Global ETD Search

21	Password-authenticated two-party key exchange with long-term security Unknown Date (has links) In the design of two-party key exchange it is common to rely on a Die-Hellman type hardness assumption in connection with elliptic curves. Unlike the case of nite elds, breaking multiple instances of the underlying hardness assumption is here considered substantially more expensive than breaking a single instance. Prominent protocols such as SPEKE [12] or J-PAKE [8, 9, 10] do not exploit this, and here we propose a password-authenticated key establishment where the security builds on the intractability of solving a specied number of instances v of the underlying computational problem. Such a design strategy seems particularly interesting when aiming at long-term security guarantees for a protocol, where expensive special purpose equipment might become available to an adversary. In this thesis, we give one protocol for the special case when v = 1 in the random oracle model, then we provide the generalized protocol in the random oracle model and a variant of the generalized protocol in the standard model for v being a polynomial of the security parameter `. / by WeiZheng Gao. / Thesis (Ph.D.)--Florida Atlantic University, 2012. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2012. Mode of access: World Wide Web. Data encryption (Computer science) Computer networks (Security measures) Software protection Computers--Access control--Passwords
22	A study of the software piracy problem in corporate users of Hong Kong. January 1990 (has links) by Tam Kam-Mau. / Thesis (M.B.A.)--Chinese University of Hong Kong, 1990. / Bibliography: leaf 50 (2nd group). / TABLE OF CONTENTS --- p.ii / PREFACE --- p.iii / Chapter / Chapter I. --- INTRODUCTION --- p.1 / The Need for Copyright of Software --- p.1 / Software Piracy and Illicit Copying --- p.2 / Protective Measures of Software --- p.2 / The Copyright (Computer Software) Amendment Act --- p.3 / The Problem --- p.4 / The Research Problem Defined --- p.8 / Chapter II. --- METHODOLOGY --- p.9 / Chapter III. --- THE PROCESS OF THE RESEARCH PROJECT --- p.12 / Chapter IV. --- ANALYSIS OF DATA --- p.14 / Analysis of Individual Question --- p.14 / Analysis of Answer between Questions --- p.20 / Chapter V. --- RESEARCH FINDINGS --- p.29 / Chapter VI. --- CONCLUSION --- p.35 / Some Recommendation --- p.37 / Chapter VII. --- A FINAL WORD AND ACKNOWLEDGEMENT --- p.40 / Appendex / Chapter I. --- Copyright (Computer Software) Amendment Act 1985 --- p.41 / Chapter II. --- Sample Software License Agreement --- p.45 / Chapter III. --- Bibliography --- p.50 / Chapter III. --- Questionnaire --- p.51 / Chapter IV. --- SPSS Reports --- p.55 Copyright--Computer programs Software protection
23	Fundamentals of software patent protection at a university Everett, Christopher E. January 2003 (has links) Thesis (M.S.)--Mississippi State University. Department of Computer Science. / Title from title screen. Includes bibliographical references.
