An open architecture for secure interworking services

Hayton, Richard

January 1995

No description available.

621.39

Security mechanisms

A Comparison of the Usability of Security Mechanisms Provided by iOS and Android

Maulick, David E

01 June 2018

The Open Web Application Security Project identifies that the number one vulnerability in mobile applications is the misuse of platform-provided security mechanisms. This means that platforms like iOS and Android, which now account for 99.8\% of the mobile phone market, are providing mechanisms that are consistently being used in an incorrect manner. This statistic shines a spotlight onto both platforms. Why is it that so many people are misusing platform provided security mechanisms? And is it the platform’s fault? The supposition of this paper is that both iOS and Android are not creating usable security mechanisms. This paper is meant to be a direct response to the number one spot on the OWASP Top Ten Mobile Vulnerabilities list. As a result, our primary goal is to identify whether or not iOS and Android are creating usable security mechanisms. To do this we first proposed an evaluation framework that is tailored to evaluate the usability of mobile device security mechanisms. Then we used it to evaluate seven of the most important and therefore most popular security mechanisms provided by iOS and Android. Through this evaluation we not only hope to develop a clear landscape of overall mobile security mechanism usability, but we also hope to compare the usability across the two platforms. Overall, it was found that both platforms adequately supported the more popular security mechanisms like key storage and HTTPS. Whereas support for some of the more low-level mechanisms, like encryption and MACs, were often neglected. Such neglect could be seen in a number of different ways; however, the most common neglect came in the form of old documentation, or APIs that are long over do for a rebuild or increased abstraction. Furthermore, both platforms barely addressed the testing of implementations, despite the fact that testing is arguably the most important part of the software development cycle. Both iOS and Android seldom gave the developer any guidance on verifying the functionality of their implementations.

Usability

Security Mechanisms

iOS

Android

Precise Detection of Injection Attacks on Concrete Systems

Whitelaw, Clayton

06 November 2015

Injection attacks, including SQL injection, cross-site scripting, and operating system command injection, rank the top two entries in the MITRE Common Vulnerability Enumeration (CVE) [1]. Under this attack model, an application (e.g., a web application) uses some untrusted input to produce an output program (e.g., a SQL query). Applications may be vulnerable to injection attacks because the untrusted input may alter the output program in malicious ways. Recent work has established a rigorous definition of injection attacks. Injections are benign iff they obey the NIE property, which states that injected symbols strictly insert or expand noncode tokens in the output program. Noncode symbols are strictly those that are either removed by the tokenizer (e.g., insignificant whitespace) or span closed values in the output program language, and code symbols are all other symbols. This thesis demonstrates that such attacks are possible on applications for Android—a mobile device operating system—and Bash—a common Linux shell—and shows by construction that these attacks can be detected precisely. Specifically, this thesis examines the recent Shellshock attacks on Bash and shows how it widely differs from ordinary attacks, but can still be precisely detected by instrumenting the output program’s runtime. The paper closes with a discussion of the lessons learned from this study and how best to overcome the practical challenges to precisely preventing these attacks in practice.

Security Mechanisms

Formal Definitions

SQL

Android

Shellshock

Computer Sciences

Os dispositivos de segurança do neoliberalismo em Michel Foucault / Neoliberal security dispositifs in Michel Foucault

