Um sistema para gest?o do conhecimento em amea?as, vulnerabilidades e seus efeitos

Massud, M?riam Valen?a

20 December 2005

Made available in DSpace on 2014-12-17T14:56:05Z (GMT). No. of bitstreams: 1 MiriamVM.pdf: 955944 bytes, checksum: 0703348b1d68a5f32e8b6da9536de285 (MD5) Previous issue date: 2005-12-20 / Conselho Nacional de Desenvolvimento Cient?fico e Tecnol?gico / Attacks to devices connected to networks are one of the main problems related to the confidentiality of sensitive data and the correct functioning of computer systems. In spite of the availability of tools and procedures that harden or prevent the occurrence of security incidents, network devices are successfully attacked using strategies applied in previous events. The lack of knowledge about scenarios in which these attacks occurred effectively contributes to the success of new attacks. The development of a tool that makes this kind of information available is, therefore, of great relevance. This work presents a support system to the management of corporate security for the storage, retrieval and help in constructing attack scenarios and related information. If an incident occurs in a corporation, an expert must access the system to store the specific attack scenario. This scenario, made available through controlled access, must be analyzed so that effective decisions or actions can be taken for similar cases. Besides the strategy used by the attacker, attack scenarios also exacerbate vulnerabilities in devices. The access to this kind of information contributes to an increased security level of a corporation's network devices and a decreased response time to occurring incidents / Ataques a dispositivos conectados em rede constituem um dos principais problemas relacionados ? confidencialidade das informa??es sens?veis e ao correto funcionamento dos sistemas de computa??o. Apesar da disponibilidade de ferramentas e de procedimentos que dificultam ou evitam a ocorr?ncia de incidentes de seguran?a, dispositivos de rede s?o atacados com sucesso utilizando-se estrat?gias aplicadas em eventos anteriores. O desconhecimento dos cen?rios nos quais esses ataques ocorreram contribui de maneira efetiva para o sucesso de novos ataques. O desenvolvimento de uma ferramenta que disponibilize esse tipo de informa??o ?, ent?o, de grande relev?ncia. Este trabalho apresenta um sistema de apoio ? gest?o de seguran?a corporativa para o armazenamento, a recupera??o e o aux?lio na composi??o de cen?rios de ataque e informa??es relacionadas. Se um incidente de seguran?a ocorrer em uma corpora??o, o especialista em seguran?a deve acessar o sistema para armazenar o cen?rio de ataque espec?fico. Este cen?rio, disponibilizado atrav?s de acesso controlado, deve ser estudado para que decis?es efetivas possam ser tomadas em casos semelhantes. Cen?rios de ataque evidenciam, al?m da estrat?gia utilizada pelo atacante, vulnerabilidades existentes em dispositivos. O acesso a este tipo de informa??o contribui para a eleva??o do n?vel de seguran?a dos dispositivos de rede de uma corpora??o e para a diminui??o do tempo de resposta ao incidente ocorrido

Banco de Dados

Cen?rios de Ataque

Sistemas Multin?veis Seguros

Gest?o de Seguran?a

Recupera??o de Informa??es

Database

Attack Scenario

Multilevel Security Systems

Security Management

Retrieval Information

CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA

Um framework para desenvolvimento e implementação de sistemas seguros baseados em hardware / A framework for development and implementation of secure hardware-based systems

