Global ETD Search

181	Protection of System Layer Affordances Mellstrand, Per January 2002 (has links) With more and more open systems connected to the Internet security is perhaps the most important attribute of modern software systems. A large problem when creating secure systems is developers misunderstanding or incorrectly assuming how objects behave. In this paper I describe how such incorrect assumption can result in large problems in software systems, under which conditions these problems typically appear and a method that can be used to reduce the number of software defects caused by incorrect assumption. / Tele: 070-6470393 eller 0457-79875 Secure Systems Assumption of Properties Security Software Engineering Programvaruteknik Computer Sciences Datavetenskap (datalogi)
182	Data Remanence : Secure Deletion of Data in SSDs Homaidi, Omar Al January 2009 (has links) The ongoing fast pace research in hardware and software technology has resulted in memory devices efficient and faster than ever before. However, the issue of security of the contained data is rarely discussed. There is an evident capability of these devices to retain data even when it is erased. In this thesis, a study is conducted to qualitatively analyze the extent to which data deletion is important and why secure deletion should be applied. Afterwards, following the sequential exploratory procedure, this paper presents an analysis of methods used to recover the data after being deleted in addition to the techniques used to securely delete this data. Based on this study, some recommendations are made to ensure the safety of data. SSD Secure Erase Flash Data Retention ATA TRIM Computer Sciences Datavetenskap (datalogi)
183	"Halfpipe Active Channel"- developing a secure communications protocol / "Halfpipe Active Channel"- utveckling av ett säkert kommunikationsprotokoll Larsson, Fredrik January 2005 (has links) With the advent of powerful multimedia capable mobile phones, the market for mobile services is flourishing. Zenterio AB's Halfpipe Active Desktop is a complete distributed mobile service platform a with a powerful server and platform-independent client. The communication between the client and server takes place over a GPRS-capable mobile network. The purpose of this thesis is to develop a secure communications protocol for use between the Halfpipe Active Desktop client and server. This is done by determining requirements, analyzing candidate protocols and then by designing the final protocol. The result, the Halfpipe Active Channel protocol, is an authorized, encrypted, session oriented, message based and light weight protocol designed to minimize computational as well as network overhead. This master's thesis project was defined by and performed at Zenterio AB during the second half of 2004. Informationsteknik mobile services secure communications GPRS protocol design Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
184	Improving Integrity Assurances of Log Entries From the Perspective of Intermittently Disconnected Devices / Förbättring av integritetsförsäkring av loggar sett från tillfälligt bortkopplade enheter Andersson, Marcus, Nilsson, Alexander January 2014 (has links) It is common today in large corporate environments for system administrators to employ centralized systems for log collection and analysis. The log data can come from any device between smart-phones and large scale server clusters. During an investigation of a system failure or suspected intrusion these logs may contain vital information. However, the trustworthiness of this log data must be confirmed. The objective of this thesis is to evaluate the state of the art and provide practical solutions and suggestions in the field of secure logging. In this thesis we focus on solutions that do not require a persistent connection to a central log management system. To this end a prototype logging framework was developed including client, server and verification applications. The client employs different techniques of signing log entries. The focus of this thesis is to evaluate each signing technique from both a security and performance perspective. This thesis evaluates "Traditional RSA-signing", "Traditional Hash-chains"', "Itkis-Reyzin's asymmetric FSS scheme" and "RSA signing and tick-stamping with TPM", the latter being a novel technique developed by us. In our evaluations we recognized the inability of the evaluated techniques to detect so called `truncation-attacks', therefore a truncation detection module was also developed which can be used independent of and side-by-side with any signing technique. In this thesis we conclude that our novel Trusted Platform Module technique has the most to offer in terms of log security, however it does introduce a hardware dependency on the TPM. We have also shown that the truncation detection technique can be used to assure an external verifier of the number of log entries that has at least passed through the log client software. Secure logging forward security TPM digital signature Computer Sciences Datavetenskap (datalogi) Software Engineering Programvaruteknik
185	WEB APPLICATION SECURITY IN THE JAVA ENVIRONMENT Wanderydz, Kristoffer January 2012 (has links) This project focuses on web security. Some of the most famous vulnerabilities, known troubling web applications. Has been collected and analyzed. Each vulnerability collected in this project, was exploited and secured. Demon- strations from a web application prototype, developed for this project. Brings real examples for each vulnerability, both secured, and insecured. The proto- type ran on a Tomcat web server, and was developed with frameworks such as Web, Spring and Hibernate. Connected to one PostgreSQL data source. All vulnerabilities was successfully implemented in Spring framework, and they were all exploited. Every vulnerability was also secured, with different tools and methods from earlier mentioned frameworks. As a result, real examples from the prototype is used for demonstration in the project, both in a secure and an insecure state. The result views Spring as a framework with good security potential. Most of the Spring specific vulnerabilities, are logical design flaws from developers that can be avoided. Vulnerabilities not related to Spring, such as the one collected for this project. Could be prevented by using methods from the Spring framework or intelligent programming. Which leads to conclusions. Web applications are always exposed to attacks, no matter the framework in use. Creative hackers search to discover new vul- nerabilities, and update old ones all the time. Developers has a responsibility, towards the web applications users. Web applications can not just developed for normal use, but also against possible misuse. Frameworks with good reputation and well processed models, is a good ground for developing a secure application. Web Spring Security Application Exploit Vulnerabilities Secure Computer Sciences Datavetenskap (datalogi) Software Engineering Programvaruteknik
