Global ETD Search

41	Single Sign-On : Risks and Opportunities of Using SSO (Single Sign-On) in a Complex System Environment with Focus on Overall Security Aspects Cakir, Ece January 2013 (has links) Main concern of this thesis is to help design a secure and reliable network system which keeps growing in complexity due to the interfaces with multiple logging sub-systems and to ensure the safety of the network environment for everyone involved. The parties somewhat involved in network systems are always in need of developing new solutions to security problems and striving to have a secure access into a network so as to fulfil their job in safe computing environments. Implementation and use of SSO (Single Sign-On) offering secure and reliable network in complex systems has been specifically defined for the overall security aspects of enterprises. The information to be used within and out of organization was structured layer by layer according to the organizational needs to define the sub-systems. The users in the enterprise were defined according to their role based profiles. Structuring the information layer by layer was shown to improve the level of security by providing multiple authentication mechanisms. Before implementing SSO system necessary requirements are identified. Thereafter, user identity management and different authentication mechanisms were defined together with the network protocols and standards to insure a safe exchange of information within and outside the organization. A marketing research was conducted in line of the SSO solutions. Threat and risk analysis was conducted according to ISO/IEC 27003:2010 standard. The degree of threat and risk were evaluated by considering their consequences and possibilities. These evaluations were processed by risk treatments. MoDAF (Ministry of Defence Architecture Framework) used to show what kind of resources, applications and the other system related information are needed and exchanged in the network. In essence some suggestions were made concerning the ideas of implementing SSO solutions presented in the discussion and analysis chapter. SSO information security authentication federated identity multi-factor authentication MoDAF framework SAML LDAP certificate authority kerberos shibboleth SSO architectures risk evaluation. Computer Sciences Datavetenskap (datalogi)
42	Webová aplikace využívající vícefaktorovou autentizaci / Web application utilizing multi-factor authentication Humpolík, Jan January 2013 (has links) In the thesis are described and implemented 5 methods (some with their own proposal) of multifactor authentication in web application environment. The results of the work is the web application and individual authentication methods (which are attached separately) for use in your own web application.
43	A Comparative Analysis of SecurityServices Using Identity and AccessManagement (IAM) Muddychetty, Nithya Sree January 2024 (has links) Background: Identity and Access Management (IAM) is a critical IT securityframework for managing digital identities and resource access. With roots datingback to ancient civilizations, IAM has evolved from basic authentication to sophisticated methods. Okta, a leading cloud-based IAM platform founded in 2009, excelsin identity management, authentication, and access control. It is recognized for itscommitment to security and adaptability to cybersecurity challenges. As of October2023, Okta maintains its prominent position in the IAM market, acknowledged byGartner’s Magic Quadrant for Access Management, worldwide. Objectives: The objective of this thesis is to conduct a comprehensive comparative analysis of security services, specifically focusing on their integration with IAMsolutions. This investigation seeks to provide an examination of security serviceslike Multi-factor authentication (MFA) and Single Sign On (SSO) and evaluate theireffectiveness in conjunction with IAM. By doing so, we aim to determine which security approach offers the most robust protection in our digitally interconnected world. Methods: The primary goal of this methodology is to create a robust, secure,and user-friendly authentication and access management system using Okta withinan IAM framework. This involves the