Global ETD Search

591	The Effects of Different Confidentiality Conditions on Adolescent Minor Patients' Self-Report of Behavioral and Emotional Problems Drake, David Warren 05 1900 (has links) The primary purpose of the present study was to determine if information regarding potential parental or legal guardian access to mental health information would deleteriously impact male and female adolescent psychiatric patients' willingness to self-report personal problems and symptoms. Adolescent psychology. Self-disclosure in adolescence. Medical records -- Access control. mental health information self-report personal problems
592	Decentralized Learning over Wireless Networks with Imperfect and Constrained Communication : To broadcast, or not to broadcast, that is the question! Dahl, Martin January 2023 (has links) The ever-expanding volume of data generated by network devices such as smartphones, personal computers, and sensors has significantly contributed to the remarkable advancements in artificial intelligence (AI) and machine learning (ML) algorithms. However, effectively processing and learning from this extensive data usually requires substantial computational capabilities centralized in a server. Moreover, concerns regarding data privacy arise when collecting training data from distributed network devices. To address these challenges, collaborative ML with decentralized data has emerged as a promising solution for large-scale machine learning across distributed devices, driven by the parallel computing and learning trends. Collaborative and distributed ML can be broadly classified into two types: server-based and fully decentralized, based on whether the model aggregation is coordinated by a parameter server or performed in a decentralized manner through peer-to-peer communication. In cases where communication between devices occurs over wireless links, which are inherently imperfect, unreliable, and resource-constrained, how can we design communication protocols to achieve the best learning performance? This thesis investigates decentralized learning using decentralized stochastic gradient descent, an established algorithm for decentralized ML, in a novel setting with imperfect and constrained communication. "Imperfect" implies that communication can fail and "constrained" implies that communication resources are limited. The communication across a link between two devices is modeled as a binary event with either success or failure, depending on if multiple neighbouring devices are transmitting information. To compensate for communication failures, every communication round can have multiple communication slots, which are limited and must be carefully allocated over the learning process. The quality of communication is quantified by introducing normalized throughput, describing the ratio of successful links in a communication round. To decide when devices should broadcast, both random and deterministic medium access policies have been developed with the goal of maximizing throughput, which has shown very efficient learning performance. Finally, two schemes for allocating communication slots over communication rounds have been defined and simulated: Delayed-Allocation and the Periodic-Allocation schemes, showing that it is better to allocate slots late rather than early, and neither too frequently nor infrequently which can depend on several factors and requires further study Decentralized Learning Medium Access Control Wireless Communications Machine Learning Imperfect Communication Resource-Constrained Resource Allocation Scheduling Communication Systems Kommunikationssystem
593	A Comparative Analysis of SecurityServices Using Identity and AccessManagement (IAM) Muddychetty, Nithya Sree January 2024 (has links) Background: Identity and Access Management (IAM) is a critical IT securityframework for managing digital identities and resource access. With roots datingback to ancient civilizations, IAM has evolved from basic authentication to sophisticated methods. Okta, a leading cloud-based IAM platform founded in 2009, excelsin identity management, authentication, and access control. It is recognized for itscommitment to security and adaptability to cybersecurity challenges. As of October2023, Okta maintains its prominent position in the IAM market, acknowledged byGartner’s Magic Quadrant for Access Management, worldwide. Objectives: The objective of this thesis is to conduct a comprehensive comparative analysis of security services, specifically focusing on their integration with IAMsolutions. This investigation seeks to provide an examination of security serviceslike Multi-factor authentication (MFA) and Single Sign On (SSO) and evaluate theireffectiveness in conjunction with IAM. By doing so, we aim to determine which security approach offers the most robust protection in our digitally interconnected world. Methods: The primary goal of this methodology is to create a robust, secure,and user-friendly authentication and access management system using Okta withinan IAM framework. This involves the integration of both MFA and SSO features.To kickstart the process, we establish a controlled environment that mirrors thereal-world scenarios. Okta is chosen as the IAM tool, and its deployment involvesmanaging user identities, controlling access, and handling authentication. Results: The result of the study on the comparative analysis of security servicesusing IAM reveals distinct differences in the effectiveness and features among securityservices. Key findings highlight variations in authentication methods, authorizationmechanisms, and overall security robustness. This comprehensive examination provides valuable insights into the strengths and weaknesses of different IAM-basedsecurity services, offering a foundation for informed decision-making in selecting themost suitable solution for specific organizational needs. Conclusions: This thesis conclusively demonstrates the efficacy of integrating SSOand MFA into IAM. The incorporation of Biometric Authentication and Time basedOne Time-Password (TOTP) in MFA garnered strong user preference. SSO implementation streamlined authentication, reducing steps and enhancing ease of use.The overwhelmingly positive user feedback and robust security measures validateSSO+MFA as a valuable contribution to IAM, ensuring data security and user confidence. Access Control Lists Identity Access Management Multi-Factor Authentication One time password Single sign on System Usability Scale Virtual private network Computer Sciences Datavetenskap (datalogi)
594	Implementation and Analysis of Authentication and Authorization Methods in a Microservice Architecture : A Comparison Between Microservice Security Design Patterns for Authentication and Authorization Flows / Implementation och Analys av Autentisering och Auktoriseringsmetoder i en Microservicearkitektur : En Jämförelse Mellan Säkerhetsdesignmönster för Autentisering och Auktorisering i Microservices Tran Florén, Simon January 2021 (has links) Microservices have emerged as an attractive alternative to more classical monolithic software application architectures. Microservices provides many benefits that help with code base comprehension, deployability, testability, and scalability. As the Information technology (IT) industry has grown ever larger, it makes sense for the technology giants to adopt the microservice architecture to make use of these benefits. However, with new software solutions come new security vulnerabilities, especially when the technology is new and vulnerabilities are yet to be fully mapped out. Authentication and authorization are the cornerstone of any application that has a multitude of users. However, due to the lack of studies of microservices, stemming from their relatively young age, there are no standardized design patterns for how authentication and authorization are best implemented in a microservice. This thesis investigates an existing microservice in order to secure it by applying what is known as a security design pattern for authentication and authorization. Different security patterns were tested and compared on performance. The differing levels of security provided by these approaches assisted in identifying an acceptable security versus performance trade-off. Ultimately, the goal was to give the patterns greater validity as accepted security patterns within the area of microservice security. Another goal was to find such a security pattern suitable for the given microservice used in this project. The results showed a correlation between increased security and longer response times. For the general case a security pattern which provided internal authentication and authorization but with some trust between services was suggested. If horizontal scaling was used the results showed that normal services proved to be the best target. Further, it was also revealed that for lower user counts the performance penalties were close to equal between the tested patterns. This meant that for the specific case where microservices sees lower amounts of traffic the recommended pattern was the one that implemented the maximum amount access control checks. In the case for the environment where the research were performed low amounts of traffic was seen and the recommended security pattern was therefore one that secured all services of the