Proposed iNET Network Security Architecture

Dukes, Renata

10 1900

ITC/USA 2009 Conference Proceedings / The Forty-Fifth Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2009 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Morgan State University's iNET effort is aimed at improving existing telemetry networks by developing more efficient operation and cost effectiveness. This paper develops an enhanced security architecture for the iNET environment in order to protect the network from both inside and outside adversaries. This proposed architecture addresses the key security components of confidentiality, integrity and authentication. The security design for iNET is complicated by the unique features of the telemetry application. The addition of encryption is complicated by the need for robust synchronization needed for real time operation in a high error environment.

iNET

Authentication

Confidentiality

Integrity

Network Security Architecture

The Impact of the Common Data Security Architecture (CDSA) on Telemetry Post Processing Architectures

Kalibjian, Jeffrey R.

10 1900

International Telemetering Conference Proceedings / October 25-28, 1999 / Riviera Hotel and Convention Center, Las Vegas, Nevada / It is an increasing requirement that commercial satellite telemetry data product be protected from unauthorized access during transmission to ground stations. While the technology (cryptography) to secure telemetry data product is well known, the software infrastructure to support such security is costly, and very customized. Further, many software packages have difficulty interoperating. The Common Data Security Architecture [1] [2] [3] (originally proposed by the Intel Corporation, and now adopted by the Open Group), is a set of common cryptographic [4] and public key infrastructure (PKI) application programming interfaces (APIs) which will facilitate better cryptographic interoperability as well as making cryptographic resources more readily available in telemetry post processing environments.

cryptography

public key infrastructure (PKI)

Common Data Security Architecture (CDSA)

Vytváření bezpečnostní architektury v Evropě po konci studené války / The Construction of the European security architecture after the Cold War

Kubicová, Marcela

January 2010

The thesis deals with the problems of construction of the European security architecture after the Cold War. The first part of the thesis discusses the new security environment after the end of the confrontation era. The second part deals with the considerations of the models of the European security architecture after the Cold War. The discussion about the role of the particular security organizations is also included. The third part of the thesis introduces the Russian proposal -- known as the Medvedev's initiative -- and offers the summary of the studies made by the reputable security analysts who deal with the analysis and the criticism of the Russian proposal. The next part of the thesis focuses on the summit of OSCE in Astana. Some particulary chosen strategic documents of EU and NATO are analysed in the final part of the thesis. The used methods are above all research, comparison and analysis. The aim of this thesis is to analyse the discussion relating to the European security architecture from the end of the Cold War until the present and to collate it with the real development. Such a comprehensive survey as this one is still missing in the Czech Republic. The thesis claims that the rhetoric used in the strategic documents of the particular organizations that constitute the pillar of the European security do not restrain from creating the working European security architecture. Though the different point of view on the concrete problems is questionable. It was found that a really working pan-European security architecture has not been created because the Russian Federation was not included and the european security is provided only by NATO and by EU.

A security architecture for medical application platforms

Salazar, Carlos

January 1900

Master of Science / Department of Computing and Information Sciences / Eugene Vasserman / The Medical Device Coordination Framework (MDCF) is an open source Medical Application Platform (MAP) that facilitates interoperability between heterogeneous medical devices. The MDCF is designed to be an open test bed for the conceptual architecture described by the Integrated Clinical Environment (ICE) interoperability standard. In contrast to existing medical device connectivity features that only provide data logging and display capabilities, a MAP such as the MDCF also allows medical devices to be controlled by apps. MAPs are predicted to enable many improvements to health care, however they also create new risks to patient safety and privacy that need to be addressed. As a result, MAPs such as the MDCF and other ICE-like systems require the integration of security features. This thesis lays the groundwork for a comprehensive security architecture within the MDCF. Specifically, we address the need for access control, device certification, communication security, and device authentication. We begin by describing a system for ensuring the trustworthiness of medical devices connecting to the MDCF. To demonstrate trustworthiness of a device, we use a chain of cryptographic certificates which uniquely identify that device and may also serve as non- forgeable proof of regulatory approval, safety testing, or compliance testing. Next, we cover the creation and integration of a pluggable, flexible authentication system into the MDCF, and evaluate the performance of proof-of-concept device authentication providers. We also discuss the design and implementation of a communication security system in the MDCF, which enables the creation and use of communication security providers which can provide data confidentiality, integrity, and authenticity. We conclude this work by presenting the requirements and a high level design for a Role-Based Access Control (RBAC) system within the MDCF.

