Global ETD Search

561	A standards-based security model for health information systems Thomson, Steven Michael January 2008 (has links) In the healthcare environment, various types of patient information are stored in electronic format. This prevents the re-entering of information that was captured previously. In the past this information was stored on paper and kept in large filing cabinets. However, with the technology advancements that have occurred over the years, the idea of storing patient information in electronic systems arose. This led to a number of electronic health information systems being created, which in turn led to an increase in possible security risks. Any organization that stores information of a sensitive nature must apply information security principles in order to ensure that the stored information is kept secure. At a basic level, this entails ensuring the confidentiality, integrity and availability of the information, which is not an easy feat in today’s distributed and networked environments. This paved the way for organized standardization activities in the areas of information security and information security management. Throughout history, there have been practices that were created to help “standardize” industries of all areas, to the extent that there are professional organizations whose main objective it is to create such standards to help connect industries all over the world. This applies equally to the healthcare environment, where standardization took off in the late eighties. Healthcare organizations must follow standardized security measures to ensure that patient information stored in health information systems is kept secure. However, the proliferation in standards makes it difficult to understand, adopt and deploy these standards in a coherent manner. This research, therefore, proposes a standards-based security model for health information systems to ensure that such standards are applied in a manner that contributes to securing the healthcare environment as a whole, rather than in a piecemeal fashion.
562	An information privacy model for primary health care facilities Boucher, Duane Eric January 2013 (has links) The revolutionary migration within the health care sector towards the digitisation of medical records for convenience or compliance touches on many concerns with respect to ensuring the security of patient personally identifiable information (PII). Foremost of these is that a patient’s right to privacy is not violated. To this end, it is necessary that health care practitioners have a clear understanding of the various constructs of privacy in order to ensure privacy compliance is maintained. This research project focuses on an investigation of privacy from a multidisciplinary philosophical perspective to highlight the constructs of information privacy. These constructs together with a discussion focused on the confidentiality and accessibility of medical records results in the development of an artefact represented in the format of a model. The formulation of the model is accomplished by making use of the Design Science research guidelines for artefact development. Part of the process required that the artefact be refined through the use of an Expert Review Process. This involved an iterative (three phase) process which required (seven) experts from the fields of privacy, information security, and health care to respond to semi-structured questions administered with an interview guide. The data analysis process utilised the ISO/IEC 29100:2011(E) standard on privacy as a means to assign thematic codes to the responses, which were then analysed. The proposed information privacy model was discussed in relation to the compliance requirements of the South African Protection of Personal Information (PoPI) Bill of 2009 and their application in a primary health care facility. The proposed information privacy model provides a holistic view of privacy management that can residually be used to increase awareness associated with the compliance requirements of using patient PII. Data protection Privacy, Right of Medical records -- Access control Primary health care Medical care Caregivers Community health nursing Confidential communications Information technology -- Management
563	Modely řízení přístupu ke zdrojům operačního systému / Operating Systems' Resource Access Control Models Vopička, Adam January 2010 (has links) The thesis deals with models used in access control to operating systems' resources. The thesis' goals are the theoretical description of these models and their comparison, the description of their implementations in selected operating systems and the description of their utilization in securing typified servers. In the first chapter, the reader is introduced to basic terms and principles of computer security and access control. In the second, also theoretical part, selected access control models are described from different viewpoints, for example their factual specialization, basic rules, principles and evolution. At the end of the chapter, the models are compared to each other according to specified criteria. The third, more practically oriented chapter, continues from the initial, both general and concrete introduction with operating systems, to description of access control model implementations in selected operating systems. At the end of the chapter, these implementations too are compared according to specified criteria. The fourth, final part, is dedicated to the description of the actual securing of a web and file server using operating system level access control means. The end of the chapter is dedicated to the possibilities of using these means to secure web applications. The contribution of this thesis from the theoretical point of view is a well-arranged and compact access control model comparison, and also the merger of the theoretical base with practical use of the described model implementations. The thesis is recommended to people interested in the computer security issues in general and people interested in access control from both theoretical and practical sides, e.g. system administrators or system designers.
