Global ETD Search

381	Cooperating broadcast and cellular conditional access system for digital television Shirazi, Hamidreza January 2009 (has links) The lack of interoperability between Pay‐TV service providers and a horizontally integrated business transaction model have compromised the competition in the Pay‐TV market. In addition, the lack of interactivity with customers has resulted in high churn rate and improper security measures have contributed into considerable business loss. These issues are the main cause of high operational costs and subscription fees in the Pay‐TV systems. This paper presents a novel end‐to‐end system architecture for Pay‐TV systems cooperating mobile and broadcasting technologies. It provides a cost‐effective, scalable, dynamic and secure access control mechanism supporting converged services and new business opportunities in Pay‐TV systems. It enhances interactivity, security and potentially reduces customer attrition and operational cost. In this platform, service providers can effectively interact with their customers, personalise their services and adopt appropriate security measures. It breaks up the rigid relationship between a viewer and set‐top box as imposed by traditional conditional access systems, thus, a viewer can fully enjoy his entitlements via an arbitrary set‐top box. Having thoroughly considered state‐of‐the‐art technologies currently being used across the world, the thesis highlights novel use cases and presents the full design and implementation aspects of the system. The design section is enriched by providing possible security structures supported thereby. A business collaboration structure is proposed, followed by a reference model for implementing the system. Finally, the security architectures are analysed to propose the best architecture on the basis of security, complexity and set‐top box production cost criteria. 621.38807
382	Vers la sécurisation des systèmes d'informatique ubiquitaire par le design : une approche langage / Towards securing pervasive computing systems by design : a language approach Jakob, Henner 27 June 2011 (has links) Dans de multiples domaines, un nombre grandissant d'applications interagissant avec des entités communicantes apparaissent dans l'environnement pour faciliter les activités quotidiennes~(domotique et télémédecine). Leur impact sur la vie de tous les jours des utilisateurs rend ces applications critiques: leur défaillance peut mettre en danger des personnes et leurs biens. Bien que l'impact de ces défaillances puisse être majeur, la sécurité est souvent considérée comme un problème secondaire dans le processus de développement et est traitée par des approches ad hoc.Cette thèse propose d'intégrer des aspects de sécurité dans le cycle de développement des systèmes d'informatique ubiquitaire. La sécurité est spécifiée à la conception grâce à des déclarations dédiées et de haut niveau. Ces déclarations sont utilisées pour générer un support de programmation afin de faciliter l'implémentation des mécanismes de sécurité, tout en séparant ces aspects de sécurité de la logique applicative. Notre approche se concentre sur le contrôle d'accès aux entités et la protection de la vie privée. Notre travail a été implémenté et fait levier sur une suite outillée existante couvrant le cycle de développement logiciel. / A growing number of environments is being populated with a range of networked devices. Applications leverage these devices to support everyday activities in a variety of areas (e.g., home automation and patient monitoring). As these devices and applications get woven into our everyday activities, they become critical: their failure can put people and assets at risk. Failures can be caused by malicious attacks and misbehaving applications. Although the impact of such situations can be major, security concerns are often considered a secondary issue in the development process, and treated with ad hoc approaches. This thesis proposes to address security concerns throughout the development lifecycle of a pervasive computing system. Security is addressed at design time thanks to dedicated, high-level declarations. These declarations are processed to implement security mechanisms, and to generate programming support to ease the development of the security logic, while keeping it separate from the application logic. Our approach is studied in the context of access control and privacy concerns. Our work has been implemented and leverages an existing software-design language and a suite of tools that covers the software development lifecycle. Informatique ubiquitaire Sécurité Contrôle d'accès Langage dédié Génie logiciel Ubiquitous computing Security Access control Domain-specific language Software engineering
