Global ETD Search

531	Proposition et vérification formelle de protocoles de communications temps-réel pour les réseaux de capteurs sans fil Mouradian, Alexandre 18 November 2013 (has links) (PDF) Les RCsF sont des réseaux ad hoc, sans fil, large échelle déployés pour mesurer des paramètres de l'environnement et remonter les informations à un ou plusieurs emplacements (nommés puits). Les éléments qui composent le réseau sont de petits équipements électroniques qui ont de faibles capacités en termes de mémoire et de calcul ; et fonctionnent sur batterie. Ces caractéristiques font que les protocoles développés, dans la littérature scientifique de ces dernières années, visent principalement à auto-organiser le réseau et à réduire la consommation d'énergie. Avec l'apparition d'applications critiques pour les réseaux de capteurs sans fil, de nouveau besoins émergent, comme le respect de bornes temporelles et de fiabilité. En effet, les applications critiques sont des applications dont dépendent des vies humaines ou l'environnement, un mauvais fonctionnement peut donc avoir des conséquences catastrophiques. Nous nous intéressons spécifiquement aux applications de détection d'événements et à la remontée d'alarmes (détection de feu de forêt, d'intrusion, etc), ces applications ont des contraintes temporelles strictes. D'une part, dans la littérature, on trouve peu de protocoles qui permettent d'assurer des délais de bout en bout bornés. Parmi les propositions, on trouve des protocoles qui permettent effectivement de respecter des contraintes temporelles mais qui ne prennent pas en compte les spécificités des RCsF (énergie, large échelle, etc). D'autres propositions prennent en compte ces aspects, mais ne permettent pas de garantir des bornes temporelles. D'autre part, les applications critiques nécessitent un niveau de confiance très élevé, dans ce contexte les tests et simulations ne suffisent pas, il faut être capable de fournir des preuves formelles du respect des spécifications. A notre connaissance cet aspect est très peu étudié pour les RcsF. Nos contributions sont donc de deux types : * Nous proposons un protocole de remontée d'alarmes, en temps borné, X-layer (MAC/routage, nommé RTXP) basé sur un système de coordonnées virtuelles originales permettant de discriminer le 2-voisinage. L'exploitation de ces coordonnées permet d'introduire du déterminisme et de construire un gradient visant à contraindre le nombre maximum de sauts depuis toute source vers le puits. Nous proposons par ailleurs un mécanisme d'agrégation temps-réel des alarmes remontées pour lutter contre les tempêtes de détection qui entraînent congestion et collision, et donc limitent la fiabilité du système. * Nous proposons une méthodologie de vérification formelle basée sur les techniques de Model Checking. Cette méthodologie se déroule en trois points, qui visent à modéliser de manière efficace la nature diffusante des réseaux sans fil, vérifier les RCsF en prenant en compte la non-fiabilité du lien radio et permettre le passage à l'échelle de la vérification en mixant Network Calculus et Model Checking. Nous appliquons ensuite cette méthodologie pour vérifier RTXP. Télécommunications Réseau de capteurs Réseaux de capteurs sans fil Temps réel MAC - Medium Access Control Routage Vérification formelle
532	De l'exploitation des réceptions opportunistes dans les mécanismes de relayage pour les réseaux sans-fil LOISEAU, Lucien 06 December 2013 (has links) (PDF) Les réseaux sans-fil tels que IEEE 802.11 (Wifi) connaissent aujourd'hui une popularité sans précédent, offrant des connexions réseau à domicile, en entreprise ou dans des lieux publics sous forme de "Hot spot". Nos études ont montré que les centres urbains sont fortement couvert par ce type de réseau (avec une couverture similaire aux réseaux 3G). Cependant, la technologie est limitée par la portée du signal qui provoque des pertes sur le canal. Nous proposons une nouvelle méthode de relayage opportuniste pour les réseaux basés sur le CSMA/CA permettant de faire coopérer des stations. En évitant l'inondation, et en réduisant au maximum la signalisation, nous proposons de légères modifications au standard IEEE 802.11 afin d'autoriser des stations intermédiaires à relayer les trames des autres stations. Les modifications apportées portent simplement sur le traitement des trames à destination d'autrui, et une gestion différente des acquittements : lorsqu'une destination ne reçoit pas un acquittement, toutes les stations ayant reçu la trame considèrent qu'une retransmission est nécessaire. Ces dernières entreront en compétition pour retransmettre la trame si leur probabilité d'effectuer une transmission réussie est plus forte que la source. Nous avons implémenté et testé notre proposition dans le simulateur réseau NS-2, et les résultats démontrent que la connectivité des stations lointaines est fortement améliorée. Réseaux sans fil Accès aléatoire Relais Medium Access Control WiFi Multi-hop wireless networks
