To see the other types of publications on this topic, follow the link: Security systems.
Dissertations / Theses on the topic 'Security systems'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Security systems.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
He, Ying. "Generic security templates for information system security arguments : mapping security arguments within healthcare systems." Thesis, University of Glasgow, 2014. http://theses.gla.ac.uk/5773/.
Full textAbstract:
Industry reports indicate that the number of security incidents happened in healthcare organisation is increasing. Lessons learned (i.e. the causes of a security incident and the recommendations intended to avoid any recurrence) from those security incidents should ideally inform information security management systems (ISMS). The sharing of the lessons learned is an essential activity in the “follow-up” phase of security incident response lifecycle, which has long been addressed but not given enough attention in academic and industry. This dissertation proposes a novel approach, the Generic Security Template (GST), aiming to feed back the lessons learned from real world security incidents to the ISMS. It adapts graphical Goal Structuring Notations (GSN), to present the lessons learned in a structured manner through mapping them to the security requirements of the ISMS. The suitability of the GST has been confirmed by demonstrating that instances of the GST can be produced from real world security incidents of different countries based on in-depth analysis of case studies. The usability of the GST has been evaluated using a series of empirical studies. The GST is empirically evaluated in terms of its given effectiveness in assisting the communication of the lessons learned from security incidents as compared to the traditional text based approach alone. The results show that the GST can help to improve the accuracy and reduce the mental efforts in assisting the identification of the lessons learned from security incidents and the results are statistically significant. The GST is further evaluated to determine whether users can apply the GST to structure insights derived from a specific security incident. The results show that students with a computer science background can create an instance of the GST. The acceptability of the GST is assessed in a healthcare organisation. Strengths and weaknesses are identified and the GST has been adjusted to fit into organisational needs. The GST is then further tested to examine its capability to feed back the security lessons to the ISMS. The results show that, by using the GST, lessons identified from security incidents from one healthcare organisation in a specific country can be transferred to another and can indeed inform the improvements of the ISMS. In summary, the GST provides a unified way to feed back the lessons learned to the ISMS. It fosters an environment where different stakeholders can speak the same language while exchanging the lessons learned from the security incidents around the world.
2
Antonsson, Martin. "Securing XML Web Services : using WS-security." Thesis, University West, Department of Informatics and Mathematics, 2003. http://urn.kb.se/resolve?urn=urn:nbn:se:hv:diva-580.
Full text
3
Крапивний, Іван Васильович, Иван Васильевич Крапивный, Ivan Vasylovych Krapyvnyi, Віталій Анатолійович Омельяненко, Виталий Анатольевич Омельяненко, Vitalii Anatoliiovych Omelianenko, and V. O. Varakin. "Information security economic systems in national security country." Thesis, Sumy State University, 2015. http://essuir.sumdu.edu.ua/handle/123456789/43592.
Full textAbstract:
In today's world, information security becomes vital for ensuring the interests of man, society and the state and the most important, part of the whole system of national security.
Doctrine considers all the work in the field of information based on the Concept of National Security of Ukraine. The doctrine identifies four main components of Ukraine's national interests in the information sphere.
4
Benzina, Hedi. "Enforcing virtualized systems security." Phd thesis, École normale supérieure de Cachan - ENS Cachan, 2012. http://tel.archives-ouvertes.fr/tel-00846513.
Full textAbstract:
Virtual machine technology is rapidly gaining acceptance as a fundamental building block in enterprise data centers. It is most known for improving efficiency and ease of management. However, the central issue of this technology is security. We propose in this thesis to enforce the security of virtualized systems and introduce new approaches that deal with different security aspects related not only to the technology itself but also to its deployment and maintenance. We first propose a new architecture that offers real-time supervision of a complete virtualized architecture. The idea is to implement decentralized supervision on one single physical host. We study the advantages and the limits of this architecture and show that it is unable to react according to some new stealthy attacks. As a remedy, we introduce a new procedure that permits to secure the sensitive resources of a virtualized system and make sure that families of attacks can not be run at all. We introduce a variant of the LTL language with new past operators and show how policies written in this language can be easily translated to attack signatures that we use to detect attacks on the system. We also analyse the impact that an insecure network communication between virtual machines can have on the global security of the virtualized system. We propose a multilevel security policy model that covers almost all the network operations that can be performed by a virtual machine. We also deal with some management operations and introduce the related constraints that must be satisfied when an operation is performed.
5
Ismail, Roslan. "Security of reputation systems." Thesis, Queensland University of Technology, 2004. https://eprints.qut.edu.au/15964/1/Roslan_Ismail_Thesis.pdf.
Full textAbstract:
Reputation systems have the potential of improving the quality of on-line markets by
identifying fraudulent users and subsequently dealing with these users can be prevented.
The behaviour of participants involved in e-commerce can be recorded and then this information made available to potential transaction partners to make decisions
to choose a suitable counterpart. Unfortunately current reputation systems suffer from various vulnerabilities. Solutions for many of these problems will be discussed.
One of the major threats is that of unfair feedback. A large number of negative or
positive feedbacks could be submitted to a particular user with the aim to either downgrade
or upgrade the user's reputation. As a result the produced reputation does not reflect the user's true trustworthiness. To overcome this threat a variation of Bayesian Reputation system is proposed. The proposed scheme is based on the subjective logic framework proposed Josang et al. [65]. The impact of unfair feedback is countered through some systematic approaches proposed in the scheme.
Lack of anonymity for participants leads to reluctance to provide negative feedback.
A novel solution for anonymity of feedback providers is proposed to allow participants
to provide negative feedback when appropriate without fear of retaliation. The solution is based on several primitive cryptographic mechanisms; e-cash, designated verifier proof and knowledge proof.
In some settings it is desirable for the reputation owner to control the distribution
of its own reputation and to disclose this at its discretion to the intended parties. To
realize this, a solution based on a certificate mechanism is proposed. This solution allows the reputation owner to keep the certificate and to distribute its reputation while not being able to alter that information without detection. The proposed solutions cater for two modes of reputation systems: centralised and decentralised.
The provision of an off-line reputation system is discussed by proposing a new solution
using certificates. This is achieved through the delegation concept and a variant of digital signature schemes known as proxy signatures.
The thesis presents a security architecture of reputation systems which consists of different elements to safeguard reputation systems from malicious activities. Elements incorporated into this architecture include privacy, verifiability and availability. The architecture also introduces Bayesian approach to counter security threat posed by reputation systems. This means the proposed security architecture in the thesis is a combination of two prominent approaches, namely, Bayesian and cryptographic, to provide security for reputation systems. The proposed security architecture can be used as a basic framework for further development in identifying and incorporating required elements so that a total security solution for reputation systems can be achieved.
6
Ismail, Roslan. "Security of reputation systems." Queensland University of Technology, 2004. http://eprints.qut.edu.au/15964/.
Full textAbstract:
Reputation systems have the potential of improving the quality of on-line markets by identifying fraudulent users and subsequently dealing with these users can be prevented. The behaviour of participants involved in e-commerce can be recorded and then this information made available to potential transaction partners to make decisions to choose a suitable counterpart. Unfortunately current reputation systems suffer from various vulnerabilities. Solutions for many of these problems will be discussed. One of the major threats is that of unfair feedback. A large number of negative or positive feedbacks could be submitted to a particular user with the aim to either downgrade or upgrade the user's reputation. As a result the produced reputation does not reflect the user's true trustworthiness. To overcome this threat a variation of Bayesian Reputation system is proposed. The proposed scheme is based on the subjective logic framework proposed Josang et al. [65]. The impact of unfair feedback is countered through some systematic approaches proposed in the scheme. Lack of anonymity for participants leads to reluctance to provide negative feedback. A novel solution for anonymity of feedback providers is proposed to allow participants to provide negative feedback when appropriate without fear of retaliation. The solution is based on several primitive cryptographic mechanisms; e-cash, designated verifier proof and knowledge proof. In some settings it is desirable for the reputation owner to control the distribution of its own reputation and to disclose this at its discretion to the intended parties. To realize this, a solution based on a certificate mechanism is proposed. This solution allows the reputation owner to keep the certificate and to distribute its reputation while not being able to alter that information without detection. The proposed solutions cater for two modes of reputation systems: centralised and decentralised. The provision of an off-line reputation system is discussed by proposing a new solution using certificates. This is achieved through the delegation concept and a variant of digital signature schemes known as proxy signatures. The thesis presents a security architecture of reputation systems which consists of different elements to safeguard reputation systems from malicious activities. Elements incorporated into this architecture include privacy, verifiability and availability. The architecture also introduces Bayesian approach to counter security threat posed by reputation systems. This means the proposed security architecture in the thesis is a combination of two prominent approaches, namely, Bayesian and cryptographic, to provide security for reputation systems. The proposed security architecture can be used as a basic framework for further development in identifying and incorporating required elements so that a total security solution for reputation systems can be achieved.
7
Thulnoon, A. A. T. "Efficient runtime security system for decentralised distributed systems." Thesis, Liverpool John Moores University, 2018. http://researchonline.ljmu.ac.uk/9043/.
Full textAbstract:
Distributed systems can be defined as systems that are scattered over geographical distances and provide different activities through communication, processing, data transfer and so on. Thus, increasing the cooperation, efficiency, and reliability to deal with users and data resources jointly. For this reason, distributed systems have been shown to be a promising infrastructure for most applications in the digital world. Despite their advantages, keeping these systems secure, is a complex task because of the unconventional nature of distributed systems which can produce many security problems like phishing, denial of services or eavesdropping. Therefore, adopting security and privacy policies in distributed systems will increase the trustworthiness between the users and these systems. However, adding or updating security is considered one of the most challenging concerns and this relies on various security vulnerabilities which existing in distributed systems. The most significant one is inserting or modifying a new security concern or even removing it according to the security status which may appear at runtime. Moreover, these problems will be exacerbated when the system adopts the multi-hop concept as a way to deal with transmitting and processing information. This can pose many significant security challenges especially if dealing with decentralized distributed systems and the security must be furnished as end-to-end. Unfortunately, existing solutions are insufficient to deal with these problems like CORBA which is considered a one-to-one relationship only, or DSAW which deals with end-to-end security but without taking into account the possibility of changing information sensitivity during runtime. This thesis provides a proposed mechanism for enforcing security policies and dealing with distributed systems’ security weakness in term of the software perspective. The proposed solution utilised Aspect-Oriented Programming (AOP), to address security concerns during compilation and running time. The proposed solution is based on a decentralized distributed system that adopts the multi-hop concept to deal with different requested tasks. The proposed system focused on how to achieve high accuracy, data integrity and high efficiency of the distributed system in real time. This is done through modularising the most efficient security solutions, Access Control and Cryptography, by using Aspect-Oriented Programming language. The experiments’ results show the proposed solution overcomes the shortage of the existing solutions by fully integrating with the decentralized distributed system to achieve dynamic, high cooperation, high performance and end-to-end holistic security.