Marino, Mario Antunes

19 March 2018

A razão teria uma vocação totalitária? Foucault afirmou que uma das tarefas das Luzes era multiplicar os poderes políticos da razão e do conhecimento técnico e que desde o desenvolvimento do Estado moderno no século XIX o pensamento ocidental não cessou de criticar o papel da racionalidade das estruturas políticas, apontando seu crescente poder e seus consequentes excessos. Nas sociedades modernas, tal racionalidade caracteriza-se pelo fortalecimento do poder estatal aliado à biopolítica, ou seja, a gestão calculada dos indivíduos por meio de técnicas específicas de individuação e de normalização, dirigidas a cada um e ao conjunto dos cidadãos. A segurança é o instrumento técnico central da racionalidade política liberal e neoliberal. Sua análise por Foucault trouxe duas consequências importantes para a filosofia política: primeira, a concepção do indivíduo originariamente dotado de capacidades e direitos é criticada, pois trata-se de mostrar como o sujeito político é, em larga medida, \"fabricado\" por essas técnicas e dispositivos. Em seguida, à noção do poder soberano como unidade fundamental baseada na lei e no contrato Foucault contrapõe a descrição de múltiplos processos de subordinação e dominação dos governados. O objetivo da dissertação é estudar os dispositivos de segurança em Foucault, pois, na atualidade, mais e mais os Estados se valem da gestão securitária como instrumento de governo. Trata-se de compreender como a ação da normalização da segurança influencia o modo como os indivíduos transformam-se em sujeitos. Nesse percurso, apontaremos os desafios que a gestão securitária do poder político impõe às concepções tradicionais de soberania, de Estado e de sujeito político. / Would reason have a totalitarian vocation? Foucault asserted that one of the tasks of the Enlightenment was to multiply the political powers of reason and technical knowledge and that since the development of the modern state in the nineteenth century Western thought has not ceased to criticize the role of rationality of political structures, pointing to its growing power and their consequent excesses. In modern societies, such rationality is characterized by the strengthening of state power allied to biopolitics, that is, the calculated management of individuals through specific techniques of individuation and normalization, addressed to each and to all citizens. Security is the central technical instrument of liberal and neoliberal political rationality. Foucaults analysis has brought two important consequences to political philosophy: first, the conception of the individual originally endowed with capabilities and rights is criticized, since it is a question of showing how the political subject is to a large extent \"fabricated\" by these techniques and devices. Second, against the notion of sovereign power as a fundamental unit based on law and contract Foucault proposes the description of multiple processes of subordination and domination of the governed. The purpose of the dissertation is to study the security mechanisms in Foucaults oeuvre, since, at present, more and more States use security management as an instrument of government. Our goal is to understanding how the normalization of security influences the way individuals become subjects. We will point out the challenges that the security management of political power imposes on the traditional conceptions of sovereignty, state and political subject.

Biopolítica

Biopolitics

Dispositivos de segurança

Filosofia política

Foucault

Foucault

Governamentalidade

Governmentality

Neoliberalism

Neoliberalismo

Political philosophy

Security mechanisms

Μελέτη μηχανισμών ασφαλείας ετερογενών δικτύων επόμενης γενιάς (NGN) και μοντελοποίηση των παραμέτρων πιστοποίησης

Συγκρίδη, Σοφία

28 August 2009

Η διπλωματική ασχολείται με τα ετερογενή δίκτυα επόμενης γενιάς και με τα πρωτόκολλα ασφαλείας. Μελέτησα το σύνολο πρωτοκόλλων ΑΑΑ, τα οποία εξασφαλίζουν την πιστοποίηση, εξουσιοδότηση και τη λογιστική χρέωση, όπως παρατηρείται στα σύγχρονα δίκτυα. Κατόπιν, μελέτησα το σύστημα IMS, το οποίο εννοποιεί ασύρματα και σταθέρά δίκτυα μεταξύ τους, χρησιμιοποιώντας κοινά πρωτόκολλα που χρησιμοποιούνται στο μοντέλο TCP/IP (Internet). Τέλος, καταγράφονται συνηθισμένες επιθέσεις στην αρχιτεκτονική του IMS, με και χωρίς τη χρήση του SBC, που αποτελεί μία μονάδα ενίσχυσης ασφαλείας. / This project studies the heterogenous, next generation's networks and the security protocols that they use. The protocols AAA, which ensure the correct and safe authentication, authorization and accounting in these networks, have been studied. Thenwhile, I studied the IMS system, which unites wireless and wired networks, using comon protocols that are used in TCP/IP model(Internet). Finally, I present the results of a group of comon threats, with and without the use of the unit SBC, which is a unit that amplify the system's security.