microservices. / Mikrotjänster har framträtt som ett mer attraktivt alternativ än mer konventionella mjukvaruapplikationsarkitekturer såsom den monolitiska. Mikrotjänster erbjuder flera fördelar som underlättar med en helhetsförståelse för kodbasen, driftsättning, testbarhet, och skalbarhet. Då IT industrin har växt sig allt större, så är det rimligt att tech jättar inför mikrotjänstarkitekturen för att kunna utnyttja dessa fördelar. Nya mjukvarulösningar medför säkerhetsproblem, speciellt då tekniken är helt ny och inte har kartlagts ordentligt. Autentisering och auktorisering utgör grunden för applikationer som har ett flertal användare. Då mikrotjänster ej hunnit blivit utförligt täckt av undersökning, på grund av sin relativt unga ålder, så finns det ej några standardiserade designmönster för hur autentisering och auktorisering är implementerade till bästa effekt i en mikrotjänst. Detta examensarbete undersöker en existerande mikrotjänst för att säkra den genom att applicera vad som är känt som ett säkerhetsdesignmönster för autentisering och auktorisering. Olika sådana mönster testades och jämfördes baserat på prestanda i olika bakgrunder. De varierade nivåerna av säkerhet från de olika angreppssätten som säkerhetsmönstrena erbjöd användes för att identifiera en acceptabel kompromiss mellan säkerhet mot prestanda. Målet är att i slutändan så kommer detta att ge mönstren en högre giltighet när det kommer till att bli accepterade som säkerhetsdesignmönster inom området av mikrotjänstsäkerhet. Ett annat mål var att hitta den bästa kandidaten bland dessa säkerhetsmönster för den givna mikrotjänsten som användes i projektet. Resultaten visade på en korrelation mellan ökad säkerhet och längre responstider. För generella fall rekommenderas det säkerhetsmönster som implementerade intern autentisering och auktorisering men med en viss del tillit mellan tjänster. Om horisontell skalning användes visade resultaten att de normala tjänsterna var de bästa valet att lägga dessa resurser på. Fortsättningsvis visade resultaten även att för ett lägre antal användare så var den negativa effekten på prestandan nästan likvärdig mellan de olika mönstren. Detta innebar att det specifika fallet då mikrotjänster ser en lägre mängd trafik så är det rekommenderade säkerhetsmönstret det som implementerad flest åtkomstkontroller. I fallet för den miljö där undersökningen tog plats förekom det en lägre mängd trafik och därför rekommenderades det säkerhetsmönster som säkrade alla tjänster närvarande i mikrotjänsten. Authentication Authorization Access control Microservices Microservice Security Security Tokens Security Patterns Performance Autentisering Auktorisering Åtkomstkontroll Mikrotjänster Mikrotjänstsäkerhet Säkerhetstokens Säkerhetsdesignmönster Prestanda Belastningstestning Computer Sciences Datavetenskap (datalogi)
595	ON-DEMAND MEDIUM ACCESS IN HETEROGENEOUS MULTIHOP WIRELESS NETWORKS JAIN, VIVEK 02 July 2007 (has links) No description available. Computer Science Ad hoc Network Concurrent Packet Reception Deafness Differentiated Service Classes Medium Access Control Mesh Network Multihop Wireless Network Multiple Beam Smart Antenna Sensor Network
596	Relay Attack Resistant Passive Keyless Entry : Securing PKE Systems with Immobility Detection VALKO, ABEL January 2020 (has links) A significant security risk of modern vehicles is their vulnerability to relay attacks, due to challenge-response methods, such as those employed in Passive Keyless Entry (PKE) used by most commercial cars, being inherently exposed. This class of attacks are where communication between a vehicle and its key is relayed by an attacker over long range - thereby bypassing any encryption and unlocking the vehicle without requiring direct access to the key. While a multitude of defenses have been proposed in recent years, many lack either robustness or practicality. Any viable system will likely have to rely on an environmental parameter which is not easily manipulated. Moreover, the system has to be: cost effective; easily implementable; and take user comfort, such as the key’s battery life, into account. This thesis implements and evaluates a PKE system resistant to relay attacks, analyses a multitude of proposed strategies in literature for feasibility, as well as suggests a novel method: Approach Curve Matching. It is concluded that the most promising strategies are: Immobility Detection, Distance Bounding Protocols, and Approach Curve Matching - the first of which is chosen to be implemented in the prototype PKE system. The project develops a PKE system and implements the communication protocol using Bluetooth, as opposed to the conventional RFID. Immobility Detection, using