8
Corteggiani, Nassim. "Towards system-wide security analysis of embedded systems." Electronic Thesis or Diss., Sorbonne université, 2020. http://www.theses.fr/2020SORUS285.
Full textAbstract:
Cette thèse se consacre à l'amélioration des techniques d'analyse dynamiques permettant la vérification de logiciels conçus pour des systèmes embarqués, couramment appelé micrologiciel. Au vu de l'augmentation significative de la connectivité des appareils électroniques, les préoccupations concernant leur sécurité s'intensifient. Les conséquences d'une faille de sécurité sur ces appareils peuvent impliquer des répercussions économiques non négligeables et des difficultés techniques importantes pour appliquer un correctif. C’est le cas notamment des amorceurs de code qui sont généralement stockés sur des mémoires mortes et intégrées dans les couches physiques qui constituent le microcontrôleur. Par conséquent, l’analyse de code source spécifique aux systèmes embarqués pendant la phase de production des micro-contrôleurs est cruciale. Cette thèse présente des techniques d'analyse afin de tester la sécurité de composants logiciel et matériel à l'échelle du système. En particulier, nous nous intéressons aux techniques de test basé sur l'émulation partielle dont nous améliorons les capacités avec trois nouvelles approches. Premièrement, Inception un outil d’analyse dynamique permettant d’appliquer des méthodes de tests exhaustifs (exécution symbolique) sur le code source de micrologiciel même lorsque ce dernier dépend de code plus bas niveau (exemple, code binaire ou assembleur). Deuxièmement, une sonde haute performance basé sur le protocol USB 3.0 afin de réduire la latence lors des communications entre l'outil d'analyse et le vrai matériel. Troisièmement, HardSnap une méthode permettant de générer des instantanés des périphériques matériel afin d'augmenter le contrôle et la visibilité lors de l'exécution symbolique. Cet outil permet de réaliser une exploration concurrente de plusieurs chemins d'exécution sans inconsistanceThis thesis is dedicated to the improvement of dynamic analysis techniques allowing the verification of software designed for embedded systems, commonly called firmware. It is clear that the increasing pervasiveness and connectivity of embedded devices significantly increase their exposure to attacks. The consequences of a security issue can be dramatic not least in the economical field, but on the technical stage as well. Especially because of the difficulty to patch some devices. For instance, offline devices or code stored in a mask rom which are read only memory programmed during the chip fabrication. For all these reasons, it is important to thoughtfully test firmware program before the manufacturing process. This thesis presents analysis methods for system-wide testing of security and hardware components. In particular, we propose three impvrovements for partial emulation. First, Inception a dynamic analysis tool to test the security of firmware programs even when mixing different level of semantic (e.g., C/C++ mixed with assembly). Second, Steroids a high performance USB 3.0 probe that aims at minimizing the latency between the analyzer and the real device. Finally, HardSnap a hardware snapshotting method that offers higher visibility and control over the hardware peripherals. It enables testing concurently different execution paths without corrupting the hardware peripherals state
9
Caronni, Germano. "Dynamic security in communication systems /." [S.l.] : [s.n.], 1999. http://e-collection.ethbib.ethz.ch/show?type=diss&nr=13156.
Full text
10
Lessner, Dirk. "Network security for embedded systems /." [St. Lucia, Qld.], 2005. http://adt.library.uq.edu.au/public/adt-QU20060215.160952/index.html.
Full text
11
Tewatia, Rohit. "Security in Distributed Embedded Systems." Thesis, Halmstad University, School of Information Science, Computer and Electrical Engineering (IDE), 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-1379.
Full textAbstract:
Communication in a sensor network needs guaranteed reception of data without fail and providing security to it. The authenticity and confidentiality of the data has to be ensured as sensors have limited hardware resources as well as the bandwidth. This thesis addresses the security aspects in wireless sensor networks. The main task of the project is to identify the critical security parameters for these distributed embedded systems. The sensors have extremely limited resources: small amount of memory, low computation capability and poor bandwidth. For example, a sensor platform can have 8KB of flash memory, a 4MHz 8-bit Atmel processor, and a 900MHz radio interface. Various security threats posed to these small wireless sensor networks has been made and solutions proposed. Secure communication between these communicating partners is to be achieved using cryptography.
12
Szostak, Rafal. "Security in process control systems." Thesis, Norwegian University of Science and Technology, Department of Telematics, 2009. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9903.
Full textAbstract:
PCS are used to control parts of the critical infrastructure of society, such as electric utilities, petroleum , water, waste, chemicals and pharmaceuticals amongst others. If the PCS become victims of cyber attacks, this can have severe consequences. The consequences may involve health and safety of human lives as well as having a huge impact on national and global economy. Since the merging of COTS and PCS, the previously isolated PCS now face new types of threats due to well-known flaws in COTS, as well as being connected to the Internet. Therefore the focus on securing PCS and ICS in general should get increased attention. In this thesis the laboratory system used was a scaled down PCS that could be tested on without any serious consequences. The laboratory system was delivered by Kongsberg Maritime. The OS is the first unit an attacker from the outside has contact with and it is used for controlling the other components of the system, therefore the OS is the main source of attention in this thesis. A scan was made on the OS to map the vulnerabilities of the OS. The scan was used as a basis for the attacks. Attacks were divided into attacks from the outside (Internet) and attacks from the inside. Under the circumstances of the testing on the laboratory PCS, many of the attacks tried were successful. A shell was planted in the OS, so an attacker could control it remotely, DoS attack flooded the OS and forced it to halt for a few seconds, VNC password was found enabling remote view and control of the OS, replay of packets was successful on the inside of the system making a man in the middle scenario possible. Despite the fact that the laboratory system may not have all the security mechanisms implemented, as the PCS systems in the industry does, the fact that the attacks on the laboratory system are possible may seem a bit disturbing. To prevent from the types of attacks described in this thesis steps has to be taken. Some of the prevention steps can be to regularly patch the system, use firewall filtering, monitor nodes in case of DoS, IDS monitoring and guidelines on system use.
13
Sridharan, Venkatraman. "Cyber security in power systems." Thesis, Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/43692.
Full textAbstract:
Many automation and power control systems are integrated into the 'Smart Grid' concept for efficiently managing and delivering electric power. This integrated approach created several challenges that need to be taken into consideration such as cyber security issues, information sharing, and regulatory compliance. There are several issues that need to be addressed in the area of cyber security. Currently, there are no metrics for evaluating cyber security and methodologies to detect cyber attacks are in their infancy. There is a perceived lack of security built into the smart grid systems, but there is no mechanism for information sharing on cyber security incidents. In this thesis, we discuss the vulnerabilities in power system devices, and present ideas and a proposal towards multiple-threat system intrusion detection. We propose to test the multiple-threat methods for cyber security monitoring on a multi-laboratory test bed, and aid the development of a SCADA test bed, to be constructed on the Georgia Tech Campus.
14
Frid, Jonas. "Security Critical Systems in Software." Thesis, Linköpings universitet, Informationskodning, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-61588.
Full textAbstract:
Sectra Communications is today developing cryptographic products for high assurance environments with rigorous requirements on separation between encrypted and un-encrypted data. This separation has traditionally been achieved through the use of physically distinct hardware components, leading to larger products which require more power and cost more to produce compared to systems where lower assurance is required. An alternative to hardware separation has emerged thanks to a new class of operating systems based on the "separation kernel" concept, which offers verifiable separation between software components running on the same processor comparable to that of physical separation. The purpose of this thesis was to investigate the feasibility in developing a product based on a separation kernel and which possibilities and problems with security evaluation would arise. In the thesis, a literature study was performed covering publications on the separation kernel from a historical and technical perspective, and the development and current status on the subject of software evaluation. Additionally, a software crypto demonstrator was partly implemented in the separation kernel based Green Hills Integrity operating system. The thesis shows that the separation kernel concept has matured significantly and it is indeed feasible to begin using this class of operating systems within a near future. Aside from the obvious advantages with smaller amounts of hardware, it would give greater flexibility in development and potential for more fine-grained division of functions. On the other hand, it puts new demands on developers and there is also a need for additional research about some evaluation aspects, failure resistance and performance.Sectra Communications utvecklar idag kryptoprodukter med högt ställda krav på separation mellan krypterad och okrypterad data. Traditionellt har denna separation gjorts i hårdvara med fysiskt åtskilda komponenter, vilket lett till större produkter, högre energiförbrukning och högre tillverkningskostnader än motsvarande system för lägre säkerhetsnivåer. Ett alternativ till hårdvaruseparation har framkommit tack vare en ny typ av operativsystem baserat på ett koncept kallat "separationskärna", som erbjuder verifierbar separation mellan mjukvarukomponenter på en processor likvärdig med fysisk separation. Syftet med examensarbetet var att undersöka möjligheten att basera en produkt på ett sådant system samt vilka ytterligare möjligheter och problem med säkerhetsevaluering av produkten som uppstår. I examensarbetet utfördes en litteraturstudie av publikationer om separationskärnan ur ett historiskt och tekniskt perspektiv, samt den historiska utvecklingen inom säkerhetsevaluering av mjukvara och dess nuvarande status. Dessutom implementerades delar av ett mjukvarukrypto som en demonstrationsenhet baserad på Integrity från Green Hills Software, vilket är ett realtidsoperativsystem byggt kring en separationskärna. Arbetet visade att separationskärnan som koncept har nått en hög mognadsgrad och att det är rimligt att börja använda denna typ av operativsystem till produkter med mycket högt ställda säkerhetskrav inom en snar framtid. Det skulle förutom uppenbara vinster med minskad mängd hårdvara även ge större flexibilitet vid utvecklingen och möjlighet till exaktare uppdelning av funktioner. Samtidigt ställer det andra krav på utvecklarna och det behövs ytterligare utredning om vissa aspekter av hur evalueringsförfarandet påverkas, systemens feltolerans samt prestanda.