Gallo Filho, Roberto Alves, 1978-

20 April 2004

Orientador : Ricardo Dahab. / Tese (doutorado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-21T17:02:27Z (GMT). No. of bitstreams: 1 GalloFilho_RobertoAlves_D.pdf: 5999506 bytes, checksum: 6ef66e76246dddb7de30593abff60bc5 (MD5) Previous issue date: 2012 / Resumo A concepção de sistemas seguros demanda tratamento holístico, global. A razão é que a mera composição de componentes individualmente seguros não garante a segurança do conjunto resultante2. Enquanto isso, a complexidade dos sistemas de informação cresce vigorosamente, dentre outros, no que se diz respeito: i) ao número de componentes constituintes; ii) ao número de interações com outros sistemas; e iii) 'a diversidade de natureza dos componentes. Este crescimento constante da complexidade demanda um domínio de conhecimento ao mesmo tempo multidisciplinar e profundo, cada vez mais difícil de ser coordenado em uma única visão global, seja por um indivíduo, seja por uma equipe de desenvolvimento. Nesta tese propomos um framework para a concepção, desenvolvimento e deployment de sistemas baseados em hardware que é fundamentado em uma visão única e global de segurança. Tal visão cobre um espectro abrangente de requisitos, desde a integridade física dos dispositivos até a verificação, pelo usuário final, de que seu sistema está logicamente íntegro. Para alcançar este objetivo, apresentamos nesta tese o seguinte conjunto de componentes para o nosso framework: i) um conjunto de considerações para a construção de modelos de ataques que capturem a natureza particular dos adversários de sistemas seguros reais, principalmente daqueles baseados em hardware; ii) um arcabouço teórico com conceitos e definições importantes e úteis na construção de sistemas seguros baseados em hardware; iii) um conjunto de padrões (patterns) de componentes e arquiteturas de sistemas seguros baseados em hardware; iv) um modelo teórico, lógico-probabilístico, para avaliação do nível de segurança das arquiteturas e implementações; e v) a aplicação dos elementos do framework na implementação de sistemas de produção, com estudos de casos muito significativos3. Os resultados relacionados a estes componentes estão apresentados nesta tese na forma de coletânea de artigos. 2 Técnicas "greedy" não fornecem necessariamente os resultados ótimos. Mais, a presença de componentes seguros não é nem fundamental. 3 Em termos de impacto social, econômico ou estratégico / Abstract: The conception of secure systems requires a global, holistic, approach. The reason is that the mere composition of individually secure components does not necessarily imply in the security of the resulting system4. Meanwhile, the complexity of information systems has grown vigorously in several dimensions as: i) the number of components, ii) the number of interactions with other components, iii) the diversity in the nature of the components. This continuous growth of complexity requires from designers a deep and broad multidisciplinary knowledge, which is becoming increasingly difficult to be coordinated and attained either by individuals or even teams. In this thesis we propose a framework for the conception, development, and deployment of secure hardware-based systems that is rooted on a unified and global security vision. Such a vision encompasses a broad spectrum of requirements, from device physical integrity to the device logical integrity verification by humans. In order to attain this objective we present in this thesis the following set of components of our framework: i) a set of considerations for the development of threat models that captures the particular nature of adversaries of real secure systems based on hardware; ii) a set of theoretical concepts and definitions useful in the design of secure hardware-based systems; iii) a set of design patterns of components and architectures for secure systems; iv) a logical-probabilistic theoretical model for security evaluation of system architectures and implementations; and v) the application of the elements of our framework in production systems with highly relevant study cases. Our results related to these components are presented in this thesis as a series of papers which have been published or submitted for publication. 4Greedy techniques do not inevitably yield optimal results. More than that, the usage of secure components is not even required / Doutorado / Ciência da Computação / Doutor em Ciência da Computação

Proteção de dados

Sistemas de segurança

Data protection

Computer networks - Security measures

Security systems

Zdanění práce v Bulharsku / Taxation of labour in Bulgaria

Conevová, Ema

January 2017

The aim of this diploma thesis is the analysis and comparison of labour taxation in the Czech Republic and Bulgaria. After the introduction, in which the goal and methods of solving are defined, there are two chapters that describe theoretically tax systems in both compared countries with focus on personal income tax and social security systems. The following chapter is devoted to indicators of effective taxation of labour, which are used for international comparisons. Another chapter will describe the comparison of the effective taxation of labour based on the achieved results. There is also an interval and global progressiveness that are used to measure the progressivity of the personal income tax in the Czech Republic and Bulgaria. In conclusion, there is a summary of the findings and aims of this thesis.