533	Design of a reconfigurable processor for elliptic curve cryptography over NIST prime fields Ananyi, Kendall 12 January 2010 (has links) Exchange of information must integrate a means of protecting data against unauthorized access. Cryptography plays an important role in achieving information security. It is used for (1) encrypting or signing data at the source before transmission, and then (2) decrypting or validating the signature of the received message at the destination. This thesis focuses on the study of the hardware implementation of a reconfigurable processor supporting elliptic curve cryptography (ECC) over prime fields GF(p). The proposed processor can be reconfigured to work with any of the five prime fields recommended by N1ST (192 to 521 bits). Our processor can be programmed to execute any sequence of basic modular operations (add, subtract, multiply, invert) used in higher level ECC arithmetic. The architecture has been prototyped on a Xilinx FPGA. Its performance is competitive with existing hardware implementation, despite the overhead needed to support datapath reconfigurations for different prime sizes. computers access control cryptography
534	Distributed Power Control and Medium Access Control Protocol Design for Multi-Channel Ad Hoc Wireless Networks Almotairi, Khaled Hatem January 2012 (has links) In the past decade, the development of wireless communication technologies has made the use of the Internet ubiquitous. With the increasing number of new inventions and applications using wireless communication, more interference is introduced among wireless devices that results in limiting the capacity of wireless networks. Many approaches have been proposed to improve the capacity. One approach is to exploit multiple channels by allowing concurrent transmissions, and therefore it can provide high capacity. Many available, license-exempt, and non-overlapping channels are the main advantages of using this approach. Another approach that increases the network capacity is to adjust the transmission power; hence, it reduces interference among devices and increases the spatial reuse. Integrating both approaches provides further capacity. However, without careful transmission power control (TPC) design, the network performance is limited. The first part of this thesis tackles the integration to efficiently use multiple channels with an effective TPC design in a distributed manner. We examine the deficiency of uncontrolled asymmetrical transmission power in multi-channel ad hoc wireless networks. To overcome this deficiency, we propose a novel distributed transmission power control protocol called the distributed power level (DPL) protocol for multi-channel ad hoc wireless networks. DPL allocates different maximum allowable power values to different channels so that the nodes that require higher transmission power are separated from interfering with the nodes that require lower transmission power. As a result, nodes select their channels based on their minimum required transmission power to reduce interference over the channels. We also introduce two TPC modes for the DPL protocol: symmetrical and asymmetrical. For the symmetrical mode, nodes transmit at the power that has been assigned to the selected channel, thereby creating symmetrical links over any channel. The asymmetrical mode, on the other hand, allows nodes to transmit at a power that can be lower than or equal to the power assigned to the selected channel. In the second part of this thesis, we propose the multi-channel MAC protocol with hopping reservation (MMAC-HR) for multi-hop ad hoc networks to overcome the multi-channel exposed terminal problem, which leads to poor channel utilization over multiple channels. The proposed protocol is distributed, does not require clock synchronization, and fully supports broadcasting information. In addition, MMAC-HR does not require nodes to monitor the control channel in order to determine whether or not data channels are idle; instead, MMAC-HR employs carrier sensing and independent slow channel hopping without