Global ETD Search

651	MAC řízení přístupu / Mandatory access control Grepl, Miroslav January 2008 (has links) This master's thesis describes the problems of SELinux, and the methods of creation of a proper security policy with a focus on the SELinux reference policy and its mechanisms. It designs the methodics of formulation of specific security rules, supplemented with the practical example of its application. Furthermore, it describes the available security rules commonly used for http, ftp and ssh services securing, their modification and practical utilization. According to the proposed methodology, these services are protected with their own security rules and both security methods are mutually compared and evaluated.
652	Laboratorní úloha infrastruktury veřejných klíčů / Lab of public key infrastructure Slavík, Petr January 2009 (has links) The aim of this thesis is to study and describe the theme of Public Key Infrastructure (PKI). Within the scope of minute PKI characterization there is a gradual depiction of particular structural elements, which are above all represented by cryptographic operations (asymetric and symetric cryptography, hash function and digital signature); then, there are also individual PKI subjects that are dealt with, like eg. certification authority, certificates, security protocols, secure heap etc. Last but not least there are a few complete Public Key Infrastructure implementation solutions described (OpenSSL, Microsft CA). The practical part of the thesis, a lab exercise, gives potential students the knowledge of installing OpenSSL system based certification authority. The next task educate students how to secure web server with certificate signed with own CA and also how to secure web server users‘ access control through certificates signed by the previously installed CA.
653	Administration of Access Rights in Web Applications Worm, Stefan 28 October 2005 (has links) This work deals with the problem to find and rate a solution how to administrate access rights in web based applications that are flexible and offer a fine-grained allocation of rights. In particular the program phpGACL is analyzed and integrated into an example application to prove the feasibility of this system in principle. / Diese Arbeit beschäftigt sich mit der Lösungsfindung und -bewertung des Problems, Zugriffsrechte webbasierter Anwendungen flexibel zu administrieren und eine möglichst feinkörnige Rechtevergabe zu erlauben. Insbesondere das Programm phpGACL wird analysiert und in eine Beispielanwendung integriert um die prinzipielle Realisierbarkeit des System zu überprüfen. info:eu-repo/classification/ddc/004 ddc:004 Autorisierung Rollenbasierte Zugriffskontrolle Web Site World Wide Web / Softwaresystem Zugriffskontrolle Access Control Access Rights Authentication Authorisation L:AuS Rights Management Web Application phpGACL
654	Enhancing Security in Managing Personal Data by Web Systems Wild, Stefan 12 June 2017 (has links) Web systems have become an integral part in daily life of billions of people. Social is a key characteristic today’s web projects need to feature in order to be successful in the social age. To benefit from an improved user experience, individual persons are continually invited to reveal more and more personal data to web systems. With a rising severity of attacks on web systems, it is evident that their security is inadequate for the amount of accumulated personal data. Numerous threat reports indicate that social media has become a top-ranking attack target, with climbing impacts, with ramifications beyond single individuals and with a booming black market to trade leaked personal data. To enhance information security in managing personal data by web systems for the mutual benefit of individual persons, companies and governments, this dissertation proposes a solution architecture and three research contributions. While the solution architecture establishes the foundation for a more secure management of personal data by web systems, the research contributions represent complementary components for protecting personal data against unwanted data disclosure, tampering and use without the actual data owner’s intent or knowledge. Not only do these components enable seamless integration and combination, but they also contribute to assure quality and maintainability. The dissertation concludes with discussing evaluation results and providing an outlook towards future work. info:eu-repo/classification/ddc/004 ddc:004