an accelerometer, is then implemented. The final system is then tested and evaluated. It is concluded that while Immobility Detection is not comprehensively effective, it is easily implementable, cost-effective, and can greatly increase the security of PKE systems. Finally, it is proposed that Immobility Detection should be employed promptly by manufacturers while investigating potentially more effective, albeit uncertain, strategies. / En betydande säkerhetsbrist av moderna fordon är deras sårbarhet mot så kallade ’relay attacker’. Dessa typer av attacker, där signaler mellan bilen och nyckeln vidarebefordras, kringgår all kryptering och låser upp bilen utan att ha direkt tillgång till nyckeln. En stor del av kommersiella fordon tillämpar ’Passive Keyless Entry’ (PKE) som bygger på ’challenge-response’ metoder som visats vara särskilt utsatta för dessa attacker. En mängd olika skyddssystem har föreslagits på senare år, men många saknar erforderlig robusthet eller genomförbarhet. Ett lämpligt system bör uppfylla en rad olika kriterier. Strategin måste grundas på en omgivningsparameter som är både oföränderlig och tillräckligt rymdberoende att två nära positoner kan skiljas åt. Dessutom ska systemet vara kostnadseffektivt, implementerbart, och ta hänsyn till användarkomfort såsom batteritid. Projektets huvudsyfte är konstruktionen och analysen av ett ’relay attack’ resistent PKE system. I detta projekt ingår också en analys av ett antal föreslagna försvar och ett förslag om en ny metod: ’Approach Curve Matching’. Slutsatsen dras att de mest lovande taktikerna är: analys av Jaccard indexet av Wi-Fi hotspots, ’Distance Bounding Protocols’, ’Approach Curve Matching’ och ’Immobility Detection’ som också implementeras i prototyp PKE systemet. Projektet utvecklar först ett PKE system med två Raspberry Pis som agerar som bilens och nyckelns mikrodatorer och implementerar kommunikationsprotokollet med hjälp av Bluetooth. ’Immobility Detection’ är sedan implementerad genom en inbyggd accelerometer i nyckeln. Slutligen testas och utvärderas systemet. Det konkluderas att trots att ’Immobility Detection’s effektivitet inte är helt omfattande är den lätt att implementera, kostnadseffektiv, och kan bidra till en betydlig ökning av säkerheten hos PKE system. Vidare observerade projektet att Bluetooths ’Received Signal Strength Indicator’ (RSSI) mätningar är utsatta för avsevärd ostadighet och är allmänt omgivningsberoende. Därför anses Bluetooth RSSI inte lämplig för PKE tillämpningar även om andra metoder för avståndsmätning med Bluetooth kan ha högre prestanda. Det föreslås att ’Immobility Detection’ tillämpas av tillverkare omgående medans andra potentiellt mer effektiva strategier utreds. Passive Keyless Entry Relay Attack Mafia Fraud Access Control Mechatronics Nyckellös System åtkomstkontroll Relay Attack IT-säkerhet Mekatronik Engineering and Technology Teknik och teknologier
597	Enhancing Attack Resilience in Cognitive Radio Networks Chen, Ruiliang 07 March 2008 (has links) The tremendous success of various wireless applications operating in unlicensed bands has resulted in the overcrowding of those bands. Cognitive radio (CR) is a new technology that enables an unlicensed user to coexist with incumbent users in licensed spectrum bands without inducing interference to incumbent communications. This technology can significantly alleviate the spectrum shortage problem and improve the efficiency of spectrum utilization. Networks consisting of CR nodes (i.e., CR networks)---often called dynamic spectrum access networks or NeXt Generation (XG) communication networks---are envisioned to provide high bandwidth to mobile users via heterogeneous wireless architectures and dynamic spectrum access techniques. In recent years, the operational aspects of CR networks have attracted great research interest. However, research on the security aspects of CR networks has been very limited. In this thesis, we discuss security issues that pose a serious threat to CR networks. Specifically, we focus on three potential attacks that can be launched at the physical or MAC layer of a CR network: primary user emulation (PUE) attack, spectrum sensing data falsification (SSDF) attack, and control channel jamming (CCJ) attack. These attacks can wreak havoc to the normal operation of CR networks. After identifying and analyzing the attacks, we discuss countermeasures. For PUE attacks, we propose a transmitter verification scheme for attack detection. The scheme utilizes the location information of transmitters together with their signal characteristics to verify licensed users and detect PUE attackers. For both SSDF attacks and CCJ attacks, we seek countermeasures for attack mitigation. In particular, we propose Weighted Sequential Probability Ratio Test (WSPRT) as a data fusion technique that is robust against SSDF attacks, and introduce a multiple-rendezvous cognitive MAC (MRCMAC) protocol that is robust against CCJ attacks. Using security analysis and extensive numerical results, we show that the proposed schemes can effectively counter the aforementioned attacks in CR networks. / Ph. D. Transmitter Verification Spectrum Sensing Data Falsification Primary User Emulation Network Security Cognitive radio networks Control Channel Jamming