Medical device coordination

Computer security

Security architecture

Integrated clinical environment

Medical application platform

Computer Science (0984)

Organization for Security and Cooperation in Europe: past, present and future missions

Jansky, Vlastimil

03 1900

Approved for public release, distribution is unlimited / This thesis examines the role of the Organization for Security and Cooperation in Europe (OSCE) among organizations dealing with security issues, such as the United Nations, the European Union, and NATO. This study further analyzes the OSCE commitments in the fields of human rights, democracy, rule of law, and national minorities. This analysis is performed in order to promote the OSCE to a broader public. The thesis further analyzes and describes the origins of the Conference for Security and Cooperation in Europe (CSCE) and its development since 1975, when the Helsinki Final Act was signed by the Heads of State or Government of all participating States. The development of the international situation in Europe, the end of Cold War, and escalation of violence, especially in South Eastern Europe, Caucasus, and Central Asia, caused fundamental changes in the European, and subsequently, the world security environment. The CSCE identified and responded to this new situation, resulting in a dramatic growth of its own role in shaping a common security area. Consequently, the CSCE changed its name to the Organization for Security and Cooperation in Europe. However, some critics think that OSCE is a "dead" organization, lacking tangible results and the necessary "teeth." It is necessary to review the main ideas why the CSCE was established and to properly identify the role of the OSCE in the European Security Architecture. Therefore, the main part of the thesis focuses on the European Security Architecture, the OSCE itself, and the OSCE missions, three of which are detailed and evaluated as case studies. / Lieutenant Colonel, Czech Republic Army

International relations

Minorities

OSCE

EU

NATO

Security

Security architecture

Field activity

Field operations

Mission

Design And Implementation Of An Open Security Architecture For A Software-based Security Module

Kaynar, Kaan

01 May 2009

Main purpose of this thesis work is to design a comprehensive and open security architecture whose desired parts could be realized on a general-purpose embedded computer without any special cryptography hardware. The architecture provides security mechanisms that implement known cryptography techniques, operations of some famous network security protocols and appropriate system security methods. Consequently, a server machine may offload a substantial part of its security processing tasks to an embedded computer realizing the architecture. The mechanisms provided can be accessed by a server machine using a client-side API and via a secure protocol which provides message integrity and peer authentication. To demonstrate the practicability of the security architecture, a set of its security mechanisms was realized on an embedded PC/104-plus computer. A server machine was connected to and requested mechanisms from the embedded computer over the Ethernet network interface. Four types of performance parameters were measured. They are / number of executions of a symmetric encryption method by the embedded computer per second, number of executions of a public-key signing method by the embedded computer per second, footprint of the implementation on the embedded computer memory, and the embedded computer CPU power utilized by the implementation. Apart from various security mechanisms and the secure protocol via which they can be accessed, the architecture defines a reliable software-based method for protection and storage of secret information belonging to clients.

QA Computer Software 76.75-76.765

Identification of Security Relevant Characteristics in Distributed Information Systems / Identifiering av egenskaper relevanta för säkerheten i distribuerade informationssystem

Stjerneby, Anna

January 2002

<p>This thesis suggests a set of system characteristics to be used when evaluating or analyzing the IT security of a distributed information system. Each characteristic is meant to be considered in the evaluation of relevant distributed system components. This is considered to be the first step towards finding a technique for modeling and evaluating the security of a system. The work also includes a definition of distributed information system components and a categorization of the found characteristics. The means used to identify the set of characteristics include a thorough investigation of the literature on the relevant subject, as well as a brainstorming session. Thereafter the material has been structured to form the results presented in this thesis.</p>

Informationsteknik

IT security

distributed information systems

security architecture

security-related system characteristics

Informationsteknik

Information technology

Informationsteknik

Παροχή ασφαλών υπηρεσιών με φερέγγυες υποδομές / Secure service provision through trusted infrastructures

