Global ETD Search

11	Security Benchmarking of Transactional Systems Araujo Neto, Afonso Comba de January 2012 (has links) A maioria das organizações depende atualmente de algum tipo de infraestrutura computacional para suportar as atividades críticas para o negócio. Esta dependência cresce com o aumento da capacidade dos sistemas informáticos e da confiança que se pode depositar nesses sistemas, ao mesmo tempo que aumenta também o seu tamanho e complexidade. Os sistemas transacionais, tipicamente centrados em bases de dados utilizadas para armazenar e gerir a informação de suporte às tarefas diárias, sofrem naturalmente deste mesmo problema. Assim, uma solução frequentemente utilizada para amenizar a dificuldade em lidar com a complexidade dos sistemas passa por delegar sob outras organizações o trabalho de desenvolvimento, ou mesmo por utilizar soluções já disponíveis no mercado (sejam elas proprietárias ou abertas). A diversidade de software e componentes alternativos disponíveis atualmente torna necessária a existência de testes padronizados que ajudem na seleção da opção mais adequada entre as alternativas existentes, considerando uma conjunto de diferentes características. No entanto, o sucesso da investigação em testes padronizados de desempenho e confiabilidade contrasta radicalmente com os avanços em testes padronizados de segurança, os quais têm sido pouco investigados, apesar da sua extrema relevância. Esta tese discute o problema da definição de testes padronizados de segurança, comparando-o com outras iniciativas de sucesso, como a definição de testes padronizados de desempenho e de confiabilidade. Com base nesta análise é proposta um modelo de base para a definição de testes padronizados de segurança. Este modelo, aplicável de forma genérica a diversos tipos de sistemas e domínios, define duas etapas principais: qualificação de segurança e teste padronizado de confiança. A qualificação de segurança é um processo que permite avaliar um sistema tendo em conta os aspectos e requisitos de segurança mais evidentes num determinado domínio de aplicação, dividindo os sistemas avaliados entre aceitáveis e não aceitáveis. O teste padronizado de confiança, por outro lado, consiste em avaliar os sistemas considerados aceitáveis de modo a estimar a probabilidade de existirem problemas de segurança ocultados ou difíceis de detectar (o objetivo do processo é lidar com as incertezas inerentes aos aspectos de segurança). O modelo proposto é demonstrado e avaliado no contexto de sistemas transacionais, os quais podem ser divididos em duas partes: a infraestrutura e as aplicações de negócio. Uma vez que cada uma destas partes possui objetivos de segurança distintos, o modelo é utilizado no desenvolvimento de metodologias adequadas para cada uma delas. Primeiro, a tese apresenta um teste padronizado de segurança para infraestruturas de sistemas transacionais, descrevendo e justificando todos os passos e decisões tomadas ao longo do seu desenvolvimento. Este teste foi aplicado a quatro infraestruturas reais, sendo os resultados obtidos cuidadosamente apresentados e analisados. Ainda no contexto das infraestruturas de sistemas transacionais, a tese discute o problema da seleção de componentes de software. Este é um problema complexo uma vez que a avaliação de segurança destas infraestruturas não é exequível antes da sua entrada em funcionamento. A ferramenta proposta, que tem por objetivo ajudar na seleção do software básico para suportar este tipo de infraestrutura, é aplicada na avaliação e análise de sete pacotes de software distintos, todos alternativas tipicamente utilizadas em infraestruturas reais. Finalmente, a tese aborda o problema do desenvolvimento de testes padronizados de confiança para aplicações de negócio, focando especificamente em aplicações Web. Primeiro, é proposta uma abordagem baseada no uso de ferramentas de análise de código, sendo apresentadas as diversas experiências realizadas para avaliar a validade da proposta, incluindo um cenário representativo de situações reais, em que o objetivo passa por selecionar o mais seguro de entre sete alternativas de software para suportar fóruns Web. Com base nas análises realizadas e nas limitações desta proposta, é de seguida definida uma abordagem genérica para a definição de testes padronizados de confiança para aplicações Web. / Most organizations nowadays depend on some kind of computer infrastructure to manage business critical activities. This dependence grows as computer systems become more reliable and useful, but so does the complexity and size of systems. Transactional systems, which are database-centered applications used by most organizations to support daily tasks, are no exception. A typical solution to cope with systems complexity is to delegate the software development task, and to use existing solutions independently developed and maintained (either proprietary or open source). The multiplicity of software and component alternatives available has