Μηχανισμοί ασφαλείας

005.8

Next generation networks

Security mechanisms

Os dispositivos de segurança do neoliberalismo em Michel Foucault / Neoliberal security dispositifs in Michel Foucault

Mario Antunes Marino

19 March 2018

A razão teria uma vocação totalitária? Foucault afirmou que uma das tarefas das Luzes era multiplicar os poderes políticos da razão e do conhecimento técnico e que desde o desenvolvimento do Estado moderno no século XIX o pensamento ocidental não cessou de criticar o papel da racionalidade das estruturas políticas, apontando seu crescente poder e seus consequentes excessos. Nas sociedades modernas, tal racionalidade caracteriza-se pelo fortalecimento do poder estatal aliado à biopolítica, ou seja, a gestão calculada dos indivíduos por meio de técnicas específicas de individuação e de normalização, dirigidas a cada um e ao conjunto dos cidadãos. A segurança é o instrumento técnico central da racionalidade política liberal e neoliberal. Sua análise por Foucault trouxe duas consequências importantes para a filosofia política: primeira, a concepção do indivíduo originariamente dotado de capacidades e direitos é criticada, pois trata-se de mostrar como o sujeito político é, em larga medida, \"fabricado\" por essas técnicas e dispositivos. Em seguida, à noção do poder soberano como unidade fundamental baseada na lei e no contrato Foucault contrapõe a descrição de múltiplos processos de subordinação e dominação dos governados. O objetivo da dissertação é estudar os dispositivos de segurança em Foucault, pois, na atualidade, mais e mais os Estados se valem da gestão securitária como instrumento de governo. Trata-se de compreender como a ação da normalização da segurança influencia o modo como os indivíduos transformam-se em sujeitos. Nesse percurso, apontaremos os desafios que a gestão securitária do poder político impõe às concepções tradicionais de soberania, de Estado e de sujeito político. / Would reason have a totalitarian vocation? Foucault asserted that one of the tasks of the Enlightenment was to multiply the political powers of reason and technical knowledge and that since the development of the modern state in the nineteenth century Western thought has not ceased to criticize the role of rationality of political structures, pointing to its growing power and their consequent excesses. In modern societies, such rationality is characterized by the strengthening of state power allied to biopolitics, that is, the calculated management of individuals through specific techniques of individuation and normalization, addressed to each and to all citizens. Security is the central technical instrument of liberal and neoliberal political rationality. Foucaults analysis has brought two important consequences to political philosophy: first, the conception of the individual originally endowed with capabilities and rights is criticized, since it is a question of showing how the political subject is to a large extent \"fabricated\" by these techniques and devices. Second, against the notion of sovereign power as a fundamental unit based on law and contract Foucault proposes the description of multiple processes of subordination and domination of the governed. The purpose of the dissertation is to study the security mechanisms in Foucaults oeuvre, since, at present, more and more States use security management as an instrument of government. Our goal is to understanding how the normalization of security influences the way individuals become subjects. We will point out the challenges that the security management of political power imposes on the traditional conceptions of sovereignty, state and political subject.

Biopolítica

Dispositivos de segurança

Filosofia política

Foucault

Governamentalidade

Neoliberalismo

Biopolitics

Foucault

Governmentality

Neoliberalism

Political philosophy

Security mechanisms

Alternative to Proctoring in Introductory Statistics Community College Courses

Feinman, Lena

01 January 2018

The credibility of unsupervised exams, one of the biggest challenges of e-learning, is currently maintained by proctoring. However, little has been done to determine whether expensive and inconvenient proctoring is necessary. The purpose of this quantitative study was to determine whether the use of security mechanisms, based on the taxonomy of cheating reduction techniques rooted in the fraud triangle theory, can be an effective alternative to proctoring. A quasi-experimental 1 group sequential design was used to answer the research questions whether the format, proctored versus unproctored, order in which the exams are administered, course delivery mode, and instructor make a difference in student performance. The archival scores of 850 Californian community college students on 2 sets of equivalent proctored and unproctored web-based exams in face-to-face, hybrid, and online introductory statistics courses taught by 7 instructors were compared. The format effect was tested with repeated-measures ANOVA; the order, course delivery mode and instructor effects were tested with mixed ANOVA. No significant difference in scores in Set 1, and significantly lower scores on unproctored exams in Set 2 indicated that the used security mechanisms allowed for maintaining the credibility of the exams without proctoring. There was no significant difference in scores across the course delivery modes in both sets and instructors in Set 2, but significant order effect was observed. Further research on order effect was recommended. With the use of the utilized security mechanisms education will get an inexpensive and convenient way to increase the credibility of unsupervised web-based exams, and the society will gain more online college graduates with credentials that reflect their knowledge.