598	Role Mining With Hierarchical Clustering and Binary Similarity Measures / Role mining med hierarkisk klustring och binära likhetsmått Olsson, Magnus January 2023 (has links) Role engineering, a critical task in role-based access control systems, is the process of identifying a complete set of roles that accurately reflect the structure of an organization. Role mining, a data-driven approach, utilizes data mining techniques on user-permission assignments represented as binary data to automatically derive these roles. However, relying solely on data-driven methods often leads to the generation of a large set of roles lacking interpretability. To address this limitation, this thesis presents a role mining algorithm, whose results can be viewed as an initial step in the role engineering process, in order to streamline the task of defining semantically meaningful roles, where human analysis is an inevitable post-processing step. The algorithm is based on hierarchical clustering analysis, and its main objective is identifying a sufficiently small set of roles that cover as large a proportion of the user-permission assignments as possible. To evaluate the performance of the algorithm, multiple real-world data sets representing diverse access control scenarios are utilized. The evaluation focuses on comparing various binary similarity measures, with the goal of determining the most suitable characteristics of a binary similarity measure to be used for role mining. The evaluation of different binary similarity measures provides insights into their effectiveness in achieving accurate role definitions to be used as a foundation for constructing meaningful roles. Ultimately, this research contributes to the advancement of role mining methodologies, facilitating improved access control systems that align with organizational needs and enhance security and efficiency. / Role engineering går ut på att identifiera en komplett uppsättning roller som återspeglar strukturen i en organisation och är en viktig uppgift när organisationer övergår till rollbaserad åtkomstkontroll. Role mining är en datadriven metod som använder data mining-tekniker på användarnas behörighetstilldelningar för att automatiskt härleda dessa roller. Dessa tilldelningar kan representeras som binär data. Att enbart förlita sig på datadrivna metoder leder dock ofta till att en stor uppsättning svårtolkade roller genereras. För att adressera denna begränsning har en role mining-algoritm utvecklas i det här arbetet. Genom att applicera algoritmen på den binära tilldelningsdatan kan de erhållna resultaten betraktas som ett inledande steg i role engineering-processen. Syftet är att effektivisera arbetet med att definiera semantiskt meningsfulla roller, där mänsklig analys är en oundviklig fas. Algoritmen är baserad på hierarkisk klustring och har som huvudsyfte att identifiera en lagom stor uppsättning roller som täcker så stor del av behörighetstilldelningarna som möjligt. För att utvärdera algoritmens prestanda appliceras den på flertalet datamängder insamlade från varierande verkliga åtkomstkontrollsystem. Utvärderingen fokuserar på att jämföra olika binära likhetsmått med målet att bestämma de mest lämpliga egenskaperna för ett binärt likhetsmått som ska användas för role mining. Utvärderingen av olika binära likhetsmått ger insikter i deras effektivitet att uppnå korrekta rolldefinitioner som kan användas som grund för att konstruera meningsfulla roller. Denna forskning bidrar till framsteg inom role mining och syftar till att underlätta övergången till rollbaserad åtkomstkontroll samt förbättra metoderna för att identifiera roller som överensstämmer med organisationsbehov och förbättrar säkerhet och effektivitet. Access Control RBAC Role Engineering Role Mining Unsupervised Machine Learning Hierarchical Clustering Binary Similarity Measures IAM Rollbaserad åtkomstkontroll Rollgranskning Maskininlärning Hierarkisk klustring binära likhetsmått Other Mathematics Annan matematik