15
Rhead, Donovan Ross. "Security considerations in distributed systems." Thesis, Monterey, California. Naval Postgraduate School, 1991. http://hdl.handle.net/10945/26754.
Full text
16
Hassan, Waqas. "Video analytics for security systems." Thesis, University of Sussex, 2013. http://sro.sussex.ac.uk/id/eprint/43406/.
Full textAbstract:
This study has been conducted to develop robust event detection and object tracking algorithms that can be implemented in real time video surveillance applications. The aim of the research has been to produce an automated video surveillance system that is able to detect and report potential security risks with minimum human intervention. Since the algorithms are designed to be implemented in real-life scenarios, they must be able to cope with strong illumination changes and occlusions. The thesis is divided into two major sections. The first section deals with event detection and edge based tracking while the second section describes colour measurement methods developed to track objects in crowded environments. The event detection methods presented in the thesis mainly focus on detection and tracking of objects that become stationary in the scene. Objects such as baggage left in public places or vehicles parked illegally can cause a serious security threat. A new pixel based classification technique has been developed to detect objects of this type in cluttered scenes. Once detected, edge based object descriptors are obtained and stored as templates for tracking purposes. The consistency of these descriptors is examined using an adaptive edge orientation based technique. Objects are tracked and alarm events are generated if the objects are found to be stationary in the scene after a certain period of time. To evaluate the full capabilities of the pixel based classification and adaptive edge orientation based tracking methods, the model is tested using several hours of real-life video surveillance scenarios recorded at different locations and time of day from our own and publically available databases (i-LIDS, PETS, MIT, ViSOR). The performance results demonstrate that the combination of pixel based classification and adaptive edge orientation based tracking gave over 95% success rate. The results obtained also yield better detection and tracking results when compared with the other available state of the art methods. In the second part of the thesis, colour based techniques are used to track objects in crowded video sequences in circumstances of severe occlusion. A novel Adaptive Sample Count Particle Filter (ASCPF) technique is presented that improves the performance of the standard Sample Importance Resampling Particle Filter by up to 80% in terms of computational cost. An appropriate particle range is obtained for each object and the concept of adaptive samples is introduced to keep the computational cost down. The objective is to keep the number of particles to a minimum and only to increase them up to the maximum, as and when required. Variable standard deviation values for state vector elements have been exploited to cope with heavy occlusion. The technique has been tested on different video surveillance scenarios with variable object motion, strong occlusion and change in object scale. Experimental results show that the proposed method not only tracks the object with comparable accuracy to existing particle filter techniques but is up to five times faster. Tracking objects in a multi camera environment is discussed in the final part of the thesis. The ASCPF technique is deployed within a multi-camera environment to track objects across different camera views. Such environments can pose difficult challenges such as changes in object scale and colour features as the objects move from one camera view to another. Variable standard deviation values of the ASCPF have been utilized in order to cope with sudden colour and scale changes. As the object moves from one scene to another, the number of particles, together with the spread value, is increased to a maximum to reduce any effects of scale and colour change. Promising results are obtained when the ASCPF technique is tested on live feeds from four different camera views. It was found that not only did the ASCPF method result in the successful tracking of the moving object across different views but also maintained the real time frame rate due to its reduced computational cost thus indicating that the method is a potential practical solution for multi camera tracking applications.
17
Hancke, Gerhard P. "Security of proximity identification systems." Thesis, University of Cambridge, 2008. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.612509.
Full text
18
Alwada’n, Tariq Falah. "Security for mobile grid systems." Thesis, De Montfort University, 2012. http://hdl.handle.net/2086/7360.
Full textAbstract:
Grid computing technology is used as inexpensive systems to gather and utilize computational capability. This technology enhances applications services by arranging machines and distributed resources in a single huge computational entity. A Grid is a system that has the ability to organize resources which are not under the subject of centralized domain, utilize protocols and interfaces, and supply high quality of service. The Grid should have the ability to enhance not only the systems performance and job throughput of the applications participated but also increase the utilization scale of resources by employing effective resource management methods to the huge amount of its resources. Grid mobility appears as a technology to facilitate the accomplishment of requirements for Grid jobs as well as Grid users. This idea depends on migrating or relocating jobs, data and application software among Grid nodes. However, making use of mobility technology leads to data confidentiality problems within the Grid. Data confidentiality is the protection of data from intruders’ attacks. The data confidentiality can be addressed by limiting the mobility to trusted parts of the Grid, but this solution leads to the notion of Virtual Organizations (VOs). Also as a result of mobility technology the need for a tool to organize and enforce policies while applying the mobility has been increased. To date, not enough attention has been paid to policies that deal with data movements within the Grid. Most existing Grid systems have support only limited types of policies (e.g. CPU resources). A few designs consider enforcing data policies in their architecture. Therefore, we propose a policy-managed Grid environment that addresses these issues (user-submitted policy, data policy, and multiple VOs). In this research, a new policy management tool has been introduced to solve the mobility limitation and data confidentiality especially in the case of mobile sharing and data movements within the Grid. We present a dynamic and heterogeneous policy management framework that can give a clear policy definition about the ability to move jobs, data and application software from nodes to nodes during jobs’ execution in the Grid environment. This framework supports a multi-organization environment with different domains, supports the external Grid user preferences along with enforces policies for data movements and the mobility feature within different domains. The results of our research have been evaluated using Jade simulator, which is a software framework fully implemented in Java language and allows agents to execute tasks defined according to the agent policy. The simulation results have verified that the research aims enhance the security and performance in the Grid environments. They also show enhanced control over data and services distribution and usage and present practical evidence in the form of scenario test-bed data as to the effectiveness of our architecture.
19
Araujo, Neto Afonso Comba de. "Security Benchmarking of Transactional Systems." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2012. http://hdl.handle.net/10183/143292.
Full textAbstract:
A maioria das organizações depende atualmente de algum tipo de infraestrutura computacional para suportar as atividades críticas para o negócio. Esta dependência cresce com o aumento da capacidade dos sistemas informáticos e da confiança que se pode depositar nesses sistemas, ao mesmo tempo que aumenta também o seu tamanho e complexidade. Os sistemas transacionais, tipicamente centrados em bases de dados utilizadas para armazenar e gerir a informação de suporte às tarefas diárias, sofrem naturalmente deste mesmo problema. Assim, uma solução frequentemente utilizada para amenizar a dificuldade em lidar com a complexidade dos sistemas passa por delegar sob outras organizações o trabalho de desenvolvimento, ou mesmo por utilizar soluções já disponíveis no mercado (sejam elas proprietárias ou abertas). A diversidade de software e componentes alternativos disponíveis atualmente torna necessária a existência de testes padronizados que ajudem na seleção da opção mais adequada entre as alternativas existentes, considerando uma conjunto de diferentes características. No entanto, o sucesso da investigação em testes padronizados de desempenho e confiabilidade contrasta radicalmente com os avanços em testes padronizados de segurança, os quais têm sido pouco investigados, apesar da sua extrema relevância. Esta tese discute o problema da definição de testes padronizados de segurança, comparando-o com outras iniciativas de sucesso, como a definição de testes padronizados de desempenho e de confiabilidade. Com base nesta análise é proposta um modelo de base para a definição de testes padronizados de segurança. Este modelo, aplicável de forma genérica a diversos tipos de sistemas e domínios, define duas etapas principais: qualificação de segurança e teste padronizado de confiança. A qualificação de segurança é um processo que permite avaliar um sistema tendo em conta os aspectos e requisitos de segurança mais evidentes num determinado domínio de aplicação, dividindo os sistemas avaliados entre aceitáveis e não aceitáveis. O teste padronizado de confiança, por outro lado, consiste em avaliar os sistemas considerados aceitáveis de modo a estimar a probabilidade de existirem problemas de segurança ocultados ou difíceis de detectar (o objetivo do processo é lidar com as incertezas inerentes aos aspectos de segurança). O modelo proposto é demonstrado e avaliado no contexto de sistemas transacionais, os quais podem ser divididos em duas partes: a infraestrutura e as aplicações de negócio. Uma vez que cada uma destas partes possui objetivos de segurança distintos, o modelo é utilizado no desenvolvimento de metodologias adequadas para cada uma delas. Primeiro, a tese apresenta um teste padronizado de segurança para infraestruturas de sistemas transacionais, descrevendo e justificando todos os passos e decisões tomadas ao longo do seu desenvolvimento. Este teste foi aplicado a quatro infraestruturas reais, sendo os resultados obtidos cuidadosamente apresentados e analisados. Ainda no contexto das infraestruturas de sistemas transacionais, a tese discute o problema da seleção de componentes de software. Este é um problema complexo uma vez que a avaliação de segurança destas infraestruturas não é exequível antes da sua entrada em funcionamento. A ferramenta proposta, que tem por objetivo ajudar na seleção do software básico para suportar este tipo de infraestrutura, é aplicada na avaliação e análise de sete pacotes de software distintos, todos alternativas tipicamente utilizadas em infraestruturas reais. Finalmente, a tese aborda o problema do desenvolvimento de testes padronizados de confiança para aplicações de negócio, focando especificamente em aplicações Web. Primeiro, é proposta uma abordagem baseada no uso de ferramentas de análise de código, sendo apresentadas as diversas experiências realizadas para avaliar a validade da proposta, incluindo um cenário representativo de situações reais, em que o objetivo passa por selecionar o mais seguro de entre sete alternativas de software para suportar fóruns Web. Com base nas análises realizadas e nas limitações desta proposta, é de seguida definida uma abordagem genérica para a definição de testes padronizados de confiança para aplicações Web.Most organizations nowadays depend on some kind of computer infrastructure to manage business critical activities. This dependence grows as computer systems become more reliable and useful, but so does the complexity and size of systems. Transactional systems, which are database-centered applications used by most organizations to support daily tasks, are no exception. A typical solution to cope with systems complexity is to delegate the software development task, and to use existing solutions independently developed and maintained (either proprietary or open source). The multiplicity of software and component alternatives available has boosted the interest in suitable benchmarks, able to assist in the selection of the best candidate solutions, concerning several attributes. However, the huge success of performance and dependability benchmarking markedly contrasts with the small advances on security benchmarking, which has only sparsely been studied in the past. his thesis discusses the security benchmarking problem and main characteristics, particularly comparing these with other successful benchmarking initiatives, like performance and dependability benchmarking. Based on this analysis, a general framework for security benchmarking is proposed. This framework, suitable for most types of software systems and application domains, includes two main phases: security qualification and trustworthiness benchmarking. Security qualification is a process designed to evaluate the most obvious and identifiable security aspects of the system, dividing the evaluated targets in acceptable or unacceptable, given the specific security requirements of the application domain. Trustworthiness benchmarking, on the other hand, consists of an evaluation process that is applied over the qualified targets to estimate the probability of the existence of hidden or hard to detect security issues in a system (the main goal is to cope with the uncertainties related to security aspects). The framework is thoroughly demonstrated and evaluated in the context of transactional systems, which can be divided in two parts: the infrastructure and the business applications. As these parts have significantly different security goals, the framework is used to develop methodologies and approaches that fit their specific characteristics. First, the thesis proposes a security benchmark for transactional systems infrastructures and describes, discusses and justifies all the steps of the process. The benchmark is applied to four distinct real infrastructures, and the results of the assessment are thoroughly analyzed. Still in the context of transactional systems infrastructures, the thesis also addresses the problem of the selecting software components. This is complex as evaluating the security of an infrastructure cannot be done before deployment. The proposed tool, aimed at helping in the selection of basic software packages to support the infrastructure, is used to evaluate seven different software packages, representative alternatives for the deployment of real infrastructures. Finally, the thesis discusses the problem of designing trustworthiness benchmarks for business applications, focusing specifically on the case of web applications. First, a benchmarking approach based on static code analysis tools is proposed. Several experiments are presented to evaluate the effectiveness of the proposed metrics, including a representative experiment where the challenge was the selection of the most secure application among a set of seven web forums. Based on the analysis of the limitations of such approach, a generic approach for the definition of trustworthiness benchmarks for web applications is defined.