564	Direct Online/Offline Digital Signature Schemes. Yu, Ping 12 1900 (has links) Online/offline signature schemes are useful in many situations, and two such scenarios are considered in this dissertation: bursty server authentication and embedded device authentication. In this dissertation, new techniques for online/offline signing are introduced, those are applied in a variety of ways for creating online/offline signature schemes, and five different online/offline signature schemes that are proved secure under a variety of models and assumptions are proposed. Two of the proposed five schemes have the best offline or best online performance of any currently known technique, and are particularly well-suited for the scenarios that are considered in this dissertation. To determine if the proposed schemes provide the expected practical improvements, a series of experiments were conducted comparing the proposed schemes with each other and with other state-of-the-art schemes in this area, both on a desktop class computer, and under AVR Studio, a simulation platform for an 8-bit processor that is popular for embedded systems. Under AVR Studio, the proposed SGE scheme using a typical key size for the embedded device authentication scenario, can complete the offline phase in about 24 seconds and then produce a signature (the online phase) in 15 milliseconds, which is the best offline performance of any known signature scheme that has been proven secure in the standard model. In the tests on a desktop class computer, the proposed SGS scheme, which has the best online performance and is designed for the bursty server authentication scenario, generated 469,109 signatures per second, and the Schnorr scheme (the next best scheme in terms of online performance) generated only 223,548 signatures. The experimental results demonstrate that the SGE and SGS schemes are the most efficient techniques for embedded device authentication and bursty server authentication, respectively. bursty server authentication standard model Online/offline digital signature schemes embedded dvice authentication Digital signatures. Computer networks -- Access control. Computer networks -- Security measures.
565	A cross-layer approach for optimizing the efficiency of wireless sensor and actor networks Kohlmeyer, Eckhard Bernhard 25 June 2009 (has links) Recent development has lead to the emergence of distributed Wireless Sensor and Actor Networks (WSAN), which are capable of observing the physical environment, processing the data, making decisions based on the observations and performing appropriate actions. WSANs represent an important extension of Wireless Sensor Networks (WSNs) and may comprise a large number of sensor nodes and a smaller number of actor nodes. The sensor nodes are low-cost, low energy, battery powered devices with restricted sensing, computational and wireless communication capabilities. Actor nodes are resource richer with superior processing capabilities, higher transmission powers and a longer battery life. A basic operational scenario of a typical WSAN application follows the following sequence of events. The physical environment is periodically sensed and evaluated by the sensor nodes. The sensed data is then routed towards an actor node. Upon receiving sensed data, an actor node performs an action upon the physical environment if necessary, i.e. if the occurrence of a disturbance or critical event has been detected. The specific characteristics of sensor and actor nodes combined with some stringent application constraints impose unique requirements for WSANs. The fundamental challenges for WSANs are to achieve low latency, high energy efficiency and high reliability. The latency and energy efficiency requirements are in a trade-off relationship. The communication and coordination inside WSANs is managed via a Communication Protocol Stack (CPS) situated on every node. The requirements of low latency and energy efficiency have to be addressed at every layer of the CPS to ensure overall feasibility of the WSAN. Therefore, careful design of protocol layers in the CPS is crucial in attempting to meet the unique requirements and handle the abovementioned trade-off relationship in WSANs. The traditional CPS, comprising the application, network, medium access control and physical layer, is a layered protocol stack with every layer, a predefined functional entity. However, it has been found that for similar types of networks with similar stringent network requirements, the strictly layered protocol stack approach performs at a sub-optimal level with regards to network efficiency. A modern cross-layer paradigm, which proposes the employment of interactions between layers in the CPS, has recently attracted a lot of