NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 67
  • 13
  • 9
  • 6
  • 3
  • 2
  • 2
  • 1
  • 1
  • 1
  • Tagged with
  • 128
  • 128
  • 70
  • 58
  • 58
  • 42
  • 41
  • 31
  • 30
  • 23
  • 23
  • 19
  • 18
  • 16
  • 13
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 21 to 30 of 128 (0.078 seconds)

Spelling suggestions: "subject:"forminformation off asecurity"" "subject:"forminformation off 2security""

21

Information System Security Commitment: A Study of External Influences on Senior Management

Barton, Kevin Andrew 12 November 2014 (has links)
This dissertation investigated how senior management is motivated to commit to information system security (ISS). Research shows senior management participation is critical to successful ISS, but has not explained how senior managers are motivated to participate in ISS. Information systems research shows pressures external to the organization have greater influence on senior managers than internal pressures. However, research has not fully examined how external pressures motivate senior management participation in ISS. This study addressed that gap by examining how external pressures motivate senior management participation in ISS through the lens of neo-institutional theory. The research design was survey research. Data collection was through an online survey, and PLS was used for data analysis. Sample size was 167 from a study population of small- and medium-sized organizations in a mix of industries in the south-central United States. Results supported three of six hypotheses. Mimetic mechanisms were found to influence senior management belief in ISS, and senior management belief in ISS was found to increase senior management participation in ISS. Greater senior management participation in ISS led to greater ISS assimilation in organizations. Three hypotheses were not supported. Correlation was not found between normative influences and senior management belief, normative influences and senior management participation, and coercive influences and senior management participation. Limitations with the study included a high occurrence of weak effect sizes on relationships within the model and heterogeneity based on industry, organization size, and regulatory requirements in the sample. This study contributes to ISS research by providing a theoretical model to explain how external influences contribute to senior management belief and participation in ISS, and ultimately ISS assimilation in organizations. Empirical evidence supports the mediating role by senior management between external influences and ISS assimilation. The findings also suggest some limitations that may exist with survey research in this area. This study benefits practitioners in three ways. First, it reinforces the argument that senior management support is critical to ISS success. Second, it extends understanding of senior management's role with ISS by explaining how IS and ISS management might nurture senior management belief and participation in ISS through industry groups and business partnerships. Third, the results inform government regulators and industry groups how they can supplement regulatory pressures with educational and awareness campaigns targeted at senior management to improve senior management commitment to ISS.
Information technology
Information system security
Institutionalism
Senior management
Computer Sciences
Computer Security
22

A SYSTEM ANALYSIS OF A MULTILEVEL SECURE LOCAL AREA NETWORK (COMPUTER).

Benbrook, Jimmie Glen, 1943- January 1986 (has links)
No description available.
Computer network protocols.
23

Microservices-based approach for Healthcare Cybersecurity

Unknown Date (has links)
Healthcare organizations, realizing the potential of the Internet of Things (IoT) technology, are rapidly adopting the technology to bring signi cant improvements in the quality and e ectiveness of the service. However, these smart and interconnected devices can act as a potential \back door" into a hospital's IT network, giving attack- ers access to sensitive information. As a result, cyber-attacks on medical IoT devices have been increasing since the last few years. It is a growing concern for all the stakeholders involved, as the impact of such attacks is not just monetary or privacy loss, but the lives of many patients are also at risk. Considering the various kinds of IoT devices one may nd connected to a hospital's network, traditional host-centric security solutions (e.g. antivirus, software patches) are at odds with realistic IoT infrastructure (e.g. constrained hardware, lack of proper built-in security measures). There is a need for security solutions which consider the challenges of IoT devices like heterogeneity of technology and protocols used, limited resources in terms of battery and computation power, etc. Accordingly, the goals of this thesis have been: (1) to provide an in-depth understanding of vulnerabilities of medical IoT devices; (2) to in- troduce a novel approach which uses a microservices-based framework as an adaptive and agile security solution to address the issue. The thesis focuses on OS Fingerprint- ing attacks because of its signi cance for attackers to understand a target's network. In this thesis, we developed three microservices, each one designed to serve a speci c functionality. Each of these microservices has a small footprint with RAM usage of approximately 50 MB. We also suggest how microservices can be used in a real-life scenario as a software-based security solution to secure a hospital's network consisting of di erent IoT devices. / Includes bibliography. / Thesis (M.S.)--Florida Atlantic University, 2018. / FAU Electronic Theses and Dissertations Collection
Cybersecurity
Healthcare
Internet of things--Security measures
24