integration of both MFA and SSO features.To kickstart the process, we establish a controlled environment that mirrors thereal-world scenarios. Okta is chosen as the IAM tool, and its deployment involvesmanaging user identities, controlling access, and handling authentication. Results: The result of the study on the comparative analysis of security servicesusing IAM reveals distinct differences in the effectiveness and features among securityservices. Key findings highlight variations in authentication methods, authorizationmechanisms, and overall security robustness. This comprehensive examination provides valuable insights into the strengths and weaknesses of different IAM-basedsecurity services, offering a foundation for informed decision-making in selecting themost suitable solution for specific organizational needs. Conclusions: This thesis conclusively demonstrates the efficacy of integrating SSOand MFA into IAM. The incorporation of Biometric Authentication and Time basedOne Time-Password (TOTP) in MFA garnered strong user preference. SSO implementation streamlined authentication, reducing steps and enhancing ease of use.The overwhelmingly positive user feedback and robust security measures validateSSO+MFA as a valuable contribution to IAM, ensuring data security and user confidence. Access Control Lists Identity Access Management Multi-Factor Authentication One time password Single sign on System Usability Scale Virtual private network Computer Sciences Datavetenskap (datalogi)
44	Measurement of sectoral concentration with multiple factors Norrbin, Victor January 2022 (has links) One of banks core businesses today is to, in various ways, lend capital to the market and in return receive interest rate. But giving out credit comes with great risk and, therefore, precautions need to be taken. It is impossible to forecast exactly which obligor (borrower) that will default on its exposure. However, with well functioning risk management, institutions can lower the severity of their loss. In this study, we consider using a multi-factor model to calculate concentration risk for Swedish credit portfolios, which is a type of credit risk that is usually caused by high concentration of credit exposures distributed over few industrial sectors. In its existing form, the multi-factor model uses fixed sector correlations with predetermined sectors as input. Instead, we propose to use a data-driven approach based on data from the Stockholm stock exchange. In a simulation study, we find that the distributions of total credit loss are somewhat different under the original approach than under our proposed approach. This suggests that further research is needed to investigate whether the two approaches are interchangeable. Concentration risk Sector concentration Credit risk Time series analysis Principal component analysis Monte carlo simulation Multi-factor model Probability Theory and Statistics Sannolikhetsteori och statistik
45	Stochastic volatility Libor modeling and efficient algorithms for optimal stopping problems Ladkau, Marcel 12 July 2016 (has links) Die vorliegende Arbeit beschäftigt sich mit verschiedenen Aspekten der Finanzmathematik. Ein erweitertes Libor Markt Modell wird betrachtet, welches genug Flexibilität bietet, um akkurat an Caplets und Swaptions zu kalibrieren. Weiterhin wird die Bewertung komplexerer Finanzderivate, zum Beispiel durch Simulation, behandelt. In hohen Dimensionen können solche Simulationen sehr zeitaufwendig sein. Es werden mögliche Verbesserungen bezüglich der Komplexität aufgezeigt, z.B. durch Faktorreduktion. Zusätzlich wird das sogenannte Andersen-Simulationsschema von einer auf mehrere Dimensionen erweitert, wobei das Konzept des „Momentmatchings“ zur Approximation des Volaprozesses in einem Heston Modell genutzt wird. Die daraus resultierende verbesserten Konvergenz des Gesamtprozesses führt zu einer verringerten Komplexität. Des Weiteren wird die Bewertung Amerikanischer Optionen als optimales Stoppproblem betrachtet. In höheren Dimensionen ist die simulationsbasierte Bewertung meist die einzig praktikable Lösung, da diese eine dimensionsunabhängige Konvergenz gewährleistet. Eine neue Methode der Varianzreduktion, die Multilevel-Idee, wird hier angewandt. Es