186	Pathogenic Policy: Health-Related Consequences of Immigrant Policing in Atlanta, GA Kline, Nolan Sean 01 January 2015 (has links) Multilayered immigration enforcement regimes comprising state and federal statutes and local police practices demand research on their social and health-related consequences. This dissertation explores the multiple impacts of immigrant policing: sets of laws and police activities that make undocumented immigrants more visible to authorities and increase their risk of deportation. Examining immigrant policing through a multi-sited framework and drawing from principles of engaged anthropology, findings from this dissertation suggest how immigrant policing impacts undocumented immigrants' overall wellbeing, health providers' professional practice, and reveals troubles with safety net medical care. Interviews and participant observation experiences suggest how immigrant policing perpetuates a type of fear-based governance that shapes where undocumented immigrants seek health services, the types of services they seek, and exacerbates intimate partner violence. Moreover, research findings point to how immigrant rights organizations and health providers resist biopolitical efforts to control undocumented immigrants, especially in situations of life or death when institutional authority may limit how undocumented immigrants receive life-sustaining care. Findings from this research respond to calls to examine state immigration laws and their impact on health, and demonstrate the lived experiences of undocumented immigrants in Atlanta who confront an increasingly hostile immigration system. Biopolitics Citizenship Secure Communities 287(g) Engaged Anthropology Public Health Social and Cultural Anthropology
187	The Forge-and-Lose Technique and Other Contributions to Secure Two-Party Computation with Commitments Brandão, Luís T.A.N. 01 June 2017 (has links) This doctoral dissertation presents contributions advancing the state-of-the-art of secure two-party computation (S2PC) — a cryptographic primitive that allows two mutually distrustful parties, with respective private inputs, to evaluate a function of their combined input, while ensuring privacy of inputs and outputs and integrity of the computation, externally indistinguishable from an interaction mediated by a trusted party. The dissertation shows that S2PC can be made more practical by means of innovative cryptographic techniques, namely by engineered use of commitment schemes with special properties, enabling more efficient protocols, with provable security and applicable to make systems more dependable. This is one further step toward establishing S2PC as a practical tool for privacy-preserving applications. The main technical contribution is a new protocol for S2PC of Boolean circuits, based on an innovative technique called forge-and-lose.1 Building on top of a traditional cut-and-choose of garbled circuits (cryptographic versions of Boolean circuits), the protocol improves efficiency by reducing by a factor of approximately 3 the needed number of garbled circuits. This significantly reduces a major communication component of S2PC with malicious parties, for circuits of practical size. The protocol achieves simulatable S2PC-with-commitments, producing random commitments of the circuit input and output bits of both parties. The commitments also enable direct linkage of several S2PCs in a malicious adversarial setting. As second result, the dissertation describes an improvement to the efficiency of one of the needed sub-protocols: simulatable two-party coin-flipping.1 The sub-protocol is based on a new universally composable commitment scheme that for bit-strings of increasing size can achieve an asymptotic communication-complexity rate arbitrarily close to 1. The dissertation then discusses how S2PC-with-commitments can enable in brokered identification systems a difficult-to-achieve privacy property — a kind of unlinkability.1 This mitigates a vector of potential mass surveillance by an online central entity (a hub), which is otherwise empowered in systems being developed at nation scale for authentication of citizens. When the hub mediates between identity providers and service providers the authentication of users, an adequate S2PC (e.g., of a block-cipher) can prevent the hub from learning user pseudonyms that would allow linking transactions of the same user across different services providers. 1 Parts of these contributions were previously presented at ASIACRYPT 2013, PETS 2015 and PKC 2016. cryptography secure two-party computation (S2PC) forge-and-lose technique