Signature schemes in single and multi-user settings

Unknown Date (has links)
In the first chapters we will give a short introduction to signature schemes in single and multi-user settings. We give the definition of a signature scheme and explain a group of possible attacks on them. In Chapter 6 we give a construction which derives a subliminal-free RSA public key. In the construction we use a computationally binding and unconditionally hiding commitment scheme. To establish a subliminal-free RSA modulus n, we have to construct the secret primes p and q. To prove p and q are primes we use Lehmann's primality test on the commitments. The chapter is based on the paper, "RSA signature schemes with subliminal-free public key" (Tatra Mountains Mathematical Publications 41 (2008)). In chapter 7 a one-time signature scheme using run-length encoding is presented, which in the random oracle model offers security against chosen-message attacks. For parameters of interest, the proposed scheme enables about 33% faster verification with a comparable signature size than a construction of Merkle and Winternitz. The public key size remains unchanged (1 hash value). The main cost for the faster verification is an increase in the time required for signing messages and for key generation. The chapter is based on the paper "A one-time signature using run-length encoding" (Information Processing Letters Vol. 108, Issue 4, (2008)). / by Viktoria Villanyi. / Thesis (Ph.D.)--Florida Atlantic University, 2009. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2009. Mode of access: World Wide Web.
Cryptography
Coding theory
Data encryption (Computer science)
DIgital watermarking
25

Network coding for security and error correction. / CUHK electronic theses & dissertations collection

January 2008 (has links)
In this work, we consider the possibility and the effectiveness of implementing secure network coding and error-correcting network coding at the same time. Upon achieving this goal, information can be multicast securely to the sink nodes through a noisy network. Toward this end, we propose constructions of such codes and prove their optimality. After that, we extend the idea of generalized Hamming Weight [54] for the classical point-to-point communication channel to linear network coding. We also extend the idea of generalized Singleton bound to linear network coding. We further show that the generalized Hamming weight can completely characterize the security performance of linear code at the source node on a given linear network code. We then introduce the idea of Network Maximum Distance Separable code (NMDS code), which can be shown to play an important role in minimizing the information that an eavesdropper can obtain from the network. The problem of obtaining the optimal security performance is in fact equivalent to the problem of obtaining a Network Maximum Distance Separable code. / Network coding is one of the most important breakthroughs in information theory in recent years. The theory gives rise to a new concept regarding the role of nodes in a communication network. Unlike in existing networks where the nodes act as switches, in the paradigm of network coding, every node in the network can act as an encoder for the incoming information. With this new infrastructure, it is possible to utilize the full capacity of the network where it is impossible to do so without network coding. In the seminar paper by Ahlswede et al. [1] where network coding was introduced, the achievability of the maxflow bound for every single source multicast network by using network coding was also proved. By further exploring the possibility of linear network coding, Cai and Yeung introduced the idea of error-correcting network coding and secure network coding in [7] and [8] respectively. These papers launched another two important research areas in the field of network coding. / Ngai, Chi Kin. / Adviser: Yqung Wai Ho. / Source: Dissertation Abstracts International, Volume: 70-06, Section: B, page: 3696. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2008. / Includes bibliographical references (leaves 122-128). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts in English and Chinese. / School code: 1307.
Coding theory
Computer networks--Security measures
Information networks--Security measures
26

The institutionalisation of an information security culture in a petroleum organisation in the Western Cape