655	Ordonnancement et routage pour l'augmentation de la durée de vie dans les réseaux de capteurs sans fil / Scheduling and routing for increasing the network lifetime in wireless sensor networks Lassouaoui, Lilia 06 July 2018 (has links) Les réseaux de capteurs sans fil (RCSF) sont très largement utilisés dans divers domaines d'applications civiles et militaires, comme la surveillance de champs de bataille, la détection de phénomène environnementaux, ou encore les bâtiments intelligents. Cependant, les réseaux de capteurs sans fil sont caractérisés par de fortes limitations au niveau de l'énergie disponible et des communications radio. Les travaux réalisés dans cette thèse visent à proposer des solutions garantissant une certaine qualité de service dans le contexte des réseaux de capteurs sans fil. La première partie concerne la couche liaison de données avec l'objectif d'augmenter la durée de vie du réseau. L'accès au médium sans fil est analysé et modélisé sous la forme d'un problème d'ordonnancement des liens de communication, tenant compte des collisions. Nous étudions alors la complexité de ce problème. Une approche distribuée et tolérante aux défaillances avec garantie de performance est proposée (SS-DD2EC) pour résoudre ce problème. La seconde partie de la thèse concerne le routage des messages à l'aide du protocle IPv6 Routing Protocol for Low-Power and Lossy Network (RPL). Tout d'abord, un comparatif entre les différentes métriques de routage existantes pour l'optimisation de l'énergie consommée a été mené. En plus de la durée de vie, les critères de fiabilité et de latence de bout-en-bout sont considérés pour évaluer ces métriques. Enfin, deux nouvelles métriques (R_MinMax et R_Delai) ont été proposées pour RPL permettant d'atteindre des gains significatifs par rapport à l'état de l'art. La première ne tient compte que des critères de consommation d'énergie et de fiabilité, alors que la seconde intègre en plus la latence de bout-en-bout. / Wireless sensor networks (RCSF) is a technology that has a wide range of civil or military applications, including battlefield monitoring, environmental monitoring or smart city. However, WSN are characterized by high limitations in terms of energy (battery-operated nodes) and wireless links (low power and lossy links). The work done in this PhD thesis aims to provide solutions that guarantee a certain quality of service in the context of wireless sensor networks. The first part of this work concerns the medium access control layer with the aim of increasing the lifetime of the network. The access to the wireless medium is analyzed and modeled as a link scheduling problem, taking into account collisions. First, a study of the complexity of this problem is carried out, then a distributed and fault-tolerant approach with guaranteed performance is proposed (SS-DD2EC) to solve this problem. The second part is about message routing with the IPv6 Routing Protocol for Low Power and Lossy Network (RPL). First of all, a comparison between the various existing routing metrics for the optimization of the energy consumed has been carried out. In addition of lifetime, the reliability and end-to-end latency criteria are considered for evaluating these metrics. Then, two new RPL metrics (R_MinMax and R_Delai) were proposed, achieving significant gains over the state of the art. The first one only considers the energy consumption and reliability, while the second one takes also into account the end-to-end latency. Réseaux de capteurs sans fil Accès au médium Routage Economie d’énergie Coloration d'arêtes à distance-2 Métriques RPL Wireless sensor networks Medium Access Control Routing Energy saving Distance-2 edge coloring RPL metrics 004.6 621.384
656	QoS provisioning in future wireless local area networks / Amélioration de la qualité de service dans les futures réseaux locaux sans fil Paudel, Indira 15 January 2015 (has links) Les réseaux locaux sans fil (WLAN) constituent encore le moyen le plus populaire de connexion à domicile et au bureau. Initialement conçus pour le transfert de données, avec des débits relativement faibles, il y a eu ces dernières années de fortes évolutions technologiques avec de nouveaux standards et des débits allant jusqu’à plusieurs dizaines de Mbps voire même plusieurs Gbps (IEEE 802.11n/ac). La gestion de la QoS sur les réseaux locaux sans fil basés sur la technique d’accès aléatoire constitue une problématique et un défi majeur pour les prochaines années, surtout si l’on considère la volonté des opérateurs de faire transiter des flux tels que la voix ou la vidéo. De nouvelles améliorations sont aujourd’hui plus que nécessaires afin de prendre en compte la QoS. Après l’analyse de l’état de l’art, notre première contribution concerne un mécanisme d’agrégation adaptative qui permet une différentiation de la QoS pour chaque classe de service. Nous avons ensuite étudié la Qualité d’Expérience (QoE). Nous l’avons évaluée pour le service vidéo avec différentes conditions radio et de charge. Nous avons ensuite proposé un système de prédiction de la QoE utilisant les systèmes de réseaux de neurones aléatoires (Random Neural Networks). Cette solution est ensuite utilisée pour l’analyse de l’impact des différents paramètres MAC sur la QoE pour le service vidéo. Nous avons ensuite proposé deux améliorations du mécanisme MAC. La première amélioration consiste à sélectionner des valeurs appropriées pour le Backoff. La seconde amélioration permet de renforcer la propriétarisation des flux en agissant sur les valeurs du paramètre AIFSN (Arbitration Inter-Frame Space Number). Les analyses de performances montrent que la solution proposée permet d’améliorer considérablement la QoS, particulièrement en permettant un accès assez régulier, minimiser les collisions et d’accroitre l’efficacité de l’usage des ressources radio