24	Aparatinės programų apsaugos metodų tyrimas ir paskirstytų skaičiavimų modelio panaudojimas apsaugos rakto realizacijai / Research on hardware-based software protection methods and distributed computing model for security dongle implementation Valbasas, Hubertas 01 September 2011 (has links) Programų apsaugą yra svarbus šių dienų klausimas. 2009 metais pasaulyje buvo užfksuotas 43% piratavimo lygis, o Rytų Europoje 64% lygis. Vienas iš būdų apsaugoti programas nuo neteisėto naudojimo yra aparatiniai apsaugos metodai. Atlikus aparatinių apsaugos metodų analizę nustatyta, kad pažeidžiamiausia apsaugos vieta yra komunikavimas tarp programos ir aparatinio įrenginio, todėl apsaugos raktai, kurie vykdo dalį programos, gali apsaugoti nuo daugumą apgrąžos inžinerijos atakų. Įrodymui buvo sukurtas simuliacinis paskirstytų skaičiavimų aparatinės apsaugos Matlab modelis ir atliktas eksperimentis jo patikrinimas parodė, kad siūlomas apsaugos modelis yra atsparus derinimo ir programos klonavimo atakoms. Tyrimo metu, buvo sukurtas eksperimentinis apsaugos rakto prototipas, kuri vykdo dalį programos, o apsauga ištirta su dviem eksperimentinėmis programomis nuo derinimo, dekompiliavimo ir programos klonavimo atakų. Eksperimentinis tyrimas parodė, kad galima rasti programos kreipinius į apsaugos raktą, tačiau jų apėjimas ar pakeitimas, sugadina programą, praneša apie nežinomus adresus. Taip pat buvo atliktas eksperimetinės programos, apsaugotos komerciniu apsaugos raktu, tyrimas, kuris parodė, kad tradiciniai apsaugos metodai neužtikrina apsaugos nuo apgrąžos inžinerijos, kaip tai buvo įrodyta su eksperimentiniu apsaugos rakto prototipu. / Software protection is important problem of nowaday. In 2009 the piracy rate reaches 43% of all globe softwares usage, especialy high piracy rate is in Eastern Europe, where 64% of softwares are illegal. This brings hardware-based protection to be one of the prime defense against illegal software usage. The analysis of hardware-based software protection showed that the weakest part of hardware-based protection is communication with software, so dongle method, which computes part of the software inside dongle, could withstand most of reverse engineer attack methods. To prove this Matlab model of distributed dongle-based protection scheme was created and its experimental evaluation showed, that suggested software protection model is resistant against deassembling, debbuging and software cloning attacks. Equally, experimental distributed computing protection dongle prototype was created and tested with two experimental programs against deassembling, debbuging, decompilation and software cloning attacks. This shows that attackers can find calls to the dongle, but can not jump or nop it, such it was done in experimental software protected with traditional commercial dongle. Informatics Apsaugos raktas Programų apsauga Apgrąžos inžinerija Matlab Dongle Software protection Reverse engineer Matlab
25	A Survey and Analysis of Solutions to the Oblivious Memory Access Problem Chapman, Erin Elizabeth 01 January 2012 (has links) Despite the use of strong encryption schemes, one can still learn information about encrypted data using side channel attacks [2]. Watching what physical memory is being accessed can be such a side channel. One can hide this information by using oblivious simulation - hiding the true access pattern of a program. In this paper we will review the model behind oblivious simulation, attempt to formalize the problem and define a security game. We will review the major solutions pro- posed so far, the square root and hierarchical solutions, as well as propose a new variation on the square root solution. Additionally, we will show a new formalization for providing software protection by using an encryption scheme and oblivious simulation. Data encryption (Computer science) Software protection Random access memory Computer Sciences Information Security
26	Protecting software in embedded IoT units : The impact of code obfuscation / Skydda mjukvara i inbyggda enheter som IoT enheter : Undersök påvärkan av kodobfuskering i en inbyggd IoT enhet Karlsson, Fredrik January 2023 (has links) Embedded Internet of Things (IoT) products are taking up a larger part of the market thanks to smaller, cheaper and more advanced components. For companies that spend time and resources on developing software for these products, it is important to keep that software secure to maintain the advantage gained. This can be done in multiple ways, each with its own advantages and disadvantages. One way is by utilizing code obfuscation to make the software more difficult to understand and therefore harder to reverse engineer. However, changing the code comes at a cost, this thesis aims to find out what that cost is. This is done by comparing two versions of code: the original code and its obfuscated version. These versions were compared with respect to execution time and readability. The results of the tests indicate a small increase in execution time for the obfuscated version, but it also showed a big increase in how difficult it was to read. This means that obfuscating code will have a small performance penalty, but is much more resilient to reverse engineering. It is also important no note