20
Ion, Mihaela. "Security of Publish/Subscribe Systems." Doctoral thesis, Università degli studi di Trento, 2013. https://hdl.handle.net/11572/368098.
Full textAbstract:
The increasing demand for content-centric applications has motivated researchers to rethink and redesign the way information is stored and delivered on the Internet. Increasingly, network traffic consists of content dissemination to multiple recipients. However, the host-centric architecture of the Internet was designed for point-to-point communication between two fixed endpoints. As a result, there is a mismatch between the current Internet architecture and current data or content-centric applications, where users demand data, regardless of the source of the information, which in many cases is unknown to them.
Content-based networking has been proposed to address such demands with the advantage of increased efficiency, network load reduction, low latency, and energy efficiency. The publish/subscribe (pub/sub) communication paradigm is the most complex and mature example of such a network. Another example is Information Centric Networking (ICN), a global-scale version of pub/sub systems that aims at evolving the Internet from its host-based packet delivery to directly retrieving information by name. Both approaches completely decouple senders (or publishers) and receivers (or subscribers) being very suitable for content-distribution applications or event-driven applications such as instant news delivery, stock quote dissemination, and pervasive computing. To enable this capability, at the core of pub/sub systems are distributed routers or brokers that forward information based on its content. The basic operation that brokers need to perform is to match incoming messages or publications against registered interests or subscriptions.
Though a lot of research has focused on increasing the networking efficiency, security has been only marginally addressed. We believe there are several reasons for this. First of all, security solutions designed for point-to-point communication such as symmetric-key encryption do not scale up to pub/sub systems or ICN applications, mainly because publishers and subscribers are decoupled and it is infeasible for them to establish or to maintain contact and therefore to exchange keying material. In this thesis we analyse several such emerging applications like Smart Energy Systems, Smart Cities and eHealth applications that require greater decoupling of publishers and subscribers, and possible full decoupling.
Second, in large applications that run over public networks and span several administrative domains, brokers cannot be trusted with the content of exchanged messages. Therefore, what pub/sub systems need are solutions that allow brokers to match the content of publications against subscriptions without learning anything about their content. This task is made even more difficult when subscriptions are complex, representing conjunctions and disjunctions of both numeric and non-numeric inequalities. The solutions we surveyed were unable to provide publication and subscription confidentiality, while at the same time supporting complex subscription filters and keeping key management scalable.
Another challenge for publish/subscribe systems is enforcing fine-grained access control policies on the content of publications. Access control policies are usually enforced by a trusted third party or by the owner holding the data. However, such solutions are not possible for pub/sub systems. When brokers are not trusted, even the policies themselves should remain private as they can reveal sensitive information about the data.
In this thesis we address these challenges and design a novel security solution for pub/sub systems when brokers are not trusted such that: (i) it provides confidentiality of publications and subscriptions, (ii) it does not require publishers and subscribers to share keys, (iii) it allows subscribers to express complex subscription filters in the form of general Boolean expressions of predicates, and (iv) it allows enforcing fine-grained access control policies on the data. We provide a security analysis of the scheme.
%We further consider active attackers that corrupt messages or try to disrupt the network by replaying old legitimate messages, or that the publishers and subscribers themselves could misbehave, and provide solutions for data integrity, authentication and non-repudiation.
Furthermore, to secure data caching and replication in the network, a key requirement for ICN systems and recently also of pub/sub systems that extended brokers with database functionality, we show how our solution can be transformed in an encrypted search solution able to index publications at the broker side and allow subscribers to make encrypted queries. This is the first full-fledged multi-user encrypted search scheme that allows complex queries. We analyse the inference exposure of our index using different threat models.
To allow our encrypted routing solution to scale up to large applications or performance constrained applications that require real-time delivery of messages, we also discuss subscription indexing and the inference exposure of the index.
Finally, we implement our solution as a set of middleware-agnostic libraries and deploy them on two popular content-based networking implementations: a pub/sub system called PADRES, and an ICN called CCNx. Performance analysis shows that our solution is scalable.
21
Ion, Mihaela. "Security of Publish/Subscribe Systems." Doctoral thesis, University of Trento, 2013. http://eprints-phd.biblio.unitn.it/993/1/Thesis.pdf.
Full textAbstract:
The increasing demand for content-centric applications has motivated researchers to rethink and redesign the way information is stored and delivered on the Internet. Increasingly, network traffic consists of content dissemination to multiple recipients. However, the host-centric architecture of the Internet was designed for point-to-point communication between two fixed endpoints. As a result, there is a mismatch between the current Internet architecture and current data or content-centric applications, where users demand data, regardless of the source of the information, which in many cases is unknown to them.
Content-based networking has been proposed to address such demands with the advantage of increased efficiency, network load reduction, low latency, and energy efficiency. The publish/subscribe (pub/sub) communication paradigm is the most complex and mature example of such a network. Another example is Information Centric Networking (ICN), a global-scale version of pub/sub systems that aims at evolving the Internet from its host-based packet delivery to directly retrieving information by name. Both approaches completely decouple senders (or publishers) and receivers (or subscribers) being very suitable for content-distribution applications or event-driven applications such as instant news delivery, stock quote dissemination, and pervasive computing. To enable this capability, at the core of pub/sub systems are distributed routers or brokers that forward information based on its content. The basic operation that brokers need to perform is to match incoming messages or publications against registered interests or subscriptions.
Though a lot of research has focused on increasing the networking efficiency, security has been only marginally addressed. We believe there are several reasons for this. First of all, security solutions designed for point-to-point communication such as symmetric-key encryption do not scale up to pub/sub systems or ICN applications, mainly because publishers and subscribers are decoupled and it is infeasible for them to establish or to maintain contact and therefore to exchange keying material. In this thesis we analyse several such emerging applications like Smart Energy Systems, Smart Cities and eHealth applications that require greater decoupling of publishers and subscribers, and possible full decoupling.
Second, in large applications that run over public networks and span several administrative domains, brokers cannot be trusted with the content of exchanged messages. Therefore, what pub/sub systems need are solutions that allow brokers to match the content of publications against subscriptions without learning anything about their content. This task is made even more difficult when subscriptions are complex, representing conjunctions and disjunctions of both numeric and non-numeric inequalities. The solutions we surveyed were unable to provide publication and subscription confidentiality, while at the same time supporting complex subscription filters and keeping key management scalable.
Another challenge for publish/subscribe systems is enforcing fine-grained access control policies on the content of publications. Access control policies are usually enforced by a trusted third party or by the owner holding the data. However, such solutions are not possible for pub/sub systems. When brokers are not trusted, even the policies themselves should remain private as they can reveal sensitive information about the data.
In this thesis we address these challenges and design a novel security solution for pub/sub systems when brokers are not trusted such that: (i) it provides confidentiality of publications and subscriptions, (ii) it does not require publishers and subscribers to share keys, (iii) it allows subscribers to express complex subscription filters in the form of general Boolean expressions of predicates, and (iv) it allows enforcing fine-grained access control policies on the data. We provide a security analysis of the scheme.
%We further consider active attackers that corrupt messages or try to disrupt the network by replaying old legitimate messages, or that the publishers and subscribers themselves could misbehave, and provide solutions for data integrity, authentication and non-repudiation.
Furthermore, to secure data caching and replication in the network, a key requirement for ICN systems and recently also of pub/sub systems that extended brokers with database functionality, we show how our solution can be transformed in an encrypted search solution able to index publications at the broker side and allow subscribers to make encrypted queries. This is the first full-fledged multi-user encrypted search scheme that allows complex queries. We analyse the inference exposure of our index using different threat models.
To allow our encrypted routing solution to scale up to large applications or performance constrained applications that require real-time delivery of messages, we also discuss subscription indexing and the inference exposure of the index.
Finally, we implement our solution as a set of middleware-agnostic libraries and deploy them on two popular content-based networking implementations: a pub/sub system called PADRES, and an ICN called CCNx. Performance analysis shows that our solution is scalable.