wird eine untere Preisschranke unter zu Hilfenahme der Methode der „policy iteration“ hergeleitet. Dafür werden Konvergenzraten für die Simulation des Optionspreises erarbeitet und eine detaillierte Komplexitätsanalyse dargestellt. Abschließend wird das Preisen von Amerikanischen Optionen unter Modellunsicherheit behandelt, wodurch die Restriktion, nur ein bestimmtes Wahrscheinlichkeitsmodell zu betrachten, entfällt. Verschiedene Modelle können plausibel sein und zu verschiedenen Optionswerten führen. Dieser Ansatz führt zu einem nichtlinearen, verallgemeinerten Erwartungsfunktional. Mit Hilfe einer verallgemeinerte Snell''sche Einhüllende wird das Bellman Prinzip hergeleitet. Dadurch kann eine Lösung durch Rückwärtsrekursion erhalten werden. Ein numerischer Algorithmus liefert untere und obere Preisschranken. / The work presented here deals with several aspects of financial mathematics. An extended Libor market model is considered offering enough flexibility to accurately calibrate to various market data for caplets and swaptions. Moreover the evaluation of more complex financial derivatives is considered, for instance by simulation. In high dimension such simulations can be very time consuming. Possible improvements regarding the complexity of the simulation are shown, e.g. factor reduction. In addition the well known Andersen simulation scheme is extended from one to multiple dimensions using the concept of moment matching for the approximation of the vola process in a Heston model. This results in an improved convergence of the whole process thus yielding a reduced complexity. Further the problem of evaluating so called American options as optimal stopping problem is considered. For an efficient evaluation of these options, particularly in high dimensions, a simulation based approach offering dimension independent convergence often happens to be the only practicable solution. A new method of variance reduction given by the multilevel idea is applied to this approach. A lower bound for the option price is obtained using “multilevel policy iteration” method. Convergence rates for the simulation of the option price are obtained and a detailed complexity analysis is presented. Finally the valuation of American options under model uncertainty is examined. This lifts the restriction of considering one particular probabilistic model only. Different models might be plausible and may lead to different option values. This approach leads to a non-linear expectation functional, calling for a generalization of the standard expectation case. A generalized Snell envelope is obtained, enabling a backward recursion via Bellman principle. A numerical algorithm to valuate American options under ambiguity provides lower and upper price bounds. mehrdimensionales Andersen Schema mehrstufige Strategieiteration robustes optimales Stoppen multidimensional Andersen scheme multilevel policy iteration robust optimal stopping 510 Mathematik 27 Mathematik SK 980 ddc:510
46	加入信用風險之銀行股價多因子模型：日本銀行業之實證分析 / Stock Price Multi-factor Model with Credit Risk--Empirical Evidence from Japanese Banks 林玫君, Lin, Mei-Chun Unknown Date (has links) 商業銀行是以借貸為主的金融機構，銀行獲利的主要來源，是從存款大眾手中取得短期資金，再將資金貸放給政府或企業進行長期投資。銀行「借短貸長」的業務，常使得其資產與負債產生存續期間不一致的問題，當利率非預期變動時，會改變資產與負債的真實價值，進而影響到銀行的淨值及股票報酬率。此外，匯率變動的風險也是銀行常常面臨的問題，尤其是當銀行涉足國際業務時，匯率的變動常常會使銀行所持有的外幣部位價值改變，進而影響到銀行的真實價值。另外一個會影響到銀行資產與負債價值的因素，就是信用風險的問題，總體經濟環境的信用品質變動，常常會影響銀行放款的還款機率，進而改變銀行放款的實質價值。本文採用過去學者們所研究過的銀行股價三因子模型，即市場因子、債券因子、匯率因子，並加入代表總體信用風險的第四個因子，以及代表抵押品價值變動的第五個因子，成為銀行股價五因子模型。以日本銀行業的股價報酬為研究對象，實證結果顯示:新加入的總體信用風險因子，對於銀行股價報酬率的確產生顯著的負向影響，也就是當借貸市場信用品質愈差（信用風險越高）時，整體銀行股價的報酬率下降。且在四種類型的銀行中，地方銀行所估計出的信用風險顯著的比例最高，代表資產規模較小、放款業務較集中的地方銀行，其信用風險確實較其他類型的銀行為高。另外，在日本泡沫經濟破滅以後的銀行危機時期，以股價多因子模型來衡量的銀行信用風險也有上升的現象。多因子模型銀行股價信用風險日本銀行危機 multi-factor model bank stock price credit risk Japan banking crises