Daňové a pojistné systémy ve vybraných státech EU / Tax and social security systems in selected EU countries

Vágnerová, Pavlína

January 2015

The aim of this master thesis is the comparison of selected elements of the tax and social security systems in the Czech Republic, Slovakia, Austria and Germany, which are related to employees and employers and it is counted with them in model examples, then evaluation of advantages and disadvantages of employees´ migration under the structure of posting between the Czech Republic and other countries and finally the comparison of employees´ incomes after receiving benefits from social security system of each country (especially old age pension and parental allowance). In the first part of the thesis there is explained problematics of double tax treaties and EU coordination of social security. Then there is the comparison of above mentioned elements of the tax and social security systems in each country. In the last part I apply findings on model employees and I make a conclusion from amount of their net incomes. Migration to another EU member country is the most profitable for employee who is subjected to taxation in other EU countries but he remains under the Czech social security system. In terms of social benefits, retired people are supported the most in Austria and families with children in Germany.

Vytápění objektu se vzduchotechnikou / Heating of building with air conditioning

Toboláková, Andrea

January 2018

The main goal of the diploma thesis is to design a heating system and hot water heating for a newly built wellness hotel placed on the beach nearby reservoir Vranov. The theoretical part is focused on the build heating with solid fuels specifically pellets. In the calculation part is processed the proposal of heating systems, the heat sources, the water heater and other equipment. The last part of the project includes a technical report and drawing documentation at the level of implementation of the project.

Sociální zabezpečení zaměstnanců v Evropské unii / Social Security of Employees in European Union

Volná, Zuzana

January 2013

This thesis deals with the coordination of social security systems at EU and national level. It presents basic analysis of the relevant EU legislation. The model examples show the application of relevant legislation of the European Union which relate to the situation, and mentions the context of relevant administrative duties. The last part identifies the most problematic areas and proposes some general, but also specific recommendations related to the examples.

Design and evaluation of a secure, privacy-preserving and cancelable biometric authentication : Bio-Capsule

Sui, Yan

04 September 2014

Indiana University-Purdue University Indianapolis (IUPUI) / A large portion of system breaches are caused by authentication failure either during the system login process or even in the post-authentication session, which is further related to the limitations associated with existing authentication approaches. Current authentication methods, whether proxy based or biometrics based, are hardly user-centric; and they either put burdens on users or endanger users' (biometric) security and privacy. In this research, we propose a biometrics based user-centric authentication approach. The main idea is to introduce a reference subject (RS) (for each system), securely fuse the user's biometrics with the RS, generate a BioCapsule (BC) (from the fused biometrics), and employ BCs for authentication. Such an approach is user-friendly, identity-bearing yet privacy-preserving, resilient, and revocable once a BC is compromised. It also supports "one-click sign on" across multiple systems by fusing the user's biometrics with a distinct RS on each system. Moreover, active and non-intrusive authentication can be automatically performed during the user's post-authentication on-line session. In this research, we also formally prove that the proposed secure fusion based BC approach is secure against various attacks and compare the new approach with existing biometrics based approaches. Extensive experiments show that the performance (i.e., authentication accuracy) of the new BC approach is comparable to existing typical biometric authentication approaches, and the new BC approach also possesses other desirable features such as diversity and revocability.

Authentication

Biometric security

Authentication -- Research -- Analysis

Computer networks -- Security measures

Computer security -- Management

Data protection

Biometric identification -- Research

Security systems

Computers -- Access control

Pattern recognition systems

Operating systems (Computers)

Misdaadvoorkoming by nywerhede: 'n gevallestudie by Transvaal Suiker Beperk / Crime prevention at industries : a case study at Transvaal Sugar Limited

