Global ETD Search

681	Precise, General, and Efficient Data-flow Analysis for Security Vetting of Android Apps Wei, Fengguo 18 June 2018 (has links) This dissertation presents a new approach to static analysis for security vetting of Android apps, and a general framework called Argus-SAF. Argus-SAF determines points-to information for all objects in an Android app component in a flow and context-sensitive (user-configurable) way and performs data-flow and data dependence analysis for the component. Argus-SAF also tracks inter-component communication activities. It can stitch the component-level information into the app- level information to perform intra-app or inter-app analysis. Moreover, Argus-SAF is NDK/JNI- aware and can efficiently track precise data-flow across language boundary. This dissertation shows that, (a) the aforementioned type of comprehensive app analysis is utterly feasible in terms of computing resources with modern hardware, (b) one can easily leverage the results from this general analysis to build various types of specialized security analyses – in many cases the amount of additional coding needed is around 100 lines of code, and (c) the result of those specialized analyses leveraging Argus-SAF is at least on par and often exceeds prior works designed for the specific problems, which this dissertation demonstrate by comparing Argus-SAF’s results with those of prior works whenever the tool can be obtained. Since Argus-SAF’s analysis directly handles intercomponent and inter-language control and data flows, it can be used to address security problems that result from interactions among multiple components from either the same or different apps and among java code and native code. Argus-SAF’s analysis is sound in that it can assure the absence of the specified security problems in an app with well-specified and reasonable assumptions on Android runtime system and its library. Android App Security Analysis Mobile Security Static Analysis Computer Sciences
682	Changing employment protection systemsthe comparative evolution of labour standards in Australia and Italy 1979 to 2000 / Michelotti, Marco,1970- January 2003 (has links) For thesis abstract select View Thesis Title, Contents and Abstract Industrial relations Industrial relations Job security Job security
683	Logic programming based formal representations for authorization and security protocols Wang, Shujing, University of Western Sydney, College of Health and Science, School of Computing and Mathematics January 2008 (has links) Logic programming with answer set semantics has been considered appealing rule-based formalism language and applied in information security areas. In this thesis, we investigate the problems of authorization in distributed environments and security protocol verification and update. Authorization decisions are required in large-scale distributed environments, such as electronic commerce, remote resource sharing, etc. We adopt the trust management approach, in which authorization is viewed as a ‘proof of compliance" problem. We develop an authorization language AL with non-monotonic feature as the policy and credential specification language, which can express delegation with depth control, complex subject structures, both positive and negative authorizations, and separation of duty concepts. The theoretical foundation for language AL is the answer set semantics of logic programming. We transform AL to logic programs and the authorization decisions are based on answer sets of the programs. We also explore the tractable subclasses of language AL. We implement a fine grained access control prototype system for XML resources, in which the language AL¤ simplified from AL is the policy and credential specification language. We define XPolicy, the XML format of AL¤, which is a DTD for the XML policy documents. The semantics of the policy is based on the semantics of language AL. The system is implemented using Java programming. We investigate the security protocol verification problem in provable security approach. Based on logic programming with answer set semantics, we develop a unified framework for security protocol verification and update, which integrates protocol specification, verification and update. The update model is defined using forgetting techniques in logic programming. Through a case study protocol, we demonstrate an application of our approach. / Doctor of Philosophy (PhD) computer security computer networks database security logic programming
684	Implementation of a logic-based access control system with dynamic policy updates and temporal constraints Crescini, Vino Fernando, University of Western Sydney, College of Health and Science, School of Computing and Mathematics January 2006 (has links) As information systems evolve to cope with the ever increasing demand of today’s digital world, so does the need for more effective means of protecting information. In the early days of computing, information security started out as a branch of information technology. Over the years, several advances in information security have been made and, as a result, it is now considered a discipline in its own right. The most fundamental function of information security is to ensure that information flows to authorised entities, and at the same time, prevent