Global ETD Search

1	Implementación de un Sistema de Gestión de Seguridad y Salud Ocupacional en Minería Subterránea basado en las Normas Peruanas en la Contrata Minera Madsur SRL. Alcántara Pope, Moisés, Loayza Cruz, Eileen Belinda 21 May 2019 (has links) El proyecto de investigación titulada: “Implementación de un sistema de gestión de seguridad y salud ocupacional en minería subterránea basado en las normas peruanas en la contrata minera Madsur SRL.” mostrará la metodología para implementar un Sistema de Gestión Seguridad y Salud Ocupacional en Minería Subterránea basada en las normas peruanas. Los índices de Seguridad emitido por el Ministerio de Energía y Minas, OSINERGMIN son documentos legales donde se observan los índices de seguridad que utilizaremos para poder evaluar el desempeño de la Empresa y verificar el cumplimiento del Sistema de Gestión de Seguridad y Salud Ocupacional en Minería. SG-SSO en minería Normas peruanas SG-SSO en minería
2	A Cross-Domain Roaming System: Support and Integration of Heterogeneous Authentication Platforms on the Wireless LAN Wen, Teu-Shun 27 August 2003 (has links) The flourishing development of internet moves the human technology into another new epoch and the rising of the wireless LAN presents the fact which people are freer and more convenient from the unlimited-space using the internet. More and more equipments can support the mobile device of WLAN. By reducing the cost and its good points of easy-building. Lots of hotspots, for instance, café¡¦s, airports, train stations, schools and companies are widely deployed and positive to construct WLAN. How to provide people a simple, easy, and quality environment of WLAN becomes an important issue from the viewpoints of user. When WLAN had been discussed, it was only a simple LAN environment. Before it has been promoted by the manufacture, the mobility and security were not been measured and instituted. All the products from different suppliers and the promotion of wireless internet in school are difficult to be united. By the fact of this, in order to make the resource of internet more flexible and expandable and make internet can be used in wide-ranging and more convenient way, this article draw up a plan and structure of Cross-Domain Roaming System and security control. Besides, our system can support and integration of heterogeneous authentication platforms on the WLAN. SSO Roaming IEEE802.1x Radius WEP
3	Propuesta de Gestión por procesos aplicada a la Seguridad y Salud Ocupacional adaptada a la ley N°29783 que permita la integración y desarrollo de los procesos en las MYPES de Lima metropolitana pertenecientes al sector hotelero Calagua Begazo, Gian Carlo 05 April 2019 (has links) La presente tesis busca diseñar un sistema de gestión con datos reales, tomados de encuestas realizadas a hoteles de lima metropolitana, el enfoque fue puesto en las medianas y pequeñas empresas (MYPES) cuyo potencial de crecimiento es alto, dentro de este desarrollo se propone el sistema de gestión haciendo uso de herramientas de gestión en la ingeniería industrial. El sistema de gestión es basado en las normas OHSAS 18001, así como la legislación peruana Ley 29783 _ Ley de Seguridad y Salud en el Trabajo, buscando, de esta forma, minimizar cualquier riesgo y/o penalidad que pueda sufrir la empresa, maximizando su tiempo de vida, este sistema también busca la interacción con los demás procesos existentes en los hoteles. / This thesis seeks to development a management system using real data, taken from surveys conducted in metropolitan Lima hotels, the focus was placed on medium and small companies whose growth potential is high, within this development is proposed the management system use of management tools in industrial engineering. The management system is based on standards. OHSAS 18001, as well as the Peruvian company Law 29783 _ Occupational Health and Safety Law, looking, in this way, to minimize any risk and/or penalty that the company may suffer, maximizing its life time, this system also seeks interaction with other existing processes in hotels. / Tesis MYPES SST SSO Seguridad OHSAS Safety
4	Détection d'anomalies logiques dans les logiciels d'entreprise multi-partis à travers des tests de sécurité / Detection of logic flaws in multi-party business applications via security testing Pellegrino, Giancarlo 08 November 2013 (has links) Les logiciels multi-partis sont des applications distribuées sur le web qui mettent en oeuvre des fonctions collaboratives. Ces applications sont les principales cibles des attaquants qui exploitent des vulnérabilités logicielles dans le cadre d'activités malveillantes. Récemment, un type moins connu de vulnérabilité, les anomalies logiques, a attiré l'attention des chercheurs. Sur la base d'informations tirées de la documentation des applications, il est possible d'appliquer deux techniques de test: la vérification du modèle, autrement appelé ``model checking'', et