An exfiltration subversion demonstration /

Murray, Jessica L.

January 2003

Thesis (M.S. in Computer Science)--Naval Postgraduate School, June 2003. / Thesis advisor(s): Cynthia E. Irvine, Roger R. Schell. Includes bibliographical references (p. 83-92). Also available online.

Polycentric security governance : legitimacy, accountability, and the public interest

Berg, Julie

January 2015

This thesis examines how power is constituted in hybrid polycentric systems of security governance. In particular, the thesis explores how legitimacy - as one form of power - is configured in Improvement Districts in South Africa, with a specific focus on three ways by which it is gained: through promoting public participation in decision-making; through transparent and accountable policing nodes; and through the delivery of effective security for the public good. Polycentric systems of security governance are usually composed of a number of policing or security nodes that are independent of each other, but take account of each other in relationships of co-operation or conflict and where no single node dominates all the rest. In other words, some or all of these nodes, may co-ordinate around specific security problems or events in a sustained manner. The functioning of polycentric security governance was explored in Improvement Districts in Cape Town and Johannesburg, as they are an exemplar of polycentricity in the way that they operate. Qualitative field research was employed using a nodal analytical framework and a collective case study approach. In-depth interviewing, participant and direct observation as well as documentary analysis were the primary research methods employed. The findings of the research reveal that polycentricity impacts on legitimacy in a number of ways. Legitimacy may originate from multiple sources and state and non-state policing nodes within polycentric security governance systems may undermine, enhance and/or co-produce democratic participation, accountability and security for the public interest. There are a number of factors or conditions that shape whether polycentric systems of governance are legitimate and how they derive this legitimacy. The main finding of the thesis is that for a polycentric system to be aligned to the public interest, it needs to be motivated by public, peer and political expectations, amongst other things. The findings of the thesis both challenge the normative tendency to associate democratic legitimacy with the state and contribute to the pressing question of how to theoretically account for the empirical reality of polycentric security governance systems.

Public Law

security governance systems

Improvement Districts

New approaches to operating system security extensibility

Watson, Robert Nicholas Maxwell

January 2011

No description available.

004

Windows XP Operating System security analysis /

Goktepe, Meftun.

January 2002

Thesis (M.S. in Information Technology Management)--Naval Postgraduate School, September 2002. / Thesis advisor(s): Richard Harkins, Cynthia Irvine. Includes bibliographical references (p. 105-107). Also available online.

Securing open multi-agent systems governed by electronic institutions

Bijani, Shahriar

January 2013

One way to build large-scale autonomous systems is to develop an open multi-agent system using peer-to-peer architectures in which agents are not pre-engineered to work together and in which agents themselves determine the social norms that govern collective behaviour. The social norms and the agent interaction models can be described by Electronic Institutions such as those expressed in the Lightweight Coordination Calculus (LCC), a compact executable specification language based on logic programming and pi-calculus. Open multi-agent systems have experienced growing popularity in the multi-agent community and are expected to have many applications in the near future as large scale distributed systems become more widespread, e.g. in emergency response, electronic commerce and cloud computing. A major practical limitation to such systems is security, because the very openness of such systems opens the doors to adversaries for exploit existing vulnerabilities. This thesis addresses the security of open multi-agent systems governed by electronic institutions. First, the main forms of attack on open multi-agent systems are introduced and classified in the proposed attack taxonomy. Then, various security techniques from the literature are surveyed and analysed. These techniques are categorised as either prevention or detection approaches. Appropriate countermeasures to each class of attack are also suggested. A fundamental limitation of conventional security mechanisms (e.g. access control and encryption) is the inability to prevent information from being propagated. Focusing on information leakage in choreography systems using LCC, we then suggest two frameworks to detect insecure information flows: conceptual modeling of interaction models and language-based information flow analysis. A novel security-typed LCC language is proposed to address the latter approach. Both static (design-time) and dynamic (run-time) security type checking are employed to guarantee no information leakage can occur in annotated LCC interaction models. The proposed security type system is then formally evaluated by proving its properties. A limitation of both conceptual modeling and language-based frameworks is difficulty of formalising realistic policies using annotations. Finally, the proposed security-typed LCC is applied to a cloud computing configuration case study, in which virtual machine migration is managed. The secrecy of LCC interaction models for virtual machine management is analysed and information leaks are discussed.