383	Un processus formel d'intégration de politiques de contrôle d'accès dans les systèmes d'information / A formal integration of access control policies into information systems Milhau, Jérémy 12 December 2011 (has links) La sécurité est un élément crucial dans le développement d'un système d'information. On ne peut pas concevoir un système bancaire sans préoccupation sécuritaire. La sensibilité des données d'un système hospitalier nécessite que la sécurité soit la composante majeure d'un tel logiciel. Le contrôle d'accès est un des nombreux aspects de la sécurité. Il permet de définir les conditions de l'exécution d'actions dans un système par un utilisateur. Entre les différentes phases de conception d'une politique de contrôle d'accès et son application effective sur un système déployé, de nombreuses étapes peuvent introduire des erreurs ou des failles non souhaitables. L'utilisation de méthodes formelles est une réponse à ces préoccupations dans le cadre de la modélisation de politiques de contrôle d'accès. L'algèbre de processus EB3 permet une modélisation formelle de systèmes d'information. Son extension EB3SEC a été conçue pour la spécification de politiques de contrôle d'accès. Le langage ASTD, combinaison des statecharts de Harel et des opérateurs de EB3, permet de modéliser graphiquement et formellement un système d'information. Cependant, ces deux méthodes manquent d'outils de vérification et de validation qui permettent de prouver ou de vérifier des propriétés de sécurité indispensables à la validation de politiques de contrôle d'accès. De plus, il est important de pouvoir prouver que l'implémentation d'une politique correspond bien à sa spécification abstraite. Cette thèse définit des règles de traduction de EB3 vers ASTD, d'ASTD vers event-B et vers B. Elle décrit également une architecture formelle exprimée en B d'un filtre de contrôle d'accès pour les systèmes d'information. Cette modélisation en B permet de prouver des propriétés à l'aide du prouveur B ou de vérifier des propriétés avec ProB, un vérificateur de modèles. Enfin, une stratégie de raffinement B pour obtenir une implémentation de ce filtre de contrôle d'accès est présentée. Les raffinements B étant prouvés, l'implémentation correspond donc au modèle initial de la politique de contrôle d'accès / Security is a key aspect in information systems (IS) development. One cannot build a bank IS without security in mind. In medical IS, security is one of the most important features of the software. Access control is one of many security aspects of an IS. It defines permitted or forbidden execution of system's actions by a user. Between the conception of an access control policy and its effective deployment on an IS, several steps can introduce unacceptable errors. Using formal methods may be an answer to reduce errors during the modeling of access control policies. Using the process algebra EB3, one can formally model IS. Its extension, EB3SEC, was created in order to model access control policies. The ASTD notation combines Harel's Statecharts and EB3 operators into a graphical and formal notation that can be used in order to model IS. However, both methods lack tools allowing a designer to prove or verify security properties in order to validate an access control policy. Furthermore, the implementation of an access control policy must correspond to its abstract specification. This thesis defines translation rules from EB3 to ASTD, from ASTD to event-B and from ASTD to B. It also introduces a formal architecture expressed using the B notation in order to enforce a policy over an IS. This modeling of access control policies in B can be used in order to prove properties, thanks to the B prover, but also to verify properties using ProB, a model checker for B. Finally, a refinement strategy for the access control policy into an implementation is proposed. B refinements are proved, this ensures that the implementation corresponds to the initial model of the access control policy Système d'information Contrôle d'accès B Event-B Astd Eb3 Information system Access control B Event-B Astd Eb3
384	Bezpečnostní politiky SELinuxu pro vybrané aplikace prostředí KDE / SELinux security policies for chosen applications of KDE desktop environment Vadinský, Ondřej January 2011 (has links) This thesis deals with technologies of SELinux security policy writing. Furthermore the thesis analyzes userspace of GNU/Linux operating system with special focus on KDE desktop environment. On the basis of this analysis a bottom-up methodics to create a security policy is devised. Acquired knowledge is then used in practice when realizing the main goal of the thesis, which is to create example security policies for chosen KDE applications. When describing technologies of security policy writing the thesis draws information from available sources of information. Input for userspace analysis are available electronic sources of information and author's own experience with analyzed applications. This is used with common philosophic principles to devise bottom-up methodics of policy writting. Following act of policy building draws from defined security goals, acquired knowledge, created methodics and defined usecases. Theoretical contribution of the thesis is devised methodics of userspace policy building. Main practical contribution are then created example SELinux policies for chosen KDE applications. The structure of the thesis follows its goals. For them three parts are created: background research of available resources, author's own theoretical contemplations and practical output of the thesis. Those parts are then devided into sections according to needs of each topic.