disponibles / Wireless Local Area Networks (WLAN) are today the most popular access networking solution at homes and offices. Although initially, WLANs were designed to carry best effort traffic, users today are adopting them for various multimedia services and applications that have stringent QoS requirements. WLAN standards based on CSMA/CA technique are not able to provide QoS guarantees and furthermore lead to bad performances when the number of competing stations/flows increases. Moreover, standard QoS solutions rely on centralized approaches (e.g. PCF, HCCA) that are not widely used on terminals. The distributed approach, based on concurrent access remains fundamental in WLAN. In this thesis, we propose solutions to improve both QoS and QoE (Quality of Experience) of multimedia services over WLAN. The main contributions include proposal of an aggregation scheme that relies on QoS differentiation for different service classes. We then evaluated the QoE of video services over IEEE 802.11n networks for various radio, MAC and load conditions. Based on this study, a random neural network solution is then proposed to automate video QoE prediction from system parameters. Furthermore, an enhancement to the distributed access mechanism in IEEE 802.11 networks is also proposed. First, we proposed to select appropriate and specific Backoff values according to QoS requirements. Second, a new flow prioritization based on AIFSN (Arbitration Inter-Frame Space Number) values, allocated according to traffic load and traffic types is proposed. Through analysis, we showed that these solutions can enhance QoS and provide regular access, minimize collisions and provide better resource utilization Qualité de service Qualité d'expérience Contrôle d'accès au support (MAC) IEEE 802.11 Réseaux de neurones aléatoires Différenciation du trafic Quality of Service Quality of Experience Medium Access Control IEEE 802.11 Random neural networks Traffic differentiation
657	Intégration de l’utilisateur au contrôle d’accès : du processus cloisonné à l’interface homme-machine de confiance / Involving the end user in access control : from confined processes to trusted human-computer interface Salaün, Mickaël 02 March 2018 (has links) Cette thèse souhaite fournir des outils pour qu’un utilisateur puisse contribuer activement à la sécurité de son usage d’un système informatique. Les activités de sensibilités différentes d’un utilisateur nécessitent tout d’abord d’être cloisonnées dans des domaines dédiés, par un contrôle d’accès s’ajustant aux besoins de l’utilisateur. Afin de conserver ce cloisonnement, celui-ci doit être en mesure d’identifier de manière fiable les domaines avec lesquels il interagit, à partir de l’interface de sa machine. Dans une première partie, nous proposons un nouveau mécanisme de cloisonnement qui peut s’adapter de manière transparente aux changements d’activité de l’utilisateur, sans altérer le fonctionnement des contrôles d’accès existants, ni dégrader la sécurité du système. Nous en décrivons une première implémentation, nommée StemJail, basée sur les espaces de noms de Linux. Nous améliorons ce cloisonnement en proposant un nouveau module de sécurité Linux, baptisé Landlock, utilisable sans nécessiter de privilèges. Dans un second temps, nous identifions et modélisons les propriétés de sécurité d’une interface homme-machine (IHM) nécessaires à la compréhension fiable et sûre du système par l’utilisateur. En particulier, il s’agit d’établir un lien entre les entités avec lesquelles l’utilisateur pense communiquer, et celles avec lesquelles il communique vraiment. Cette modélisation permet d’évaluer l’impact de la compromission de certains composants d’IHM et d’aider à l’évaluation d’une architecture donnée. / This thesis aims to provide end users with tools enhancing the security of the system they use. First, user activities of different sensitivities require to be confined in dedicated domains by an access control fitting the user’s needs. Next, in order to maintain this confinement, users must be able to reliably identify the domains they interact with, from their machine’s interface. In the first part, we present a new confinement mechanism that seamlessly adapts to user activity changes, without altering the behavior of existing access controls nor degrading the security of the system. We also describe a first implementation named StemJail, based on Linux namespaces. We improve this confinement tool by creating a new Linux security module named Landlock which can be used without requiring privileges. In a second step, we identify and model the security properties a human-computer interface (HCI) requires for the reliable and secure understanding of the system by the user. Precisely, the goal is to establish a link between the entities with which the users think they communicate, and those with which they actually communicate. This model enables to evaluate the impact of HCI components jeopardization and helps assessing a given architecture. Sécurité Système d’exploitation Contrôle d’accès Activité utilisateur Cloisonnement Interface homme-machine (IHM) Serveur d’affichage Chemin de confiance Security Operating system Access control User activity Confinement Sandboxing Human-computer interface (HCI) Display server Trusted path
