Spelling suggestions: "subject:"forminformation 2security "" "subject:"forminformation bsecurity ""
191 |
Software Vulnerability Assessment : local search methods / Undersökning av sårbarhet i Mjukvara : lokala söknings metoderMartinsson, Roy January 2006 (has links)
In this thesis, we analyse different ways of detecting application vulnerabilities on installed software. Based on this research, a prototype will be developed that will validate these findings. The prototype will analyse only known vulnerabilities collected from a database and matched with locally collected data.
|
192 |
Privacy-Invasive Software : Exploring Effects and Countermeasures / Illasinnad Programvara : Effekter och MotmedelBoldt, Martin January 2007 (has links)
As computers are increasingly more integrated into our daily lives, we need aiding mechanisms for separating legitimate software from their unwanted counterparts. We use the term Privacy-Invasive Software (PIS) to refer to such illegitimate software, sometimes loosely labelled as spyware. In this thesis, we include an introduction to PIS, and how it differs from both legitimate and traditionally malicious software. We also present empirical measurements indicating the effects that PIS have on infected computers and networks. An important contribution of this work is a classification of PIS in which we target both the level of user consent, as well as the degree of user consequences associated with PIS. These consequences, affecting both users and their computers, form a global problem that deteriorates a vast number of users’ computer experiences today. As a way to hinder, or at least mitigate, this development we argue for more user-oriented countermeasures that focus on informing users about the behaviour and consequences associated with using a particular software. In addition to current reactive countermeasures, we also need preventive tools dealing with the threat of PIS before it enters users’ computers. Collaborative reputation systems present an interesting way forward towards such preventive and user-oriented countermeasures against PIS. Moving the software reputations from old channels (such as computer magazines or friends’ recommendations) into an instantly fast reputation system would be beneficial for the users when distinguishing unwanted software from legitimate. It is important that such a reputation system is designed to address antagonistic intentions from both individual users and groups thereof, so that users could depend on the reputations. This would allow users to reach more informed decisions by taking the reported consequences into account when deciding whether they want a specific software to enter their computer or not. / Copyright © 19xx/20xx IEEE. Reprinted from (all relevant publication info). This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of BTH's products or services Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by sending a blank email message to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.
|
193 |
Security analysis of steganalyzers / Analyse de la sécurité des stéganalyzersFadil, Yousra Ahmed 09 May 2017 (has links)
De nos jours, le développement de la stéganalyse et de la stéganographie est incontournable, et peut être utilisé à des fins légales comme illégales, comme dans toute autre application. Le travail présenté dans cette thèse, se concentrant sur ces questions, est divisée en trois parties. La première partie concerne les paramètres permettant d’accroître le niveau de sécurité de la stéganographie afin de faire face aux techniques de stéganalyse. La contribution apportée dans cette première partie concerne l’étude de l’effet de la charge utile, l’extraction des caractéristiques, ainsi que le groupe d’images utilisées dans la phase d’apprentissage et la phase de test. Les résultats des simulations montrent que les techniques de stéganalyse de l’ état de l’art échouent dans la détection des messages secrets intégrés dans les images quand les paramètres changent entre l’apprentissage et le test. Dans la deuxième partie, nous étudions l’impact de la combinaison de plusieurs méthodes stéganographiques sur la détection des messages secrets. Ce travail prend en considération qu’il n’existe pas une procédure idéale, mais que le stéganographieur pourra utiliser n’importe quel schéma ainsi que n’importe quel taux d’embarquement. Dans la troisième et dernière partie, on propose une méthode qui calcule une carte de distorsion précise, en fonction de la dérivée seconde de l’image. La dérivée seconde est utilisée afin de calculer les courbes de niveau, ensuite le message va être caché dans l’image en écartant les courbes de niveaux inférieurs à un certain seuil. Les résultats expérimentaux démontrent que le niveau de sécurité est acceptable comparé aux méthodes stéganographiques de l’état de l’art. / In the recent time, the field of image steganalysis and steganography became more important due to the development in the Internet domain. It is important to keep in mind that the whole process of steganography and steganalysis can be used for legal or illegal operations like any other applications. The work in this thesis can be divided inthree parts. The first one concentrates on parameters that increase the security of steganography methods against steganalysis techniques. In this contribution the effect of the payload, feature extractions, and group of images that are used in the learning stage and testing stage for the steganalysis system are studied. From simulation, we note that the state of the art steganalyzer fails to detect the presence of a secret message when some parameters are changed. In the second part, we study how the presence of many steganography methods may influence the detection of a secret message. The work takes into consideration that there is no ideal situation to embed a secret message when the steganographier can use any scheme with any payloads. In the third part, we propose a method to compute an accurate distortion map depending on a second order derivative of the image. The second order derivative is used to compute the level curve and to embed the message on pixels outside clean level curves. The results of embedding a secret message with our method demonstrate that the result is acceptable according to state of the art steganography.