les tests de sécurité de type ``boîte noire''. Le champs d'application du model checking ne prend pas en suffisamment en compte les implémentations actuelles, tandis que les tests de type boîte noire ne sont pas assez sophistiqués pour découvrir les vulnérabilités logique. Dans cette thèse, nous présentons deux techniques d'analyse modernes visant à résoudre les inconvénients de l'état de l'art. Pour commencer, nous présentons la vérification de deux protocoles de sécurité utilisant la technique du model checking. Ensuite, nous nous concentrons sur l'extension du model checking pour soutenir les tests automatisés d'implémentations. La seconde technique consiste en une analyse boîte noire qui combine l'inférence du modèle, l'extraction du processus et du flot de donnée, ainsi qu'une génération de tests basés sur les modèles d'attaque d'une application. En conclusion, nous discutons de l'application de techniques développées au cours de cette thèse sur des applications issues d'un contexte industrielle. / Multi-party business applications are distributed computer programs implementing collaborative business functions. These applications are one of the main target of attackers who exploit vulnerabilities in order to perform malicious activities. The most prevalent classes of vulnerabilities are the consequence of insufficient validation of the user-provided input. However, the less-known class of logic vulnerabilities recently attracted the attention of researcher. According to the availability of software documentation, two testing techniques can be used: design verification via model checking, and black-box security testing. However, the former offers no support to test real implementations and the latter lacks the sophistication to detect logic flaws. In this thesis, we present two novel security testing techniques to detect logic flaws in multi-party business applicatons that tackle the shortcomings of the existing techniques. First, we present the verification via model checking of two security protocols. We then address the challenge of extending the results of the model checker to automatically test protocol implementations. Second, we present a novel black-box security testing technique that combines model inference, extraction of workflow and data flow patterns, and an attack pattern-based test case generation algorithm. Finally, we discuss the application of the technique developed in this thesis in an industrial setting. We used these techniques to discover previously-unknown design errors in SAML SSO and OpenID protocols, and ten logic vulnerabilities in eCommerce applications allowing an attacker to pay less or shop for free. Authentification unique Model checking SSO Model checking
5	Fartygsskydd och rollen som SSO : En kvalitativ undersökning om fartygsskyddet och SSOrollenombord på olika typer av fartyg efter införandet avISPS Bertilsson, Emil, Arvidsson, Sebastian January 2016 (has links) Detta examensarbete handlar om fartygsskydd och rollen som SSO på olika fartygstyper. Syftet med undersökningen var att ta reda på vilket sätt fartygstypen och fartområdet fartyget går i påverkar hur man ombord arbetar med fartygsskyddet och ISPS. Denna undersökning genomfördes under sommaren och hösten 2015 genom kvalitativa semistrukturerade intervjuer med SSO:erna på fyra fartyg av olika typ i olika fartområden. Fartygen i undersökningen består av ett kryssningsfartyg i oceanfart, ett tankfartyg i europafart, ett biltransportfartyg i oceanfart samt en färja i närfart. Resultatet av vår undersökning visar att det finns skillnader mellan både de undersökta fartygstyperna och fartområdena samt att detta påverkar hur de intervjuade SSO:erna uppfattar sin roll. Resultatet pekar på att den största skillnaden i organiseringen av fartygsskyddet finns mellan de två huvudtyperna av fartyg i studien, dvs. passagerarfartyg och lastfartyg, och att den skillnaden till stor del kan förklaras av besättningens storlek. / This thesis is about ship security and the role of the SSO on different types of vessels. The purpose of the survey was to find out how the ship type and trade area of the ship affects how the on-board work with security and ISPS is conducted. The study was carried out during the summer and autumn 2015 by making qualitative semi-structured interviews with the SSOs on four vessels of different type in different trade areas. The vessels in the survey consist of a cruise ship in ocean traffic, a tanker in European traffic, a car carrier in world-wide ocean traffic and a ferry in short voyage traffic. In the study it was concluded that there are differences between both the investigated vessel types and trade areas, and that this affects how the interviewees: the SSOs perceive their role. The result indicates that the largest difference in the organization of ship security is found between the two main types of vessels in the study, between passenger ships and cargo ships, and that this difference can largely be explained by the size of the crew. Ship security ISPS ship type trade area SSO Fartygskydd ISPS fartygstyp fartområde SSO