exchanging information to reduce the overhead. In the last part of this thesis, a novel multi-channel MAC protocol is developed without requiring any change to the IEEE 802.11 standard known as the dynamic switching protocol (DSP) based on the parallel rendezvous approach. DSP utilizes the available channels by allowing multiple transmissions at the same time and avoids congestion because it does not need a dedicated control channel and enables nodes dynamically switch among channels. Specifically, DSP employs two half-duplex interfaces: One interface follows fast hopping and the other one follows slow hopping. The fast hopping interface is used primarily for transmission and the slow hopping interface is used generally for reception. Moreover, the slow hopping interface never deviates from its default hopping sequence to avoid the busy receiver problem. Under single-hop ad hoc environments, an analytical model is developed and validated. The maximum saturation throughput and theoretical throughput upper limit of the proposed protocol are also obtained. Ad hoc Networks multiple channels Transmission power control Medium Access Control frequency hopping sequence multiple (parallel) rendezvous protocol Electrical and Computer Engineering
535	Le couplage de données et la protection de la vie privée informationnelle sous l'article 8 de la Charte canadienne / Arès, Sébastien January 2005 (has links) Data matching is the automated process permitting the comparison of significant amounts of personal data from two or more different databanks in order to produce new information. Its use by governments implicates many rights and freedoms, including the protection against unreasonable search and seizure under section 8 of the Canadian Charter. / In the author's opinion, a governmental data matching program will probably constitute a search or seizure under section 8 when a positive answer is given to two questions. First, is there a use or transfer of information which implicates constitutionally protected information? Generally, section 8 will only protect biographical personal information, as described in the Plant case. Second, one must determine if a reasonable expectation of privacy exists as to the purpose for which the information will be used. In other words, one must determine if the two governmental databanks are separate on the constitutional level. / However, a positive answer to both of theses questions does not mean that the matching program necessarily infringes section 8. It will not be considered unreasonable if it is authorised by law, if the law itself is reasonable, and if the execution of the program is reasonable. Presuming that the program is authorised by law, it is probable that a matching program aimed to detect individuals collecting illegally social benefits will not be considered unreasonable. Statistical matching Privacy, Right of -- Canada
536	建構可重用與細緻化的剖面導向存取控管框架 / Building a Reusable and Fine-grained Aspect-Oriented Access Control Framework 黃植懋, Huang , Chih-Mao Unknown Date (has links) 隨著網路應用的發達與普及，應用系統的安全防護非常重要，但是要將安全方防護方面的設計與製作做好，卻不容易。因為與安全相關的程式碼必須嵌入到應用系統的各個模組中去執行，具有橫跨（cross-cutting）的特性。在設計時，若不加以區分，仍然以一般的物件或是函式模組來將其模組化的話，往往造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象，當系統愈趨複雜時，這些問題就愈顯嚴重，結果導致系統不易維護且錯誤頻仍。最近興起的剖面導向程式設計（Aspect-Oriented Programming）基於關注分離的原則（Separation of Concerns），針對像安全這類橫跨性的需求，倡議在原有的物件或函式模組外，另以剖面（aspect）作為這些橫跨性需求的模組單位，以大幅改善應用系統的模組性。近兩三年來，這方面的發展迅速，各種支援方面導向的程式語言與相關工具相繼推出，美國全錄公司柏拉圖實驗室發展的AspectJ語言就是一個具代表性的成果。本論文以剖面導向的原則，以AspectJ及JBossAOP為主要工具，針對Web應用程式在認證與存取控管方面的安全需求，設計與製作一套具重用性且可處理資料內容相關、細緻層級的存取控管框架。 / Access control is a system-wide concern that has both a generic nature and an application dependent characteristic. It is generic as many functions must be protected with restricted access, yet the rule to grant a request is highly dependent on the application state. Hence it is common to see the code for implementing access control scattered over the system and tangled with the functional code, making the system difficult to maintain. This thesis addresses this issue for Web applications by presenting a practical access control framework based on aspect-oriented programming (AOP). Our approach accommodates a wide range of access control requirements of different granularity. AOP supports the modular implementation of access control while still enables the code to get a hold of the application state. Moreover, framework technology offers a balanced view between reuse and customization. As a result, our framework is able to enforce fine-grained access control for Web applications in a highly adaptable manner. 存取控管剖面導向程式設計框架網頁應用程式 Access Control Aspect-Oriented Programming Framework Web Applications