|
194 |
Securing real-time field area network using small cardsHancke, Gerhard P. 26 April 2005 (has links)
Field area networks are rapidly expanding to include a wide range of applications. Intelligent nodes on the network will be installed in a small to medium geographical area to monitor and control processes. Such nodes are generally connected to a centralized gateway used by a service provider to monitor and control various applications. The growth in popularity of ubiquitous computing requires the use of embedded network processors in everyday objects. Even though the idea of interaction between the digital devices around us could bring a great deal of convenience it also introduces great risks. Therefore such applications would not only require measurement, control and communication functionality but also a high level of security. Smart cards offer a simple, inexpensive method of incorporating a cryptographic processor into an embedded system that will allow for the implementation of security services. A field area network has resource limitations that influence security service implementation, such as low bandwidth, limited processing power, limited storage capacity and limited communication protocols. This dissertation discussed the implementation of a security policy for embedded field area networks used in distributed real-time applications, using smart card technology. The primary objective is to formulate a policy that can be implemented to secure a field area network. The secondary objective is to determine whether this policy can be implemented using mechanisms provided by smart card technology, while maintaining reasonable system performance. It states the approach taken to finding a viable solution to the problem defined above. A comprehensive literature study provides background on relevant technology and possible solutions. In a system overview the system’s boundaries and functional requirements are defined. The implementation section outlines possible solutions and describes how these can be implemented. Evaluation, verification and quantification of the performance of the proposed system are performed according to the experimental procedures described. The results obtained are documented and discussed. In the conclusion the proposed solution and the findings from the results are placed in context. Future topics of research in this field are suggested. / Dissertation (MSc)--University of Pretoria, 2006. / Computer Science / unrestricted
|
195 |
Constructing Secure MapReduce Framework in Cloud-based EnvironmentWang, Yongzhi 27 March 2015 (has links)
MapReduce, a parallel computing paradigm, has been gaining popularity in recent years as cloud vendors offer MapReduce computation services on their public clouds. However, companies are still reluctant to move their computations to the public cloud due to the following reason: In the current business model, the entire MapReduce cluster is deployed on the public cloud. If the public cloud is not properly protected, the integrity and the confidentiality of MapReduce applications can be compromised by attacks inside or outside of the public cloud. From the result integrity’s perspective, if any computation nodes on the public cloud are compromised,thosenodes can return incorrect task results and therefore render the final job result inaccurate. From the algorithmic confidentiality’s perspective, when more and more companies devise innovative algorithms and deploy them to the public cloud, malicious attackers can reverse engineer those programs to detect the algorithmic details and, therefore, compromise the intellectual property of those companies.