47	Tjänsteproduktivitet : Hur kan produktivitet mätas i en tjänsteorganisation? Schultz, Helena, Sjöqvist, Lina January 2011 (has links) Problemformulering Det vi med denna uppsats vill undersöka är hur en tjänsteorganisations produktivitet kan mätas. Därför lyder vår problemformulering enligt följande: Hur kan produktivitet mätas i en tjänsteorganisation? Produktiviteten i en tjänsteorganisation påverkas av ett antal faktorer, till exempel personalen, kommunikation, ledarskap och de IT-system personalen arbetar i. Med ”mäta” syftar vi till att kvantifiera de kvalitativa faktorer som påverkar produktiviteten. Syfte Utöver att se hur produktiviteten kan mätas i en tjänsteorganisation ska vi utveckla en modell som visar hur tjänsteproduktiviteten kan mätas samt identifiera vilka faktorer som påverkar och hur de påverkar produktiviteten. Vi kommer genom ett illustrativt exempel att identifiera de faktorer som påverkar produktiviteten i den tjänsteorganisationen och hur de påverkar. Den organisation vi valt att applicera vår studie på är Folksam, avgränsat till deras bokföringsavdelning. Metod Vår kunskapssyn är hermeneutisk, vilket går i linje med vårt syfte då vi vill identifiera och tolka de faktorer som är viktiga för tjänsteproduktiviteten. Vi har valt att göra en kvalitativ studie, då identifieringen av faktorer som påverkar tjänsteproduktiviteten är ett relativt oexploaterat område och därför behöver vi undersöka det empiriskt i en etablerad organisation. Den iterativa metoden eller den gyllene medelvägen är det angreppsätt som vi valt, eftersom vi anser att det passar vår studie bäst att utgå ifrån befintlig teori och sedan enbart influeras av den för att låta empirin vara det som styr vår teoriutveckling. För att erhålla våra data har vi genomfört både observationssamtal och semistrukturerade intervjuer. Teori Vi har i huvudsak använt oss av två modeller som tillsammans ger en bild över produktiviteten i en tjänsteorganisation. Fokus ligger på Grönroos och Ojasalos (2004) tjänsteproduktivitetsmodell. Den beskriver de input och output av intern och extern effektivitet som har en påverkan på tjänsteproduktiviteten. Den säger dock lite om hur tjänsteproduktiviteten kan mätas. Vi har därför valt att komplettera denna modell med en modell gjord av Sahay (2005) som kallas Multi-factor Productivity Measurement Model. Den modellen tar upp hur tjänsteproduktvitet kan mätas genom att utveckla olika index som är anpassade till den aktuella organisationen. Utöver dessa två modeller har vi sökt och använt teorier kring de faktorer som påverkar tjänsteproduktiviteten i vår organisation. Slutsatser När produktiviteten ska mätas i en tjänsteorganisation är det viktigt att först kartlägga vilka faktorer som påverkar produktiviteten och att sedan anpassa dem efter den aktuella organisationen. Faktorer vi funnit i denna studie är bland annat ledarskap, grupper, kommunikation, IT-system och stress. Resultatet visar att de faktorer som påverkar tjänsteproduktiviteten samverkar och tillsammans ger en bild över hur tjänsteproduktiviteten ser ut och kan mätas. Service Productivity Model Produktivitet Effektivitet Tjänsteorganisation Tjänsteproduktivitet Tjänster Kommunikation Ledarskap Utbildning Stress IT-system Arbetsbelastning Kontorslandskap Interna kunder Externa kunder Folksam Business studies Företagsekonomi
48	Foreign Exchange Option Valuation under Stochastic Volatility Rafiou, AS January 2009 (has links) >Magister Scientiae - MSc / The case of pricing options under constant volatility has been common practise for decades. Yet market data proves that the volatility is a stochastic phenomenon, this is evident in longer duration instruments in which the volatility of underlying asset is dynamic and unpredictable. The methods of valuing options under stochastic volatility that have been extensively published focus mainly on stock markets and on options written on a single reference asset. This work probes the effect of valuing European call option written on a basket of currencies, under constant volatility and under stochastic volatility models. We apply a family of the stochastic models to investigate the relative performance of option prices. For the valuation of option under constant volatility, we derive a closed form analytic solution which relaxes some of the assumptions in the Black-Scholes model. The problem of two-dimensional random diffusion of exchange rates and volatilities is treated with present value scheme, mean reversion and non-mean reversion stochastic volatility models. A multi-factor Gaussian distribution function is applied on lognormal asset dynamics sampled from a normal distribution which we generate by the Box-Muller method and make inter dependent by Cholesky factor matrix decomposition. Furthermore, a Monte Carlo simulation method is adopted to approximate a general form of numeric solution The historic data considered dates from 31 December 1997 to 30 June 2008. The basket contains ZAR as base currency, USD, GBP, EUR and JPY are foreign currencies. Black-Seholes-Merton model Bachelier model Sprenkle model Boness model Samuelson model Multi-assets option Monte Carlo integration C++ simulation Wiener process Brownian motion vector
