341 |
On the application of locality to network intrusion detection working-set analysis of real and synthetic network server traffic /Lee, Robert. January 2009 (has links)
Thesis (Ph.D.)--University of Central Florida, 2009. / Adviser: Sheau-Dong Lang. Includes bibliographical references (p. 117-119).
|
342 |
A study on privacy-preserving clusteringCui, Yingjie. January 2009 (has links)
Thesis (M. Phil.)--University of Hong Kong, 2010. / Includes bibliographical references (leaves 87-90). Also available in print.
|
343 |
Social security in rural China : a case study of Pan Yu County /Lau, Kam-lun, Edmond. January 1987 (has links)
Thesis--M.S.W., University of Hong Kong, 1987.
|
344 |
The role of the National Security and Defense Council of Ukraine in political decision-making process /Syvak, Oleksiy. January 2003 (has links) (PDF)
Thesis (M.A. in International Security and Civil-Military Relations)--Naval Postgraduate School, March 2003. / Thesis advisor(s): Donald Abenheim, Mikhail Tsypkin. Includes bibliographical references (p. 65-68). Also available online.
|
345 |
Security perception : within and beyond the traditional approach /Malec, Mieczyslaw. January 2003 (has links) (PDF)
Thesis (M.A. in National Security Affairs)--Naval Postgraduate School, June 2003. / Thesis advisor(s): Jeffrey Knopf, Boris Keyser. Includes bibliographical references (p. 69-73). Also available online.
|
346 |
Actual and Perceived Information Systems SecurityOscarson, Per January 2007 (has links)
As the Internet becomes the major information infrastructure in most sectors, the importance of Information Systems (IS) security steadily increases. While reaching a certain level of actual IS security is vital for most businesses, this level must also be perceived as acceptable by stakeholders. Businesses have to maintain a certain level of security and be able to assess the level of other actors’ security. IS security is abstract and complex, however, and difficult to estimate and measure. This thesis uses epistemic and ontological frameworks to study the conceptual nature of IS security and separate the concepts of actual and perceived IS security. A well-known event is used to illustrate the conceptual discussion: the Sasser worm that was spread around the world in 2004. This study also includes a smaller case study from the City of Stockholm, where about 4,000 computers were infected by Sasser. The outcome of the study is that actual IS security should be treated as a dynamic condition that is influenced by three different objects: information assets, threat objects and security mechanisms. Incidents are processes that are ruled by the conditions of these three objects and affect the states of confidentiality, integrity and availability of information assets. The concepts of threat, risk and trust remain at epistemic level, i.e. perceptions. Perceptions of IS security can differ depending on their social establishment and are classified as subjective judgements, inter-subjective judgements or institutional facts. While actual IS security conditions can influence actors’ perceptions of IS security, perceived IS security can also influence actual IS security.
|
347 |
A knowledge-based decision support system for computer disaster prevention in IT centresDanish, Tawfig Yousef January 1994 (has links)
In analysing the extent to which adequate research work may have been undertaken in the specific area of computer disaster prevention, it was found that little work had been done. In the real-life situation, it was also concluded that, in the vast majority of cases, no adequate disaster prevention controls were in use at IT installations. Guidance for the analysis and management of the risk associated with computer disasters, as a result, has also been inadequate and lacking in uniformity, specially in the areas of risk identification and risk entities interactions and relationships. This research has involved developing and delivering a methodology which would help IT risk managers in implementing effective computer disaster prevention controls. A knowledge based system (KBS) approach has been used to build a prototype system which provides full support in this important area of decision making, and to show how the representation of risks can be handled.
|
348 |
Voiceprint Vault : voice authentication serviceHenderson, Paul Martin 09 December 2013 (has links)
In a world dominated by smartphones, cloud computing, and online accounts, security of personal and corporate data is a critical concern. Voiceprint Vault provides a voice authentication service that can be used in a multitude of applications to secure sensitive data. Voiceprint Vault includes the following high-level features:
- Cloud-based voice authentication using trusted signal processing algorithms
- Multifactor authentication with use of optional password
- Cross-platform compatibility using secure web requests to authenticate
- Built-in storage and synching of private user data
- Java library to facilitate integration with Android applications
The Voiceprint Vault service allows users of an application to create an account, provide a voice sample, and then access the account with a simple spoken phrase. When users access their account, their voice sample is analyzed and compared to their training recordings. This system can be tailored to the needs of a particular user with per-user security options. It provides the convenience of voice access, but also allows for a password to be used for increased security.
The Voiceprint Vault service is designed to allow application developers to integrate an existing, tested authentication system into their app rather than creating their own authentication system. The Voiceprint Vault server provides application specific repositories that developers can create to hold all user data, cryptographic information, and voice samples. The user data stored on the Voiceprint Vault server provides built-in synchronization across all connected devices.