Michiel, Michael January 2018 (has links)
Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2018. / In today’s world, organisations cannot exist without having information readily available. The protection of information relies not only on technology but also on the behaviour of employees. The failure to institutionalise an information security culture inside an organisation will cause the continued occurrence of security breaches. The aim of the research is to explore how an information security culture can be institutionalised within a petroleum organisation in the Western Cape. The primary research question is posed as follows: “What are the factors affecting the institutionalisation of an information security culture?” To answer the research question, a study was conducted at a petroleum organisation in the Western Cape. A subjectivist ontological and interpretivist epistemological stance has been adopted and an inductive research approach was followed. The research strategy was a case study. Data for this study were gathered through interviews (12 in total) using semi-structured questionnaires. The data collected were transcribed, summarised, and categorised to provide a clear understanding of the data. For this study, twenty-four findings and seven themes were identified. The themes are: i) user awareness training and education; ii) user management; iii) compliance and monitoring; iv) change management; v) process simplification; vi) communication strategy; and vii) top management support. Guidelines are proposed, comprising four primary components. Ethical clearance to conduct the study was obtained from the Ethics committee of CPUT and permission to conduct the study was obtained from the Chief Information Officer (CIO) of the petroleum organisation. The findings point to collaboration between employees, the Information Security department, and management in order to institute a culture of security inside the organisation.
Corporations -- Security measures
Computer security
Corporate culture
Security systems
27

Error Control for Network Coding

Silva, Danilo 03 March 2010 (has links)
Network coding has emerged as a new paradigm for communication in networks, allowing packets to be algebraically combined at internal nodes, rather than simply routed or replicated. The very nature of packet-mixing, however, makes the system highly sensitive to error propagation. Classical error correction approaches are therefore insufficient to solve the problem, which calls for novel techniques and insights. The main portion of this work is devoted to the problem of error control assuming an adversarial or worst-case error model. We start by proposing a general coding theory for adversarial channels, whose aim is to characterize the correction capability of a code. We then specialize this theory to the cases of coherent and noncoherent network coding. For coherent network coding, we show that the correction capability is given by the rank metric, while for noncoherent network coding, it is given by a new metric, called the injection metric. For both cases, optimal or near-optimal coding schemes are proposed based on rank-metric codes. In addition, we show how existing decoding algorithms for rank-metric codes can be conveniently adapted to work over a network coding channel. We also present several speed improvements that make these algorithms the fastest known to date. The second part of this work investigates a probabilistic error model. Upper and lower bounds on capacity are obtained for any channel parameters, and asymptotic expressions are provided in the limit of long packet length and/or large field size. A simple coding scheme is presented that achieves capacity in both limiting cases. The scheme has fairly low decoding complexity and a probability of failure that decreases exponentially both in the packet length and in the field size in bits. Extensions of the scheme are provided for several variations of the channel. A final contribution of this work is to apply rank-metric codes to a closely related problem: securing a network coding system against an eavesdropper. We show that the maximum possible rate can be achieved with a coset coding scheme based on rank-metric codes. Unlike previous schemes, our scheme has the distinctive property of being universal: it can be applied on top of any communication network without requiring knowledge of or any modifications on the underlying network code. In addition, the scheme can be easily combined with a rank-metric-based error control scheme to provide both security and reliability.
network coding
error control
information-theoretic security
rank-metric codes
matrix channels
0544
28

Error Control for Network Coding

Silva, Danilo 03 March 2010 (has links)
Network coding has emerged as a new paradigm for communication in networks, allowing packets to be algebraically combined at internal nodes, rather than simply routed or replicated. The very nature of packet-mixing, however, makes the system highly sensitive to error propagation. Classical error correction approaches are therefore insufficient to solve the problem, which calls for novel techniques and insights. The main portion of this work is devoted to the problem of error control assuming an adversarial or worst-case error model. We start by proposing a general coding theory for adversarial channels, whose aim is to characterize the correction capability of a code. We then specialize this theory to the cases of coherent and noncoherent network coding. For coherent network coding, we show that the correction capability is given by the rank metric, while for noncoherent network coding, it is given by a new metric, called the injection metric. For both cases, optimal or near-optimal coding schemes are proposed based on rank-metric codes. In addition, we show how existing decoding algorithms for rank-metric codes can be conveniently adapted to work over a network coding channel. We also present several speed improvements that make these algorithms the fastest known to date. The second part of this work investigates a probabilistic error model. Upper and lower bounds on capacity are obtained for any channel parameters, and asymptotic expressions are provided in the limit of long packet length and/or large field size. A simple coding scheme is presented that achieves capacity in both limiting cases. The scheme has fairly low decoding complexity and a probability of failure that decreases exponentially both in the packet length and in the field size in bits. Extensions of the scheme are provided for several variations of the channel. A final contribution of this work is to apply rank-metric codes to a closely related problem: securing a network coding system against an eavesdropper. We show that the maximum possible rate can be achieved with a coset coding scheme based on rank-metric codes. Unlike previous schemes, our scheme has the distinctive property of being universal: it can be applied on top of any communication network without requiring knowledge of or any modifications on the underlying network code. In addition, the scheme can be easily combined with a rank-metric-based error control scheme to provide both security and reliability.
network coding
error control
information-theoretic security
rank-metric codes
matrix channels
0544
29