6	Sécurité et performances des réseaux de nouvelle génération / Security and Performance for Next Generation Networks Maachaoui, Mohamed 12 June 2015 (has links) L’IMS (IP Multimedia Subsystem) constitue l’architecture clé de contrôle pour les réseaux de nouvelle génération (NGN : Next Generation Network). IMS offre aux opérateurs réseaux la possibilité d'étendre leurs services, en intégrant la voix et des communications multimédia et de les livrer dans de nouveaux environnements avec de nouveaux objectifs. Sa sécurité totale mais à moindre coût est donc primordiale, principalement l’authentification. En IMS l’authentification est divisée en deux phases, une au niveau du domaine PS (Packet-Switch) avec le protocole 3GPP-AKA, et l’autre au niveau IMS en utilisant le protocole IMS-AKA. Dans notre première contribution, nous proposons un nouveau protocole d’authentification plus sécurisé que celui utilisé en IMS (IMS-AKA) et plus performant en termes d’utilisation de la bande passante et de temps de traitement. Notre méthode d’analyse repose sur la quantification de la signalisation induite par l’authentification IMS. La quantification est effectuée à l’aide d’expérimentations réelles. Sur la base des résultats obtenues, nous pouvons confirmer que notre protocole (1) peut économiser au moins 21,5% du trafic SIP/Cx par rapport à l’IMS-AKA, (2) permet de réduire la consommation de la bande passante de 27% par rapport à l’IMS-AKA, (3) résiste aux attaques atteignant la confidentialité et l’intégrité des données lors d’un enregistrement IMS (validé par AVISPA). Dans notre seconde contribution, nous avons présenté un nouveau modèle, nommé virtual walled-garden, de fourniture de services centré sur l'utilisateur en IMS. Ce modèle de fourniture de service permet d'offrir plus de liberté d'utiliser les services de tout fournisseur de contenu en fonction des besoins et préférences des utilisateurs. De cette manière les trois parties (utilisateur, fournisseurs de services et opérateur IMS) sont satisfaites. Les utilisateurs auront accès à un plus large éventail de services soutenus par l'IMS, les fournisseurs de services peuvent mettre en œuvre un large éventail de services IMS/SIP sans aucun investissement sur la mise en œuvre d'un réseau de cœur IMS ou de sa maintenance. Quant aux opérateurs cette façon de faire constitue une nouvelle forme de partenariat d'affaires avec les fournisseurs de services. Le modèle virtual walled-garden se base sur une fédération d'identité multi niveaux pour prendre en considération plusieurs niveaux de sécurité selon la criticité des applications sollicitées. / The IMS (IP Multimedia Subsystem) architecture is the key control for next generation networks (NGN). IMS gives network operators the opportunity to extend their services, including voice and multimedia communications and deliver them in new environments with new goals. Its security is paramount, especially authentication. In IMS, authentication is divided into two phases a PS (Packet-Switch) domain-level with the 3GPP-AKA protocol, and a second at IMS level using the IMS-AKA protocol. In our first contribution, we propose a new IMS authentication mechanism that improves the IMS-AKA in terms of security and more efficient in the use of bandwidth and processing time. Based on the results obtained, we can confirm that our protocol can save at least 21.5% of SIP/Cx traffic compared to the IMS-AKA and resists to attack reaching the confidentiality and integrity of data in an IMS registration (validated by AVISPA). In our second contribution, we propose a new Service provisioning model: Virtual Walled-Garden. This new model allows the user accessing all the applications, even the external ones transparently, simulating a walled-garden environment. This model will create a trust link between IMS domain and external services, and will reduce the burden of both end users and SPs through a Single Sign-On (SSO) feature, using identity federation. We also introduce the notion of security level to classify the SPs in a Multi-level model. Ims Sip Sso Authentification Fourniture de service Ims Sip Sso Authentication Service provisioning
7	Autentizace v informačních systémech / authentication for information system Jenčík, Štěpán January 2017 (has links) This thesis is focused on authentication methods, for regular private users and company solutions. Based on the analysis of individual authentication methods discussed in a theoretical part, the most suitable solutions are chosen. The practical part then offers various solutions divided into categories based on the users profiles. This presented overview suggests possible follow up discussion topics and an outline of the future development in the area of authentication methods and tools.