unauthorised entities from accessing the protected information. In a typical information system, an access control system provides this function. Several advances in the field of information security have produced several access control models and implementations. However, as information technology evolves, the need for a better access control system increases. This dissertation proposes an effective, yet flexible access control system: the Policy Updater access control system. Policy Updater is a fully-implemented access control system that provides policy evaluations as well as dynamic policy updates. These functions are provided by the use of a logic-based language, L, to represent the underlying access control policies, constraints and policy update rules. The system performs authorisation query evaluations, as well as conditional and dynamic policy updates by translating language L policies to normal logic programs in a form suitable for evaluation using the well-known Stable Model semantics. In this thesis, we show the underlying mechanisms that make up the Policy Updater system, including the theoretical foundations of its formal language, the system structure, a full discussion of implementation issues and a performance analysis. Lastly, the thesis also proposes a non-trivial extension of the Policy Updater system that is capable of supporting temporal constraints. This is made possible by the integration of the well-established Temporal Interval Algebra into the extended authorisation language, language LT , which can also be translated into a normal logic program for evaluation. The formalisation of this extension, together with the full implementation details, are included in this dissertation. / Doctor of Philosophy (PhD) computer security database security logic programming computer safety
685	A proposed security protocol for data gathering mobile agents Al-Jaljouli, Raja, Computer Science & Engineering, Faculty of Engineering, UNSW January 2006 (has links) We address the security issue of the data which mobile agents gather as they are traversing the Internet. Our goal is to devise a security protocol that truly secures the data which mobile agents gather. Several cryptographic protocols were presented in the literature asserting the security of gathered data. Formal verification of the protocols reveals unforeseen security flaws, such as truncation or alteration of the collected data, breaching the privacy of the gathered data, sending others data under the private key of a malicious host, and replacing the collected data with data of similar agents. So the existing protocols are not truly secure. We present an accurate security protocol which aims to assert strong integrity, authenticity, and confidentiality of the gathered data. The proposed protocol is derived from the Multi-hops protocol. The protocol suffers from security flaws, e.g. an adversary might truncate/ replace collected data, or sign others data with its own private key without being detected. The proposed protocol refines the Multi-hops protocol by implementing the following security techniques: utilization of co-operating agents, scrambling the gathered offers, requesting a visited host to clear its memory from any data acquired as a result of executing the agent before the host dispatches the agent to the succeeding host in the agent???s itinerary, and carrying out verifications on the identity of the genuine initiator at the early execution of the agent at visited hosts, in addition to the verifications upon the agent???s return to the initiator. The proposed protocol also implements the common security techniques such as public key encryption, digital signature, etc. The implemented security techniques would rectify the security flaws revealed in the existing protocols. We use STA, an infinite-state exploration tool, to verify the security properties of a reasonably small instance of the proposed protocol in key configurations. The analysis using STA reports no attack. Moreover, we carefully reason the correctness of the security protocol for a general model and show that the protocol would be capable of preventing or at least detecting the attacks revealed in the existing protocols. Mobile agents security protocol formal methds information security
686	Approaches to the Regional Security Analysis of Southeast Asia Khoo, How San, xiaosan@starhub.net.sg January 1999 (has links) The purpose of this study is to critically evaluate three scholarly perspectives -- balance of power, institutional, and security complex -- to examine the evolving dynamics of security interdependence and inter-state relations among Southeast Asian states and external powers since 1945. This study is thus a comparative evaluation of the strengths and weaknesses of the three methods in their empirical analysis of the regional security dynamics of Southeast Asia.