385	Automatic reconstruction and analysis of security policies from deployed security components / Analyse et reconstruction automatique de politiques de sécurité de composants de sécurité déployés Martinez, Salvador 30 June 2014 (has links) La sécurité est une préoccupation essentielle pour tout système d’information. Propriétés de sécurité telles que la confidentialité, l’intégrité et la disponibilité doivent être appliquées afin de rendre les systèmes sures. Dans les environnements complexes, où les systèmes d’information sont composés par un certain nombre de sous-systèmes hétérogènes, chaque sous-système joue un rôle clé dans la sécurité globale du système. Dans le cas spécifique du contrôle d’accès, politiques de contrôle d’accès peuvent être trouvées dans différents composants (bases de données, réseaux, etc.), ces derniers étant sensés travailler ensemble. Néanmoins , puisque la plupart de ces politiques ont été mises en œuvre manuellement et / ou évolué séparément ils deviennent facilement incompatibles. Dans ce contexte, la découverte et compréhension des politiques de sécurité appliquées par le système d’information devient une nécessité critique. Le principal défi à résoudre est de combler le fossé entre les caractéristiques de sécurité dépendant du fournisseur et une représentation de plus haut niveau que exprime ces politiques d’une manière faisant abstraction des spécificités de composants concrètes, et donc, plus facile à comprendre et à raisonner avec. Cette représentation de haut niveau nous permettrait également de mettre en œuvre tous les opérations de évolution / refactoring / manipulation sur les politiques de sécurité d’une manière réutilisable. Dans ce travail, nous proposons un tel mécanisme de rétro-ingénierie et d’intégration des politiques de contrôle d’accès. Nous comptons sur les technologies de l’ingénierie dirigée par les modèles pour atteindre cet objectif . / Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed by a number of heterogeneous subsystems, each subsystem plays a key role in the global system security. For the specific case of access-control, access-control policies may be found in several components (databases, networksand applications) all, supposedly, working together. Nevertheless since most times these policies have been manually implemented and/or evolved separately they easily become inconsistent. In this context, discovering and understanding which security policies are actually being enforced by the information system comes out as a critical necessity. The main challenge to solve is bridging the gap between the vendor-dependent security features and a higher-level representation that express these policies in a way that abstracts from the specificities of concrete system components, and thus, it´s easier to understand and reason with. This high-level representation would also allow us to implement all evolution/refactoring/manipulation operations on the security policies in a reusable way. In this work we propose such a reverse engineering and integration mechanism for access-control policies. We rely on model-driven technologies to achieve this goal. Sûreté Ingénierie dirigée par les modèles Rétro-ingénierie Contrôle d’accès Security Model-driven Reverse-engineering Access-Control
386	A Study on Partially Homomorphic Encryption Schemes Unknown Date (has links) High processing time and implementation complexity of the fully homomorphic encryption schemes intrigued cryptographers to extend partially homomorphic encryption schemes to allow homomorphic computation for larger classes of polynomials. In this thesis, we study several public key and partially homomorphic schemes and discuss a recent technique for boosting linearly homomorphic encryption schemes. Further, we implement this boosting technique on CGS linearly homomorphic encryption scheme to allow one single multiplication as well as arbitrary number of additions on encrypted plaintexts. We provide MAGMA source codes for the implementation of the CGS scheme along with the boosted CGS scheme. / Includes bibliography. / Thesis (M.S.)--Florida Atlantic University, 2017. / FAU Electronic Theses and Dissertations Collection Computer networks--Security measures. Computer security. Computers--Access control--Code words. Cyberinfrastructure. Computer network architectures. Cryptography. Number theory--Data processing.