attention. The cross-layer approach promotes network efficiency optimization and promises considerable performance gains. It is found that in literature, the adoption of this cross-layer paradigm has not yet been considered for WSANs. In this dissertation, a complete cross-layer enabled WSAN CPS is developed that features the adoption of the cross-layer paradigm towards promoting optimization of the network efficiency. The newly proposed cross-layer enabled CPS entails protocols that incorporate information from other layers into their local decisions. Every protocol layer provides information identified as beneficial to another layer(s) in the CPS via a newly proposed Simple Cross-Layer Framework (SCLF) for WSANs. The proposed complete cross-layer enabled WSAN CPS comprises a Cross-Layer enabled Network-Centric Actuation Control with Data Prioritization (CL-NCAC-DP) application layer (APPL) protocol, a Cross-Layer enabled Cluster-based Hierarchical Energy/Latency-Aware Geographic Routing (CL-CHELAGR) network layer (NETL) protocol and a Cross-Layer enabled Carrier Sense Multiple Access with Minimum Preamble Sampling and Duty Cycle Doubling (CL-CSMA-MPS-DCD) medium access control layer (MACL) protocol. Each of these protocols builds on an existing simple layered protocol that was chosen as a basis for development of the cross-layer enabled protocols. It was found that existing protocols focus primarily on energy efficiency to ensure maximum network lifetime. However, most WSAN applications require latency minimization to be considered with the same importance. The cross-layer paradigm provides means of facilitating the optimization of both latency and energy efficiency. Specifically, a solution to the latency versus energy trade-off is given in this dissertation. The data generated by sensor nodes is prioritised by the APPL and depending on the delay-sensitivity, handled in a specialised manor by every layer of the CPS. Delay-sensitive data packets are handled in order to achieve minimum latency. On the other hand, delay-insensitive non critical data packets are handled in such a way as to achieve the highest energy efficiency. In effect, either latency minimization or energy efficiency receives an elevated precedence according to the type of data that is to be handled. Specifically, the cross-layer enabled APPL protocol provides information pertaining to the delay-sensitivity of sensed data packets to the other layers. Consequently, when a data packet is detected as highly delay-sensitive, the cross-layer enabled NETL protocol changes its approach from energy efficient routing along the maximum residual energy path to routing along the fastest path towards the cluster-head actor node for latency minimizing of the specific packet. This is done by considering information (contained in the SCLF neighbourhood table) from the MACL that entails wakeup schedules and channel utilization at neighbour nodes. Among the added criteria, the next-hop node is primarily chosen based on the shortest time to wakeup. The cross-layer enabled MACL in turn employs a priority queue and a temporary duty cycle doubling feature to enable rapid relaying of delay-sensitive data. Duty cycle doubling is employed whenever a sensor node’s APPL state indicates that it is part of a critical event reporting route. When the APPL protocol state (found in the SCLF information pool) indicates that the node is not part of the critical event reporting route anymore, the MACL reverts back to promoting energy efficiency by disengaging duty cycle doubling and re-employing a combination of a very low duty cycle and preamble sampling. The APPL protocol conversely considers the current queue size of the MACL and temporarily halts the creation of data packets (only if the sensed value is non critical) to prevent a queue overflow and ease congestion at the MACL By simulation it was shown that the cross-layer enabled WSAN CPS consistently outperforms the layered CPS for various network conditions. The average end-to-end latency of delay-sensitive critical data packets is decreased substantially. Furthermore, the average end-to-end latency of delay-insensitive data packets is also decreased. Finally, the energy efficiency performance is decreased by a tolerable insignificant minor margin as expected. The trivial increase in energy consumption is overshadowed by the high margin of increase in latency performance for delay-sensitive critical data packets. The newly proposed cross-layer CPS achieves an immense latency performance increase for WSANs, while maintaining excellent energy efficiency. It has hence been shown that the adoption of the cross-layer paradigm by the WSAN CPS proves hugely beneficial with regards to the network efficiency performance. This increases the feasibility of WSANs and promotes its application in more areas. / Dissertation (MEng)--University of Pretoria, 2009. / Electrical, Electronic and Computer Engineering / unrestricted Cross-layering Wireless sensor actor network Cross-layer framework Latency Preamble sampling Energy efficient Medium access control Data prioritization Aggregation Hierarchical routing Clustering Distributed control Network centric UCTD