¶ There is much merit in the balance of power approach. It tracked the consequences of the bipolar Cold War rivalry on Southeast Asia. Its logical construction led it to be concerned with alliances, coalitions and alignments. But it has not satisfactorily explained the relatively benign conditions after the Cold War. The institutional approach similarly emphasizes material explanatory factors (although, in its case, not exclusively so). It identifies the emergence of institutions when groups of countries find it in their mutual interest to cooperate through rules and norms. But the approach may prove to be incomplete in assessing ASEAN's post-Cold War behaviour. As an analytical device, the security complex is deployed to provide a corrective to the over-emphasis (of the other two approaches) on the systemic dynamics. By identifying regional and local dynamics interacting with systemic dynamics via patterns of amity and enmity, it offers explanatory accounts of the behaviour of regional states in situations where the other two approaches fail to do satisfactorily. Moreover, it provides a framework for the deployment of constructivism, which identifies the ideational process whereby interdependent regional states respond to changes in both the power and amity-enmity attributes.¶ This study concludes that security relations among Southeast Asian states and in their relations with external powers after the Cold War, are better examined using the three approaches in a complementary manner. In this way, the influence of local amity-enmity patterns is seen to impact on balance of power and institutional situations. balance of power institutional security complex Southeast Asia regional security analysis
687	Secure and Private Fingerprint-based Authentication Arakala, Arathi, arathi.arakala@ems.rmit.edu.au January 2008 (has links) This thesis studies the requirements and processes involved in building an authentication system using the fingerprint biometric, where the fingerprint template is protected during storage and during comparison. The principles developed in this thesis can be easily extended to authentication systems using other biometric modalities. Most existing biometric authentication systems store their template securely using an encryption function. However, in order to perform matching, the enrolled template must be decrypted. It is at this point that the authentication system is most vulnerable as the entire enrolled template is exposed. A biometric is irreplaceable if compromised and can also reveal sensitive information about an individual. If biometric systems are taken up widely, the template could also be used as an individual's digital identifier. Compromise in that case, violates an individual's right to privacy as their transactions in all systems where they used that compromised biometric can be tracked. Therefore securing a biometric template during comparison as well as storage in an authentication system is imperative. Eight different fingerprint template representation techniques, where templates were treated as a set of elements derived from the locations and orientations of fingerprint minutiae, were studied. Four main steps to build any biometric based authentication system were identified and each of the eight fingerprint template representations was inducted through the four steps. Two distinct Error Tolerant Cryptographic Constructs based on the set difference metric, were studied for their ability to securely store and compare each of the template types in an authentication system. The first construct was found to be unsuitable for a fundamental reason that would apply to all the template types considered in the research. The second construct did not have the limitation of the first and three algorithms to build authentication systems using the second construct were proposed. It was determined that minutiae-based templates had significant intra sample variation as a result of which a very relaxed matching threshold had to be set in the authentication system. The relaxed threshold caused the authentication systems built using the first two algorithms to reveal enough information about the stored templates to render them insecure. It was found that in cases of such large intra-sample variation, a commonality based match decision was more appropriate. One solution to building a secure authentication system using minutiae-based templates was demonstrated by the third algorithm which used a two stage matching process involving the second cryptographic construct and a commonality based similarity measure in the two stages respectively. This implementation was successful in securing the fingerprint template during comparison as well as storage, with minimal reduction in accuracy when compared to the matching performance without the cryptographic construct. Another solution is to use an efficient commonality based error tolerant cryptographic construct. This thesis lists the desirable characteristics of such a construct as existence of any is unknown to date. This thesis concludes by presenting good guidelines to evaluate the suitability of different cryptographic constructs to protect biometric templates of other modalities in an authentication system. Biometric Security Fingerprint Security Minutiae-based templates PinSketch
