Design, analysis and applications of cryptographic techniques

Yeun, Chan Yeob

January 2000

No description available.

005

Action systems, determinism and the development of secure systems

Sinclair, Jane

January 1998

No description available.

005

Cyberciege scenario illustrating integrity risks to a military like facility

Fielk, Klaus W.

09 1900

Approved for public release; distribution is unlimited. / Note: the appendix file for this item is not available. / As the number of computer users continues to grow, attacks on assets stored on computer devices have increased. Despite an increase in computer security awareness, many users and policy makers still do not implement security principles in their daily lives. Ineffective education and the lack of personal experience and tacit understanding might be a main cause. The CyberCIEGE game can be used to convey requisite facts and to generate tacit understanding of general computer security concepts to a broad audience. This thesis asked if a Scenario Definition File (SDF) for the CyberCIEGE game could be developed to educate and train players in Information Assurance on matters related to information integrity in a networking environment. The primary educational concern is the protection of stored data. Another goal was to test whether the game engine properly simulates real world behavior. The research concluded that it is possible to create SDFs for the CyberCIEGE game engine to teach specifically about integrity issues. Three specific SDFs were developed for teaching purposes. Several SDFs were developed to demonstrate the game engine's ability to simulate real world behavior for specific, isolated educational goals. These tests led to recommendations to improve the game engine. / Lieutenant, German Navy

Data protection

Computer security

Computer games

Programming

Role-based access control for coalition partners in maritime domain awareness

Tardy, Matthew L.

06 1900

The need for Shared Situational Awareness (SSA) in accomplishing joint missions by coalition militaries, law enforcement, the intelligence community, and the private sector creates a unique challenge to providing access control. In this thesis we investigate the capabilities and limitations of Role-Based Access Control (RBAC) to control the dissemination of SSA in a coalition environment. Our case study is that of controlling access to SSA in the Maritime Domain Awareness (MDA) environment. MDA exemplifies both rapid change in membership of coalitions and the roles of coalition participants. We explore the access policy and roles played by the participants in the MDA environment, in addition to the characteristics of those roles. We make use of feasible scenarios to provide us with a base for applying models to the situation. The models that are applied to the scenario provide the formal methods that prove that RBAC policies and derivatives such as Distributed Role Based Access Control (DRBAC), Coalition Based Access Control (CBAC) and Temporal Role Based Access Control (TRBAC) can be used in conjunction with the Information Broker (IB) concept to provide adequate access control policies.

Information resources

Access control

Computer security

A CYBERCIEGE campaign fulfilling Navy information assurance training and awareness requirements

Cone, Benjamin D.

03 1900

The broad use of information systems within organizations has led to an increased appreciation of the need to ensure that all users be aware of basic concepts in Information Assurance (IA). The Department of Defense (DOD) addressed the idea of user awareness in DOD Directive 8750.1. This directive requires that all users of DOD information systems undergo an initial IA awareness orientation followed by annual refresher instruction. This thesis created a CyberCIEGE campaign for the Naval Postgraduate School's CyberCIEGE project that will fulfill Navy requirements to meet DOD Directive 8750.1. The first portion of this thesis is an analysis of four IA programs and products. Requirements for Navy IA awareness and training products were developed from this analysis. The second part of this thesis is a description of two CyberCIEGE scenarios that were created to fulfill these requirements. The first scenario focuses on basic IA awareness and emphasizes information that the Navy should reinforce. The scenario is intended for all users of Navy information systems. The second scenario is intended for technical users and addresses more advanced concepts and technical considerations. The technical user scenario emphasizes skill application and problem solving.

Information technology

Management

Awareness

Training

Computer security

BioVault : a protocol to prevent replay in biometric systems

07 October 2014

D.Com. (Informatics) / Please refer to full text to view abstract

Biometric identification

Computer science

Computer security

A model for the secure management of supply chains.