22
Sharma, Dhirendra S. M. Massachusetts Institute of Technology. "Enterprise Information Security Management Framework [EISMF]." Thesis, Massachusetts Institute of Technology, 2011. http://hdl.handle.net/1721.1/67568.
Full textAbstract:
Thesis (S.M. in Engineering and Management)--Massachusetts Institute of Technology, Engineering Systems Division, System Design and Management Program, 2011.Cataloged from PDF version of thesis.
Includes bibliographical references (p. 124-130).
There are several technological solutions available in the market to help organizations with information security breach detection and prevention such as intrusion detection and prevention systems, antivirus software, firewalls, and spam filters. There is no doubt in the fact that significant progress has been made in the technological side of information security. However, when we study causes of information security breaches, we find that a significant number are caused by non-technical reasons such as social engineering, theft of computing device or portable hard drive, human behavior, and human error. This leads us to conclude that information security should not be viewed through technology perspective only. Instead, a more holistic approach is required. This thesis provides a systems approach towards information security management and include technological, management and social aspects. This thesis starts with introduction especially background and motivation of the author, followed by literature research. Next, Enterprise Information Security Management Framework is presented leading to estimation of an organization's information security management maturity-level. Finally, conclusion and potential future work are presented.
by Dhirendra Sharma.
S.M.in Engineering and Management
23
Harris, Mark. "THE SHAPING OF MANAGERS’ SECURITY OBJECTIVES THROUGH INFORMATION SECURITY AWARENESS TRAINING." VCU Scholars Compass, 2010. http://scholarscompass.vcu.edu/etd/2208.
Full textAbstract:
Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition, managers creating security policies rely heavily on security guidelines, which are also technically oriented. This study created a series of information security training videos that were viewed by four groups of managers. One video discussed the socio-technical aspects of security, another discussed only the social aspects of security, the third detailed only the technical aspects of security, and the fourth was a control video unrelated to information security. Each group was shown the video, and after this viewing, each group’s values toward information security were ascertained and converted into security objectives following Keeney (1992)’s value-focused thinking approach. Each group’s list of security objectives were used as the input to Schmidt (1997)’s ranking Delphi methodology, which yielded a more concise and ranked list of security objectives. The results thus obtained, indicate that manager’s objectives towards information security are affected by the nature and scope of the information security training they receive. Information security policy based on each group’s value-based security objectives indicate that manager’s receiving socio-technical training would produce the strongest information security policy when analyzing the value-focused thinking list of security objectives. However, the quality of security policy decreases when analyzing the ranked Delphi list of security objectives, thus providing mixed results. The theoretical contribution of this research states that technically oriented information security training found in corporations today affects manager’s values and security objectives in a way that leads them to create and support technically oriented security policies, thus ignoring the social aspects of security. The practical contribution of this research states that managers should receive socio-technical information security training as a part of their regular job training, which would affect their values and lead to socio-technical information security policy based on the manager’s socio-technical security objectives. The methodological contribution of this research demonstrates the successful use of the value-focused thinking approach as the input to the ranking of the Delphi methodology.
24
Sassoon, Richard. "Security in SOA-Based Healthcare Systems." Thesis, Norwegian University of Science and Technology, Department of Telematics, 2009. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9884.
Full textAbstract:
Healthcare organizations need to handle many kinds of information and integrate different support systems, which may be accessed from external corporations. Service Oriented Architecture (SOA) provides the means to achieve a common platform to deploy services that can be used across the organization and its boundaries, but introduces new security concerns that need to be evaluated in order to implement a secure system, while still suffering from standard threats. Web Services are the common way to implement SOA applications, having several standards related to security (such as XML Encryption, XML Signature and WS-Security). Still, other security mechanisms such as input validation and SSL/TLS need to be thought of as well. A penetration test based on recognized methodologies and guidelines, such as the NIST Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide and SIFT Web Services Security Testing Framework, was performed on a case study system. A proof of concept application making use of a set of middleware (web) services, the MPOWER platform, was audited in order to expose vulnerabilities. After conducting the penetration test on the system, 10 out of 15 scenarios presented security issues. The vulnerabilities found were described, demonstrating several risks from misusing, or not implementing at all, security mechanisms. As a consequence, countermeasures and recommendations were proposed in an attempt to improve the overall security of SOA-based (healthcare) systems. The results of the assessment show us how important is to validate the security of a system before putting it into production environment. We also come to the conclusion that security testing should be an inherent part of a secure software development life cycle. Moreover, not only healthcare systems may benefit from this study, and also not only SOA-based ones.
25
Mårdsjö, Jon. "Security concerns regarding connected embedded systems." Thesis, Linköpings universitet, Databas och informationsteknik, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-92755.
Full textAbstract:
Embedded systems have been present in our daily lives for some time, but trends clearly show a rise in inter-connectivity in such devices. This presents promising new applications and possibilities, but also opens up a lot attack surface. Our goal in this thesis is to find out how you can develop such interconnected embedded systems in a way that guarantees the three major components of information security: Confidentialy, Integrity and Availability. The main focus of security is networked security. In this thesis, a dual approach is taken: investigate the development process of building secure systems, and perform such an implementation. The artifacts produced as byproducts, the software itself, deployment instructions and lessons learned are all presented. It is shown that the process used helps businesses find a somewhat deterministic approach to security, have a higher level of confidence, helps justify the costs that security work entails and helps in seeing security as a business decision. Embedded systems were also shown to present unforeseen obstacles, such as how the lack of a motherboard battery clashes with X.509. In the end, a discussion is made about how far the system can guarantee information security, what problems still exist and what could be done to mitigate them.
26
West, Tracey W. "Password based security in hypermedia systems." DigitalCommons@Robert W. Woodruff Library, Atlanta University Center, 1995. http://digitalcommons.auctr.edu/dissertations/652.
Full textAbstract:
This study has been performed to investigate the problem of lack of security in hypermedia systems. This study was based on the architectural design of past and existing hypermedia systems. The Dexter Reference model was used as the basis for this research. As an extension of the model, a password-based security mechanism was designed. The design approach used was to examine various hypermedia systems comparing and contrasting their similarities and differences. Issues of security and design methods were discussed as a way to increase the security in hypermedia environments. The results of this research demonstrate that private information can be stored on hypermedia systems and made only accessible to authorized users. This refinement of the Dexter Reference model may have an impact upon the design and evaluation of current and future hypermedia systems.
27
Brooks, James. "Security assessment in future power systems." Thesis, University of Bath, 2013. https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.607469.
Full textAbstract:
The penetration of unscheduleable generation will increase due to legislation and eventually saving on fuel cost. This will cause an increase in uncertainty of power-flow and drive up balancing market costs, the safety margin for N-1 will have to increase. i.e. N-1 will not accurately represent the state of the system. A security assessment scheme (SAS) that considers probabilistic uncertainty could give financial savings and/or better security of supply. In other words a power system with a high penetration of renewables is likely to require a new type of security assessment scheme. Before that is done we must be able to compare and evaluate existing and proposed schemes. This thesis has two goals. Firstly, to be able to compare two security assessment schemes to determine which is better for the current system. The work details a computer program that combines a two stage Monte Carlo Sampler and a power system simulator to generate a level of security. The number of simulations that fail to converge within limits in N-1 and N-2 was compared to the calculated level of security and found to not be a good predictor. The second goal is to see how the level of security changes as the uncertainties of renewable generation get added into a given power system. In doing this, the effect of adding renewables can be quantified. The work found that if 15% of the generation power comes from generators the are unscheduleable or stochastic the security of supply does not greatly change. Whereas if the penetration is increased to 30% the security level become significantly worse in almost all tested scenarios.
28
Kiddie, Paul David. "Decentralised soft-security in distributed systems." Thesis, University of Birmingham, 2011. http://etheses.bham.ac.uk//id/eprint/1731/.
Full textAbstract:
Existing approaches to intrusion detection in imperfect wireless environments employ local monitoring, but are limited by their failure to reason about the imprecise monitoring within a radio environment that arises from unidirectional links and collisions. This compounds the challenge of detecting subtle behaviour or adds to uncertainty in the detection strategies employed. A simulation platform was developed, based on the Jist/SWANS environment, adopting a robust methodology that employed Monte-Carlo sampling in order to evaluate intrusion detection systems (IDS). A framework for simulating adversaries was developed, which enabled wormholes, black holes, selfishness, flooding and data modification to be simulated as well as a random distribution thereof. A game theoretic inspired IDS, sIDS, was developed, which applied reasoning between the detection and response components of a typical IDS, to apply more appropriate local responses. The implementation of sIDS is presented within the context of a generic IDS framework for MANET. Results showed a 5-15% reduction in false response rate compared to a baseline IDS over a number of attacking scenarios. sIDS was extended with immune system inspired features, namely a response over multiple timescales, as employed by the innate and adaptive components of the immune system, and the recruitment of neighbouring agents to participate in a co-ordinated response to an intrusion. Results showed a true response rate of 95-100% for all simulated attack scenarios. For random misbehaviour and assisted black hole scenarios, PDR gains of up to 30% and 15% were observed respectively compared to the pure game theoretic approach, tracking the omniscient network performance in these scenarios. In all, this study has shown that applying game theoretic reasoning to existing detection methods results in better discrimination of benign nodes from adversaries, which can be used to bias network operation towards the benign nodes. When fused with immune system inspired features, the resulting IDS maintained this discrimination whilst substantially reducing attack efficacy.
29
Sepasian, Mojtaba. "Multibiometric security in wireless communication systems." Thesis, Brunel University, 2010. http://bura.brunel.ac.uk/handle/2438/5081.