course delivery mode effect

order effect

security mechanisms

unproctored exams

web-based assessment

Instructional Media Design

Skadlig kod och sårbarheter i Windows : En studie i virusens historia och nutidens olika säkerhetsrisker

Lejdemalm, Roger, Andreasson, Daniel

January 2008

<p>I dag kan man oftast läsa om olika säkerhetshot och risker en datoranvändare måste tänka på för att inte ge någon utomstående möjlighet att komma åt känslig och/eller privat information. Här talas det om nya virus och nya typer av trojaner som sprids som epidemier över Internet, och i bland handlar det om ett spionprogram som följer med en nedladdad fil. Det är svårt att hålla reda på alla typer av skadlig kod som nämns fast med ökad förståelse ökar också chanserna för att klara sig från smitta. Det har visat sig att utvecklingen av skadlig kod är lika stark som den inom kommersiella mjukvaror. Från persondatorns uppkomst i början av 80-talet och fram till i dag, har utveckling skett i alla områden av den skadliga kod det handlar om strategi, syfte och framförallt ren kodkomplexitet.</p><p>Dagens ledande leverantör av operativsystem och webbläsare, Microsoft, lovar allt mer sofistikerade säkerhetslösningar varje gång en ny version av ett program släpps. Framförallt nämndes det i samband med lanseringen av Windows Vista att säkerheten var det som stod högst på listan.</p><p>Vi har tillsammans med WM-data i Stockholm tagit fram en programvara för fjärradministration av Windows. Huvudmålet var att med hjälp av våra baskunskaper i programmering skapa ett program för Windows XP och Windows Vista där en rad funktioner skulle kunna fjärrstyras utan att en användare vid den drabbade datorn upptäckte intrånget.</p><p>I denna rapport beskrivs utvecklingen av programvaran och de tester som gjorts på de båda operativsystemen. Vidare delas begreppet ”skadlig kod” upp i kategorierna virus, maskar, trojaner samt rootkits och förklaras mer ingående tillsammans med en historisk bild över hur utvecklingen av skadlig kod har sett ut.</p> / <p>In media today, you often read about different security threats and risks that one has to be aware of. Many things must be taken into consideration in order to maintain your integrity and information secrecy. It might be new virus outbreak, a new trojan or some kind of spy ware that undetected finds the way to your computer. It’s hard to keep track of all terms and types of malicious code, and with greater understanding, the risk of infection decreases. The development when it comes to malicious code is as strong as the one in commercial software development. From the 80’s until present day, every area in the development of malicious code has evolved, from strategy and purpose to the pure complexity of the code.</p><p>Microsoft, the worlds leading supplier of operating systems and web browsers, ensure us with every new release, that measures has been taken in order to enhance the security features. As the new operating system Windows Vista was released, spokesmen said that the security was now the highest priority.</p><p>We have, together with WM-data in Stockholm, developed software for remote administration of Windows. The objectives where by using our limited programming skills only, to come up with a program for Windows XP and Windows Vista, where a number of functions could be remotely executed without alerting a user at the infected computer.</p><p>This report describes the development of the software together with test results of execution on both operating systems. Further on, the report discusses different types of malicious code, such as viruses, worms, Trojans and root kits, together with a historical study of the development of malicious code.</p>

