An extension to the Android access control framework

Huang, Qing

January 2011

Several nice hardware functionalities located at the low level of operating system onmobile phones could be utilized in a better way if they are available to applicationdevelopers. With their help, developers are able to bring overall user experienceto a new level in terms of developing novel applications. For instance, one of thosehardware functionalities, SIM-card authentication is able to offer stronger andmore convenient way of authentication when compared to the traditional approach.Replacing the username-password combination with the SIM-card authentication,users are freed from memorizing passwords. However, since normally those kindsof functionalities are locked up at the low level, they are only accessible by a fewusers who have been given privileged access rights. To let the normal applicationsbe benefiting as well, they need to be made accessible at the application level. Onthe one hand, as we see the benefit it will bring to us, there is a clear intentionto open it up, however, on the other hand, there is also a limitation resultingfrom their security-critical nature that needs to be placed when accessing whichis restricting the access to trusted third parties. Our investigation is based on the Android platform. The problem that we havediscovered is the existing security mechanism in Android is not able to satisfy everyregards of requirements we mentioned above when exposing SIM-card authenticationfunctionality. Hence, our requirement on enhancing the access control modelof Android comes naturally. In order to better suit the needs, we proposed a solutionWhite lists & Domains (WITDOM) to improve its current situation in thethesis. The proposed solution is an extension to the existing access control modelin Android that allows alternative ways to specify access controls therefore complementingthe existing Android security mechanisms. We have both designedand implemented the solution and the result shows that with the service that weprovided, critical functionalities, such as APIs for the low-level hardware functionalitycan retain the same level of protection however in the meanwhile, with moreflexible protection mechanism.

Android security

access control

Biometrics - Evaluation of Current Situation

Zahidi, Salman

January 2011

Information security has always been a topic of concern in the world as an emphasis on new techniques to secure the identity of a legitimate user is regarded as top priority. To counter such an issue, we have a traditional way of authentication factors “what you have” and “what you know” in the form of smart cards or passwords respectively. But biometrics is based on the factor “who are you” by analyzing human physical or behavioral characteristics. Biometrics has always been an efficient way of authorization and is now considered as a $1500 million industry where fingerprints dominate the biometrics while iris is quickly emerging as the most desirable form of biometric technique.The main goal of this thesis is to compare and evaluate different biometrics techniques in terms of their purpose, recognition mechanism, market value and their application areas. Since there are no defined evaluating criteria, my method of evaluation was based on a literature survey from internet, books, IEEE papers and technical surveys. Chapter 3 is focused on different biometrics techniques where I discuss them briefly but in chapter 4, I go deeper into Iris, fingerprints, facial techniques which are prominent in biometrics world. Lastly, I had a general assessment of the biometrics, their future growth and suggested specific techniques for different environment like access controls, e-commerce, national ids, and surveillance.

Supply Chain Security. Tools, Trends, and Techniques : Toyota and Honda cases

Klimova, Nadezda, Akimova, Anna

January 2011

Supply chain management has experienced great changes within the last fifty years. Inevitably, many companies entered the global market with the prime intention to achieve their defined goals. In comparison with the local markets, the global environment requires more efforts and changes in the supply chain operation in order to remain viable in business. Several business models are introduced for achieving the success in the market, suggested by the following researchers: Liker, Choi, Ronald Gilson, andMark J. Roeand others.  In a row with the study cases of Honda and Toyota Companies, the Supply Chain Trading Security is presented. Within this paper the security approaches are discussed during the processes of market penetration and development globally. The main strengths and weaknesses of the models are highlighted in the thesis. The description of market situations and explanation of the models’ application is presented. In order to achieve better results in the analysis of the case studies, the qualitative and inductive research methods have been implemented. The secondary data is considered to be the cornerstone of the thesis. Due to the fact that the thesis is based on descriptive, partially explanatory, and qualitative research methods, different meanings and experiences related to the Supply Chain Security phenomenon are discussed. In order to obtain the necessary data, library catalogues, encyclopedias, databases, and search engines in the Internet are utilized. The thesis goes through the following processes: choice of research area, formulation of research questions, choice of method, formulation of research design and data collection techniques, implementation of data collection, analysis of data, interpretation of data, and finally conclusions. The studied companies in the thesis – Toyota and Honda – conducted four major supply chain models that are neatly explained through the research. Partnership, Supplier Keiretsu, ARA, and Triple-A are the operated models. The following issues have been derived as conclusions: many components of supply chain security in terms of trade, affect the whole organization to a great extent. In order to keep the customer loyalty, image, and brand, companies should focus on their own core competence. Complex, transnational, and multi-vendor supply chain security models require more collaboration on safety issues that is approximately a half of the whole job. In addition, management and control of activities are necessary in order to achieve the target, go through the obstacles, and manage the current market situation.  Economic, political, and nature influence are key determinants of the supply network situation and give the possibility for a company to gain benefits, and control all business activities. The optimal choice of the model is considered to be the main tool aiming to manage all aforementioned tasks. Furthermore, diverse cultural differences influence the choice of the models that are implemented by the American and Japanese companies.