Full textAbstract:
This thesis has aimed to explore an application of Multibiometrics to secured wireless communications. The medium of study for this purpose included Wi-Fi, 3G, and WiMAX, over which simulations and experimental studies were carried out to assess the performance. In specific, restriction of access to authorized users only is provided by a technique referred to hereafter as multibiometric cryptosystem. In brief, the system is built upon a complete challenge/response methodology in order to obtain a high level of security on the basis of user identification by fingerprint and further confirmation by verification of the user through text-dependent speaker recognition. First is the enrolment phase by which the database of watermarked fingerprints with memorable texts along with the voice features, based on the same texts, is created by sending them to the server through wireless channel. Later is the verification stage at which claimed users, ones who claim are genuine, are verified against the database, and it consists of five steps. Initially faced by the identification level, one is asked to first present one’s fingerprint and a memorable word, former is watermarked into latter, in order for system to authenticate the fingerprint and verify the validity of it by retrieving the challenge for accepted user. The following three steps then involve speaker recognition including the user responding to the challenge by text-dependent voice, server authenticating the response, and finally server accepting/rejecting the user. In order to implement fingerprint watermarking, i.e. incorporating the memorable word as a watermark message into the fingerprint image, an algorithm of five steps has been developed. The first three novel steps having to do with the fingerprint image enhancement (CLAHE with 'Clip Limit', standard deviation analysis and sliding neighborhood) have been followed with further two steps for embedding, and extracting the watermark into the enhanced fingerprint image utilising Discrete Wavelet Transform (DWT). In the speaker recognition stage, the limitations of this technique in wireless communication have been addressed by sending voice feature (cepstral coefficients) instead of raw sample. This scheme is to reap the advantages of reducing the transmission time and dependency of the data on communication channel, together with no loss of packet. Finally, the obtained results have verified the claims.
30
Oscarson, Per. "Actual and Perceived Information Systems Security." Doctoral thesis, Linköping : Department of Management and Engineering, Linköping University, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-10215.
Full text
31
Singh, Kalvinder. "Security for Mobile Health Care Systems." Thesis, Griffith University, 2013. http://hdl.handle.net/10072/367683.
Full textAbstract:
The ageing population and the increase in chronic diseases have placed a considerable
financial burden on health care services. Mobile health care systems can play an important
role in reducing the costs. The pervasiveness of smart phones and the evolution of Internetof-
Things are increasing the potential for mobile health care systems to remotely manage
the health of a patient or the elderly. Smart phones and small devices, such as body sensors,
are used to remotely monitor patients suffering from chronic diseases and allow them to
have relatively independent lives. A mobile health care system may require a degree of
real-time monitoring or data collection. For instance, a medical emergency will require
data sent to medical staff as quickly as possible, rather than the data sent after a few
hours or days. The problem will be more complex if there is a requirement that commands
sent to body sensors need to be in real-time. If the system recognises a possible medical
emergency, it may need to notify other devices immediately to start recording data or to
actuate (for example, an insulin pump and a defibrillator).Thesis (PhD Doctorate)
Doctor of Philosophy (PhD)
School of Information and Communication Technology
Science, Environment, Engineering and Technology
Full Text
32
Helms, J. (Janne). "Information systems security management:a literature review." Master's thesis, University of Oulu, 2019. http://jultika.oulu.fi/Record/nbnfioulu-201906212604.
Full textAbstract:
Abstract. Information security has begun to receive an increasing amount of intention. The importance of information security has started to be recognized among organizations and the work to comply with the increased requirements has been started. One essential method of managing information security is an information security policy, that is created and managed to suit the needs of each organization.
Managing information security policies can be viewed a tedious task and thus easily dismissed or done quickly. There are several aspects to cover and components to manage, including technical aspects and the human factors. The purpose of this thesis is to provide an insight to the managerial aspect of information security and the policies through a literary review.
This thesis is not intended to be a guide on how to create an information security policy. It rather is providing a view of the studies concerning information security management and, in some instances, how information security is managed in some organizations. The results of this thesis can be used in creating a list of aspects that are valuable in managing information security and policy creation.
33
Sajjad, Imran. "Autonomous Highway Systems Safety and Security." DigitalCommons@USU, 2017. https://digitalcommons.usu.edu/etd/5696.
Full textAbstract:
Automated vehicles are getting closer each day to large-scale deployment. It is expected that self-driving cars will be able to alleviate traffic congestion by safely operating at distances closer than human drivers are capable of and will overall improve traffic throughput. In these conditions, passenger safety and security is of utmost importance.
When multiple autonomous cars follow each other on a highway, they will form what is known as a cyber-physical system. In a general setting, there are tools to assess the level of influence a possible attacker can have on such a system, which then describes the level of safety and security. An attacker might attempt to counter the benefits of automation by causing collisions and/or decreasing highway throughput.
These strings (platoons) of automated vehicles will rely on control algorithms to maintain required distances from other cars and objects around them. The vehicle dynamics themselves and the controllers used will form the cyber-physical system and its response to an attacker can be assessed in the context of multiple interacting vehicles.
While the vehicle dynamics play a pivotal role in the security of this system, the choice of controller can also be leveraged to enhance the safety of such a system. After knowledge of some attacker capabilities, adversarial-aware controllers can be designed to react to the presence of an attacker, adding an extra level of security.
This work will attempt to address these issues in vehicular platooning. Firstly, a general analysis concerning the capabilities of possible attacks in terms of control system theory will be presented. Secondly, mitigation strategies to some of these attacks will be discussed. Finally, the results of an experimental validation of these mitigation strategies and their implications will be shown.
34
Caiazza, Gianluca <1991>. "Security Enhancements of Robot Operating Systems." Master's Degree Thesis, Università Ca' Foscari Venezia, 2017. http://hdl.handle.net/10579/10238.
Full textAbstract:
In recent years we observed a grown of cybersecurity threats, especially thanks to the ubiquitous of connected and autonomous devices. A list of these devices, commonly defined as Internet of Things, includes industrial automation, autonomous vehicles, robot-assisted surgery, surveillance platforms, home service automation and many more robotics domains; considering the sensitive information that are processed by these devices, the possibility of attacks should be considered as a serious security matter. This thesis focuses on the Robot Operating System (ROS), a widely adopted standard robotic middle-ware. We will analyse its possible vulnerabilities and the resulting threats that could be posed by attackers. More in details, the present work will provide an in-depth analysis of ROS and SROS - a proposed addition to the ROS API ecosystem to support modern cryptography and security measures - in addition to the development of a static analyser upon SROS for the automatic creation of software-enforcement security profiles. In order to do so, we performed the following tasks: (1) standardize the security logging format; (2) standardize the profile syntax for the policy; (3) provide new tooling to introspect recorded security logs. Lastly, we discussed some enhancements for SROS following the standard proposed by oneM2M.
35
Watson, Robert Nicholas Maxwell. "New approaches to operating system security extensibility." Thesis, University of Cambridge, 2011. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.609485.
Full text
36
Farahmand, Fariborz. "Developing a Risk Management System for Information Systems Security Incidents." Diss., Georgia Institute of Technology, 2004. http://hdl.handle.net/1853/7600.
Full textAbstract:
The Internet and information systems have enabled businesses to reduce costs, attain
greater market reach, and develop closer business partnerships along with improved
customer relationships. However, using the Internet has led to new risks and concerns.
This research provides a management perspective on the issues confronting CIOs and IT
managers. It outlines the current state of the art of information security, the important
issues confronting managers, security enforcement measure/techniques, and potential
threats and attacks. It develops a model for classification of threats and control measures.
It also develops a scheme for probabilistic evaluation of the impact of security threats
with some illustrative examples. It involves validation of information assets and
probabilities of success of attacks on those assets in organizations and evaluates the
expected damages of these attacks. The research outlines some suggested control
measures and presents some cost models for quantifying damages from these attacks and
compares the tangible and intangible costs of these attacks. This research also develops a
risk management system for information systems security incidents in five stages: 1-
Resource and application value analysis, 2- Vulnerability and risk analysis, 3-
Computation of losses due to threats and benefits of control measures, 4- Selection of
control measures, and 5- Implementation of alternatives. The outcome of this research
should help decision makers to select the appropriate control measure(s) to minimize
damage or loss due to security incidents. Finally, some recommendations for future work
are provided to improve the management of security in organizations.
37
King-Lacroix, Justin. "Securing the 'Internet of Things' : decentralised security for wireless networks of embedded systems." Thesis, University of Oxford, 2016. https://ora.ox.ac.uk/objects/uuid:b41c942f-5389-4a5b-8bb7-d5fb6a18a3db.
Full textAbstract:
The phrase 'Internet of Things' refers to the pervasive instrumentation of physical objects with sensors and actuators, and the connection of those sensors and actuators to the Internet. These sensors and actuators are generally based on similar hardware as, and have similar capabilities to, wireless sensor network nodes. However, they operate in a completely different network environment: wireless sensor network nodes all generally belong to a single entity, whereas Internet of Things endpoints can belong to different, even competing, ones. This difference has profound implications for the design of security mechanisms in these environments. Wireless sensor network security is generally focused on defence against attack by external parties. On the Internet of Things, such an insider/outsider distinction is impossible; every entity is both an endpoint for legitimate communications, and a possible source of attack. We argue that that under such conditions, the centralised models that underpin current networking standards and protocols for embedded systems are simply not appropriate, because they require such an insider/outsider distinction. This thesis serves as an exposition in the design of decentralised security mechanisms, applied both to applications, which must perform access control, and networks, which must guarantee communications security. It contains three main contributions. The first is a threat model for Internet of Things networks. The second is BottleCap, a capability-based access control module, and an exemplar of decentralised security architecture at the application layer. The third is StarfishNet, a network-layer protocol for Internet of Things wireless networks, and a similar exemplar of decentralised security architecture at the network layer. Both are evaluated with microbenchmarks on prototype implementations; StarfishNet's association protocol is additionally validated using formal verification in the protocol verification tool Tamarin.
38
Nesteruk, Erik A. "Security considerations for network-centric weapon systems." Thesis, Monterey, California : Naval Postgraduate School, 2009. http://edocs.nps.edu/npspubs/scholarly/theses/2009/Sep/09Sep%5FNesteruk.pdf.
Full textAbstract:
Thesis (M.S. in Systems Engineering)--Naval Postgraduate School, September 2009.Thesis Advisor(s): Goshorn, Rachel ; Huffmire, Ted. "September 2009." Description based on title screen as viewed on November 5, 2009. Author(s) subject terms: Network-Centric, Weapons Systems, Systems Engineering, Security, Cryptography, Authentication, Espionage, Sabotage, Confidentiality, Integrity, Availability Includes bibliographical references (p. 75-78). Also available in print.