49	Hur påverkar implementering av multifaktorautentisering användarnas digitala arbetsmiljö? : En intervjustudie om förutsättningar och motivation för säker användning i en professionell utbildningsorganisation / How does implementation of multi-factor authentication affect users' digital work environment? : An interview study on conditions and motivation for secure usage in a professional educational organization Geronson, Carl, Mellvé, Oscar January 2023 (has links) I takt med en ökad digitalisering har det blivit ett allt större fokus på IT-säkerhet. Det finns olika typer av lösningar för att stärka IT-säkerheten och att implementera multifaktorautentisering är en av dem. I organisationers säkerhetsarbete spelar användarna en viktig roll, samtidigt kan de betraktas som ett säkerhetshot snarare än en resurs. I den här intervjustudien undersöker vi hur en implementering av multifaktorautentisering påverkar användarnas digitala arbetsmiljö. För att förstå detta har studien använt en kvalitativ datainsamlingsmetod där tio semistrukturerade intervjuer med anställda från Malmö universitet har genomförts. I analysen av resultatet har bland annat Technology Acceptance Model, Protection Motivation Theory samt ett fenomenologiskt perspektiv använts som teoretiska utgångspunkter. Studien visar att det finns en oförutsägbarhet med multifaktorautentisering som skapar en kognitiv omställning och ett hinder i arbetsflödet. Det framgår även att användarnas medvetenhet om IT-säkerhet är en viktig faktor i acceptansen av säkerhetsåtgärder så som multifaktorautentisering. Studien lyfter fram att det krävs en bra användarupplevelse bland befintliga IT-system för att välkomna och anpassa sig till framtida implementeringar av säkerhetssystem. / As digitalization has increased, there has been a growing focus on IT security. There are various types of solutions to strengthen IT security, and implementing multi-factor authentication is one of them. In the security efforts of organizations, users play an important role, but they can also be seen as a security threat rather than a resource. In this interview study, we examine how the implementation of multi-factor authentication affects users' digital work environment. To understand this, the study used a qualitative data collection method, conducting ten semi-structured interviews with employees from Malmö university. In the analysis of the results, the study utilized theoretical frameworks such as the Technology Acceptance Model, Protection Motivation Theory, and a phenomenological perspective. The study reveals that there is unpredictability associated with multi-factor authentication, creating a cognitive adjustment and a hindrance in workflow. It is also evident that users' awareness of IT security is an important factor in accepting security measures such as multi-factor authentication. The study emphasizes the need for a good user experience in existing IT systems to welcome and adapt to future implementations of security systems. Digital work environment IT security Multi-factor authentication Secure usage Ease of use User acceptance Information system Digital arbetsmiljö IT-säkerhet Multifaktorautentisering Säker användning Användarvänlighet Användaracceptans Informationssystem Engineering and Technology Teknik och teknologier