boosted the interest in suitable benchmarks, able to assist in the selection of the best candidate solutions, concerning several attributes. However, the huge success of performance and dependability benchmarking markedly contrasts with the small advances on security benchmarking, which has only sparsely been studied in the past. his thesis discusses the security benchmarking problem and main characteristics, particularly comparing these with other successful benchmarking initiatives, like performance and dependability benchmarking. Based on this analysis, a general framework for security benchmarking is proposed. This framework, suitable for most types of software systems and application domains, includes two main phases: security qualification and trustworthiness benchmarking. Security qualification is a process designed to evaluate the most obvious and identifiable security aspects of the system, dividing the evaluated targets in acceptable or unacceptable, given the specific security requirements of the application domain. Trustworthiness benchmarking, on the other hand, consists of an evaluation process that is applied over the qualified targets to estimate the probability of the existence of hidden or hard to detect security issues in a system (the main goal is to cope with the uncertainties related to security aspects). The framework is thoroughly demonstrated and evaluated in the context of transactional systems, which can be divided in two parts: the infrastructure and the business applications. As these parts have significantly different security goals, the framework is used to develop methodologies and approaches that fit their specific characteristics. First, the thesis proposes a security benchmark for transactional systems infrastructures and describes, discusses and justifies all the steps of the process. The benchmark is applied to four distinct real infrastructures, and the results of the assessment are thoroughly analyzed. Still in the context of transactional systems infrastructures, the thesis also addresses the problem of the selecting software components. This is complex as evaluating the security of an infrastructure cannot be done before deployment. The proposed tool, aimed at helping in the selection of basic software packages to support the infrastructure, is used to evaluate seven different software packages, representative alternatives for the deployment of real infrastructures. Finally, the thesis discusses the problem of designing trustworthiness benchmarks for business applications, focusing specifically on the case of web applications. First, a benchmarking approach based on static code analysis tools is proposed. Several experiments are presented to evaluate the effectiveness of the proposed metrics, including a representative experiment where the challenge was the selection of the most secure application among a set of seven web forums. Based on the analysis of the limitations of such approach, a generic approach for the definition of trustworthiness benchmarks for web applications is defined. Segurança (computação) Seguranca : Computadores Segurança : avaliação Sistemas transacionais Security Benchmarking Transactional Systems Databases Security Metrics Security Evaluation Security Benchmarking
12	Security Benchmarking of Transactional Systems Araujo Neto, Afonso Comba de January 2012 (has links) A maioria das organizações depende atualmente de algum tipo de infraestrutura computacional para suportar as atividades críticas para o negócio. Esta dependência cresce com o aumento da capacidade dos sistemas informáticos e da confiança que se pode depositar nesses sistemas, ao mesmo tempo que aumenta também o seu tamanho e complexidade. Os sistemas transacionais, tipicamente centrados em bases de dados utilizadas para armazenar e gerir a informação de suporte às tarefas diárias, sofrem naturalmente deste mesmo problema. Assim, uma solução frequentemente utilizada para amenizar a dificuldade em lidar com a complexidade dos sistemas passa por delegar sob outras organizações o trabalho de desenvolvimento, ou mesmo por utilizar soluções já disponíveis no mercado (sejam elas proprietárias ou abertas). A diversidade de software e componentes alternativos disponíveis atualmente torna necessária a existência de testes padronizados que ajudem na seleção da opção mais adequada entre as alternativas existentes, considerando uma conjunto de diferentes características. No entanto, o sucesso da investigação em testes padronizados de desempenho e confiabilidade contrasta radicalmente com os avanços em testes padronizados de segurança, os quais têm sido pouco investigados, apesar da sua extrema relevância. Esta tese discute o problema da definição de testes padronizados de segurança, comparando-o com outras iniciativas de sucesso, como a definição de testes padronizados de desempenho e de confiabilidade. Com base nesta análise é proposta um modelo de base para a definição de testes padronizados de segurança. Este