537	Contrôle d’Accès Sécurisé dans l’Info-Nuage Mobile (Secure Access Control in Mobile Cloud) Baseri, Yaser 11 1900 (has links) No description available. Contrôle d'accès Services basés sur la localisation Info-nuage mobile Chiffrement basé sur les attributs Access Control Mobile Cloud Attribute-Based Encryption Location-Based Services Theology / Théologie (UMI : 0469)
538	Protection obligatoire répartie : usage pour le calcul intensif et les postes de travail / Distributed mandatory protection Gros, Damien 30 June 2014 (has links) La thèse porte sur deux enjeux importants de sécurité. Le premier concerne l’amélioration de la sécurité des systèmes Linux présents dans le calcul intensif et le second la protection des postes de travail Windows. Elle propose une méthode commune pour l’observation des appels système et la répartition d’observateurs afin de renforcer la sécurité et mesurer les performances obtenues. Elle vise des observateurs du type moniteur de référence afin de garantir de la confidentialité et de l’intégrité. Une solution utilisant une méthode de calcul intensif est mise en oeuvre pour réduire les surcoûts de communication entre les deux moniteurs de référence SELinux et PIGA. L’évaluation des performances montre les surcoûts engendrés par les moniteurs répartis et analyse la faisabilité pour les différents noeuds d’environnements de calcul intensif. Concernant la sécurité des postes de travail, un moniteur de référence est proposé pour Windows. Il repose sur les meilleures protections obligatoires issues des systèmes Linux et simplifie l’administration. Nous présentons une utilisation de ce nouveau moniteur pour analyser le fonctionnement de logiciels malveillants. L’analyse permet une protection avancée qui contrôle l’ensemble du scénario d’attaque de façon optimiste. Ainsi, la sécurité est renforcée sans nuire aux activités légitimes. / This thesis deals with two major issues in the computer security field. The first is enhancing the security of Linux systems for scientific computation, the second is the protection of Windows workstations. In order to strengthen the security and measure the performances, we offer a common method for the distributed observation of system calls. It relies on reference monitors to ensure confidentiality and integrity. Our solution uses specific high performance computing technologies to lower the communication latencies between the SELinux and PIGA monitors. Benchmarks study the integration of these distributed monitors in the scientific computation. Regarding workstation security, we propose a new reference monitor implementing state of the art protection models from Linux and simplifying administration. We present how to use our monitor to analyze the behavior of malware. This analysis enables an advanced protection to prevent attack scenarii in an optimistic manner. Thus, security is enforced while allowing legitimate activities. Sécurité Contrôle d’accès obligatoire Systèmes d’exploitation Logiciels malveillants Poste de travail Calcul intensif Security Mandatory access control Operating systems Malware Workstation High performance computing laborat
539	Segurança em gerenciamento de redes baseado em web services / Security in web services-based network management Rohr, Estêvão Miguel Zanette January 2009 (has links) A área de gerência de redes encontra uma série de desafios desde seu príncipio. O protocolo que surgiu como padrão para gerência de redes, o SNMP, possui uma série de limitações, por exemplo, no tocante à segurança, configuração de equipamentos e composição de serviços. Por essa razão, tecnologias alternativas para o gerenciamento de redes têm sido pesquisadas. A tecnologia de Web Services surgiu como forte alternativa, por características como o uso de padrões amplamente suportados (HTTP e XML) e modelo de desenvolvimento orientado a serviços. Pesquisas iniciais demonstraram que os Web Services são uma alternativa viável em termos de desempenho. Assim, o uso de Web Services em áreas específicas de gerência de redes, como notificações e gerência por delegação, tem sido pesquisado. Porém, há carência de estudos sobre o uso de segurança no gerenciamento de redes via Web Services. Os Web Services trazem facilidade para uso de segurança, que é vital para a gerência de redes, e este é o foco deste trabalho. É proposta uma arquitetura de integração