8	Autentisering, hantering och provisionering av användare : Ett koncepttest med PhenixID Hellberg, Axel January 2021 (has links) The goal of this project has been to configure and present a solution that covers a customer’s needs for user authentication, identity and access management and identity provisioning. The solution consists of products from PhenixID and the configuration is carried out on behalf of a company acting as a consultant. At the same time, the project is intended to generate new knowledge within the company about the possibilities and functions of the products used. The resulting solution enables the provisioning of users from a simple CSV file to a central user directory, and from this directory to Google. Identity Provisioning software is used for this purpose. The solution includes a recommendation for the same process to Azure through a first-party solution from Microsoft. The solution includes a configuration of the PhenixID Authentication Services system that can be used by the provisioned users to log in to Google and Microsoft services, so-called single sign-on, SSO. This authentication is SAML-based and adopts multi-factor authentication through a mobile application. A web-based and role-based identity and access management system, Identity Manager, is configured to manage users in the central user directory. Through this system, roles with associated rights are used with the purpose of delegating user management to the necessary instances of the customer’s organization. The overall configuration represents a proof of concept of the products for the customer's use cases and is therefore relatively fundamental in nature. / Målet med detta arbete har varit att konfigurera och presentera en lösning som omfattar en kunds behov av system för autentisering, hantering och provisionering av användare. Lösningen tillämpar produkter från PhenixID och konfigurationsarbetet sker på uppdrag av en verksamhet som här agerar konsult åt kunden. Arbetet ämnar samtidigt att ge upphov till ny kunskap inom verksamheten om de tillämpade verktygens möjligheter och funktioner. Den resulterande lösningen möjliggör provisionering av användare från en enkel CSV-fil till ett central användarkatalog, via denna katalog till Google. Till detta används programvaran Identity Provisioning. Lösningen omfattar en rekommendation för samma process till Azure genom ett första-partslösning från Microsoft. Lösningen omfattar konfiguration av autentiseringssystemet PhenixID Authentication Services som kan användas av de provisionerade användarna till att logga in på tjänster från Google och Microsoft, så kallad single sign-on, SSO. Denna autentisering är SAML-baserad och tillämpar multifaktorsautentisering genom en mobilapplikation. Ett webbaserat system för rollbaserad användarhantering, Identity Manager, konfigureras till att hantera användare i den centrala användarkatalogen. Genom detta system tillämpas roller med associerade rättigheter vars syfte är att delegera användarhanteringen till de nödvändiga instanserna av en verksamhet. Den sammantagna konfigurationen utgör ett koncepttest av produkterna för kundens användningsområden och är därför relativt grundläggande till naturen. provisionering autentisering användarhantering behörighetsstyrning SAML SSO Computer Engineering Datorteknik
9	Comparison of Methods of Single Sign-On : Post authentication methods in single sign on Topal, Baran January 2016 (has links) Single sign-on (SSO) is a session verification mechanism that allows a client to use a single password and name combination to be able to access multiple applications. The mechanism validates the client for all the applications and eliminates the need for authentication prompts when a user switches between applications within a session. SSO mechanisms can be classified as software versus hardware or customer-requirements oriented versus server-side arrangements. The five commonly used mechanisms of Single Sign-On currently are: Web Single Sign-On, Enterprise Single Sign-On, Kerberos (or Ticket/Token Authentication), Open ID, and Federation or Federated Identity. SSO has the main benefit of allowing a user to access many different systems without having to log on to each and every one of them separately. However, SSO introduces a security risk as once an attacker gains access to a single system, then the attacker has access to all of the systems. This thesis describes SSO technology, the Security Assertion Markup Language, and the advantages and risks involved in using SSO. It examines authentication mechanisms and their suitability for SSO integration. The main emphasis is a description of a mechanism that ameliorates some of the disadvantages of SSO by monitoring the user behavior with respect to a template. If a user performs actions that fit the defined template behavior, then the post authentication mechanism will not get activated. If, on the other hand, a user does something unforeseen, the mechanism will not perform authentication for this user, but rather trigger manual authentication. If this manual authentication succeeds, then the user will continue to interact with the system, otherwise user session will be ended. This behavior extension authentication mechanism is a method that eases the authentication process in which users are not expected to remember any username and password that can