A reference implementation is provided that demonstrates the use of Voiceprint Vault authentication. The reference implementation is an Android app that uses the voice authentication service to protect access to personal notes, tasks, and dates that are synched across devices. Detailed instructions for integrating Voiceprint Vault into an existing application are also provided with the reference implementation.
The accuracy of voiceprint authentication was investigated and optimized for a set of sample users and recordings. The security features and dangers of such a system are described along with recommendations for safe use. The optimal parameters to be used in the voice authentication algorithms are also presented in this report. / text
|
349 |
Rethinking operating system trustHofmann, Owen Sebastian 25 February 2014 (has links)
Operating system kernels present a difficult security challenge. Despite
their millions of lines of code and broad, complex attack surface, they
remain a trusted component shared between all applications. If an attacker
can combine an exploit for any application on a system with a kernel
exploit or privilege escalation, the attacker can then control any other
application, regardless of whether the second application was itself
vulnerable.
This dissertation presents two hypervisor-based systems: OSck, which increases
the trustworthiness of a guest kernel by detecting kernel rootkits, and
InkTag, which removes the need for an application to trust the kernel at
all. Vital to both systems is their use of information from a potentially
malicious kernel. These systems rely on information from the kernel about
its own functionality to make their implementation simpler, more efficient,
and more secure. Importantly, although they rely on this information, they
do not trust it. A kernel that lies about its functionality to appear
benign will be detected, as will a kernel that simply acts maliciously.
OSck detects kernel rootkits: malicious software programs that are
particularly difficult to detect because they modify internal kernel
operation to hide their presence. Running concurrently with an operating
system and isolated by the hypervisor, OSck verifies safety properties for
large portions of the kernel heap with minimal overhead, by deducing type
information from unmodified kernel source code and in-memory kernel data
structures.
InkTag gives strong safety guarantees to trusted applications, even in the
presence of a malicious operating system. InkTag isolates applications
from the operating system, and enables applications to validate that the
kernel is acting in good faith, for example by ensuring that the kernel is
mapping the correct file data into the application's address space.
InkTag introduces paraverification, a technique that simplifies the
InkTag hypervisor by forcing the untrusted operating system to participate
in its own verification. InkTag requires that the kernel prove to the
hypervisor that its updates to application state (such as page tables) are
valid, and also to prove to the application that its responses to system
calls are consistent. InkTag is also the first system of its kind to
implement access control, secure naming, and consistency for data on stable
storage. / text
|
350 |
Secure navigation and timing without local storage of secret keysWesson, Kyle D. 27 June 2014 (has links)
Civil Global Navigation Satellite System (GNSS) signals are broadcast unencrypted worldwide according to an open-access standard. The virtues of open-access and global availability have made GNSS a huge success. Yet the transparency and predictability of these signals renders them easy to counterfeit, or spoof. During a spoofing attack, a malefactor broadcasts counterfeit GNSS signals that deceive a victim receiver into reporting the spoofer-controlled position or time. Given the extensive integration of civil GNSS into critical national infrastructure and safety-of-life applications, a successful spoofing attack could have serious and significant consequences. Unlike civil GNSS signals, military GNSS signals employ symmetric-key encryption, which serves as a defense against spoofing attacks and as a barrier to unauthorized access. Despite the effectiveness of the symmetric-key approach, it has significant drawbacks and is impractical for civil applications. First, symmetric-key encryption requires tamper-resistant receivers to protect the secret keys from unauthorized discovery and dissemination. Manufacturing a tamper-resistant receiver increases cost and limits manufacturing to trusted foundries. Second, key management is problematic and burdensome despite the recent introduction of over-the-air keying. Third, even symmetric-key encryption remains somewhat vulnerable to specialized spoofing attacks. I propose an entirely new approach to navigation and timing security that avoids the shortcomings of the symmetric-key approach while maintaining a high resistance to spoofing. My first contribution is a probabilistic framework that develops necessary components of signal authentication. Based on the framework, I develop an asymmetric-key cryptographic signal authentication technique and a non-cryptographic spoofing detection technique, both of which operate without a secret key stored locally in a secure receiver. These anti-spoofing techniques constitute the remaining two contributions of this dissertation. They stand as viable spoofing defenses for civil users and could augment---or even replace---current and planned military anti-spoofing measures. Finally, I offer an in-depth case study of the security vulnerabilities and possible cryptographic enhancements of a modern GNSS-based aviation surveillance technology in the context of the technical and regulatory aviation environment. / text
|
Page generated in 0.0404 seconds