de segurança à comunicação de mensagens de gerenciamento de redes via Web Services. Para isso, foram utilizados o padrão WS-Security, para segurança em Web Services, e o padrão WS-Management, para gerenciamento de redes via Web Services. Também foi integrado controle de acesso à arquitetura, com uso do padrão XACML. Uma avaliação de desempenho foi realizada para verificar o impacto do uso de segurança, e comparações com SNMPv3 foram realizadas na solução de controle de acesso via XACML. Os testes mostram que, como é tradicional, a segurança tem impacto considerável no tempo de processamento e tráfego na rede. Porém, a arquitetura e implementação realizadas comprovam que, também na área de segurança, a tecnologia de Web Services tem aplicação eficaz para o gerenciamento de redes. / The network management field has several challenges since its beginning. The standard protocol for network management, SNMP, has many drawbacks, related to security, device configuration, and service composition. For these reason, alternative technologies for network management have been investigated. Web Services technology emerged as a strong solution, due to advantages such as employing widely supported standards (HTTP and XML) and service-oriented development model. The first performed investigations in the area showed that Web Services are a valid alternative to SNMP in terms of performance. Thus, Web Services usage in specific areas of network management, such as notifications and management by delegation, have been researched. However, there are currently no studies on security aspects of Web Services-based network management. Web Services enable easy integration of security, which is mandatory for network management, and this is the main goal of this work. An architecture is proposed for security integration in a network management message communication using Web Services. The standards used in this architecture were WSSecurity, which enables security in Web Services, and WS-Management, which targets Web Services-based network management. Access control integration was also developed, using XACML standard. A performance evaluation was carried out in order to verify security usage impact, and comparisons with SNMPv3 were performed in XACML access control solution. Tests showed that, as expected, security has a considerable impact in processing time and network traffic. However, the architecture and implementation show that, also in the security area, the Web Services technology has effective aplication in network management. Redes : Computadores Gerencia : Redes : Computadores Serviços Web Network management SNMP Web services Security Network security Web services security Access control WS-security XACML WS-management VACM
540	Towards a framework for securing a business against electronic identity theft Bechan, Upasna 30 November 2008 (has links) The continuing financial losses incurred by individuals and companies due to identity information being phished are necessitating more innovative approaches to solving the problem of phishing attacks at the company level. Security standards are developed by respected experts in the profession and are widely accepted in the industry. The purpose of this study was to investigate whether a standard can be adapted to develop a framework that may guide companies in determining how to protect themselves against phishing attacks. A qualitative approach using design research as the methodology was used during the research. The data collection took place by means of a literature survey and semi-structured interviews. The artefact developed was a phishing-prevention framework based on the ISO/IEC 17799 standard, and the evaluation thereof took place through test cases. The findings communicated to the managerial audience was a set of recommendations as a further investment in their security protection against phishing attacks; the findings communicated to the technical audience was the successful adaptation of an existing security standard to produce a usable framework. Further research initiatives should extend the types of test cases that the phishing-prevention framework was evaluated against, and explore the use of tools for determining compliance with the framework. / Theoretical Computing / M. Sc. (Information Systems) Phishing Identity theft Standards Qualitative Design science ISO/IEC 17799 Interviews Framework Security 005.8 Phishing Identity theft Identity theft -- Prevention Identity theft -- Prevention Computer -- Access control

Search results