Kruger, Johannes Frederick Eric

06 1900

Text in Afrikaans / Hierdie navorsing fokus op misdaadvoorkoming by nywerhede met Transvaal Suiker Beperk as geselekteerde studieveld. Die meganiese en fisiese misdaadvoorkomingsmaatreëls aan die hand van Oscar Newman se verdedigbare mimte model is as basis gebruik. Bestaande misdaadvoorkomingsmaatreëls te Transvaal Suiker Beperk is geëvalueer en aanbevelings is gemaak waar nodig. Die waarde van primêre fisiese versperrings ten opsigte van misdaadvoorkoming is beklemtoon tydens hierdie studie. Sonder die ondersteuning van konvensionele elektronika, en die insette van die mensfaktor, is fisiese misdaadvoorkomingsmaatreëls van geringe waarde. Omgewingsontwerp sluit hierby aan. Effektiewe misdaadvoorkoming verg deurlopende kreatiewe denke met toepaslike optrede. / This research focus on crime prevention at industries with Transvaal Sugar Limited as selected study field. The mechanical and physical crime prevention measures, based on Oscar Newman's defensible space model, was used as focus point. Crime prevention measures in place at Transvaal Sugar Limited was evaluated and the necessary recommendations made. The value of the primary physical barriers in regard off crime prevention was emphasised in this study. Without the support of conventional electronics, together with the inputs of the human factor, physical crime prevention measures will be of little value. Environmental design joins this field. Effective crime prevention needs continuous creative thinking together with the necessary action. / Criminolgy / M. A. (Kriminologie)

Misdaadvoorkoming

Verdedigbare ruimte

Omgewingsontwerp

Versperrings

Elektronica

Tegnologie

Crime prevention

Defensible space

Environmental design

Barriers

Electronics

Technology

364.490968

A criminological analysis of copper cable theft in Gauteng

Pretorius, William Lyon

02 October 2013

This dissertation focuses on the phenomenon of copper cable theft within the Gauteng Province of South Africa. Data was collected from literature sources as well as from security professionals combating copper theft. There are five primary objectives in this research: 1. To explore and to describe the extent and the impact of copper cable theft. 2. To gain insight into the profile and the modus operandi of the offender. 3. To evaluate current intervention measures used to combat the copper cable theft. 4. To describe the general factors limiting the success of combating copper cable theft. 5. To recommend probable intervention measures with which to combat copper cable theft. Semi-structured interviews were conducted with responsible security officials of victim stakeholder groups in Gauteng. It was established that copper cable theft is currently a very serious crime that deserves both attention and quick intervention before it does irreparable damage to the utility infrastructure of Gauteng, in particular, and in fact to all these infrastructures in South Africa. / Criminology / M.A. (Criminology)

Crime prevention

Copper cable theft

Copper theft

Copper thieves

Security measures

Second-Hand Goods Act's

Non-ferrous metal

364.1552096822

Copper theft -- South Africa -- Gauteng

Millimetre-wave FMCW radar for remote sensing and security applications

Cassidy, Scott L.

January 2015

This thesis presents a body of work on the theme of millimetre-wave FMCW radar, for the purposes of security screening and remote sensing. First, the development of an optimised software radar signal processor will be outlined. Through use of threading and GPU acceleration, high data processing rates were achieved using standard PC hardware. The flexibility of this approach, compared to specialised hardware (e.g. DSP, FPGA etc…), allowed the processor to be rapidly adapted and has produced a significant performance increase in a number of advanced real-time radar systems. An efficient tracker was developed and was successfully deployed in live trials for the purpose of real-time wave detection in an autonomous boat control system. Automated radar operation and remote data telemetry functions were implemented in a terrain mapping radar to allow continuous monitoring of the Soufrière Hills volcano on the Caribbean island of Montserrat. This work concluded with the installation of the system 3 km from the volcano. Hardware modifications were made to enable coherent measurement in a number of existing radar systems, allowing phase sensitive measurements, including range-Doppler, to be performed. Sensitivity to displacements of less than 200 nm was demonstrated, which is limited by the phase noise of the system. Efficient compensation techniques are presented which correct for quadrature mixer imbalance, FMCW chirp non-linearity, and scanner drive distortions. In collaboration with the Home Office, two radar systems were evaluated for the stand-off detection of concealed objects. Automatic detection capability, based on polarimetric signatures, was developed using data gathered under controlled conditions. Algorithm performance was assessed through blind testing across a statistically significant number of subjects. A detailed analysis is presented, which evaluates the effect of clothing and object type on detection efficiency.

621.384