THE IMPACT OF XML SECURITY STANDARDS ON MANAGING POST PROCESSED TELEMETRY DATA

Kalibjian, Jeffrey R.

10 1900

International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, Nevada / Today many organizations use the Secure Sockets Layer protocol (SSL, now known as TLS, or Transport Layer Security) to secure post processed telemetry data transmitted over internal or external Internet Protocol (IP) networks. While TLS secures data traveling over a network, it does not protect data after it reaches its end point. In the Open Systems Interconnection (OSI) layer model, TLS falls several layers below the application category. This implies that applications utilizing data delivered by TLS have no way of evaluating whether data has been compromised before TLS encryption (from a source), or after TLS decryption (at the destination). This security “gap” can be addressed by adoption of a security infrastructure that allows security operations to be abstracted at an OSI application level.

Link data security

application data security

XML

TLS

XKMS

SAML

XACML

SOAP

A data dependency recovery system for a heterogeneous multicore processor

Kainth, Haresh S.

January 2014

Multicore processors often increase the performance of applications. However, with their deeper pipelining, they have proven increasingly difficult to improve. In an attempt to deliver enhanced performance at lower power requirements, semiconductor microprocessor manufacturers have progressively utilised chip-multicore processors. Existing research has utilised a very common technique known as thread-level speculation. This technique attempts to compute results before the actual result is known. However, thread-level speculation impacts operation latency, circuit timing, confounds data cache behaviour and code generation in the compiler. We describe an software framework codenamed Lyuba that handles low-level data hazards and automatically recovers the application from data hazards without programmer and speculation intervention for an asymmetric chip-multicore processor. The problem of determining correct execution of multiple threads when data hazards occur on conventional symmetrical chip-multicore processors is a significant and on-going challenge. However, there has been very little focus on the use of asymmetrical (heterogeneous) processors with applications that have complex data dependencies. The purpose of this thesis is to: (i) define the development of a software framework for an asymmetric (heterogeneous) chip-multicore processor; (ii) present an optimal software control of hardware for distributed processing and recovery from violations;(iii) provides performance results of five applications using three datasets. Applications with a small dataset showed an improvement of 17% and a larger dataset showed an improvement of 16% giving overall 11% improvement in performance.

004.35

HIGH-RESOLUTION STRUCTURES OF THE PROTEINS HUMAN KALLIKREIN 6 AND HUMAN FIBROBLAST GROWTH FACTOR-1: STRUCTURE AND FUNCTION RELATIONSHIPS

Bernett, Matthew John

Unknown Date

In this work, we examine the structure and function of two important human proteins. The first is human kallikrein 6 (hK6), which is a newly identified enzyme in the serine proteinase family that is expressed in the central nervous system. In chapter 2, the X-ray crystal structure of mature, active recombinant human kallikrein 6 at 1.75 Å is presented. This high resolution model provides the first three-dimensional view of one of the human kallikreins and one of only a few structures of serine proteinases predominantly expressed in the central nervous system. Enzymatic and X-ray data provide support for the characterization of human kallikrein 6 as a degradative proteinase with structural features more similar to trypsin than the regulatory kallikreins. In chapter 3, we have re-solved the structure of hK6 to a resolution of 1.56 Å. In addition, a detailed analysis of the preferred substrate specificity of hK6 at the positions P3, P2, P1′, P2′, and P3′ is undertaken using internally quenched fluorescent substrates based on a peptide background sequence of the identified autolysis region. Furthermore, the identified optimized substrate sequence is modeled into the 1.56 Å structure of human kallikrein 6 using docking in order to identify structural aspects of the protein responsible for this preference. The substrate specificity data show that human kallikrein 6 displays little discrimination for particular amino acids at the tested positions with the exception of P2′, where there is a pronounced preference for proline. The second protein studied in this work is human fibroblast growth factor-1 which is a member of the β-trefoil superfold. In chapter 4, a 1.10 Å atomic-resolution x-ray structure of human fibroblast growth factor 1, a member of the β-trefoil superfold, is reported. The FGF-1 structure exhibits numerous core packing defects detectable using a 1.0Å radius probe. In addition to contributing to the relatively low thermal stability of FGF-1, these defects may also permit domain motions within the structure. The availability of refined ADP's permits a translation/libration/ screw (TLS) analysis of putative rigid body domains. The observed rigid body motion in FGF-1 appears related to the ligand-binding functionalities. / Dissertation / PhD