658	Design and evaluation of a secure, privacy-preserving and cancelable biometric authentication : Bio-Capsule Sui, Yan 04 September 2014 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / A large portion of system breaches are caused by authentication failure either during the system login process or even in the post-authentication session, which is further related to the limitations associated with existing authentication approaches. Current authentication methods, whether proxy based or biometrics based, are hardly user-centric; and they either put burdens on users or endanger users' (biometric) security and privacy. In this research, we propose a biometrics based user-centric authentication approach. The main idea is to introduce a reference subject (RS) (for each system), securely fuse the user's biometrics with the RS, generate a BioCapsule (BC) (from the fused biometrics), and employ BCs for authentication. Such an approach is user-friendly, identity-bearing yet privacy-preserving, resilient, and revocable once a BC is compromised. It also supports "one-click sign on" across multiple systems by fusing the user's biometrics with a distinct RS on each system. Moreover, active and non-intrusive authentication can be automatically performed during the user's post-authentication on-line session. In this research, we also formally prove that the proposed secure fusion based BC approach is secure against various attacks and compare the new approach with existing biometrics based approaches. Extensive experiments show that the performance (i.e., authentication accuracy) of the new BC approach is comparable to existing typical biometric authentication approaches, and the new BC approach also possesses other desirable features such as diversity and revocability. Authentication Biometric security Authentication -- Research -- Analysis Computer networks -- Security measures Computer security -- Management Data protection Biometric identification -- Research Security systems Computers -- Access control Pattern recognition systems Operating systems (Computers)
659	Advanced natural language processing and temporal mining for clinical discovery Mehrabi, Saeed 17 August 2015 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / There has been vast and growing amount of healthcare data especially with the rapid adoption of electronic health records (EHRs) as a result of the HITECH act of 2009. It is estimated that around 80% of the clinical information resides in the unstructured narrative of an EHR. Recently, natural language processing (NLP) techniques have offered opportunities to extract information from unstructured clinical texts needed for various clinical applications. A popular method for enabling secondary uses of EHRs is information or concept extraction, a subtask of NLP that seeks to locate and classify elements within text based on the context. Extraction of clinical concepts without considering the context has many complications, including inaccurate diagnosis of patients and contamination of study cohorts. Identifying the negation status and whether a clinical concept belongs to patients or his family members are two of the challenges faced in context detection. A negation algorithm called Dependency Parser Negation (DEEPEN) has been developed in this research study by taking into account the dependency relationship between negation words and concepts within a sentence using the Stanford Dependency Parser. The study results demonstrate that DEEPEN, can reduce the number of incorrect negation assignment for patients with positive findings, and therefore improve the identification of patients with the target clinical findings in EHRs. Additionally, an NLP system consisting of section segmentation and relation discovery was developed to identify patients' family history. To assess the generalizability of the negation and family history algorithm, data from a different clinical institution was used in both algorithm evaluations. Deep learning Family history Natural language processing Negation Pancreatic cancer Temporal pattern discovery Medical records -- Data processing Forms management Electronic records -- Access control Computational linguistics Data mining
660	Simulace chování sítě na základě analýzy konfiguračních souborů aktivních síťových zařízení / Simulation of Network Behaviour Based on Analysis of Configuration of Active Network Devices Macků, Jiří January 2008 (has links) This masters thesis describes simulation of network using Network Simulator. Model of network and description of simulation is extracted from the analysis of configuration files of active network devices, and translated by a parser. Concept and implementation of the parser is described here. Because IPv4 addressing is not supported in Network Simulator, it was added as a new module. The Network Simulator is also extended by filtering properties of packets using access control lists. Practical usage of the implemented modules is demonstrated on a simulation of real network.

Search results