Virus history

trojans

root kits

security mechanisms

Windows Vista UAC

developing malicious code

Windows built-in security features

Computer science

Datalogi

Modelos de negócio para ambientes de computação em nuvem que consideram atributos de qos relacionados a desempenho e a segurança / Business models for cloud computing environments that consider attributes related to performance and security

Batista, Bruno Guazzelli

10 November 2015

Este projeto de doutorado tem como objetivo definir modelos de negócio para ambientes de computação em nuvem que consideram desempenho e segurança como atributos de qualidade de serviço durante a definição do contrato. Para isso, foi necessário quantificar o impacto causado no desempenho de um ambiente em nuvem quando diferentes mecanismos de segurança foram utilizados. Para a quantificação da sobrecarga foram utilizadas técnicas e metodologias disponíveis na literatura que visam garantir a integridade, disponibilidade e confidencialidade dos dados, abordando desafios que envolvem o acesso, armazenamento e manipulação de dados em serviços oferecidos por meio de máquinas virtuais. Experimentos executados possibilitaram analisar o comportamento das variáveis de resposta na utilização de cenários com diferentes mecanismos de segurança e cargas. Dessa forma, foi possível confrontar a sobrecarga imposta pelos mecanismos de segurança com a alteração da quantidade de recursos aplicada por um módulo proposto, chamado ReMM. De acordo com os resultados, o ReMM alterou a quantidade de recursos virtuais alocados utilizando dois algoritmos de escalabilidade, garantindo as exigências definidas no contrato de níveis de serviço. No entanto, a alteração dos recursos computacionais para contrapor a sobrecarga imposta pelos mecanismos de segurança impactou nos custos finais dos serviços. Dessa forma, a sobrecarga de segurança, desempenho e custo foram considerados na definição dos modelos de negócios em diferentes ambientes de computação em nuvem. / This PhD thesis has as main goal defining business models for cloud computing environments that consider performance and security as quality of service attributes during the service level agreement definition. For this, it was necessary quantifying the impact on the performance of a cloud environment in which different security mechanisms were applied. Techniques and methodologies available in the literature that aim ensuring the integrity, availability and confidentiality of data were used to quantify the overhead, addressing challenges related to access, storage and manipulation of data in services offered through virtual machines. Experiments were executed, in which the response variable behaviors were analyzed, using scenarios with different security mechanisms and workloads. In this way, it was possible to compare the overhead imposed by the security mechanisms with the changes in the quantity of resources applied by a module proposed, called ReMM. According to the results, the ReMM changed the amount of allocated virtual resources using two scalability algorithms, ensuring the requirements defined in service level agreement. However, the changes in the computational resources to face the overhead imposed by the security mechanisms influenced the final costs of the service. Therefore, security overhead, performance and cost were considered in the definition of business models in different cloud computing environments.

Business model

Cloud computing

Computação em nuvem

Mecanismos de segurança

Modelo de negócio

Provisionamento de recursos

Qualidade de serviço

Quality of service

Resources provisioning

Security mechanisms

Processos classificatórios na recepção, triagem e encaminhamento de crianças e adolescentes aos abrigos: permanências e mudanças após a ação civil pública