Supply Chain Security

Novel Secret Sharing and Commitment Schemes for Cryptographic Applications

Nojoumian, Mehrdad

January 2012

In the second chapter, the notion of a social secret sharing (SSS) scheme is introduced in which shares are allocated based on a player's reputation and the way she interacts with other parties. In other words, this scheme renews shares at each cycle without changing the secret, and it allows the trusted parties to gain more authority. Our motivation is that, in real-world applications, components of a secure scheme have different levels of importance (i.e., the number of shares a player has) and reputation (i.e., cooperation with other parties). Therefore, a good construction should balance these two factors accordingly. In the third chapter, a novel socio-rational secret sharing (SRS) scheme is introduced in which rational foresighted players have long-term interactions in a social context, i.e., players run secret sharing while founding and sustaining a public trust network. To motivate this, consider a repeated secret sharing game such as sealed-bid auctions. If we assume each party has a reputation value, we can then penalize (or reward) the players who are selfish (or unselfish) from game to game. This social reinforcement stimulates the players to be cooperative in the secret recovery phase. Unlike the existing protocols in the literature, the proposed solution is stable and it only has a single reconstruction round. In the fourth chapter, a comprehensive analysis of the existing dynamic secret sharing (DSS) schemes is first provided. In a threshold scheme, the sensitivity of the secret and the number of players may fluctuate due to various reasons. Moreover, a common problem with almost all secret sharing schemes is that they are ``one-time'', meaning that the secret and shares are known to everyone after secret recovery. We therefore provide new techniques where the threshold and/or the secret can be changed multiple times to arbitrary values after the initialization. In addition, we introduce a new application of dynamic threshold schemes, named sequential secret sharing (SQS), in which several secrets with increasing thresholds are shared among the players who have different levels of authority. In the fifth chapter, a cryptographic primitive, named multicomponent commitment scheme (MCS) is proposed where we have multiple committers and verifiers. This new scheme is used to construct different sealed-bid auction protocols (SAP) where the auction outcomes are defined without revealing the losing bids. The main reason for constructing secure auctions is the fact that the values of the losing bids can be exploited in future auctions and negotiations if they are not kept private. In our auctioneer-free protocols, bidders first commit to their bids before the auction starts. They then apply a decreasing price mechanism to define the winner and selling price in an unconditionally secure setting.

Cryptography

Security

Computer Science

Dynamic silicon firewall

Laturnas, Darrell Keith

20 September 2006

Computers are networked together in order to share the information they store and process. The internet connects many of these networks together, offering a multitude of options for communication, productivity and entertainment. It also offers the opportunity for unscrupulous individuals to contact these networked computers and attempt to appropriate or destroy the data on them, the computing resources they provide, and the identity or reputation of the computer user. Measures to secure networks need to be implemented by network administrators and users to protect their computing assets. <p>Firewalls filter information as it flows through a network. This filter can be implemented in hardware or software and can be used to protect computers from unwanted access. While software firewalls are considered easier to set up and use, hardware firewalls are often considered faster and more secure. Absent from the marketplace is an embedded hardware solution applicable to desktop systems. <p>Traditional software firewalls use the processor of the computer to filter packets; this is disadvantageous because the computer can become unusable during a network attack when the processor is swamped by the firewall process. Traditional hardware firewalls are usually implemented in a single location, between a private network and the internet. Depending on the size of the private network, a hardware firewall may be responsible for filtering the network traffic of hundreds of clients. This not only makes the required hardware firewall quite expensive, but dedicates those financial resources to a single point that may fail. <p>The dynamic silicon firewall project implements a hardware firewall using a soft-core processor with a custom peripheral designed using a hardware description language. Embedding this hardware firewall on each network interface card in a network would offer many benefits. It would avoid the aforementioned denial of service problem that software firewalls are susceptible to since the custom peripheral handles the filtering of packets. It could also reduce the complexity required to secure a large private network, and eliminate the problem of a single point of failure. Also, the dynamic silicon firewall requires little to no administration since the filtering rules change with the users network activity. The design of the dynamic silicon firewall incorporates the best features from traditional hardware and software firewalls, while minimizing or avoiding the negative aspects of each.