599	Multiplexed network commnication for secure operating systems Ciccarelli, Eugene Charles. January 1978 (has links) Thesis: Elec. E., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 1978 / Bibliography: leaves 247-251. / by Eugene Charles Ciccarelli, IV. / Elec. E. / Elec. E. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science Computers Access control. Multics (Electronic computer system) Computer networks. Telephone Multiplex systems. Telephone fast Computer networks. fast Computers fast
600	Secure outspurcing of IT services in a non-trusted environment Evdokimov, Sergei 10 October 2008 (has links) In dieser Arbeit werden die Mšglichkeiten sicherer Ausgliederung von Datenbanken und inhaltsbasiertem Routing an einen nicht voll vertrauenswŸrdigen Dienstanbieter betrachtet. Wir untersuchen die Grenzen der Sicherheit, die in diesem Szenario erreicht werden kšnnen. Sicherheit wird dabei unter Zuhilfenahme aktueller komplexitŠtstheoretischer Arbeiten definiert. Dies ermšglicht die Verwendung formaler Methoden zur Untersuchung der Bedingungen, unter denen verschiedene Grade von Sicherheit mšglich sind. Die BeitrŠge dieser Dissertation sind im Einzelnen: - Wir untersuchen die Eignung sog. Privacy-Homomorphismen, welche die AusfŸhrung von Operationen auf verschlŸsselten Daten erlauben. Dies dient der Entwicklung von Protokollen zur sicheren Datenbankausgliederung. Weiter beschreiben wir ein allgemeines Framework fŸr sichere Datenbankausgliederung, das auf sog. Volltextsuch-VerschlŸsselungsverfahren basiert. Ferner stellen wir einen Beweis fŸr die Sicherheit und Korrektheit vor. - Wir beschreiben ein neues Volltextsuch-VerschlŸsselungsverfahren, das im Vergleich zu bekannten Arbeiten eine grš§ere Anzahl verschiedener Operationen fŸr das Datenbank-Outsourcing-Problem ermšglicht und signifikant niedrigere Fehlerraten hat. - Wir schlagen einen Ansatz vor, um im Kontext der sicheren Datenbank-Auslagerung Blanko-Zugriffe auf die verschlŸsselten Daten zu verwalten. Verglichen mit existierenden Techniken ist unser Ansatz anwendbar auf generellere Szenarien, ist einfacher und hat Šhnliche Effizienzeigenschaften. - Wir untersuchen die Mšglichkeit des sicheren inhaltsbasierten Routings, in dem wir ein formales Sicherheitsmodell konstruieren, existierende AnsŠtze in diesem Modell bewerten und eine formale Analyse der Mšglichkeit von Vertraulichkeit durchfŸhren. Unser Sicherheitsmodell deckt die UnzulŠnglichkeiten der bestehenden AnsŠtze auf. Schlie§lich beschreiben wir ein inhaltsbasiertes Routingverfahren, welches das Modell erfŸllt. / This thesis considers the possibilities of secure outsourcing of databases and of content-based routing operations to an untrusted service provider. We explore the limits of the security that is achievable in these scenarios. When discussing security, we refer to the state of the art definitions from cryptography and complexity theory. The key contributions of the thesis are the following: - We explore the applicability of cryptographic constructs that allow performing operations over encrypted data, also known as privacy homomorphisms, for creating protocols that could enable secure database outsourcing. We also describe a framework for secure database outsourcing that is based on searchable encryption schemes, and prove its correctness and security. - We describe a new searchable encryption scheme that exceeds existing analogues with regard to certain parameters: compared to the existing works, the proposed scheme allows for performing a larger number of operations over a securely outsourced database and has significantly lower chances of returning erroneous results of a search. - We propose an approach for managing discretionary access to securely outsourced and encrypted databases. Compared to existing techniques, our approach is applicable to more general scenarios, is simpler and has similar performance characteristics. - We examine possibilities of performing a secure content-based routing by building a formal security model that describes a secure content-based routing system, evaluate existing approaches against this model, and provide an analysis of the possibilities for achieving confidentiality when performing the routing. Compared to the existing works, which fail in providing complete confidentiality, our security model considers shortcomings of these solutions. We also describe a content-based routing system that satisfies this model and to the best of our knowledge is the first of its kind to provide a complete confidentiality. Datenschutz Sicherheit Datenbanken Vertraulichkeit Datenvertraulichkeit Zugriffskontrolle Ausgliederung Inhaltsbasiertes Routing Privacy Security Confidentiality Access Control Outsourcing Database Content-Based Routing 330 Wirtschaft 17 Wirtschaft QP 345 ddc:330

Search results