387	Modèles de contrôle d'accès pour les applications collaboratives / Access Control Models for Collaborative Applications Chérif, Asma 26 November 2012 (has links) L'importance des systèmes collaboratifs a considérablement augmenté au cours des dernières années. La majorité de nouvelles applications sont conçues de manière distribuée pour répondre aux besoins du travail collaboratif. Parmi ces applications, nous nous intéressons aux éditeurs collaboratifs temps-réel (RCE) qui permettent la manipulation de divers objets partagés, tels que les pages wiki ou les articles scientifiques par plusieurs personnes réparties dans le temps et dans l'espace. Bien que ces applications sont de plus en plus utilisées dans de nombreux domaines, l'absence d'un modèle de contrôle d'accès adéquat limite l'exploitation de leur plein potentiel. En effet, contrôler les accès aux documents partagés de façon décentralisée et sans alourdir les performances du système collaboratif représente un vrai challenge, surtout que les droits d'accès peuvent changer fréquemment et de façon dynamique au cours du temps. Dans cette thèse, nous proposons un modèle de contrôle d'accès générique basé sur l'approche de réplication optimiste du document partagé ainsi que sa politique de contrôle d'accès. Pour cela, nous proposons une approche optimiste de contrôle d'accès dans la mesure où un utilisateur peut violer temporairement la politique de sécurité. Pour assurer la convergence, nous faisons recours à l'annulation sélective pour éliminer l'effet des mises à jour illégales. Vu l'absence d'une solution d'annulation générique et correcte, nous proposons une étude théorique du problème d'annulation et nous concevons une solution générique basée sur une nouvelle sémantique de l'opération identité. Afin de valider notre approche tous nos algorithmes ont été implémentés en Java et testés sur la plateforme distribuée Grid'5000 / The importance of collaborative systems in real-world applications has grown significantly over the recent years. The majority of new applications are designed in a distributed fashion to meet collaborative work requirements. Among these applications, we focus on Real-Time Collaborative Editors (RCE) that provide computer support for modifying simultaneously shared documents, such as articles, wiki pages and programming source code by dispersed users. Although such applications are more and more used into many fields, the lack of an adequate access control concept is still limiting their full potential. In fact, controlling access in a decentralized fashion for such systems is a challenging problem, as they need dynamic access changes and low latency access to shared documents. In this thesis, we propose a generic access control model based on replicating the shared document and its authorization policy at the local memory of each user. We consider the propagation of authorizations and their interactions. We propose a optimistic approach to enforce access control in existing collaborative editing solutions in the sense that a user can temporarily violate the access control policy. To enforce the policy, we resort to the selective undo approach in order to eliminate the effect of illegal document updates. Since, the safe undo is an open issue in collaborative applications. We investigate a theoretical study of the undo problem and propose a generic solution for selectively undoing operations. Finally, we apply our framework on a collaboration prototype and measure its performance in the distributed grid GRID?5000 to highlight the scalability of our solution Contrôle d'Accès Editeurs Collaboratifs Transformée Opérationnelle Annulation Sélective Access Control Collaborative Editors Operational Transformation Approach (OT) Selective Undo 005.8
388	Web services cryptographic patterns Unknown Date (has links) Data security has been identified as one of the most important concerns where sensitive messages are exchanged over the network. In web service architecture, multiple distributed applications communicate with each other over the network by sending XML messages. How can we protect these sensitive messages? Some web services standards have emerged to tackle this problem. The XML Encryption standard defines the process of encrypting and decrypting all of an XML message, part of an XML message, or even an external resource. Like XML Encryption, the XML Signature standard specifies how to digitally sign an entire XML message, part of an XML message, or an external object. WS-Security defines how to embed security tokens, XML encryption, and XML signature into XML documents. It does not define new security mechanisms, but leverages existing security technologies such as encryption and digital signature. / by Keiko Hashizume. / Thesis (M.S.)--Florida Atlantic University, 2009. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2009. Mode of access: World Wide Web. Computer networks--Access control Data encryption (Computer science) XML (Document markup language) Digital signatures Computer network architectures