688	Multiple Escrow Agents in VoIP Azfar, Abdullah January 2010 (has links) Using a Key escrow agent in conjunction with Voice over IP (VoIP) communication ensures that law enforcements agencies (LEAs) can retrieve the session key used to encrypt data between two users in a VoIP session. However, the use of a single escrow agent has some drawbacks. A fraudulent request by an evil employee from the LEA can lead to improper disclosure of a session key. After the escrow agent reveals the key this evil person could fabricate data according to his/her needs and encrypt it again (using the correct session key). In this situation the persons involved in the communication session can be accused of crimes that he or she or they never committed. The problems with a single escrow agent becomes even more critical as a failure of the escrow agent can delay or even make it impossible to reveal the session key, thus the escrow agent might not be able to comply with a lawful court order or comply with their escrow agreement in the case of data being released according to this agreement (for example for disaster recovery).This thesis project focused on improving the accessibility and reliability of escrow agents, while providing good security. One such method is based on dividing the session key into m chunks and escrowing the chunks with m escrow agents. Using threshold cryptography the key can be regenerated by gathering any n-out-of-m chunks. The value of m and n may differ according to the role of the user. For a highly sophisticated session, the user might define a higher value for m and n for improved, availability, reliability, and security. For a less confidential or less important session (call), the value of m and n might be smaller. The thesis examines the increased availability and increased reliability made possible by using multiple escrow agents. ntnudaim Information security
689	State-of-the-art Study and Design of a Small Footprint Version of the COOS Plugin Framework Khan, Kashif Nizam January 2010 (has links) GSM and UMTS technologies have already gained a huge market penetrationresulting in millions of customers. Machine-to-Machine (M2M) Communicationis promising to be the next big technology that is going to hit themass market with numerous essential services. Telemetry systems, whichwere thought once as the domain of big industrial companies, are now beingavailable to larger and wider customers because of the advances in M2Mcommunication. Thanks to mobile technologies, millions of small handhelddevices are now available in the mass market which can be used to communicatereal time information to the customers. Telenor Objects (a smallbusiness unit of Telenor Group) has defined a new Connected Object Operatingsystem (COOS) which aims to provide a common platform for thedevices to communicate real time data and to provide value added servicesto the customers. COOS is a modular and flexible platform, and includes aplugin framework offered to device and service developers for easy connectingservices and devices to the platform. The current version of COOS pluginframework is based on Java Standard Edition and OSGI, with some supportfor development on J2ME. This thesis research work aims to provide a briefoverview of the Connected Object concept and the COOS platform architecture.The main goal of this thesis is to design a small footprint version ofthe COOS plugin framework for Windows-based handheld devices. It willalso provide a state-of- the art study on mobile device programming focusingon Windows-based services. This thesis research can serve as a startingdocument to provide a full functioning plugin framework for Windows-baseddevices and services. ntnudaim Information security
690	Model Driven Development of Web Application with SPACE Method and Tool-suit Rehana, Jinat January 2010 (has links) Enterprise level software development using traditional software engineeringapproaches with third-generation programming languages is becoming morechallenging and cumbersome task with the increased complexity of products,shortened development cycles and heightened expectations of quality. MDD(Model Driven Development) has been counting as an exciting and magicaldevelopment approach in the software industry from several years. The ideabehind MDD is the separation of business logic of a system from its implementationdetails expressing problem domain using models. This separation andmodeling of problem domain simplify the process of system design as well asincrease the longevity of products as new technologies can be adopted easily.With appropriate tool support, MDD shortens the software development lifecycle drastically by automating a significant portion of development steps.MDA (Model Driven Architecture) is a framework launched by OMG (ObjectManagement Group) to support MDD. SPACE is an engineering methodfor rapid creation of services, developed at NTNU (Norwegian University ofScience and Technology) which follows MDA framework. Arctis and Ramsesare tool suits, also developed at NTNU to support SPACE method. Severalsolutions have been developed on Arctis tool suit covering several domainslike mobile services, embedded systems, home automation, trust managementand web services.This thesis presents a case study on the web application domain with Arctis,where the underlying technologies are AJAX (asynchronous JavaScriptand XML), GWT (Google Web Toolkit) framework and Java Servlet. Inorder to do that, this thesis contributes building up some reusable buildingblocks with Arctis tool suit. This thesis also describes a use case scenario touse those building blocks. This thesis work tries to implement the specifiedsystem and evaluates the resulting work. ntnudaim Information security

Search results