that manually obfuscating code is not practical for a production environment, since a large part of the development time will be spent on obfuscating the code instead of improving it. Therefore, it is important to have an automated obfuscation tool. / Inbyggda IoT produkter tar upp en större del av marknaden tackvare billigare, mindre och mer avancerade komponenter. För företagen som spenderar tid och resurser på att utveckla mjukvara till dessa produkter är det viktikgt att hålla den mjukvaran säker. Detta kan göras på många olika sätt, varje med sina fördelar och nackdelar. Ett sätt är att använda kodobfuskering för att göra mjukvaran svårare att förstå och darmed svårare att baklängeskonstruera (reverse engineer). Men, att ändra koden kommer med ett pris, denna uppsats försöker hitta vad den kostnaden är. Detta görs genom att gämföra två versioner av kod: orginalet och en obfuskerad version av den. Dessa versioner gämförs sedan på exekveringstid och lasbarhet. Resultatet av testet visar en liten ökning i exekveringstid för den obfuskerade versionen, men en stor ökning i hur svår den är att förstå. Detta betyder att obfuskerad kod kommer ha en lite sämre prestanda, men är mycket med tålig för baklängeskonstruktion (reverse engineering). Det är också viktigt att påpeka att manuell kod obfuskering inte är praktiskt för en produktionsmiljö, då mycket tid kommer läggas på att obfuskera koden istället för att förbättra den. Därför är det viktigt att ha ett aotumatisk obfuskerings verktyg. Embedded Obfuscation Software protection Internet of Things Inbyggd Obfuskering Mjukvaruskydd Internet of Things Computer and Information Sciences Data- och informationsvetenskap
27	Programų apsaugos, naudojant lustines korteles, metodo sudarymas ir tyrimas / Development and research of software protection method using smart cards Kreickamas, Tomas 21 August 2013 (has links) Taikomųjų programų piratavimas – procesas, kurio metu nelegaliai atkuriama ir neturint tam teisės platinama taikomoji programa. Ši problema nėra nauja, tačiau efektyvių apsaugos priemonių nuo jos šiandien dar nesukurta. Dėl šios priežasties 2011 m. nelegalios programinės įrangos buvo parsisiųsta už daugiau nei 60 mlrd. JAV dolerių ir ši suma kasmet auga. Atlikus taikomųjų programų grėsminių analizę išsiaiškinome, kad didžiausia problema – atvirkštinė inžinerija. Šią problemą padedančias išspręsti apsaugos priemones suskirstėme į programines ir aparatūrines. Atlikus programinių apsaugos priemonių analizę išsiaiškinome, kad geriausiai nuo atvirkštinės inžinerijos padeda apsisaugoti kodo šifravimas arba glaudinimas. Atlikus aparatūrinių apsaugos priemonių analizę išsiaiškinome, kad apsaugai nuo piratavimo dažniausiai naudojami apsaugos raktai. Išanalizavus programinių ir aparatūrinių apsaugos priemonių privalumus ir trūkumus sukūrėme kompleksinį apsaugos metodą. Šis metodas remiasi kritinių (vertingiausių) programos modulių šifravimu ir vykdymu saugiame įrenginyje. Šiame darbe kaip saugų įrenginį naudojame lustines korteles. Šie įrenginiai buvo pasirinkti dėl jų nedidelės kainos ir teikiamo didelio saugumo lygio. Atlikę sumodeliuoto metodo programinę realizaciją jį ištyrėme greitaveikos aspektu ir nustatėme, kad modulio užimančio 6KB iššifravimas lustinėje kortelėje trunka tik 2% viso programos vykdymo laiko, todėl didelės įtakos programos vykdymo laiko išaugimui neturi... [toliau žr. visą tekstą] / Software piracy is copying and distributing of software illegally and without permission. This problem is not new but effective protective measures against it until today are not developed. Therefore, in 2011 illegal software has been downloaded for more than 60 billion USA dollars and that amount is growing every year. After software threats’ analysis we found out that the biggest problem is reverse engineering. Measures which can help to solve this problem we divided into software-based and hardware-based protection. After software-based protection analysis we found out that one of best measures against reverse engineering is code encryption or packaging and one of the best hardware-based protection tools is using of dongle keys. After analysis of advantages and disadvantages of software-based and hardware-based protection we developed method against software piracy. This method relies on the encryption of critical (most valuable) program modules and its safe execution in a safe device. In this paper, as a safe device we will use smart cards. These devices were chosen for their low cost and high level of safety. After implementation of simulated method we found out that decryption of module, which size is ~6KB, in smart card takes only 2% of the total program execution time, so this task does not have significant impact on program execution time. The biggest impact on increasing of protected program execution time have the module performance (59,37% of the total time)... [to full text] Informatics Programinės įrangos piratavimas Programinės įrangos apsauga Lustinės kortelės Kriptografija Software piracy Software protection Smart cards Cryptography
28	Intellectual property rights, innovation and software technologies : the economics of monopoly rights and knowledge disclosure / Harison, Elad. January 2008 (has links) Diss. Univ. of Maastricht.