Error propagation analysis for remotely sensed aboveground biomass

Alboabidallah, Ahmed Hussein Hamdullah

January 2018

Above-Ground Biomass (AGB) assessment using remote sensing has been an active area of research since the 1970s. However, improvements in the reported accuracy of wide scale studies remain relatively small. Therefore, there is a need to improve error analysis to answer the question: Why is AGB assessment accuracy still under doubt? This project aimed to develop and implement a systematic quantitative methodology to analyse the uncertainty of remotely sensed AGB, including all perceptible error types and reducing the associated costs and computational effort required in comparison to conventional methods. An accuracy prediction tool was designed based on previous study inputs and their outcome accuracy. The methodology used included training a neural network tool to emulate human decision making for the optimal trade-off between cost and accuracy for forest biomass surveys. The training samples were based on outputs from a number of previous biomass surveys, including 64 optical data based studies, 62 Lidar data based studies, 100 Radar data based studies, and 50 combined data studies. The tool showed promising convergent results of medium production ability. However, it might take many years until enough studies will be published to provide sufficient samples for accurate predictions. To provide field data for the next steps, 38 plots within six sites were scanned with a Leica ScanStation P20 terrestrial laser scanner. The Terrestrial Laser Scanning (TLS) data analysis used existing techniques such as 3D voxels and applied allometric equations, alongside exploring new features such as non-plane voxel layers, parent-child relationships between layers and skeletonising tree branches to speed up the overall processing time. The results were two maps for each plot, a tree trunk map and branch map. An error analysis tool was designed to work on three stages. Stage 1 uses a Taylor method to propagate errors from remote sensing data for the products that were used as direct inputs to the biomass assessment process. Stage 2 applies a Monte Carlo method to propagate errors from the direct remote sensing and field inputs to the mathematical model. Stage 3 includes generating an error estimation model that is trained based on the error behaviour of the training samples. The tool was applied to four biomass assessment scenarios, and the results show that the relative error of AGB represented by the RMSE of the model fitting was high (20-35% of the AGB) in spite of the relatively high correlation coefficients. About 65% of the RMSE is due to the remote sensing and field data errors, with the remaining 35% due to the ill-defined relationship between the remote sensing data and AGB. The error component that has the largest influence was the remote sensing error (50-60% of the propagated error), with both the spatial and spectral error components having a clear influence on the total error. The influence of field data errors was close to the remote sensing data errors (40-50% of the propagated error) and its spatial and non-spatial Overall, the study successfully traced the errors and applied certainty-scenarios using the software tool designed for this purpose. The applied novel approach allowed for a relatively fast solution when mapping errors outside the fieldwork areas.

The State of Man-in-the-Middle TLS Proxies: Prevalence and User Attitudes

ONeill, Mark Thomas

01 October 2016

We measure the prevalence and uses of Man-in-the-Middle TLS proxies using a Flash tool deployed with a Google AdWords campaign. We generate 15.2 million certificate tests across two large-scale measurement studies and find that 1 in 250 TLS connections are intercepted by proxies. The majority of these proxies appear to be benevolent, however we identify over 3,600 cases where eight malware products are using this technology nefariously. We also find thousands of instances of negligent, duplicitous, and suspicious behavior, some of which degrade security for users without their knowledge. Distinguishing these types of practices is challenging in practice, indicating a need for transparency and user awareness. We also report the results of a survey of 1,976 individuals regarding their opinions of TLS proxies. Responses indicate that participants hold nuanced opinions on security and privacy trade-offs, with most recognizing legitimate uses for the practice, but also concerned about threats from hackers or government surveillance. There is strong support for notification and consent when a system is intercepting their encrypted traffic, although this support varies depending on the situation. A significant concern about malicious uses of TLS inspection is identity theft, and many would react negatively and some would change their behavior if they discovered inspection occurring without their knowledge. We also find that a small but significant number of participants are jaded by the current state of affairs and have lost any expectation of privacy.