modelo, aplicável de forma genérica a diversos tipos de sistemas e domínios, define duas etapas principais: qualificação de segurança e teste padronizado de confiança. A qualificação de segurança é um processo que permite avaliar um sistema tendo em conta os aspectos e requisitos de segurança mais evidentes num determinado domínio de aplicação, dividindo os sistemas avaliados entre aceitáveis e não aceitáveis. O teste padronizado de confiança, por outro lado, consiste em avaliar os sistemas considerados aceitáveis de modo a estimar a probabilidade de existirem problemas de segurança ocultados ou difíceis de detectar (o objetivo do processo é lidar com as incertezas inerentes aos aspectos de segurança). O modelo proposto é demonstrado e avaliado no contexto de sistemas transacionais, os quais podem ser divididos em duas partes: a infraestrutura e as aplicações de negócio. Uma vez que cada uma destas partes possui objetivos de segurança distintos, o modelo é utilizado no desenvolvimento de metodologias adequadas para cada uma delas. Primeiro, a tese apresenta um teste padronizado de segurança para infraestruturas de sistemas transacionais, descrevendo e justificando todos os passos e decisões tomadas ao longo do seu desenvolvimento. Este teste foi aplicado a quatro infraestruturas reais, sendo os resultados obtidos cuidadosamente apresentados e analisados. Ainda no contexto das infraestruturas de sistemas transacionais, a tese discute o problema da seleção de componentes de software. Este é um problema complexo uma vez que a avaliação de segurança destas infraestruturas não é exequível antes da sua entrada em funcionamento. A ferramenta proposta, que tem por objetivo ajudar na seleção do software básico para suportar este tipo de infraestrutura, é aplicada na avaliação e análise de sete pacotes de software distintos, todos alternativas tipicamente utilizadas em infraestruturas reais. Finalmente, a tese aborda o problema do desenvolvimento de testes padronizados de confiança para aplicações de negócio, focando especificamente em aplicações Web. Primeiro, é proposta uma abordagem baseada no uso de ferramentas de análise de código, sendo apresentadas as diversas experiências realizadas para avaliar a validade da proposta, incluindo um cenário representativo de situações reais, em que o objetivo passa por selecionar o mais seguro de entre sete alternativas de software para suportar fóruns Web. Com base nas análises realizadas e nas limitações desta proposta, é de seguida definida uma abordagem genérica para a definição de testes padronizados de confiança para aplicações Web. / Most organizations nowadays depend on some kind of computer infrastructure to manage business critical activities. This dependence grows as computer systems become more reliable and useful, but so does the complexity and size of systems. Transactional systems, which are database-centered applications used by most organizations to support daily tasks, are no exception. A typical solution to cope with systems complexity is to delegate the software development task, and to use existing solutions independently developed and maintained (either proprietary or open source). The multiplicity of software and component alternatives available has boosted the interest in suitable benchmarks, able to assist in the selection of the best candidate solutions, concerning several attributes. However, the huge success of performance and dependability benchmarking markedly contrasts with the small advances on security benchmarking, which has only sparsely been studied in the past. his thesis discusses the security benchmarking problem and main characteristics, particularly comparing these with other successful benchmarking initiatives, like performance and dependability benchmarking. Based on this analysis, a general framework for security benchmarking is proposed. This framework, suitable for most types of software systems and application domains, includes two main phases: security qualification and trustworthiness benchmarking. Security qualification is a process designed to evaluate the most obvious and identifiable security aspects of the system, dividing the evaluated targets in acceptable or unacceptable, given the specific security requirements of the application domain. Trustworthiness benchmarking, on the other hand, consists of an evaluation process that is applied over the qualified targets to estimate the probability of the existence of hidden or hard to detect security issues in a system (the main goal is to cope with the uncertainties related to security aspects). The framework is thoroughly demonstrated and evaluated in the context of transactional systems, which can be divided in two parts: the infrastructure and the business applications. As these parts have significantly different security goals, the framework is used to develop methodologies and approaches that fit their specific characteristics. First, the thesis proposes a security benchmark for transactional