566	Evaluating finite state machine based testing methods on RBAC systems / Avaliação de métodos de teste baseado em máquinas de estados finitos em sistemas RBAC Carlos Diego Nascimento Damasceno 09 May 2016 (has links) Access Control (AC) is a major pillar in software security. In short, AC ensures that only intended users can access resources and only the required access to accomplish some task will be given. In this context, Role Based Access Control (RBAC) has been established as one of the most important paradigms of access control. In an organization, users receive responsibilities and privileges through roles and, in AC systems implementing RBAC, permissions are granted through roles assigned to users. Despite the apparent simplicity, mistakes can occur during the development of RBAC systems and lead to faults or either security breaches. Therefore, a careful verification and validation process becomes necessary. Access control testing aims at showing divergences between the actual and the intended behavior of access control mechanisms. Model Based Testing (MBT) is a variant of testing that relies on explicit models, such as Finite State Machines (FSM), for automatizing test generation. MBT has been successfully used for testing functional requirements; however, there is still lacking investigations on testing non-functional requirements, such as access control, specially in test criteria. In this Master Dissertation, two aspects of MBT of RBAC were investigated: FSM-based testing methods on RBAC; and Test prioritization in the domain of RBAC. At first, one recent (SPY) and two traditional (W and HSI) FSM-based testing methods were compared on RBAC policies specified as FSM models. The characteristics (number of resets, average test case length and test suite length) and the effectiveness of test suites generated from the W, HSI and SPY methods to five different RBAC policies were analyzed at an experiment. Later, three test prioritization methods were compared using the test suites generated in the previous investigation. A prioritization criteria based on RBAC similarity was introduced and compared to random prioritization and simple similarity. The obtained results pointed out that the SPY method outperformed W and HSI methods on RBAC domain. The RBAC similarity also achieved an Average Percentage Faults Detected (APFD) higher than the other approaches. / Controle de Acesso (CA) é um dos principais pilares da segurança da informação. Em resumo, CA permite assegurar que somente usuários habilitados terão acesso aos recursos de um sistema, e somente o acesso necessário para a realização de uma dada tarefa será disponibilizado. Neste contexto, o controle de acesso baseado em papel (do inglês, Role Based Access Control - RBAC) tem se estabelecido como um dos mais importante paradigmas de controle de acesso. Em uma organização, usuários recebem responsabilidades por meio de cargos e papéis que eles exercem e, em sistemas RBAC, permissões são distribuídas por meio de papéis atribuídos aos usuários. Apesar da aparente simplicidade, enganos podem ocorrer no desenvolvimento de sistemas RBAC e gerar falhas ou até mesmo brechas de segurança. Dessa forma, processos de verificação e validação tornam-se necessários. Teste de CA visa identificar divergências entre a especificação e o comportamento apresentado por um mecanismo de CA. Teste Baseado em Modelos (TBM) é uma variante de teste de software que se baseia em modelos explícitos de especificação para automatizar a geração de casos testes. TBM tem sido aplicado com sucesso no teste funcional, entretanto, ainda existem lacunas de pesquisa no TBM de requisitos não funcionais, tais como controle de acesso, especialmente de critérios de teste. Nesta dissertação de mestrado, dois aspectos do TBM de RBAC são investigados: métodos de geração de teste baseados em Máquinas de Estados Finitos (MEF) para RBAC; e priorização de testes para RBAC. Inicialmente, dois métodos tradicionais de geração de teste, W e HSI, foram comparados ao método de teste mais recente, SPY, em um experimento usando políticas RBAC especificadas como MEFs. As características (número de resets, comprimento médio dos casos de teste e comprimento do conjunto de teste) e a efetividade dos conjuntos de teste gerados por cada método para cinco políticas RBAC foram analisadas. Posteriormente, três métodos de priorização de testes foram comparados usando os conjuntos de teste gerados no experimento anterior. Neste caso, um critério baseado em similaridade RBAC foi proposto e comparado com a priorização aleatória e baseada em similaridade simples. Os resultados obtidos mostraram que o método SPY conseguiu superar os métodos W e HSI no teste de sistemas RBAC. A similaridade RBAC também alcançou uma detecção de defeitos superior. Controle de acesso Máquinas de estados finitos Priorização de testes RBAC Teste baseado em modelos Access control Finite state machine Model based testing RBAC Test priorization