39
Karjalainen, M. (Mari). "Improving employees’ information systems (IS) security behavior:toward a meta-theory of IS security training and a new framework for understanding employees' IS security behavior." Doctoral thesis, Oulun yliopisto, 2011. http://urn.fi/urn:isbn:9789514295676.
Full textAbstract:
Abstract Employee non-compliance with information systems (IS) security procedures is a key concern for organizations. However, even though the importance of having effective IS security training is widely acknowledged by scholars and practitioners, the existing literature does not offer an understanding of the elementary characteristics of IS security training, nor does it explain how these elementary characteristics shape IS security training principles in practice. To this end, this thesis develops a theory that suggests that IS security training has certain elementary characteristics that separate it from other forms of training, and sets a fundamental direction for IS security training practices. Second, the theory defines four pedagogical requirements for designing IS security training approaches. Then it points out that no existing IS security training approaches meet all these requirements. To address these shortcomings, the way in which to design an IS security training approach that meets all these requirements is demonstrated. In this thesis it is also argued that, along with an effective IS security training approach, reasons for employees’ IS security behavior need to be understood. The existing empirical research in the field of employees’ IS security behavior is dominated by theory-verification studies that test well-known theories developed in other fields in the context of IS security. Instead, it is argued that there is a need to focus the investigation on the phenomenon of employees’ compliance itself through an inductive and qualitative approach to complement the existing body of knowledge of this topic. As a result, a framework identifying reasons associated with compliance/non-compliance with security procedures is developed. A particularly interesting finding is that individuals’ violation of IS security procedures depends on the type of violation. Besides advancing a meta-theory for IS security training and developing the theoretical framework that points out reasons for employees’ IS security behavior, the thesis provides a future research agenda for IS security training and behavior. For practitioners, this thesis points out the limitations of the previous IS security training approaches and reasons for IS security behavior and, based on these observations, offers principles for designing effective IS security training approaches in practiceTiivistelmä Yhtenä keskeisenä ongelmana organisaatioissa pidetään sitä, että työntekijät laiminlyövät organisaation tietoturvakäytäntöjä. Vaikka tutkijat ja organisaatiot ovat tunnistaneet tietoturvakoulutuksen tärkeyden, olemassa oleva kirjallisuus ei tuo esiin tietoturvakoulutuksen perusominaisuuksia ja niiden asettamia vaatimuksia käytännön tietoturvakoulutukselle. Tässä väitöskirjassa kehitetään kolmitasoinen meta-teoria, joka huomioi nämä aikaisemmasta tietoturvakoulutusta käsittelevästä kirjallisuudesta puuttuvat kysymykset. Teorian ensimmäisellä tasolla määritellään tietoturvakoulutuksen perusominaisuudet, jotka erottavat sen muista koulutusmuodoista ja ohjaavat tietoturvakoulutuksen toteuttamista käytännössä. Teorian toisella tasolla määritellään neljä pedagogista vaatimusta tietoturvakoulutuksen suunnitteluun. Lisäksi kirjallisuusanalyysin perusteella osoitetaan, että olemassa oleva tietoturvakoulutusta käsittelevä kirjallisuus ei täytä kaikkia näitä vaatimuksia. Teorian kolmannella tasolla esitetään käytännön esimerkki siitä, kuinka tietoturvakoulutus voi täyttää tutkimuksessa määritellyt pedagogiset vaatimukset. Väitöskirjassa esitetään myös, että tehokkaan koulutusmenetelmän lisäksi on tärkeää ymmärtää työntekijöiden tietoturvakäyttäytymistä. Aikaisemmin tällä alueella on pääasiassa testattu muiden tieteenalojen teorioita tietoturvakontekstissa. Tässä väitöskirjassa sen sijaan tarkastellaan työntekijöiden tietoturvakäyttäytymisen syitä induktiivisen ja laadullisen tutkimusmenetelmän avulla. Tutkimuksen tuloksena kehitetään teoreettinen viitekehys, jonka avulla analysoidaan työntekijöiden tietoturvakäyttäytymistä. Tutkimuksen päätuloksena osoitetaan, kuinka tietoturvakäyttäytymiseen syyt eroavat rikkomustyypeittäin. Tietoturvakoulutuksen suunnittelua tukevan meta-teorian ja työntekijöiden tietoturvakäyttäytymistä selittävän teoreettisen viitekehyksen lisäksi väitöskirjassa esitetään uusia näkökulmia tietoturvakoulutuksen ja tietoturvakäyttäytymisen tutkimukselle. Käytännön tietoturva-ammattilaisille väitöskirja selventää olemassa olevien tietoturvakoulutuksen lähestymistapojen puutteita ja syitä työntekijöiden tietoturvakäyttäytymiselle. Näihin havaintoihin perustuen väitöskirjassa esitetään tekijöitä, joita tietoturvakoulutuksessa tulisi käytännössä ottaa huomioon
40
Kayahan, Hüseyin. "INTRUSION EXECUTION SYSTEMS : Prototype: IMPETUS." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-29546.
Full textAbstract:
In nature, it is inspiring to observe such an extensive variety of defensive skills distributed among species. The speed of an antelope, and the sting of a scorpion, wasp or a bee are some examples of such defensive tools or mechanisms important to survive against predators. However sophisticated the skills or tools are, the correct accurate use and on-time triggering of those tools is a matter of life and death for animals. With those defensive measures, animals come with a complementary ability called "vigilance". Vigilance is costly and the human tries to minimize vigilant behaviour in every aspect of life. The absence of vigilance, or negligence in other words, allows humans to spend more time and cognition on matters that he or she wants rather than on problems that need time. The human has an inherent and intricate mechanism that determine the vigilance level required for a particular problem. The consequences of the lack of vigilance in a work environment, more especially in the Information Technologies Security field are catastrophic and even lethal as humanity becomes an increasingly associated habitant of cyberspace ecosystem. Intrusion Execution Systems (IES) which is one of my conceptual propositions in this research, is my approach to reduce negligent behaviour in IT Security personnel. Impetus is the name of the first prototype for IES concept with limitations, which is included in this research. Impetus can successfully achieve desired behaviour in test environment, however the conceptual propositions in this research among with Impetus, should further be experimented in real-world in order to be convinced of its effectiveness.
41
Uhlán, Christian. "Security in Digital Home Visits." Thesis, Luleå tekniska universitet, Datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-74989.
Full textAbstract:
The purpose of this thesis is to study security for digital home visits, where traditional home visits are replaced by digital home visits using digital technology. The report examines the safety aspects for welfare technology solutions where data is collected from sensor systems and digital platforms and examines di↵erent Swedish laws that implies on a digital home visit. The study proposes an implementation of a prototype application to support users, relatives, and healthcare professionals to conduct digital home visits in a safe manner. The chosen scenario of the digital home visit was to check whether the person has eaten food during the day or not. This was done in a lab kitchen at Lule°a University of Technology with help of Z-wave sensors and a implemented systems. The result is displayed on a secure website. The solution is discussed and compared to other technical solutions of this problem and also to several Swedish laws. This paper finishes with a section aimed to provide a variety of recommendations when implementing a similar system.
42
Puhakainen, P. (Petri). "A design theory for information security awareness." Doctoral thesis, University of Oulu, 2006. http://urn.fi/urn:isbn:9514281144.
Full textAbstract:
Abstract
When implementing their information security solutions organizations have typically focused on technical and procedural security measures. However, from the information systems (IS) point of view, this is not enough: effective IS security requires that users are aware of and use the available security measures as described in their organizations' information security policies and instructions. Otherwise, the usefulness of the security measures is lost.
The research question of this thesis is to explore how IS users' compliance with IS security policies and instructions can be improved. Solving this research question is divided into two steps. Since there is a lack of a comprehensive review of existing IS security awareness approaches, the first step aims at reviewing the existing IS security awareness approaches. This kind of analysis is useful for practitioners as they do not necessarily have the time to go through a large body of literature. For scholars, such an analysis shows what areas of IS security awareness have been studied, and to where the need for future research is of greatest importance.
The second step in this dissertation is to address the shortcomings detected by the analysis by developing three novel design theories for improving IS users' security behavior: (1) IS security awareness training, (2) IS security awareness campaigns, and (3) punishment and reward. These design theories aim to help practitioners to develop their own IS security awareness approaches. Finally, testing of the design theory for IS security awareness training (1) in two action research interventions is described. The results of the interventions suggest that this design theory provides a useful and applicable means for developing a training program in organizations. In addition, the results provide empirically evaluated information regarding the obstacles to user compliance with IS security policies and instructions.
In the action research studies described, the goal was to solve practical problems experienced by the host organizations and to understand them and the results achieved from the viewpoint of theory. Consequently, the results as such can not be generalized, but they are of use in the host organizations in planning and delivering subsequent IS security awareness training programs. In addition, the results are utilizable in similar organizations as a point of departure in planning IS security awareness training programs.
43
Labbe, Keith G. "Evaluation of two host-based intrusion prevention systems." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2005. http://library.nps.navy.mil/uhtbin/hyperion/05Jun%5FLabbe.pdf.
Full text
44
Wei, Jinpeng. "Improving operating systems security two case studies /." Diss., Atlanta, Ga. : Georgia Institute of Technology, 2009. http://hdl.handle.net/1853/31849.
Full textAbstract:
Thesis (Ph.D)--Computing, Georgia Institute of Technology, 2010.Committee Chair: Pu, Calton; Committee Member: Ahamad, Mustaque; Committee Member: Blough, Douglas; Committee Member: Giffin, Jonathon; Committee Member: Li, Kang. Part of the SMARTech Electronic Thesis and Dissertation Collection.
45
Suárez, Touceda Diego. "Security in peer-to-peer communication systems." Doctoral thesis, Universitat Politècnica de Catalunya, 2011. http://hdl.handle.net/10803/110547.
Full textAbstract:
P2PSIP (Peer-to-Peer Session Initiation Protocol) is a protocol developed by the IETF (Internet Engineering Task Force) for the establishment, completion and modi¿cation of communication sessions that emerges as a complement to SIP (Session Initiation Protocol) in environments where the original SIP protocol may fail for technical, ¿nancial, security, or social reasons. In order to do so, P2PSIP systems replace all the architecture of servers of the original SIP systems used for the registration and location of users, by a structured P2P network that distributes these functions among all the user agents that are part of the system. This new architecture, as with any emerging system, presents a completely new security problematic which analysis, subject of this thesis, is of crucial importance for its secure development and future standardization.