SSL

TLS

Proxy

MITM

man in the middle

measurement

survey

AdWords

security

malware

firewall

censorship

Computer Sciences

A Large-Scale Analysis of How OpenSSL Is Used in Open-Source Software

Heidbrink, Scott Jared

01 March 2018

As vulnerabilities become more common the security of applications are coming under increased scrutiny. In regards to Internet security, recent work discovers that many vulnerabilities are caused by TLS library misuse. This misuse is attributed to large and confusing APIs and developer misunderstanding of security generally. Due to these problems there is a desire for simplified TLS libraries and security handling. However, as of yet there is no analysis of how the existing APIs are used, beyond how incorrect usage motivates the need to replace them. We provide an analysis of contemporary usage of OpenSSL across 410 popular secure applications. These insights will inform the security community as it addresses TLS library redesign.

TLS

SSL

API

source code analysis

static code analysis

Computer Sciences

Le transport et la sécurisation des échanges sur les réseaux sans fil

Badra, Mohamad

11 1900

La convergence des réseaux fixes et des réseaux mobiles est une réalité. Les couvertures de ces réseaux sont de plus en plus confondues. Leur intégration dans une architecture commune est une priorité pour les opérateurs et fournisseurs de services. Cela afin de mieux répondre aux problématiques introduites par cette convergence en termes d'interopérabilité, de performance, de qualité de service, de sécurité, d'exploitation et également de réactivité liée au déploiement de nouveaux services. Concernant la sécurité, beaucoup de travaux et d'efforts ont été consentis ces dernières années afin d'aboutir à des solutions immédiates pour sécuriser les échanges dans les réseaux fixes. Ces solutions, telles que TLS (Transport Layer Security) et IPSec ont été ainsi conçues dans un contexte où les équipements et les entités sont fixes, elles sont opérationnelles à grande échelle. Malgré leur diversité, ces solutions sont encore limitées, génériques et répondent insuffisamment aux besoins spécifiques des applications de communication dans les environnements mobiles. Nous avons donc opté pour des solutions d'adaptation qui permettent d'adapter les mécanismes de sécurité conçus au départ pour les réseaux fixes aux réseaux mobiles. Ce choix est appuyé par deux raisons principales. La première est que les réseaux sans fil sont opérationnels et reliés de plus en plus aux réseaux fixes et la seconde réside dans le fait que la réutilisation de ces solutions nous permet de réduire leurs coûts d'exploitation. Notre contribution dans cette thèse est donc de faire avancer les solutions de la sécurisation des échanges sans fil tout en prenant en compte les contraintes précédemment citées. Notre travail de recherche est structuré en quatre parties : La première partie traite de TLS, de ses performances et de sa charge protocolaire. Dans le but d'étudier son adéquation aux réseaux mobiles, nous expérimentons TLS avec les réseaux GSM, en utilisant la pile protocolaire WAP, et avec les réseaux 802.11 sans fil. Les résultats de cette étude nous amènent à proposer des extensions plus performantes et plus appropriées que les mécanismes standard définis dans WAP et les réseaux 802.11 sans fil. La deuxième partie est une contribution qui consiste à l'extension et l'enrichissement de TLS pour répondre à des besoins de sécurité dans le contexte du sans fil. Nous avons ainsi proposé de nouvelles architectures pour la convergence avec les réseaux fixes. Dans la troisième partie, nous proposons d'enrichir la sécurité dans les réseaux WLAN en fournissant des services additionnels comme l'anonymat des échanges, la protection d'identité et la protection contre certains types d'attaques (passives, par dictionnaires, etc.). Nous définissons un mécanisme basé sur l'utilisation d'une clé partagée et de TLS. Cette contribution consiste à ajouter une extension sur le premier message du client TLS tout en respectant la norme "TLS extensions". Ce mécanisme ne nécessite pas l'utilisation des certificats et des PKIs pour l'authentification; il est mieux adapté pour certains réseaux sans fil et à petite échelle où les clients sont pré configurés ou personnalisés. Nous terminons cette partie en présentant une implantation de EAP-TLS couplée avec une carte à puce. La dernière partie consiste essentiellement à intégrer les différentes contributions. Ceci pour mettre en exergue une méthode d'authentification couplant "architecture" et "secret partagé". Nous montrons ainsi comment, avec une telle approche, nous dérivons des services de sécurité non supportés jusqu'à présent par TLS tels que le PFS et la protection de l'identité.