04 June 2008

We live in a very demanding and increasingly computerised world. In almost any area, consumers have a wide variety of choices, yet they demand shorter lead-times, higher quality and lower costs and if a business is unable to provide for the consumer’s requirements, the consumer will look elsewhere. With little to distinguish in manufacturing quality, the efficient use and management of supply chains becomes paramount. For a long time, the counterfeiting trade has been a thorn in the side of legitimate business. Seeking only to generate maximum profit with minimum effort, they use the reputation of a legitimate business to maximize sales. The counterfeiter’s task is made easier by the lack of control mechanisms along the supply chain. This leads to a situation where materials and finished products are being misappropriated in volume and counterfeit goods are able to enter the chain, often with help from within the targeted organisation. There is no mechanism for forcing individuals and organisations to accept responsibility, allowing for the passing blame. This dissertation will examine the nature of a system aimed at defeating attempts at theft, validating an item’s authenticity and positively identifying the origin and rightful owner of an item. This dissertation will not be explicitly developing the above system and will concentrate more on the underlying factors and providing a generic model on which to base an actual system. First we examine the impact of supply chains on our day-to-day lives, the concept and the related management paradigms. Next comes the counterfeiting trade and what motivates the counterfeiter. The examination is extended to cover the workings of the so-called “Grey Market” and some steps to combat the trade. In order to facilitate an implementation, various technologies are examined for their suitability. This covers diverse technologies from biometric authentication through the Internet and cryptographic technologies to the use of Radio Frequency Identifiers. Some specific devices are discussed and user attitudes towards these technologies are gauged. Based on these technologies a model is proposed allow a supply chain to be secured. A variety of concepts, such as packaging, unpacking and sealing, are introduced and explained. These concepts are combined with the various technologies for tracking items within the chain and for enforcing nonrepudiation. Based on the model, the actors within the system are identified along with the types of information each might expect, allowing generic datasets to be developed. With the model and technologies in place a tiered theoretical implementation is formed showing how each hardware device interacts with the model to form a solution. / Prof. M.S. Olivier

computer security

counterfeits and counterfeiting

business logistics

Modelling multi-layered network and security architectures using mathematical logic

McDonald, Kevin

January 2014

Complex systems, be they natural or synthetic, are ubiquitous. In particular, complex networks of devices and services underpin most of society's operations. By their very nature, such systems are di cult to conceptualize and reason about e ectively. One seemingly natural notion, which helps to manage complexity and which is commonly found in discussions of complex systems, is that of layering: the system is considered to consist of a collection of interconnected layers that have distinct, identi able roles in the overall operations of the system. Noting that graphs are a key formalism in the description of complex systems, this thesis establishes a notion of a layered graph. A logical characterization of this notion of layering using a non-associative, non-commutative substructural, sepa- rating logic is provided. In addition, soundness and completeness results for a class of algebraic models that includes layered graphs are provided, which give a math- ematically substantial semantics to this very weak logic. Examples in information processing and security are used to show the applicability of the logic. The examples given use an informal notion of action. The thesis also presents a discussion of a number of possible languages that could be used to provide a dynamic extension of the logic. The key components of each language are identi ed and the semantics that would be required in the case of a full, theoretical, development are presented. Examples, mainly in access control, are used to illustrate situations where each extension could be applied. The logic is then used to describe a uniform logical framework for reasoning compositionally about access control policy models. The approach takes account of the underlying system architecture, and so provides a way to identify and reason about how vulnerabilities may arise (and be removed) as a result of the architecture of the system. The logic is then used to describe a uniform logical framework for reasoning compositionally about access control policy models. The approach takes account of the underlying system architecture, and so provides a way to identify and reason about how vulnerabilities may arise (and be removed) as a result of the architecture of the system. Using frame rules, it is also considered how local properties of access control policies are maintained as the system architecture evolves.

004

Asserting national sovereignty in cyberspace : the case for Internet border inspection

Upton, Oren K.

06 1900

Approved for public release; distribution is unlimited. / National sovereignty is a fundamental principle of national security and the modern international system. The United States asserts its national sovereignty in many ways including inspecting goods and people crossing the border. However, most nations including the United States have not implemented any form of border inspection and control in cyberspace. This thesis builds a case that national sovereignty inherently and logically gives a sovereign state, such as the United States, the right to establish appropriate Internet border inspection stations. Such stations would be used to inspect only legally vetted inbound traffic, and block contraband, in a fashion analogous to the current system for inspection of people and goods that cross US borders in the physical world. Normal traffic crossing the border would have no content inspected and no record would be kept of its passing. This thesis answers key questions about feasibility, proposes a high level structure for implementation, and describes how such a system might be used to protect reasonable and legitimate interests of the United States including both security and individual rights. One chapter will build the logical case for Internet border Internet inspection. And other chapters will discuss technical, legal, and political feasibility. / Captain, United States Air Force

Internet

Cyberspace

Computer security

Law and legislation

Sovereignty

A generic software architecture for deception-based intrusion detection and response systems

Uzuncaova, Engin

03 1900

Approved for public release; distribution is unlimited / Today, intrusion detection systems provide for detecting intrusive patterns of interaction. Although the responses of such systems are typically limited to primitive actions, they can be supplemented with deception-based strategies. We propose a generic software architecture combining intrusion detection and deceptive response capabilities in a uniform structure. Detecting and responding to attacks are realized via runtime instrumentation of kernel-based modules. The architecture provides for dynamically adjusting system performance to maintain continuity and integrity of both legitimate services and security activities. / Lieutenant Junior Grade, Turkish Navy

Computer security

Computer software

Development

Software engineering