29	RADAR: compiler and architecture supported intrusion prevention, detection, analysis and recovery Zhang, Tao 25 August 2006 (has links) In this dissertation, we propose RADAR - compileR and micro-Architecture supported intrusion prevention, Detection, Analysis and Recovery. RADAR is an infrastructure to help prevent, detect and even recover from attacks to critical software. Our approach emphasizes collaborations between compiler and micro-architecture to avoid the problems of purely software or hardware based approaches. With hardware support for cryptographic operations, our infrastructure can achieve strong process isolation to prevent attacks from other processes and to prevent certain types of hardware attacks. Moreover, we show that an unprotected system address bus leaks critical control flow information of the protected software but has never been carefully addressed previously. To enhance intrusion prevention capability of our infrastructure further, we present a scheme with both innovative hardware modification and extensive compiler support to eliminate most of the information leakage on system address bus. However, no security system is able to prevent all attacks. In general, we have to assume that certain attacks will get through our intrusion prevention mechanisms. To protect software from those attacks, we build a second line of defense consisted of intrusion detection and intrusion recovery mechanisms. Our intrusion detection mechanisms are based on anomaly detection. In this dissertation, we propose three anomaly detection schemes. We demonstrate the effectiveness of our anomaly detection schemes thus the great potential of what compiler and micro-architecture can do for software security. The ability to recover from an attack is very important for systems providing critical services. Thus, intrusion recoverability is an important goal of our infrastructure. We focus on recovery of memory state in this dissertation, since most attacks break into a system by memory tampering. We propose two schemes for intrusion analysis. The execution logging based scheme incurs little performance overhead but has higher demand for storage and memory bandwidth. The external input points tagging based scheme is much more space and memory bandwidth efficient, but leads to significant performance degradation. After intrusion analysis is done and tampered memory state is identified, tampered memory state can be easily recovered through memory updates logging or memory state checkpointing. Software protection Compiler support Microarchitecture support Information leakage prevention Anomaly detection Intrusion recovery Computer networks Security measures Computer architecture Computer network protocols
30	Design and implementation of an attribute-based authorization management system Mohan, Apurva 05 April 2011 (has links) The proposed research is in the area of attribute-based authorization systems. We address two specific research problems in this area. First, evaluating authorization policies in multi-authority systems where there are multiple stakeholders in the disclosure of sensitive data. The research proposes to consider all the relevant policies related to authorization in real time upon the receipt of an access request and to resolve any differences that these individual policies may have in authorization. Second, to enable a lot of entities to participate in the authorization process by asserting attributes on behalf of the principal accessing resources. Since it is required that these asserted attributes be trusted by the authorization system, it is necessary that these entities are themselves trusted by the authorization system. Two frameworks are proposed to address these issues. In the first contribution a dynamic authorization system is proposed which provides conflict detection and resolution among applicable policies in a multi-authority system. The authorization system is dynamic in nature and considers the context of an access request to adapt its policy selection, execution and conflict handling based on the access environment. Efficient indexing techniques are used to increase the speed of authorization policy loading and evaluation. In the second contribution, we propose a framework for service providers to evaluate trust in entities asserting on behalf of service users in real time upon receipt of an access request. This trust evaluation is done based on a reputation system model, which is designed to protect itself against known attacks on reputation systems. Policy-based systems Reputation systems XACML Trust metrics Attribute-based systems Authorization systems Computer security Data protection Computers Access control Software protection

Search results