389	Performance characteristics of semantics-based concurrency control protocols. January 1995 (has links) by Keith, Hang-kwong Mak. / Thesis (M.Phil.)--Chinese University of Hong Kong, 1995. / Includes bibliographical references (leaves 122-127). / Abstract --- p.i / Acknowledgement --- p.iii / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Background --- p.4 / Chapter 2.1 --- Read/Write Model --- p.4 / Chapter 2.2 --- Abstract Data Type Model --- p.5 / Chapter 2.3 --- Overview of Semantics-Based Concurrency Control Protocols --- p.7 / Chapter 2.4 --- Concurrency Hierarchy --- p.9 / Chapter 2.5 --- Control Flow of the Strict Two Phase Locking Protocol --- p.11 / Chapter 2.5.1 --- Flow of an Operation --- p.12 / Chapter 2.5.2 --- Response Time of a Transaction --- p.13 / Chapter 2.5.3 --- Factors Affecting the Response Time of a Transaction --- p.14 / Chapter 3 --- Semantics-Based Concurrency Control Protocols --- p.16 / Chapter 3.1 --- Strict Two Phase Locking --- p.16 / Chapter 3.2 --- Conflict Relations --- p.17 / Chapter 3.2.1 --- Commutativity (COMM) --- p.17 / Chapter 3.2.2 --- Forward and Right Backward Commutativity --- p.19 / Chapter 3.2.3 --- Exploiting Context-Specific Information --- p.21 / Chapter 3.2.4 --- Relaxing Correctness Criterion by Allowing Bounded Inconsistency --- p.26 / Chapter 4 --- Related Work --- p.32 / Chapter 4.1 --- Exploiting Transaction Semantics --- p.32 / Chapter 4.2 --- Exploting Object Semantics --- p.34 / Chapter 4.3 --- Sacrificing Consistency --- p.35 / Chapter 4.4 --- Other Approaches --- p.37 / Chapter 5 --- Performance Study (Testbed Approach) --- p.39 / Chapter 5.1 --- System Model --- p.39 / Chapter 5.1.1 --- Main Memory Database --- p.39 / Chapter 5.1.2 --- System Configuration --- p.40 / Chapter 5.1.3 --- Execution of Operations --- p.41 / Chapter 5.1.4 --- Recovery --- p.42 / Chapter 5.2 --- Parameter Settings and Performance Metrics --- p.43 / Chapter 6 --- Performance Results and Analysis (Testbed Approach) --- p.46 / Chapter 6.1 --- Read/Write Model vs. Abstract Data Type Model --- p.46 / Chapter 6.2 --- Using Context-Specific Information --- p.52 / Chapter 6.3 --- Role of Conflict Ratio --- p.55 / Chapter 6.4 --- Relaxing the Correctness Criterion --- p.58 / Chapter 6.4.1 --- Overhead and Performance Gain --- p.58 / Chapter 6.4.2 --- Range Queries using Bounded Inconsistency --- p.63 / Chapter 7 --- Performance Study (Simulation Approach) --- p.69 / Chapter 7.1 --- Simulation Model --- p.70 / Chapter 7.1.1 --- Logical Queueing Model --- p.70 / Chapter 7.1.2 --- Physical Queueing Model --- p.71 / Chapter 7.2 --- Experiment Information --- p.74 / Chapter 7.2.1 --- Parameter Settings --- p.74 / Chapter 7.2.2 --- Performance Metrics --- p.75 / Chapter 8 --- Performance Results and Analysis (Simulation Approach) --- p.76 / Chapter 8.1 --- Relaxing Correctness Criterion of Serial Executions --- p.77 / Chapter 8.1.1 --- Impact of Resource Contention --- p.77 / Chapter 8.1.2 --- Impact of Infinite Resources --- p.80 / Chapter 8.1.3 --- Impact of Limited Resources --- p.87 / Chapter 8.1.4 --- Impact of Multiple Resources --- p.89 / Chapter 8.1.5 --- Impact of Transaction Type --- p.95 / Chapter 8.1.6 --- Impact of Concurrency Control Overhead --- p.96 / Chapter 8.2 --- Exploiting Context-Specific Information --- p.98 / Chapter 8.2.1 --- Impact of Limited Resource --- p.98 / Chapter 8.2.2 --- Impact of Infinite and Multiple Resources --- p.101 / Chapter 8.2.3 --- Impact of Transaction Length --- p.106 / Chapter 8.2.4 --- Impact of Buffer Size --- p.108 / Chapter 8.2.5 --- Impact of Concurrency Control Overhead --- p.110 / Chapter 8.3 --- Summary and Discussion --- p.113 / Chapter 8.3.1 --- Summary of Results --- p.113 / Chapter 8.3.2 --- Relaxing Correctness Criterion vs. Exploiting Context-Specific In- formation --- p.114 / Chapter 9 --- Conclusions --- p.116 / Bibliography --- p.122 / Chapter A --- Commutativity Tables for Queue Objects --- p.128 / Chapter B --- Specification of a Queue Object --- p.129 / Chapter C --- Commutativity Tables with Bounded Inconsistency for Queue Objects --- p.132 / Chapter D --- Some Implementation Issues --- p.134 / Chapter D.1 --- Important Data Structures --- p.134 / Chapter D.2 --- Conflict Checking --- p.136 / Chapter D.3 --- Deadlock Detection --- p.137 / Chapter E --- Simulation Results --- p.139 / Chapter E.l --- Impact of Infinite Resources (Bounded Inconsistency) --- p.140 / Chapter E.2 --- Impact of Multiple Resource (Bounded Inconsistency) --- p.141 / Chapter E.3 --- Impact of Transaction Type (Bounded Inconsistency) --- p.142 / Chapter E.4 --- Impact of Concurrency Control Overhead (Bounded Inconsistency) --- p.144 / Chapter E.4.1 --- Infinite Resources --- p.144 / Chapter E.4.2 --- Limited Resource --- p.146 / Chapter E.5 --- Impact of Resource Levels (Exploiting Context-Specific Information) --- p.149 / Chapter E.6 --- Impact of Buffer Size (Exploiting Context-Specific Information) --- p.150 / Chapter E.7 --- Impact of Concurrency Control Overhead (Exploiting Context-Specific In- formation) --- p.155 / Chapter E.7.1 --- Impact of Infinite Resources --- p.155 / Chapter E.7.2 --- Impact of Limited Resources --- p.157 / Chapter E.7.3 --- Impact of Transaction Length --- p.160 / Chapter E.7.4 --- Role of Conflict Ratio --- p.162 Database management Computer multitasking Abstract data types (Computer science) Control theory--Computer programs Computers--Access control
390	Distributed file systems in an authentication system Merritt, John W January 2010 (has links) Typescript (photocopy). / Digitized by Kansas Correctional Industries / Department: Computer Science. Computer networks--Security measures Electronic mail systems C♯ (Computer program language) UNIX (Computer file)

Search results