567	Uma proposta de protocolo token ring sem fio / A Proposal Wireless Token Ring Protocol Adroaldo Lazouriano Moreira Borges 23 January 2014 (has links) O protocolo Token Ring sem o (WTRP) é um protocolo distribuído de controle de acesso ao meio que provê qualidade de serviço em termos de uso de largura de banda e latência limitada. WTRP consiste de nós (estações) que formam topologicamente um anel. Contudo, quando o número de nós em um anel aumenta a latência aumenta e o tempo de reuso de token por parte de um nó em anel também aumenta. Neste trabalho, apresentamos uma versão extendida de WTRP com foco em reduzir a latência, tempo de reuso de token e permitir encaminhamento de dados entre anéis sem aumentar signicativamente o consumo de energia. Para provar o conceito que propomos, implementamos e testamos a nossa versão de WTRP usando simulador de rede - NS. / Wireless Token Ring Protocol (WTRP) is a distributed Medium Access Control protocol that provides quality of service in terms of reserved bandwidth and limited latency]. It consists of nodes or stations structured in ring topology. However, when the number of nodes in a ring increases latency and time of a node reuse token increases. In this work, we present an extended version WTRP that focus on reducing latency, time of token reuse and data forwarding among the rings in a MANet , without suggestive increasing of energy consumption. We have implemented and tested our version of WTRP in network simulator - NS. anel de anéis MANet protocolo de controle de acesso ao meio Token Ring sem fio MANet Medium Access Control protocol Ring of rings Wireless Token Ring
568	Taxonomy of synchronization and barrier as a basic mechanism for building other synchronization from it Braginton, Pauline 01 January 2003 (has links) A Distributed Shared Memory(DSM) system consists of several computers that share a memory area and has no global clock. Therefore, an ordering of events in the system is necessary. Synchronization is a mechanism for coordinating activities between processes, which are program instantiations in a system. Computers -- Access control Algorithms -- Data processing Data structures (Computer science) Time-sharing computer systems Numerical taxonomy Synchronous data transmission systems OS and Networks
569	Design and Implementation of Digital Information Security for Physical Documents Wang, Pengcheng 17 July 2015 (has links) The objective of this thesis is to improve the security for physical paper documents. Providing information security has been difficult in environments that rely on physical paper documents to implement business processes. Our work presents the design of a digital information security system for paper documents, called "CryptoPaper", that uses 2-dimensional codes to represent data and its security properties on paper. A special scanner system is designed for "CryptoPaper" which uses image recognition techniques and cloud-based access control to display plaintext of encrypted and encoded data to authorized users. QR code access control image processing confidentiality physical paper document Computer Engineering Computer Sciences Databases and Information Systems Electrical and Computer Engineering Information Security Software Engineering Systems Architecture
570	Fyzická bezpečnost v průmyslovém podniku / Physical Security in an Industrial Company Konečný, Pavel January 2017 (has links) The diploma thesis focuses on physical security solutions in an organization acting in a metallurgy segment. The analytical part identifies the weaknesses in individual areas of physical security according to ČSN/ISO 27 000 regulation. The practical part is divided into individual chapters bringing suggestions for corrections, modernization and modifications of the system. The theoretical part deals mainly with clarification of the terminology and proceses used in the practical part. I see the benefit of my work in the practical suggestions for the changes. If they are implemented correctly, the physical security of the organization will be of high quality.

Search results