In this dissertation, we propose to use the hybrid cloud architecture to defeat the above two threats. Based on the hybrid cloud architecture, we propose separate solutions to address the result integrity and the algorithmic confidentiality problems. To address the result integrity problem, we propose the Integrity Assurance MapReduce (IAMR) framework. IAMR performs the result checking technique to guarantee high result accuracy of MapReduce jobs, even if the computation is executed on an untrusted public cloud. We implemented a prototype system for a real hybrid cloud environment and performed a series of experiments. Our theoretical simulations and experimental results show that IAMR can guarantee a very low job error rate, while maintaining a moderate performance overhead. To address the algorithmic confidentiality problem, we focus on the program control flow and propose the Confidentiality Assurance MapReduce (CAMR) framework. CAMR performs the Runtime Control Flow Obfuscation (RCFO) technique to protect the predicates of MapReduce jobs. We implemented a prototype system for a real hybrid cloud environment. The security analysis and experimental results show that CAMR defeats static analysis-based reverse engineering attacks, raises the bar for the dynamic analysis-based reverse engineering attacks, and incurs a modest performance overhead.
|
196 |
Low-complexity methods for image and video watermarkingCoria Mendoza, Lino Evgueni 05 1900 (has links)
For digital media, the risk of piracy is aggravated by the ease to copy and distribute the content. Watermarking has become the technology of choice for discouraging people from creating illegal copies of digital content. Watermarking is the practice of imperceptibly altering the media content by embedding a message, which can be used to identify the owner of that content. A watermark message can also be a set of instructions for the display equipment, providing information about the content’s usage restrictions. Several applications are considered and three watermarking solutions are provided.
First, applications such as owner identification, proof of ownership, and digital fingerprinting are considered and a fast content-dependent image watermarking method is proposed. The scheme offers a high degree of robustness against distortions, mainly additive noise, scaling, low-pass filtering, and lossy compression. This method also requires a small amount of computations. The method generates a set of evenly distributed codewords that are constructed via an iterative algorithm. Every message bit is represented by one of these codewords and is then embedded in one of the image’s 8 × 8 pixel blocks. The information in that particular block is used in the embedding so as to ensure robustness and image fidelity.
Two watermarking schemes designed to prevent theatre camcorder piracy are also presented. In these methods, the video is watermarked so that its display is not permitted if a compliant video player detects the watermark. A watermark that is robust to geometric distortions (rotation, scaling, cropping) and lossy compression is required in order to block access to media content that has been recorded with a camera inside a movie theatre. The proposed algorithms take advantage of the properties of the dual-tree complex wavelet transform (DT CWT). This transform offers the advantages of both the regular and the complex wavelets (perfect reconstruction, approximate shift invariance and good directional selectivity). Our methods use these characteristics to create watermarks that are robust to geometric distortions and lossy compression. The proposed schemes are simple to implement and outperform comparable methods when tested against geometric distortions. / Applied Science, Faculty of / Electrical and Computer Engineering, Department of / Graduate
|
197 |
The establishment of a mobile phone information security culture: linking student awareness and behavioural intentBukelwa, Ngoqo January 2014 (has links)
The information security behaviour of technology users has become an increasingly popular research area as security experts have come to recognise that while securing technology by means of firewalls, passwords and offsite backups is important, such security may be rendered ineffective if the technology users themselves are not information security conscious. The mobile phone has become a necessity for many students but, at the same time, it exposes them to security threats that may result in a loss of information. Students in developing countries are at a disadvantage because they have limited access to information relating to information security threats, unlike their counterparts in more developed societies who can readily access this information from sources like the Internet. The developmental environment is plagued with challenges like access to the Internet or limited access to computers. The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context as most undergraduate students are offered a computer-related course which covers certain information security-related principles. During the restructuring of the South African higher education system, smaller universities and technikons (polytechnics) were merged to form comprehensive universities. Thus, the resultant South African university landscape is made up of traditional and comprehensive universities as well as universities of technology. Ordinarily, one would expect university students to have similar profiles. However in the case of this study, the environment was a unique factor which had a direct impact on students’ learning experiences and learning outcomes. Mbeki (2004) refers to two economies within South Africa the first one is financially sound and globally integrated, and the other found in urban and rural areas consists of unemployed and unemployable people who do not benefit from progress in the first economy. Action research was the methodological approach which was chosen for the purposes of this study to collect the requisite data among a population of university students from the ‘second economy’. The study focuses on the relationship between awareness and behavioural intention in understanding mobile phone user information security behaviour. The study concludes by proposing a behaviour profile forecasting framework based on predefined security behavioural profiles. A key finding of this study is that the security behaviour exhibited by mobile phone users is influenced by a combination of information security awareness and information security behavioural intention, and not just information security awareness.