systems infrastructures and describes, discusses and justifies all the steps of the process. The benchmark is applied to four distinct real infrastructures, and the results of the assessment are thoroughly analyzed. Still in the context of transactional systems infrastructures, the thesis also addresses the problem of the selecting software components. This is complex as evaluating the security of an infrastructure cannot be done before deployment. The proposed tool, aimed at helping in the selection of basic software packages to support the infrastructure, is used to evaluate seven different software packages, representative alternatives for the deployment of real infrastructures. Finally, the thesis discusses the problem of designing trustworthiness benchmarks for business applications, focusing specifically on the case of web applications. First, a benchmarking approach based on static code analysis tools is proposed. Several experiments are presented to evaluate the effectiveness of the proposed metrics, including a representative experiment where the challenge was the selection of the most secure application among a set of seven web forums. Based on the analysis of the limitations of such approach, a generic approach for the definition of trustworthiness benchmarks for web applications is defined. Segurança (computação) Seguranca : Computadores Segurança : avaliação Sistemas transacionais Security Benchmarking Transactional Systems Databases Security Metrics Security Evaluation Security Benchmarking
13	Säkerhetsutvärdering av säkerhetskameror för smarta hem / Security evaluation of security cameras for smart homes Ström, Julia January 2024 (has links) Säkerhetskameror spelar en avgörande roll i att skydda våra smarta hem, men om de inte håller tillräckligt höga säkerhetsstandarder, kan de i stället minska bostadens säkerhet och riskera att exponera känslig privat information. Denna rapport ämnar att noggrant utvärdera säkerhetsaspekterna hos ett urval av säkerhetskameror för att bestämma deras förmåga att effektivt skydda användarnas privatliv och säkerhet. Analysen avslöjade att de granskade kamerorna inte uppvisade några allvarliga säkerhetsbrister. Det upptäcktes dock ett antal mindre förbättringsområden som, om åtgärdade, skulle kunna stärka deras skyddsförmåga ytterligare. / Security cameras play a crucial role in protecting our smart homes, but if they do not meet sufficiently high security standards, they can decrease the safety of the home and risk exposing sensitive private information. This report aims to thoroughly evaluate the security aspects of a selection of security cameras to determine their ability to effectively protect users' privacy and safety. The analysis revealed that the reviewed cameras did not exhibit any major security flaws. However, a few minor improvement areas were identified which, if addressed, could further enhance their protective capabilities. Security camera surveillance camera security evaluation IoT security wireless security Säkerhetskamera övervakningskamera säkerhetsutvärdering IoT-säkerhet trådlös säkerhet Communication Systems Kommunikationssystem
14	Segurança viária na cidade de São José do Rio Preto / not available Chueire, Jorge Luís Gomes 21 January 2005 (has links) Este trabalho trata da questão da segurança viária na cidade de São José do Rio Preto. É feito um diagnóstico da situação atual, à luz da composição e estrutura dos órgãos locais envolvidos, direta ou indiretamente, com o problema; do tratamento dado à segurança viária nas áreas de engenharia, educação e esforço legal; das informações obtidas em pesquisas de campo sobre o tráfego de veículos; e dos dados de acidentes de trânsito obtidos em levantamento efetuados. Também é proposto um plano de ações para o aumento da segurança viária na cidade, contemplando medidas diversas envolvendo os seguintes aspectos: maior segurança na circulação de pedestres, redução da velocidade de circulação dos veículos, melhoria da sinalização de trânsito, promoção de campanhas educativas contínuas, implementação de políticas educativas específicas para motociclistas, aperfeiçoamento da fiscalização, criação de um departamento específico para cuidar da segurança no trânsito dentro da Secretaria de Trânsito e Transportes, informatização dos dados e processamento das informações relativas aos acidentes de trânsito, avaliação do risco de acidentes utilizando auditoria de campo e técnica de conflitos de tráfego, implementação de ações efetivas nos campos de engenharia e esforço legal para reduzir os acidentes, melhoria do transporte público, etc. / This work deals with the subject of traffic safety in the city of São José do Rio Preto. A diagnosis of the current situation, using the composition and structures of the local organs, direct or indirectly involved with the problem; of the treatment given to the traffic safety in the areas of engineering, education and legal effort; from the information obtained in field researches