50	Usability Comparison between U2F-based Security Keys, TOTP and Plain Passwords : A Structured Literature Review Iriarte Murgiondo, Asier January 2022 (has links) Multi-factor authentication is a term that was foreign until a few years ago. But in reality, it has been around for decades in the world of computer security. In theory, has the purpose to improve the security of user authentication by adding an extra layer of security to the process. Although password authentication has been shown to be an imperfect technique, it is still the most widely used today. That is why this research has been carried out, to shed light on the issue of why multi-factor authentication is not a fundamental pillar in security. For this, two promising protocols of the second authentication factor have been chosen, Time-based One-time Password (TOTP) and Universal 2nd Factor (U2F), and the usability of these methods has been compared together with password authentication usability as well. A Systematic Literature Review has been executed to answer the raised research question. Although the setup and login processes of the protocols are excessively slow, the results show that the U2F devices are overall more usable than TOTP, as they have a more “friendly” daily usage. But not enough data has been found on TOTP to be able to make a comparison with a solid basis. / La autenticación de múltiples factores es un término que era extraño hasta hace varios años. Pero en realidad, ha existido durante décadas en el mundo de la seguridad informática. En teoría, su objetivo es mejorar la seguridad del proceso de autenticación de usuarios, agregando una capa adicional de seguridad al proceso. Aunque se ha demostrado que la autenticación de contraseña es una técnica imperfecta, sigue siendo la más utilizada en la actualidad. Esta es la razón por la que se ha realizado esta investigación, para arrojar luz sobre el tema de por qué la autenticación de múltiples factores no es un pilar fundamental en la seguridad. Para ello, se han elegido dos protocolos prometedores del segundo factor de autentificación, como son, Time-based One-time Password (TOTP) y Universal 2nd Factor (U2F), y se ha comparado la usabilidad de estos métodos junto con usabilidad de la autenticación por contraseña. Se ha realizado una Revisión Sistemática de la Literatura (Systematic Literature Review) para dar respuesta a la pregunta de investigación planteada. Aunque los procesos de configuración e inicio de sesión de los protocolos son excesivamente lentos, los resultados muestran que los dispositivos U2F son en general mas usables ya que tienen un uso diario más “amigable”. Pero no se han encontrado suficientes datos sobre TOTP para poder hacer una comparación con una sólida base. / <p><strong>Laburpena</strong> [Summary/Abstract, Basque/baskiska]</p><p>Faktore-anitzeko autentifikazioa orain dela urte gutxi arte arrotza izan den terminoetako bat da. Baina, egia esan, hamarkada batzuk daramatza segurtasun informatikoaren munduan errotua. Teorian, erabiltzaileen autentifikazio-prozesuaren segurtasuna hobetzeko helburu du, prozesuari segurtasun-geruza berri bat gehituz. Pasahitz autentifikazio teknika inperfektua dela frogatu bada ere, gaur egun oraindik erabiliena da. Horregatik egin da ikerketa hau, faktore anitzeko autentifikazioa zergatik ez den segurtasunaren oinarrizko zutabea argitzeko. Horretarako, faktore-anitzeko autentifikazio barruan aurkitzen diren bi protokolo itxaropentsu aukeratu dira, hala nola, Time-based One-time Password (TOTP) eta Universal 2nd Factor (U2F), eta hauen erabilgarritasuna konparatu da pasahitz bidezko erabilgarritasunarekin batera. Planteatutako ikerketa galderari erantzuteko Literatura Ikerketa Sistematikoa (Systematic Literature Review) burutu da, protokolo bakoitzaren onurak/eragozpenak bilduz eta hauen arteko konparaketa bat eginez. Protokoloen konfigurazio eta saioa hasteko prosezuak motelegiak badira ere, emaitzek erakusten dute U2F gailuak orokorreak TOTP baino erabilgarriagoak direla, eguneroko erabilera “lagunartekoagoa” baitute. Baina ez da datu nahikorik aurkitu TOTP-en oinarri sendo batekin konparazio bat egin ahal izateko.</p><p><strong>HITZ-GAKOAK:</strong> autentifikazioa, faktore-anitzeko autentifikazioa, Universal 2nd Factor, U2F, Time-based One-time Password, TOTP, alderaketa, erabilgarritasuna</p> authentication multi-factor authentication Universal 2nd Factor U2F Timebased One-time Password TOTP usability comparison autenticación autenticación de múltiples factores Universal 2nd Factor U2F Time-based One-time Password TOTP usabilidad Computer Sciences Datavetenskap (datalogi)

Search results