AplicaÃÃo da anÃlise matemÃtica no rastreamento reverso do nÃmero IP para o uso em redes TCP/IP sob ataque de negaÃÃo-de-serviÃo / Application of mathematical analysis in IP number backtracking to use in TCP/IP networks under denial-of-servicfe attack.

Mateus Mosca Viana

17 July 2007

O ataque por negaÃÃo de serviÃo ficou conhecido a partir do ano de 1988, tendo se tornado uma grave ameaÃa ao funcionamento das redes de computadores em todo o mundo. Quando essa modalidade de ataque està em curso a vÃtima recebe um incremento tÃo intenso na demanda pelos seus recursos computacionais, que os mesmos podem se tornar indisponÃveis aos usuÃrios. A despeito de existirem outras formas de ataques a redes de computadores, a negaÃÃo-de-serviÃo tem sido alvo de particular interesse da comunidade cientÃfica dedicada no estudo da seguranÃa de redes de computadores. Isto se deve à simplicidade com que este ataque pode ser desferido, aliada ao seu efeito devastador. AlÃm disso, a dificuldade que a vÃtima terà em se defender, dependerà da forma como o ataque se processa, sendo as formas de ataque caracterizadas como âdiretaâ, âindiretaâ, ou âdistribuÃdaâ. Na literatura especializada em seguranÃa existem trabalhos com variadas propostas para a abordagem deste problema, sendo predominante nas mesmas o carÃter de estado-da-arte. A tendÃncia que se acentua nas propostas à a da uniÃo de argumentos computacionais e matemÃticos. Nesta tese sÃo analisados alguns trabalhos que apresentam contribuiÃÃes relevantes para a resoluÃÃo do problema em estudo. Junta-se a esta anÃlise a apresentaÃÃo de uma idÃia original para o tratamento do problema, utilizando conceitos e ferramentas da Teoria das VariÃveis Complexas. Com efeito, atravÃs de um mapeamento do ambiente de taque no espaÃo das variÃveis complexas, desenvolve-se um mÃtodo para a identificaÃÃo do nÃmero IP de um atacante por meio do uso do conceito de ânÃmero de rotaÃÃo de uma trajetÃria ao redor de um pontoâ. Este conceito à uma conseqÃÃncia do âTeorema Integral de Cauchyâ, um dos mais importantes resultados da Teoria das VariÃveis Complexas. / The denial-of-service attack was unveiled in the year of 1988 and became a serious threat to the computer networks to carry on properly, around the world. When this kind of attack is going on the victim suffers so high increment in demanding computational resources, that they may become unavailable to the true users. Despite the fact that there exist other kind of computers network attacks, the denial-of-service attack is the target of a special interest by the scientific community, dedicated to computers network security. This is due to the simplicity in starting the attack, associated with its destructive effect. The difficulty in defending against this attack grows according to it is in a form âdirectâ, âindirectâ, or âdistributedâ. In the specialized literature dealing with security there are papers with varied approaches to this problem and the main feature is the predominant state-ofart. The stressed trend in the arised proposes is the joining of mathematical and computational arguments. In this thesis some papers are analysed with considerable contributions to the problem under study. An original idea dealing with this problem, based in concepts and tools of the Theory of Complex variables, is joined to this analysis. The mapping between the attack environment and the complex variables space is the form by which one may construct a method to determine an attacker IP number, through the use of the âwindind number of a path around a pointâ. This concept is a consequence of the âCauchyâs Integral Theoremâ, one the the most important results in the Theory of complex Variables.

SeguranÃa de sistemas

rastreamento reverso de IP

negaÃÃo-de-serviÃo.

Security of systems

Ip number backtracking

denial-of-service.

TELEINFORMATICA

Securing wireless networks against eavesdropping using smart antennas

Lakshmanan, Sriram.