Starting with a study of the state of the art in network security and continuing with more speci¿c systems such as SIP and P2P, we identify the most important security services within the architecture of a P2PSIP communication system: access control, bootstrap, routing, storage and communication. Once the security services have been identi¿ed, we conduct an analysis of the attacks that can a¿ect each of them, as well as a study of the existing countermeasures that can be used to prevent or mitigate these attacks. Based on the presented attacks and the weaknesses found in the existing measures to prevent them, we design speci¿c solutions to improve the security of P2PSIP communication systems. To this end, we focus on the service that stands as the cornerstone of P2PSIP communication systems¿ security: access control. Among the new designed solutions stand out: a certi¿cation model based on the segregation of the identity of users and nodes, a model for secure access control for on-the-¿y P2PSIP systems
and an authorization framework for P2PSIP systems built on the recently published Internet Attribute Certi¿cate Pro¿le for Authorization.
Finally, based on the existing measures and the new solutions designed, we de¿ne a set of security recommendations that should be considered for the design, implementation and maintenance of P2PSIP communication systems.
46
Wimmel, Guido Oliver. "Model-based development of security-critical systems." [S.l.] : [s.n.], 2005. http://deposit.ddb.de/cgi-bin/dokserv?idn=979096634.
Full text
47
Soderi, S. (Simone). "Evaluation of industrial wireless communications systems’ security." Doctoral thesis, Oulun yliopisto, 2016. http://urn.fi/urn:isbn:9789526212463.
Full textAbstract:
Abstract The worldwide success of wireless communications was originally fueled by the possibility to replace existing cables with wireless solutions. This phenomenon imposed the development of security engineering as a multidisciplinary field. Although wireless solutions can reduce installation costs and allow introducing new services, the end–users expect it to have the same level of security as they would normally have with wired solutions. Secure communications is an important part of the overall security of industrial wireless communications systems (IWCS). The aim of this thesis is to develop new security engineering methodologies for IWCS. The author develops countermeasures against confidentiality and integrity attacks and carries out a security analysis covering the protocol, electromagnetic and physical layer. In the first part of the thesis, Host Identity Protocol (HIP) is utilized to secure communication in an intra–vehicular network. Simulations and measurement campaigns are also conducted to evaluate the impact of the overhead on security in a tunnel, considering line–of–sight (LOS) and non–LOS (NLOS) scenarios. Electromagnetic analysis (EMA) is an important step in the development of safety–related systems. Today, the increasing usage of smaller integrated circuit also increases the susceptibility to electromagnetic (EM) interference. From near–field (NF) to far–field (FF) transformation, a method for the evaluation of the emissions leakage is investigated. The virtual EM (VEM) interface of the device–under–test (DUT) is studied, and it is described how an adversary can exploit it for denial of service (DoS) attacks. An effective jamming attack model is studied, and the theoretical calculations are validated with experiment–based results. Finally, focusing attention on physical layer security, two algorithms are developed. Active radio frequency fingerprinting (RFF) implements the exchange of a public key during the setup of secure communication. Afterwards, utilizing a jamming receiver in conjunction with the spread spectrum (SS) watermarking technique, the watermark–based blind physical layer security (WBPLSec) protocol is presented. The analysis and results indicate how the WBPLSec seems to be a valuable technique for deploying physical layer security by creating a secure region around the receiverTiivistelmä Langattoman tietoliikenteen maailmanlaajuista suosiota kiihdytti alun perin mahdollisuus korvata tietoliikennejärjestelmissä käytetyt kaapelit langattomilla ratkaisuilla. Ilmiö lisäsi myös tarvetta kehittää alan turvatekniikkaa monialaisen tutkimuksen pohjalta. Vaikka langattomat ratkaisut merkitsevät pienempiä asennuskustannuksia ja tarjoavat mahdollisuuksia luoda uudenlaisia palveluja, järjestelmien loppukäyttäjät edellyttävät kuitenkin niiden turvallisuuden olevan vastaavalla tasolla kuin langallisissa verkoissa. Myös teollisuuden langattomien tietoliikennejärjestelmen turvallisuus riippuu pitkälti viestintäkanavien turvallisuudesta. Väitöksen tavoitteena on kehittää uusia menetelmiä, joilla teollisuuden langattomat tietoliikennejärjestelmät voitaisiin turvata. Väitöksessä kehitetään toimenpiteitä tietoliikennejärjestelmien luottamuksellisuuteen ja koskemattomuuteen kohdistuvia hyökkäyksiä vastaan ja toteutetaan turvallisuusarviointi, joka kattaa järjestelmän protokollakerroksen sekä sähkömagneettisen ja fyysisen kerroksen. Väitöksen ensimmäisessä osassa hyödynnetään HIP–protokollaa (Host Identity Protocol) liikennevälineen sisäisen tietoliikennejärjestelmän turvallisuuden varmistamisessa. Lisäksi siinä kuvataan simulaatiot ja mittaushankkeet, joiden tavoitteena on arvioida käytetyn protokollan turvallisuusvaikutuksia esteettömän (line–of–sight, LOS) ja esteellisen (non–line–of–sight, NLOS) näköyhteyden tapauksissa. Sähkömagneettinen analyysi on tärkeä vaihe turvajärjestelmien kehitysprosessissa. Järjestelmissä käytetään yhä enemmän pieniä integroituja piirejä, mikä voi myös altistaa ne sähkömagneettisille (electromagnetic, EM) häiriöille. Väitöksessä tutkitaan lähikenttä–kaukokenttä -muunnokseen perustuvan arviointimenetelmän avulla sähkömagneettisen vuotosäteilyn tasoa. Lisäksi perehdytään testattavan laitteen (device under test, DUT) virtuaaliseen EM–liitäntään ja kuvataan, miten vastaavaa liitäntää voidaan hyödyntää palvelunestohyökkäyksissä. Väitöksessä tutkitaan myös tehokasta häirintämallia ja validoidaan teoreettisten laskelmien tulokset kokeellisesti. Lopuksi väitöksessä keskitytään tietoliikennejärjestelmän fyysisen kerroksen turvallisuuteen ja kehitetään kaksi algoritmia. Aktiivisen radiotaajuisen tunnistusmenetelmän avulla voidaan vaihtaa julkisia avaimia turvallista tietoliikenneyhteyttä muodostettaessa. Lisäksi esitellään vesileimausmenetelmään perustuva fyysisen kerroksen salausmenetelmä, WBPLSec. WBPLSec luo vastaanottimen ympärille suoja–alueen, minkä ansiosta se vaikuttaa analyysin ja tutkimustulosten perusteella olevan tehokas menetelmä toteuttaa fyysisen kerroksen suojaus
48
Zhu, Jun. "Physical layer security in massive MIMO systems." Thesis, University of British Columbia, 2016. http://hdl.handle.net/2429/58281.
Full textAbstract:
Massive multiple-input multiple-output (MIMO) is one of the key technologies for the emerging fifth generation (5G) wireless networks, and has the potential to tremendously improve spectral and energy efficiency with low-cost implementations. While massive MIMO systems have drawn great attention from both academia and industry, few efforts have been made on how the richness of the spatial dimensions offered by massive MIMO affects wireless security. As security is crucial in all wireless systems due to the broadcast nature of the wireless medium, in this thesis, we study how massive MIMO technology can be used to guarantee communication security in the presence of a passive multi-antenna eavesdropper. Our proposed massive MIMO system model incorporates relevant design choices and constraints such as time-division duplex (TDD), uplink training, pilot contamination, low-complexity signal processing, and low-cost hardware components. The thesis consists of three main parts.
We first consider physical layer security for a massive MIMO system employing simple artificial noise (AN)-aided matched-filter (MF) precoding at the base station (BS). For both cases of perfect training and pilot contamination, we derive a tight analytical lower bound for the achievable ergodic secrecy rate, and an upper bound for the secrecy outage probability. Both bounds are expressed in closed form, providing an explicit relationship between all system parameters, offering significant insights for system design.
We then generalize the work by comparing different types of linear data and AN precoders in a secure massive MIMO network. The system performance, in terms of the achievable ergodic secrecy rate is obtained in closed form. In addition, we propose a novel low-complexity data and AN precoding strategy based on a matrix polynomial expansion.
Finally, we consider a more realistic system model by taking into account non-ideal hardware components. Based on a general hardware impairment model, we derive a lower bound for the ergodic secrecy rate achieved by each user when AN-aided MF precoding is employed at the BS. By exploiting the derived analytical bound, we investigate the impact of various system parameters on the secrecy rate and optimize both the uplink training pilots and AN precoder to maximize the secrecy rate.Applied Science, Faculty of
Electrical and Computer Engineering, Department of
Graduate
49
Aliti, Admirim, and Deniz Akkaya. "Employees' Role in Improving Information Systems Security." Thesis, Linnéuniversitetet, Institutionen för datavetenskap, fysik och matematik, DFM, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-13769.
Full textAbstract:
Information security is one of the most essential concerns in today’s organizations. IT departments in larger organizations are tasked to implement security, by both ensuring to have pertinent hardware and software, and likewise enlighten, teach and educate organization’s employees about security issues. The aim of this research is to focus on the human factor of the organization, which impacts the security of the information, since technological solutions of technical problems become incomprehensible without human recognition about security. If the security is not addressed in firms, this might lead to essential data of the organization to be compromised. This study explores ways to enhance information security and improve the human factor by integrating the crucial information security elements in organizations. Social constructivist worldview is adopted throughout the study, and an inductive based - qualitative approach, a single case study design and hermeneutical analysis for analyzing the observations and interviews are utilized. The research setting for this study is Växjö Municipality in Sweden. The empirical investigation suggests that human factor plays an essential role in maintaining information security, and organizations can improve employees’ role by keeping their security policies up to date and find the best ways to disseminate that information. As a result, this research comes up with “information security human management model” for organizations.
50
Zhong, Xin. "Security framework for management of distributed systems." Thesis, National Library of Canada = Bibliothèque nationale du Canada, 1999. http://www.collectionscanada.ca/obj/s4/f2/dsk2/ftp01/MQ39901.pdf.
Full text