Firewall

Network Security

Embedded

Immigration and refugee protection act : balancing individual rights and national security

Garritty, Shane Francis

30 April 2008

Early in 2001 the federal government tabled Bill C-11, the Immigration and Refugee Protection Act (IRPA), new comprehensive legislation intended to overhaul Canadas immigration laws. By this time, refugees had become singled out above other classes of immigrants as a threat to Canadian national security because a backlog of applicants had permitted thousands of failed refugee claimants to remain in Canada and allowed a small number of undesirable individuals to commit serious crimes and to plan and support terrorist activities. This led to public concern that refugees were a potential threat to public safety, national security, and even Canada-US relations. As a result, there were calls for Canada to tighten up its refugee system by adopting a more restrictive adjudication process for refugee claims. At the same time, there were calls for Canada to maintain a fair and open refugee system. This thesis uses discussions from parliamentary committees, an ethical analysis of the right of liberal states to exert sovereignty at the expense of their obligation to protect refugees, and key provisions in both the 1976 Immigration Acts and IRPA, to compare how the two important public goods discussed above, the rights of refugees and the need to protect national security, were balanced in the IRPA. Three major research questions guide this analysis: What provided the impetus for extra legal and security provisions in the IRPA related to refugees? Did amendments in the IRPA constitute a fundamental change to Canadas refugee determination system? Did the IRPA strike a right balance between safeguarding the rights of refugees and safeguarding national security? These questions represent key elements of the refugee/ security nexus, a problem that the IRPA was designed to address. My thesis finds that for the most part the IRPA provided a balanced legislative response to this problem and that it protected the rights of refugees and moderately enhanced provisions related to public safety and national security, although for the latter it did not constitute a marked improvement, nor for the former did it address the outstanding issue of security certificates. But these two deficiencies in the IRPA serve to highlight the inherent tension Canada has had enacting security measures while maintaining fundamental rights for refugees in a changing geo-political environment.

Canada

Refugees

Security

Security of the mobile devices in VäxjöKommun and corporation

Krkusic, Enis

January 2009

No description available.

mobile

network security

Network Security Analysis

Hassan, Aamir, Mohammad, Fida

January 2010

Security  is  the second step after  that a successful network has been deployed. There are many  types  of  attacks  that  could  potentially  harm  the  network  and  an  administrator should  carefully  document  and  plan  the  weak  areas,  where  the  network  could  be compromised. Attackers use special tools and techniques to find out all the possible ways of defeating the network security.  This  thesis  addresses  all  the  possible  tools  and  techniques  that  attackers  use  to compromise the network. The purpose for exploring these tools will help an administrator to find the security holes before an attacker can. All of these tools in this thesis are only for the forensic purpose. Securing routers and switches in the best possible way is another goal. We in this part try to identify important ways of securing these devices, along with their limitations, and then determine the best possible way. The solution will be checked with network vulnerable  tools  to get  the  results.  It  is  important  to note  that most  of  the attention  in  network  security  is  given  to  the  router,  but  far  less  attention  is  given  to securing a switch. This  thesis will also address some more ways of securing a switch, if there is no router in the network. / The opponent for the thesis was Yan Wang and the presentation time was 60 minutes.

Network Security Analysis

Architectural support for enhancing security in clusters

Lee, Man Hee

15 May 2009

Cluster computing has emerged as a common approach for providing more comput- ing and data resources in industry as well as in academia. However, since cluster computer developers have paid more attention to performance and cost e±ciency than to security, numerous security loopholes in cluster servers come to the forefront. Clusters usually rely on ¯rewalls for their security, but the ¯rewalls cannot prevent all security attacks; therefore, cluster systems should be designed to be robust to security attacks intrinsically. In this research, we propose architectural supports for enhancing security of clus- ter systems with marginal performance overhead. This research proceeds in a bottom- up fashion starting from enforcing each cluster component's security to building an integrated secure cluster. First, we propose secure cluster interconnects providing con- ¯dentiality, authentication, and availability. Second, a security accelerating network interface card architecture is proposed to enable low performance overhead encryption and authentication. Third, to enhance security in an individual cluster node, we pro- pose a secure design for shared-memory multiprocessors (SMP) architecture, which is deployed in many clusters. The secure SMP architecture will provide con¯dential communication between processors. This will remove the vulnerability of eavesdrop- ping attacks in a cluster node. Finally, to put all proposed schemes together, we propose a security/performance trade-o® model which can precisely predict performance of an integrated secure cluster.

security

cluster

SMP

none

Lin, Chia-Jung

14 June 2004

none

Leases

ABS

Leases security