January 2007

Thesis (M. S.)--Electrical and Computer Engineering, Georgia Institute of Technology, 2008. / Committee Chair: Raghupathy, Sivakumar; Committee Member: Farmarz Fekri; Committee Member: Mary Ann, Ingram. Part of the SMARTech Electronic Thesis and Dissertation Collection.

Security Management: Investigating the Challenges and Success Factors in Implementation and Maintenance of Information Security Management Systems

Grenefalk, Lukas, Norén Wallin, Christopher

January 2023

This research aims to investigate the challenges and success factors associated with the implementation and maintenance of Information Security Management Systems (ISMS) in organizations. Despite the increasing importance of information security in today's digital age, research shows that organizations continue to struggle with effectively implementing ISMS and maintaining it up to date. The study will explore the various cultural, strategic, tactical, and operational factors that affect the performance of organizational ISMS. The research will provide insight into the challenges and factors contributing to a successful ISMS implementation and maintenance, filling a gap in the existing literature. In this study, the qualitative survey method was utilized as the research strategy, complemented by semi-structured interviews for data collection. A total of 11 interviews were held with Senior Information Security professionals who have experience in implementing and maintaining Information Security Management Systems. Thematic analysis was then employed to analyze the data from the interviews. The study identified 15 themes related to challenges and success factors within implementation and maintenance of ISMS. Four themes related to implementation challenges, four relating to implementation success factors, three to maintenance challenges and four to maintenance success factors. The themes are Misconceptions of Security, Lack of Top Management Support, Resistance to Change, ISMS Design, Communication, Internal Security Culture, Top Management Support, ISMS Design, Resource Constraints, Continuous Administration, Employee Attitudes, Relationships, Ownership, Accessibility and Compliance.

ISMS

Information Security Management Systems

challenges

success factors

implementation

maintenance

Computer Sciences

Datavetenskap (datalogi)

Information Classification in Swedish Governmental Agencies : Analysis of Classification Guidelines

Anteryd, Fredrik

January 2015

Information classification deals with the handling of sensitive information, such as patient records and social security information. It is of utmost importance that this information is treated with caution in order to ensure its integrity and security. In Sweden, the Civil Contingencies Agency has established a set of guidelines for how governmental agencies should handle such information. However, there is a lack of research regarding how well these guidelines are followed as well as if the agencies have made accommodations of these guidelines of their own. This work presents the results from a survey sent to 245 governmental agencies in Sweden, investigating how information classification actually is performed today. The questionnaire was answered by 144 agencies and 54 agencies provided detailed documents of their classification process. The overall results show that the classification process is difficult, while those who provided documents proved to have good guidelines, but not always consistent with the existing recommendations.

Information Security Management Systems

Information Classification

Classification Guidelines

ISO/IEC 27000

Governmental agencies

Computer and Information Sciences

Data- och informationsvetenskap

Reducing Size and Complexity of the Security-Critical Code Base of File Systems

Weinhold, Carsten

14 January 2014

Desktop and mobile computing devices increasingly store critical data, both personal and professional in nature. Yet, the enormous code bases of their monolithic operating systems (hundreds of thousands to millions of lines of code) are likely to contain exploitable weaknesses that jeopardize the security of this data in the file system. Using a highly componentized system architecture based on a microkernel (or a very small hypervisor) can significantly improve security. The individual operating system components have smaller code bases running in isolated address spaces so as to provide better fault containment. Their isolation also allows for smaller trusted computing bases (TCBs) of applications that comprise only a subset of all components. In my thesis, I built VPFS, a virtual private file system that is designed for such a componentized system architecture. It aims at reducing the amount of code and complexity that a file system implementation adds to the TCB of an application. The basic idea behind VPFS is similar to that of a VPN, which securely reuses an untrusted network: The core component of VPFS implements all functionality and cryptographic algorithms that an application needs to rely upon for confidentiality and integrity of file system contents. These security-critical cores reuse a much more complex and therefore untrusted file system stack for non-critical functionality and access to the storage device. Additional trusted components ensure recoverability.

info:eu-repo/classification/ddc/004

ddc:004