Αντωνόπουλος, Αλέξανδρος

17 March 2014

H διατριβή αντιμετωπίζει το πρόβλημα της σχεδίασης ασφαλών υποσυστημάτων που μπορούν να υπάρξουν σε μη-εμπιστεύσιμα συστήματα διασφαλίζοντας τη δική τους ασφάλεια στο μεγαλύτερο δυνατό βαθμό. Στα πλαίσια της διατριβής προσεγγίστικε το πρόβλημα της ασφάλειας γενικά εντοπίζοντας παράλληλα περιοχές οι οποίες κρίθηκαν σημαντικές για περαιτέρω διερεύνηση. Αρχικά παρουσιάζεται η μεθοδολογία που ακολουθήθηκε για το σχεδιασμό και την ανάπτυξη αρχιτεκτονικής ασφάλειας για ένα δικτυο-κεντρικό σύστημα. Εστιάζοντας στα ενσωματωμένα συστήματα εξετάστηκαν θέματα απόδοσης κρυπτογραφίας μνήμης δεδομένου ότι η κρυπτογραφία μνήμης αποτελεί βασικό κομμάτι για την ασφάλεια ενός ενσωματωμένου συστήματος. Στη συνέχεια εξετάζεται ένα είδος επίθεσης πλαγίου καναλιού και εισάγεται μια μεθοδολογία προστασίας από μια τέτοια επίθεση. Δεδομένου ότι θέματα ασφαλείας που υπάρχουν σε συστήματα γενικού σκοπού μπορούν να αποτελέσουν μελλοντικούς κινδύνους για συστήματα ενσωματωμένου σκοπού παράλληλα με την επίβλεψη/υποστήριξη διπλωματικών εργασιών αναπτύχθηκαν λύσεις για ασφαλή εκκίνηση όπως και για τον εντοπισμό και αφαίρεση rootkit. Τέλος ως «τελευταίο» επίπεδο και δεδομένου ότι όλα τα συστήματα χρησιμοποιούνται για την ποιοτική και ασφαλή λειτουργία μιας υπηρεσίας, η διατριβή εστίασε σε θέματα ασφαλειας στο επίπεδο των εφαρμογών. Παρουσιάζεται μια μελέτη του Spam και μεθοδολογία καταπολέμησης του και τέλος επιθέσεις cross-scripting και εφαρμογή για την ανίχνευση μη επιθυμητών συναλλαγών που πραγματοποιούνται από κακόβουλες εφαρμογές. / This dissertation addresses the problem of designing secure subsystems that can exist in non-trusted infrastructures ensuring their own safety to the greatest extent possible. The problem of security was approached in a holistic view identifying areas important for further investigation. Initially we present the methodology used for the design and development of the security architecture for a network-centric system. Later we focus on embedded systems were the performance of memory encryption was examined, since memory encryption can be crucial for embedded system security. Side- channel attacks are also presented and a methodology for protection against such attacks is presented. Keeping in mind that the increase in power in embedded systems makes even more complicated attacks possible solutions were developed for secure boot and for identifying and removing rootkit. At last "last" and with the idea that all sub-systems are used for the qualitative and safe operation of a service, dissertation focused on security issues at the application level. A study of Spam is presented along with a fight-back methodology. Finally cross-scripting attacks are presented.

Ασφάλεια

005.8

Security

Security architecture

Side-channel attacks

Architectural Design of a Conformative Authentication Service for Security Platforms

Hermansson, Mikael

January 2013

Authentication services in security platforms often need to handle different types of systems which have various requirements regarding the authentication. These requirements can often interfere with each other and the issue here is that the authentication service often needs to be manually adjusted to comply with these requirements. Therefore there is a need for a flexible architectural design which enables changes and could open up for new emerging technologies and possibilities. This thesis presents an architectural design of a conformative authentication service based on SAML 2.0 to be used in security platforms. In this thesis a requirements analysis was performed and an architectural design was developed. The architectural design presented in this thesis is conformative in various aspects, e.g. usage of various authentication methods, versatile handling of attributes, handling of various SAML 2.0 profiles, possibilities to participate in various identity federations and handling of legacy systems not supporting SAML. In addition, an evaluation comparing the candidate architectural design presented in this thesis with a currently active architectural design was performed. This evaluation showed that the candidate architectural design was considered better for more usage scenarios.

Authentication Service

Software Architecture

Security Architecture

Identity Management

Electronic Authentication

SAML

Computer Engineering

Datorteknik

The African Union Peace and Security Architecture : can the Panel of the Wise make a difference?

Oluborode, Jegede Ademola

January 2008

The African Union's Panel of the Wise was inaugurated on 18 December 2007. The prospects of the Panel as a conflict prevention and peace and security promotion tool in the AU Peace and Security architecture may remain dim unless its concept is understood and the Panel is effectively operationalised. To this end therefore, the objectives of this study are as follows: (1) To examine the need for the Panel in the AU Peace and Security Architecture. (2) To examine the institutional design of the Panel. (3) To explore the prospective roles for the Panel in the AU Peace and Security Architecture. (4) To identify how the Panel can promote the internalisation of peace and security in Africa. The study will propose key strategies to improve the relevance of the Panel as a tool of the PSC in facilitating peaceful interventions and promotion of peace and security in Africa. / Thesis (LLM (Human Rights and Democratisation in Africa)) -- University of Pretoria, 2008. / A Dissertation submitted to the Faculty of Law University of Pretoria, in partial fulfilment of the requirements for the degree Masters of Law (LLM in Human Rights and Democratisation in Africa). Prepared under the supervision of Dr Christopher Mbazira, Faculty of Law, Makarere University, Uganda / http://www.chr.up.ac.za/ / Centre for Human Rights / LLM

UCTD

Panel of the Wise

Human rights -- Africa