Orestes, Fabrício Mazzaron

10 October 2011

Made available in DSpace on 2016-04-29T13:30:51Z (GMT). No. of bitstreams: 1 Fabricio Mazzaron Orestes.pdf: 1295155 bytes, checksum: b51237359f84d1330be7e49968398fb5 (MD5) Previous issue date: 2011-10-10 / Conselho Nacional de Desenvolvimento Científico e Tecnológico / This work is part of the theme of "under protection measure" under the Child and Adolescent Statute (CAS) and articulated in its Articles 98 and 101. The objective of this study is to understand the mechanisms that operate the flow classification of children and teenagers among the "doorways" and shelters in the city of São Paulo. To meet this goal we used two procedures: the analysis of public documents and production interviews. The documents were divided into the following categories: laws and statutes, policies and guiding plans and reports. The interviews were conducted in a shelter on the southern city of São Paulo that carries out service to the age group 0-17 years and 11 months. The professionals selected for interview in the team's technical service, namely, coordinator, psychologist and social worker. Amounted to three interviews prepared based on semi-structured methodology. The analysis of interviews and documents followed the methodology of discursive practices including language in the speech as action, ie, the modes from which the contents produce discursive sense about the social world. In addition, we worked with the perspective of Foucault developed the concepts of disciplinary mechanisms and security mechanisms to review processes and the classification in the flow between the shelters. From the analysis of the documents drawn up taking institutional flow as a criterion the time for each service they perform in the shelters. The arrangements were found for "short time" (up to two months) and "long time" (two years) for the realization of institutionalization, namely respectively the "gateways" and shelters. Comparison between the analysis of documents with the analysis of the interviews allowed us to recognize the practice of eligibility criteria that operate on the network from categories such as history on the streets, drug addiction, offense, mental health and age. These categories, acting alone or in combination, act as a filter and their effects imply classification provided better retention of children and adolescents in the "gateways" to the exclusion of the protection system formed by the network of shelters. These classificatory practices, especially in the categories analyzed, go against the principles of universality and integral protection doctrine advocated by the CAS because it reduces or negates the protection rights of children and especially teenagers who have a history of street drug addiction and infringement / Este trabalho insere-se na temática da &#8213;medida protetiva abrigo&#8214; prevista no Estatuto da Criança e do Adolescente (ECA) e articulada em seus artigos 98 e 101. O objetivo deste estudo é compreender os mecanismos classificatórios que operam o fluxo de crianças e adolescentes entre as &#8213;portas de entradas&#8214; e os abrigos na cidade de São Paulo. Para atender este objetivo foram utilizados dois procedimentos: a análise de documentos públicos e produção de entrevistas. Os documentos foram divididos nas seguintes categorias: legais e estatutos; planos orientadores de políticas e livros-relatório. As entrevistas foram realizadas em um abrigo da zona sul do município de São Paulo que efetua atendimento à faixa etária de 0 a 17 anos e 11 meses. Os profissionais selecionados para entrevista compõem a equipe técnica do serviço, a saber, coordenador, psicólogo e assistente social. Totalizaram-se três entrevistas elaboradas com base na metodologia semi-estruturada. A análise das entrevistas e dos documentos seguiu a metodologia das práticas discursivas compreendendo o discurso como linguagem em ação, ou seja, os modos a partir dos quais os conteúdos discursivos produzem sentido sobre o mundo social. Além disso, trabalhou-se com a perspectiva foucaultiana desenvolvida nos conceitos de dispositivos disciplinares e mecanismos de segurança para analisar os processos classificatórios e os ordenamentos das multiplicidades no fluxo entre os abrigos. A partir da análise dos documentos desenhou-se o fluxo institucional tomando como critério o tempo previsto para que cada serviço realize o abrigamento. As modalidades encontradas foram as de &#8213;tempo curto&#8214; (até dois meses) e de &#8213;de tempo longo&#8214; (até dois anos) para a realização da institucionalização, a saber, respectivamente as &#8213;portas de entrada&#8214; e os abrigos. O cotejamento das análises dos documentos com a análise das entrevistas permitiu reconhecer a prática de critérios de elegibilidade que operam na rede a partir de categorias como histórico de rua, drogadição, infração, saúde mental e faixa etária. Essas categorias, agindo individualmente ou associadas, funcionam como um filtro e seus efeitos classificatórios implicam desde uma maior permanência da criança e do adolescente nas &#8213;portas de entrada&#8214; até a sua exclusão do sistema de proteção formado pela rede de abrigo. Essas práticas classificatórias, sobretudo, apoiadas nas categorias levantadas, vão na contramão dos preceitos de universalidade e doutrina de proteção integral preconizados no ECA, pois, diminui ou anula os direitos de proteção de crianças e, especialmente, adolescentes que tem histórico de rua, drogadição e infração

Crianças e adolescentes

Rede de abrigos

Processos classificatórios

Mecanismos de segurança

Dispositivos disciplinares

Children and adolescents

A network of shelters

The classification process

Security mechanisms

Disciplinary mechanisms