188	Privacy-Preserving Patient Tracking for Phase 1 Clinical Trials Farah, Hanna Ibrahim January 2015 (has links) Electronic data has become the standard method of storing information in our modern age. Evolving from paper-based data to electronic data creates opportunities to share information between organizations in record speeds, especially when handling large data sets. However, sharing sensitive information creates requirements for electronic data exchange: privacy requires that the original data will not be revealed to unauthorized parties. In the healthcare sector in particular, there are two important use cases that require exchanging information in a privacy-preserving way. 1. Contract research organizations (CROs) need to verify the eligibility of a participant in a phase 1 clinical trial. One criterion is checking that an individual is not concurrently enrolled in a trial at another CRO. However, privacy laws and the maintenance of a private list of participants for competitive purposes prevent CROs from checking against that criterion. 2. A patient’s medical record is usually distributed amongst several healthcare organizations. To improve healthcare services, it is important to have a patient’s complete medical history: either to help diagnose an illness or to gather statistics for better disease control. However, patient medical files need to be confidential. Two healthcare organizations cannot link their large patient databases by disclosing identity revealing details (e.g., names or health card numbers). This thesis presents the development and evaluation of protocols capable of querying and linking datasets in a privacy-preserving manner: TRACK for checking concurrent enrolment in phase 1 clinical trials, and SHARE for linking two large datasets in terms of millions of (patient medical) records. These protocols are better than existing approaches in terms of the privacy protection level they offer (e.g., against dictionary and frequency attacks), of the reliance on trusted third parties, and of performance when performing blocking. These protocols were extensively validated in simulated scenarios similar to their real-world counterparts. The thesis presents novel identity representation schemes that offer strong privacy measures while being efficient for very large databases. These schemes may be used by other researchers to represent identity in different use cases. CROs may implement the protocols (and especially TRACK) in systems to check if an individual exists in another CRO’s dataset without revealing the identity of that individual. Two healthcare organizations may use a system based on this research (and especially the SHARE protocol) to discover their common patients while protecting the identities of the other patients. Privacy Private record linkage Clinical trials Secure multi-party computation Private blocking Identity
189	Platební systémy na Internetu / Internet payment systems Krob, Jakub January 2009 (has links) The thesis analyse the most important payment systems in the world as well as in Czech republic. The thesis also includes the analysis of internet payment systems available for czech e-shops.
190	Vers l’établissement du flux d’information sûr dans les applications Web côté client / Enforcing secure information flow in client-side Web applications Fragoso Femenin dos Santos, José 08 December 2014 (has links) Nous nous intéressons à la mise en œuvre des politiques de confidentialité et d'intégrité des données dans le contexte des applications Web côté client. Étant donné que la plupart des applications Web est développée en JavaScript, on propose des mécanismes statiques, dynamiques et hybrides pour sécuriser le flux d'information en Core JavaScript - un fragment de JavaScript qui retient ses caractéristiques fondamentales. Nous étudions en particulier: une sémantique à dispositif de contrôle afin de garantir dynamiquement le respect des politiques de sécurité en Core JavaScript aussi bien qu'un compilateur qui instrumente un programme avec le dispositif de contrôle proposé, un système de types qui vérifie statiquement si un programme respecte une politique de sécurité donnée, un système de types hybride qui combine des techniques d'analyse statique à des techniques d'analyse dynamique afin d'accepter des programmes surs que sa version purement statique est obligée de rejeter. La plupart des programmes JavaScript s'exécute dans un navigateur Web dans le contexte d'une page Web. Ces programmes interagissent avec la page dans laquelle ils sont inclus parmi des APIs externes fournies par le navigateur. Souvent, l'exécution d'une API externe dépasse le périmètre de l'interprète du langage. Ainsi, une analyse réaliste des programmes JavaScript côté client doit considérer l'invocation potentielle des APIs externes. Pour cela, on présente une méthodologie générale qui permet d'étendre des dispositifs de contrôle de sécurité afin qu'ils prennent en compte l'invocation potentielle des APIs externes et on applique cette méthodologie à un fragment important de l'API DOM Core Level 1. / In this thesis, we address the issue of enforcing confidentiality and integrity policies in the context of client-side Web applications. Since most Web applications are developed in the JavaScript programming language, we study static, dynamic, and hybrid enforcement mechanisms for securing information flow in Core JavaScript --- a fragment of JavaScript that retains its defining features. Specifically, we propose: a monitored semantics for dynamically enforcing secure information flow in Core JavaScript as well as a source-to-source transformation that inlines the proposed monitor, a type system that statically checks whether or not a program abides by a given information flow policy, and a hybrid type system that combines static and dynamic analyses in order to accept more secure programs than its fully static counterpart. Most JavaScript programs are designed to be executed in a browser in the context of a Web page. These programs often interact with the Web page in which they are included via a large number of external APIs provided by the browser. The execution of these APIs usually takes place outside the perimeter of the language. Hence, any realistic analysis of client-side JavaScript must take into account possible interactions with external APIs. To this end, we present a general methodology for extending security monitors to take into account the possible invocation of arbitrary APIs and we apply this methodology to a representative fragment of the DOM Core Level 1 API that captures DOM-specific information flows. Analyse des programmes Systèmes de réécriture JavaScript Flux d'information sûr Program analysis Program instrumentation JavaScript Secure information flow

Search results