Global ETD Search

101	Security in SOA-Based Healthcare Systems Sassoon, Richard January 2009 (has links) <p>Healthcare organizations need to handle many kinds of information and integrate different support systems, which may be accessed from external corporations. Service Oriented Architecture (SOA) provides the means to achieve a common platform to deploy services that can be used across the organization and its boundaries, but introduces new security concerns that need to be evaluated in order to implement a secure system, while still suffering from standard threats. Web Services are the common way to implement SOA applications, having several standards related to security (such as XML Encryption, XML Signature and WS-Security). Still, other security mechanisms such as input validation and SSL/TLS need to be thought of as well. A penetration test based on recognized methodologies and guidelines, such as the NIST Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide and SIFT Web Services Security Testing Framework, was performed on a case study system. A proof of concept application making use of a set of middleware (web) services, the MPOWER platform, was audited in order to expose vulnerabilities. After conducting the penetration test on the system, 10 out of 15 scenarios presented security issues. The vulnerabilities found were described, demonstrating several risks from misusing, or not implementing at all, security mechanisms. As a consequence, countermeasures and recommendations were proposed in an attempt to improve the overall security of SOA-based (healthcare) systems. The results of the assessment show us how important is to validate the security of a system before putting it into production environment. We also come to the conclusion that security testing should be an inherent part of a secure software development life cycle. Moreover, not only healthcare systems may benefit from this study, and also not only SOA-based ones.</p> ntnudaim Information security
102	An Investigation of Spam Filter Optimaltiy : based on Signal Detection Theory Singh, Kuldeep January 2009 (has links) <p>Unsolicited bulk email, commonly known as spam, represents a significant problem on the Internet. The seriousness of the situation is reflected by the fact that approximately 97% of the total e-mail traffic currently (2009) is spam. To fight this problem, various anti-spam methods have been proposed and are implemented to filter out spam before it gets delivered to recipients, but none of these methods are entirely satisfactory. This thesis analyzes the properties of spam filters from the viewpoint of Signal Detection Theory (SDT). The Bayesian approach of Signal Detection Theory provides a basis for determining the tuning of spam filters from the particular user's point of view and helps in determining the utility which the spam filter provides to the user.</p> ntnudaim Information security
103	Secure Context-Aware Mobile SIP User Agent Merha, Bemnet Tesfaye January 2009 (has links) <p>Context awareness is an important aspect of pervasive and ubiquitous computing. By utilizing contextual information gathered from the environment, applications can adapt to the users specific situation. In this thesis, user context is used to automatically discover multimedia devices and services that can be used by a mobile Session Initiation Protocol (SIP) user agent. The location of the user is captured using various sensing technologies to allow users of our SIP user agent to interact with network attached projectors, speakers, and cameras in a home and office environment. In order to determine the location of the user, we have developed and evaluated a context aggregation framework that gathers and analyzes contextual information from various sources such as passive infrared sensors, infrared beacons, light intensity, and temperature sensors. Once the location of the user is determined, the Service Location Protocol (SLP) is used to search for services. For this purpose, we have implemented a mobile SLP user agent and integrated it with an existing SIP user agent. The resulting mobile SIP user agent is able to dynamically utilize multimedia devices around it without requiring the user to do any manual configuration. This thesis also addressed the challenge of building trust relationship between the user agent and the multimedia services. We propose a mechanism which enables the user agent authenticate service advertisements before starting to redirect media streams. The measurements we have performed indicate that the proposed context aggregation framework provides more accurate location determination when additional sensors are incorporated. Furthermore, the performance measurements indicate that the delay incurred by introducing context awareness to the SIP user agent is acceptable for a small deployment such as home and office environment. In order to realize large scale deployments, future investigations are recommended to further improve the performance of the framework. Keywords: SIP, context-awareness, service discovery, trust establishment</p> ntnudaim Information security
