, kurių atskleidimas leistų sukurti originalios RFID žymos klastotę. Darbo analizės dalyje yra plačiau apžvelgiama RFID žymų apsaugos nuo klastojimo problema, gilinamąsi į bendrus RFID technologijos veikimo principus ir RFID žymų kategorijas. Taip pat nustatinėjami galimi RFID žymų klastojimo būdai, jų išvengimo galimybės, apžvelgiami ir detalizuojami kitų autorių sukurti apsaugos metodai, pateikiamos rekomendacijos naujam RFID žymų apsaugos nuo klastojimo metodo sudarymui. Tolimesnėje darbo eigoje yra sudarytas naujas RFID žymų apsaugos nuo klastojimo metodas pagal analizės dalyje padarytas rekomendacijas ir suformuluotas išvadas. Pateikiama pradinė metodo saugumo analizė. Pagal sudaryto RFID žymų apsaugos nuo klastojimo metodo koncepciją ir detalų aprašą yra sukurtas programinis modelis, kuris imituoja metodo veikimą realioje aplinkoje. Naudojantis sukurtu programiniu modeliu ir jo generuojamais rezultatais, buvo atliekamas metodo atsparumo klastojimui įvertinimas. Darbo rezultatų dalyje yra analizuojami RFID žymų apsaugos nuo klastojimo metodo sudarymo metu gauti rezultatai, pateikiamos viso darbo išvados, įvertinamas darbo įvade iškeltų tikslų ir užduočių išpildymas.This paper is addressed to RFID tags anti-counterfeiting problem: how to prevent significant counterfeiters get all important information from orginal tags or all RFID system. The disclosure of that information would provide a chance to create a genuine RFID tag means. A work analysis is a part of a wider survey of RFID tags against counterfeiting problem, explores the general principles of operation of RFID technology and RFID tag categories. It is also explores possible RFID tags manipulation techniques, the avoidance opportunities, an overview and details of other authors to create protection methods and recommendations for a new RFID tags anti-counterfeiting method. The next workflow is composed of new RFID tags anti-counterfeiting method according to the analysis of the recommendations made and the conclusions drawn, provide an initial approach to security analysis. The software model is created by concluded RFID tag anti-counterfeiting method and a detailed description of the concept. The model simulates the performance of the method in a real environment. The ratings of resistance to RFID tags counterfeiting were set using this software model and its generated results. The final part is dedicated to method‘s performance analysis, obtained results and conclusions. It also has objectives and tasks seen in the introduction to the work evaluation.
49
Šlančauskaitė, Giedrė. "PRIVATŪS PENSIJŲ FONDAI IR JŲ RAIDOS LIETUVOJE ANALIZĖ." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2010. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2010~D_20101108_095249-52288.
Full textAbstract:
Magistro darbe yra išsamiai išnagrinėta pensinio socialinio draudimo samprata bei aptarta privačių pensijų fondų istorinė raida, pateikiamas išanalizuotas ir susistemintas privačių pensijų fondų objektyvus reikalingumas Lietuvoje. Sistemingai ištirta Lietuvos pensijų fondų rinkos struktūra bei atlikta išsami Lietuvos privačių pensijų fondų rinkos analizė, pagal kurios rezultatus pateiktos privačių pensijų fondų sistemos tobulinimo galimybės. Patvirtinta autoriaus suformuluota hipotezė, jog Valstybinio socialinio draudimo fondas Lietuvoje negali užtikrinti pakankamo pensinio aprūpinimo, todėl būtina steigti privačius pensijų fondus, kurie turėtų pagerinti pensinį aprūpinimą.This master‘s final paper details examination of the concept of social security also discussed historical development of private pension funds, presents analyzed and structured objective need of private pension funds in Lithuania. Systematically investigates the structure of pension funds market of Lithuania also executes detailed analysis of private pension funds of Lithuania, according to the result of which the opportunities of improvement of private pension funds system are given. Hypothesis that was formulated by the author is approved.
50
Giedraitienė, Indrė. "Vaikų saugumo veiksniai ir kompetencijų ugdymo tobulinimas pradinėje mokykloje (atvejo analizė)." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2006. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2006~D_20060609_154514-24406.
Full textAbstract:
Modern - day school is complicated reflection of our reality. There are many problems in all education institutions that impede successfully collaborate with teachers and students. Occasionaly teachers aren‘t competetive to solve the problems. Education institutions aspiring only intellectual rearrangement forgot the principal thing, that there must be lots of schoolchildren laugh. Especialy significant, abstruse and extremely sore are social student‘s problems because they are indistinguishable part of adults‘ life and are associated with child‘s nature and growth. It is affecteted by proximate and collateral factors. Children‘s sucides, crime victims, their deteriorating health are increasing every day. Such situation caused anxiety and encouraged to research what reasons caused unsafe child‘s emotion.
Safety is certain need which must be met at schools and in families. We have no right not to pay attention to students‘ unsafety.
The purpose of master‘s work is to divulge children‘s unsafety situations at home, school , in a courtyard, in a street and substantiate children‘s safety competence guideline in the primarys school. 100 teachers and 50 learners participated in the survey. It was used the anonymous survey with 26 questions for learners and 13 for teachers. The questions of the survey were of opened and closed type and formulated regarding to the tasks of survey.
The results of the survey showed that physical ambience of... [to full text]