|
198 |
Foundations of Quantitative Information Flow: Channels, Cascades, and the Information OrderEspinoza Becerra, Barbara 25 March 2014 (has links)
Secrecy is fundamental to computer security, but real systems often cannot avoid leaking some secret information. For this reason, the past decade has seen growing interest in quantitative theories of information flow that allow us to quantify the information being leaked. Within these theories, the system is modeled as an information-theoretic channel that specifies the probability of each output, given each input. Given a prior distribution on those inputs, entropy-like measures quantify the amount of information leakage caused by the channel.
This thesis presents new results in the theory of min-entropy leakage. First, we study the perspective of secrecy as a resource that is gradually consumed by a system. We explore this intuition through various models of min-entropy consumption. Next, we consider several composition operators that allow smaller systems to be combined into larger systems, and explore the extent to which the leakage of a combined system is constrained by the leakage of its constituents. Most significantly, we prove upper bounds on the leakage of a cascade of two channels, where the output of the first channel is used as input to the second. In addition, we show how to decompose a channel into a cascade of channels.
We also establish fundamental new results about the recently-proposed g-leakage family of measures. These results further highlight the significance of channel cascading. We prove that whenever channel A is composition refined by channel B, that is, whenever A is the cascade of B and R for some channel R, the leakage of A never exceeds that of B, regardless of the prior distribution or leakage measure (Shannon leakage, guessing entropy leakage, min-entropy leakage, or g-leakage). Moreover, we show that composition refinement is a partial order if we quotient away channel structure that is redundant with respect to leakage alone. These results are strengthened by the proof that composition refinement is the only way for one channel to never leak more than another with respect to g-leakage. Therefore, composition refinement robustly answers the question of when a channel is always at least as secure as another from a leakage point of view.
|
199 |
How can gamification enable behavior change related to information security : A literature reviewLindgren, Niclas January 2020 (has links)
During a period between 2011-2014, Gamification was the next big thing. Nowadays, however, Gamification has been established as a legitimate research topic with several dedicated conferences. This report aims to shed light on the existing literature within the area through a literature review and highlight existing gaps. Further, this paper strives towards showcasing some of the effects that Gamification could have on information security awareness to combat the vast amounts of security-related incidents in today's organizations. Moreover, that security incidents are frequent and often expensive, and sometimes occur due to employee negligence gives organizations incentives to educate its workforce in security training and awareness sessions. Existing empirical research within Gamification and information security delivers belief regarding its beneficial aspects to organizations and employees alike. Through training and education, the number of security-related incidents can be limited. However, research on how Gamification can help foster safe behavior in organizations is a path that remains to be explored in full.
|
200 |
Towards Practical Inner Product Functional Encryption / 実用的な内積関数型暗号に向けてTomida, Junichi 24 May 2021 (has links)
京都大学 / 新制・論文博士 / 博士(情報学) / 乙第13425号 / 論情博第96号 / 新制||情||131(附属図書館) / (主査)教授 神田 崇行, 教授 吉川 正俊, 教授 湊 真一, 阿部 正幸 / 学位規則第4条第2項該当 / Doctor of Informatics / Kyoto University / DFAM
|
Page generated in 0.3811 seconds