104	A Framework for Securing e-Government Services : The Case of Tanzania Karokola, Geoffrey Rwezaura January 2012 (has links) e-Government services are becoming one of the most important and efficient means by which governments (G) interact with businesses (B) and citizens (C). This has brought not only tremendous opportunities but also serious security challenges. Critical information assets are exposed to current and emerging security risks and threats. In the course of this study, it was learnt that e-government services are heavily guided and benchmarked by e-Government maturity models (eGMMs). However, the models lack built-in security services, technical as well as non-technical; leading to lack of strategic objectives alignment between e-government services and security services. Information security has an important role in mitigating security risks and threats posed to e-government services. Security improves quality of the services offered. In light of the above, the goal of this research work is to propose a framework that would facilitate government organisations to effectively offer appropriate secure e-government services. To achieve this goal, an empirical investigation was conducted in Tanzania involving six government organizations. The investigations were inter-foiled by a sequence of structural compositions resulting in a proposition of a framework for securing e-government services which integrates IT security services into eGMMs. The research work was mainly guided by a design science research approach complemented in parts by systemic-holistic and socio-technical approaches. The thesis contributes to the empirical and theoretical body of knowledge within the computer and systems sciences on securing e-government structures. It encompasses a new approach to secure e-government services incorporating security services into eGMMs. Also, it enhances the awareness, need and importance of security services to be an integral part of eGMMs to different groups such as researched organizations, academia, practitioners, policy and decision makers, stakeholders, and the community. / <p>At the time of the doctoral defence the following paper was unpublished and had a status as follows: Paper nr. 6: In press</p> e-Government information security maturity models services technical security non-technical security
105	Share Computing Protocols over Fields and Rings Kahrs, Katharina January 2009 (has links) In this thesis, we explain linear secret sharing schemes, in particular multiplicative threshold linear secret sharing schemes, over fields and rings in a compact and concise way. We explain two characterisations of linear secret sharing schemes, and in particular, we characterise threshold linear secret sharing schemes. We develop an algorithm to generate all multiplicative $(t+1)$-out-of-$n$ threshold linear secret sharing schemes over a field $mathbb{Z}sb{p}$. For the ring $mathbb{Z}sb{2sp{32}}$, we explain the generation of secret sharing schemes for threshold access structures and prove the non-existence of $(t+1)$-out-of-$n$ threshold linear secret sharing schemes with $n > t+1$. ntnudaim Information security
106	Trusted secure service design : Enhancing trust with the future sim-cards Vilarinho, Thomas Carlyle January 2009 (has links) The SIM cards are going through several new enhancements both in the underlying hardware and its capabilities. They are becoming secure wireless networked devices containing embedded sensors. This thesis assess how this new SIM capabilities together with its pervasiveness and security can support the development and design of trust-based applications. It reviews the new trust possibilities based on the identity factor, connectivity and context-awareness sensors on the SIM. Moreover, we present a specific use-case around a seamless trust builder for social networks, which makes use of sensed inputs towards building hard contextual evidences to trust relations. We conclude with the description of the challenges of building this evidence based trust-builder and the necessary steps to going from the prototype we developed to a real application which may accurately describe trust relations. ntnudaim Information security
107	Detection of intermediary hosts through TCP latency propagation Singh, Gurvinder January 2009 (has links) Today people from all lifestyles, government officials, researchers and executives use internet. The people start to depend on internet for their daily life. However, the increased dependence comes with a great risk. The popularity and potential of internet attracts users with illegal intentions as well. The attackers generally establish a connection chain by logging in to a number of intermediary hosts before launching an attack at the victim host. These intermediary hosts are called as stepping-stones. On the victim side, it becomes hard to detect that the peer communicating with the victim is whether a real originator of the connection or it is merely acting as an intermediary host in the connection chain. This master dissertation proposed an approach based on Interarrival packet time to distinguish an incoming connection from a connection coming via some intermediary hosts. The proposed approach uses information available at the receiving end and applicable to encrypted traffic too. The approach was successfully tested for SSH, Telnet, FTP, HTTP and SMTP protocols and implemented in to an intrusion detection system for corresponding protocols. The main applications for the proposed approach are Manual intrusion detection, Tor usage detection and Spam messages detection. The approach is also applicable for the digital forensics investigations. Keywords : Network security, Stepping stone detection, Manual intrusion detection, Tor usage detection, Spam detection and Digital forensics investigation. ntnudaim Information security