be forgotten easily or have a biometric attribute that can change over time. This method can be integrated to existing web application without a major risk and increase in cost. / Single sign-on (SSO) är en sessionkontrollmekanism som gör det möjligt för en kund att använda en ett enda par av lösenord och namn för att kunna få tillgång till flera olika program. Mekanismen validerar klienten för alla anrop och eliminerar behovet av ytterligare inloggningsdialoger när en användare växlar mellan program inom en session. SSO-mekanismer kan klassificeras enligt olika kriterier, såsom programvara kontra hårdvara eller kunder krav orienterade mot serversidan arrangemang. De fem vanligen använda mekanismerna för Single Sign-On är närvarande: Web Single Sign-On Enterprise Single Sign-On, Kerberos (eller Token autentisering), Open ID och Federation eller Federated Identity. SSO har den stora fördelen att en användare kan få tillgång till många olika system utan att behöva logga in på vart och ett av dem separat. Men SSO inför också en säkerhetsrisk i och med att tillgång till ett enda av systemen också automatiskt innebär tillgång till samtliga. Denna avhandling beskriver SSO-teknik, Security Assertion Markup Language, och fördelarna och riskerna med att använda SSO, samt undersöker autentiseringsmekanismer och deras lämplighet för SSO integration. Tyngdpunkten är en beskrivning av en mekanism som minskar några av nackdelarna med SSO genom att övervaka användarnas beteende med avseende på en mall. Om en användare utför åtgärder som passar det beteende som beskrivs av mallen, då den föreslagna mekanismen kommer att hantera autentiseringen automatiskt. Om, å andra sidan, en användare gör något oförutsett, kommer mekanismen inte att automatiskt utföra autentisering för den här användaren, utan utlöser manuellt autentisering. Om denna manuella autentiseringen lyckas, så kan användare fortsätta att fortsätta att interagera med systemet, annars kommer användarsessionen att avslutas. Denna beteendebaserade utvidgning av autentiseringsmekanismen är en lovande metod som minskar behovet av att komma ihåg många namn och lösenord, utan att lämna delsystem öppna till de säkerhetsproblem som uppstår i ren SSO, och utan att vara beroende av biometriska egenskaper som kan förändras över tiden. Denna metod kan integreras med befintliga webbaserade lösningar utan ökad risk och ökade kostnader. SSO Single sign-on SAML authentication security behavior risk SSO Single sign-on SAML autentisering säkerhet beteende risk Communication Systems Kommunikationssystem
10	Verteilte Autorisierung innerhalb von Single Sign-On-Umgebungen : Analyse, Architektur und Implementation eines Frameworks für verteilte Autorisierung in einer ADFS-Umgebung / Distributed authorization within single sign on environments : analysis, architecture, and implementation of a framework for distributed authorization within an ADFS environment Kirchner, Peter January 2007 (has links) Aktuelle Softwaresysteme erlauben die verteilte Authentifizierung von Benutzern über Ver-zeichnisdienste, die sowohl im Intranet als auch im Extranet liegen und die über Domänen-grenzen hinweg die Kooperation mit Partnern ermöglichen. Der nächste Schritt ist es nun, die Autorisierung ebenfalls aus der lokalen Anwendung auszulagern und diese extern durchzu-führen – vorzugsweise unter dem Einfluss der Authentifizierungspartner. Basierend auf der Analyse des State-of-the-Art wird in dieser Arbeit ein Framework vorges-tellt, das die verteilte Autorisierung von ADFS (Active Directory Federation Services) authenti-fizierten Benutzern auf Basis ihrer Gruppen oder ihrer persönlichen Identität ermöglicht. Es wird eine prototypische Implementation mit Diensten entwickelt, die für authentifizierte Be-nutzer Autorisierungsanfragen extern delegieren, sowie ein Dienst, der diese Autorisierungs-anfragen verarbeitet. Zusätzlich zeigt die Arbeit eine Integration dieses Autorisierungs-Frameworks in das .NET Framework, um die praxistaugliche Verwendbarkeit in einer aktuel-len Entwicklungsumgebung zu demonstrieren. Abschließend wird ein Ausblick auf weitere Fragestellungen und Folgearbeiten gegeben. / Current software systems allow distributed authentication of users using directory services, which are located both in the intranet and in the extranet, to establish cooperation with part-ners over domain boundaries. The next step is to outsource the authorization out of the local applications and to delegate the authorization decisions to external parties. In particular the authorization request is back delegated to the authentication partner. Based on an analysis of the state of the art this paper presents a framework which allows the distributed authorisation of ADFS authenticated users. The authorization decisions are based on the user’s identity and groups. In this work there will be developed a prototypical imple-mentation of services which are capable of delegating authorization requests. Additionally, this work points out the integration of these services into the .NET framework to demonstrate the usability in a modern development environment. Finally there will be a prospect of further questions and work. Single Sign On Autorisierung SSO ADFS Active Directory Federation Services Single Sign On Authorization SSO ADFS Active Directory Federation Services Data processing Computer science

Search results