Developing a Risk Management System for Information Systems Security Incidents

Farahmand, Fariborz 22 November 2004 (has links)
The Internet and information systems have enabled businesses to reduce costs, attain greater market reach, and develop closer business partnerships along with improved customer relationships. However, using the Internet has led to new risks and concerns. This research provides a management perspective on the issues confronting CIOs and IT managers. It outlines the current state of the art of information security, the important issues confronting managers, security enforcement measure/techniques, and potential threats and attacks. It develops a model for classification of threats and control measures. It also develops a scheme for probabilistic evaluation of the impact of security threats with some illustrative examples. It involves validation of information assets and probabilities of success of attacks on those assets in organizations and evaluates the expected damages of these attacks. The research outlines some suggested control measures and presents some cost models for quantifying damages from these attacks and compares the tangible and intangible costs of these attacks. This research also develops a risk management system for information systems security incidents in five stages: 1- Resource and application value analysis, 2- Vulnerability and risk analysis, 3- Computation of losses due to threats and benefits of control measures, 4- Selection of control measures, and 5- Implementation of alternatives. The outcome of this research should help decision makers to select the appropriate control measure(s) to minimize damage or loss due to security incidents. Finally, some recommendations for future work are provided to improve the management of security in organizations.
Business
Information systems
Risk
Security
30

Provable Protection of Confidential Data in Microkernel-Based Systems

Völp, Marcus 30 March 2011 (has links) (PDF)
Although modern computer systems process increasing amounts of sensitive, private, and valuable information, most of today’s operating systems (OSs) fail to protect confidential data against unauthorized disclosure over covert channels. Securing the large code bases of these OSs and checking the secured code for the absence of covert channels would come at enormous costs. Microkernels significantly reduce the necessarily trusted code. However, cost-efficient, provable confidential-data protection in microkernel-based systems is still challenging. This thesis makes two central contributions to the provable protection of confidential data against disclosure over covert channels: • A budget-enforcing, fixed-priority scheduler that provably eliminates covert timing channels in open microkernel-based systems; and • A sound control-flow-sensitive security type system for low-level operating-system code. To prevent scheduling-related timing channels, the proposed scheduler treats possibly leaking, blocked threads as if they were runnable. When it selects such a thread, it runs a higher classified budget consumer. A characterization of budget-consumer time as a blocking term makes it possible to reuse a large class of existing admission tests to determine whether the proposed scheduler can meet the real-time guarantees of all threads we envisage to run. Compared to contemporary information-flow-secure schedulers, significantly more real-time threads can be admitted for the proposed scheduler. The role of the proposed security type system is to prove those system components free of security policy violating information flows that simultaneously operate on behalf of differently classified clients. In an open microkernel-based system, these are the microkernel and the necessarily trusted multilevel servers. To reduce the complexity of the security type system, C++ operating-system code is translated into a corresponding Toy program, which in turn is complemented with calls to Toy procedures describing the side effects of interactions with the underlying hardware. Toy is a non-deterministic intermediate programming language, which I have designed specifically for this purpose. A universal lattice for shared-memory programs enables the type system to check the resulting Toy code for potentially harmful information flows, even if the security policy of the system is not known at the time of the analysis. I demonstrate the feasibility of the proposed analysis in three case studies: a virtual-memory access, L4 inter-process communication and a secure buffer cache. In addition, I prove Osvik’s countermeasure effective against AES cache side-channel attacks. To my best knowledge, this is the first security-type-system-based proof of such a countermeasure. The ability of a security type system to tolerate temporary breaches of confidentiality in lock-protected shared-memory regions turned out to be fundamental for this proof.
Mikrokerne
Informationsflusssicherheit
Betriebssysteme
Scheduling
microkernel
information-flow security
operating system
scheduling
ddc:004
rvk:ST 260
Betriebssystem

Page generated in 0.109 seconds