108	Identity Management with Petname Systems Ferdous, Md. Sadek January 2009 (has links) In the first part of the thesis, we have focused on providing a brief overview of Petname Systems starting from the introductory concept of Entity, Identity and Identity Management with a brief description on different IdM architectures. We have found that the Petname Model is well suited to be integrated in the Personal SP Identity model. We also provided a brief description on Identity Theft and the Phishing attack with different attack techniques and defense mechanisms. Then we summarized the history and evolution of the Petname Model in one place. Previously it was scattered among several web articles. We have formally defined the properties of Petname Systems and explained how this set of properties can satisfy the essential security usability principles. It is our belief that if these properties are followed in developing applications based on the Petname Model, it will improve the user experience and improve overall security by removing security vulnerabilities related to poor usability. The thesis has also analyzed two available Petname-based applications for server identification management and shown that they represent an improvement in usability, but unfortunately do not satisfy all the specified Security Usability principles. In the second part, we have developed the UniPet, a Petname Model based application with similar functionalities of the Petname Tool and the TrustBar, that utilizes the concept of aiding user in identifying SP identities securely on their side. We have deployed several technologies to meet the complex level of interaction the UniPet asks for. We have provided a brief discussion on each of the technologies to better understand the UniPet architecture. We have also shown that the UniPet has been a major improvement on GUI and on the security usability issues over those two applications. The UniPet satisfies all the properties of a Petname System and thus is fully compliant with the Security Usability principles. We believe that the UniPet will provide the users with an improved and secure browsing experience. ntnudaim Information security
109	Performance Evaluation Framework for a SIP-based Telecommunication Call Handling System Sangvanphant, Nattanond January 2009 (has links) Session Initiation Protocol (SIP) has been used for signaling in many Voice over IP (VoIP) applications. Being more cost-effective than conventional circuit-switched systems, IP-based telecommunication systems are extensively employed by many service providers. As these systems gain more popularity, the need for dimensioning of such systems grows correspondingly. Moreover, accurate information about system capacity is necessary for future improvements of the system, as well as service provision and implementation planning. For these reasons, a solution supporting system performance evaluation is useful and beneficial in several ways. The goal of this research was to develop a performance evaluation framework for a SIP-based telecommunication system. The developed framework facilitates measurements of the maximum number of requests which can be processed by a system, and the amount of time required for call session establishment. With a user-friendly interface, the framework enables system testers to perform experiments using simulated SIP traffics, as well as to deal with results interpretation easily. In order to achieve the objective, studies of related technologies and available tools for SIP traffic generation have been carried out. Afterwards, the performance evaluation framework is designed and implemented. Lastly, the developed framework is used for evaluating the performance of EasyVPaBX, a SIP-based call handling system, in various system configurations. Keywords: SIP, Performance, Evaluation, Dimensioning, Measurement ntnudaim Information security
110	Study of TCP friendliness of CEAS routing system in comparison with Distance Vector Routing and Link State Routing Tamrakar, Sandeep January 2009 (has links) With the continuous development of the Internet technologies new routing requirements have surfaced. In response, several adaptive, stochastic routing algorithms have been purposed. The Cross Entropy Ant System (CEAS) is an adaptive, robust and distributed routing and management system based on the swarm intelligence. Several prototype implementations and enhancements have been made on this system, however the level of TCP friendliness the CEAS may provide is yet an important issue. In order to investigate the level of TCP friendliness, the behavior of the CEAS system during different network dynamics needs to be understood. For this reason, the behavior of the CEAS system under different network event and its corresponding effects on TCP performance is examined first using a simple network. Later the level of TCP performance is measured on complex networks. Also the load sharing capabilities of the CEAS system is investigated the efficiency of the system to manage and update according to the network load. Additionally the results are compared against the results obtained from the standard Link State Routing protocol and the Distance Vector Routing protocol under similar conditions. In this work, we find that the update process in response to the change in network dynamics is slower on CEAS compared to the other systems. However, the update process speeds up with the increase in the ant rates. During such period the use of multiple path reduces the TCP performance. We also find that large amount of packets loop around some links during link failures. Such looping reduces the TCP performance significantly. However, implementing previous hop memory technique removes such loops and also help TCP resume transmission immediately after the link failure. Compare to the LSRP and the DVR, we find that CEAS manages network resources more efficiently to produce higher TCP performance. We find that the CEAS diverts the data traffic on the basis of the quality of the path rather than the length of the path. We also find that the CEAS system handles multiple TCP stream independently with equal priority. But the smaller transition delay on the ants compared to the data packet reduces the TCP performance to some extent. However, forcing the ants to experience longer queuing delay according to the traffic load improves the TCP performance as well as helps CEAS update more accurately. ntnudaim Information security

Search results