Sécurité

Tls

Sécurisation les échanges sans fil

Régulation de la traduction des ARNm dendritiques par des ribonucléoprotéines et rôle de CHMP2B dans la morphogenèse des épines dendritiques.

Belly, Agnès

30 October 2009

Les épines dendritiques sont des petites protubérances remarquablement dynamiques à la surface des dendrites, correspondant à la partie postsynaptique des synapses excitatrices. En réponse à l'activité neuronale, leur géométrie et leur composition biochimique changent, modulant ainsi la force synaptique. Entres autres, la synthèse locale de nouvelles protéines et une modification de la composition protéique membranaire assurent ces changements. Nous avons montré que la ribonucléoprotéine Sam68 régule la traduction de l'ARNm du facteur d'élongation de la traduction eEF1A ; et que TLS, d'ordinaire nucléaire, est localisée dans les dendrites, près des synapses. Nous avons montré que les mutants de CHMP2B (membre du complexe endosomial ESCRT III et mutée dans une maladie neurodégénérative) affectent la morphologie des épines dendritiques, leur taille est réduite, et diminuent la proportion des courants synaptiques de grande amplitude.

Epines dendritiques

ARNm dendritiques

Sam68

TLS

CHMP2B

Démence Frontotemporale

Implementing the Transport Layer Security Protocol for Embedded Systems / Implementation och anpassning av Transport Layer Security för inbyggda system

Werstén, Bengt

January 2007

<p>Web servers are increasingly being used in embedded devices as a communication medium. As more systems connect to the Internet, the need for security is increasing. The Transport Layer Protocol (TLS) is the successor of Secure Socket Layer (SSL) and provides security in almost all secure Internet transactions. This thesis aims to investigate if TLS can be adapted to embedded systems without sacrificing much of the system resources available.</p><p>A literature study and an implementation of TLS have been performed. The literature study determined resource intense parts of TLS, hardware support as well as export laws applicable to TLS. The different parts of the implementation are evaluated on an ARM7-core to determine the execution times. The results for the symmetric ciphers AES and 3DES are compared when measuring execution times using both software and hardware solutions. The size of the implementation is also measured.</p><p>TLS was shown to be able to integrate on embedded systems. Practical issues such as certificates and keys can be solved in different ways to suite the target environment. The largest remaining issue is the execution time for asymmetric algorithms. The results that are provided clearly illustrates that the RSA used for key exchange is very time consuming. Alternative solutions to gain better performance are discussed.</p>

TLS

SSL

embedded systems

cryptography

hardware support

export laws

Information technology

Informationsteknik

RAD5a and REV3 Function in Two Alternative Pathways of DNA Damage Tolerance in Arabidopsis

2011 December 1900

DNA-damage tolerance (DDT) in yeast is composed of two parallel pathways and mediated by sequential ubiquitination of proliferating cell nuclear antigen (PCNA). While monoubiquitination of PCNA promotes translesion synthesis (TLS), which is dependent on low fidelity polymerase ζ (Pol ζ) composed of a catalytic subunit Rev3 and a regulatory subunit Rev7, polyubiquitination of PCNA by Mms2-Ubc13-Rad5 promotes error-free lesion bypass. Inactivation of these two pathways results in a synergistic effect on DNA-damage responses; however, this two-branch DDT model has not been reported in any multicellular organisms. In order to examine whether Arabidopsis thaliana possesses a two-branch DDT system, rad5a rev3 double mutant plants were created and compared with the corresponding single mutants. Arabidopsis rad5a and rev3 mutations are indeed synergistic with respect to growth inhibition induced by replication-blocking lesions, suggesting that AtRAD5a and AtREV3 are required for error-free and TLS branches of DDT, respectively. Unexpectedly this study reveals three modes of genetic interactions in response to different types of DNA damage, indicating that plant RAD5 and REV3are also involved in DNA damage responses independent of DDT. By comparing with yeast cells, it is apparent that plant TLS is a more frequently utilized means of lesion bypass than error-free DDT. In addition, it was also observed that treatments with the DNA damaging agent methylmethanesulfonate increased the nuclear ploidy level in the double mutant plants.