on the traffic of vehicles; and from the data of traffic accidents obtained is done in this work. A plan of actions is also proposed for the increase of the traffic safety in the city, considering several measures involving the following aspects : larger safety in the pedestrians\'circulation, reduction of the speed of circulation of the vehicles, improvement of the traffic signs, promotion of continuous educational campaigns, implementation of specific educational politics for motorcyclists, improvement of the police actions, creation of a specific department of traffic safety in the Traffic and Transports Secretary, utilization of computer for processing the traffic accidents information, evaluation of accidents risk using field audit and traffic conflicts techniques, implementation of effective actions in the fields of engineering and legal effort to reduce the accidents, improvement public transportation, etc. Acidentes de trânsito Avaliação da segurança viária Engenharia de trânsito Road security Road security evaluation Segurança viária Sistemas de transportes Traffic accidents Traffic engineering Transports systems
15	Segurança viária na cidade de São José do Rio Preto / not available Jorge Luís Gomes Chueire 21 January 2005 (has links) Este trabalho trata da questão da segurança viária na cidade de São José do Rio Preto. É feito um diagnóstico da situação atual, à luz da composição e estrutura dos órgãos locais envolvidos, direta ou indiretamente, com o problema; do tratamento dado à segurança viária nas áreas de engenharia, educação e esforço legal; das informações obtidas em pesquisas de campo sobre o tráfego de veículos; e dos dados de acidentes de trânsito obtidos em levantamento efetuados. Também é proposto um plano de ações para o aumento da segurança viária na cidade, contemplando medidas diversas envolvendo os seguintes aspectos: maior segurança na circulação de pedestres, redução da velocidade de circulação dos veículos, melhoria da sinalização de trânsito, promoção de campanhas educativas contínuas, implementação de políticas educativas específicas para motociclistas, aperfeiçoamento da fiscalização, criação de um departamento específico para cuidar da segurança no trânsito dentro da Secretaria de Trânsito e Transportes, informatização dos dados e processamento das informações relativas aos acidentes de trânsito, avaliação do risco de acidentes utilizando auditoria de campo e técnica de conflitos de tráfego, implementação de ações efetivas nos campos de engenharia e esforço legal para reduzir os acidentes, melhoria do transporte público, etc. / This work deals with the subject of traffic safety in the city of São José do Rio Preto. A diagnosis of the current situation, using the composition and structures of the local organs, direct or indirectly involved with the problem; of the treatment given to the traffic safety in the areas of engineering, education and legal effort; from the information obtained in field researches on the traffic of vehicles; and from the data of traffic accidents obtained is done in this work. A plan of actions is also proposed for the increase of the traffic safety in the city, considering several measures involving the following aspects : larger safety in the pedestrians\'circulation, reduction of the speed of circulation of the vehicles, improvement of the traffic signs, promotion of continuous educational campaigns, implementation of specific educational politics for motorcyclists, improvement of the police actions, creation of a specific department of traffic safety in the Traffic and Transports Secretary, utilization of computer for processing the traffic accidents information, evaluation of accidents risk using field audit and traffic conflicts techniques, implementation of effective actions in the fields of engineering and legal effort to reduce the accidents, improvement public transportation, etc. Acidentes de trânsito Avaliação da segurança viária Engenharia de trânsito Segurança viária Sistemas de transportes Road security Road security evaluation Traffic accidents Traffic engineering Transports systems
16	A Quantitative Evaluation Framework for Component Security in Distributed Information Systems / Ett kvantitativt utvärderingsramverk för komponenters säkerhet i distribuerade informationssystem Bond, Anders, Påhlsson, Nils January 2004 (has links) The Heimdal Framework presented in this thesis is a step towards an unambiguous framework that reveals the objective strength and weaknesses of the security of components. It provides a way to combine different aspects affecting the security of components - such as category requirements, implemented security functionality and the environment in which it operates - in a modular way, making each module replaceable in the event that a more accurate module is developed. The environment is assessed and quantified through a methodology presented as a part of the Heimdal Framework. The result of the evaluation is quantitative data, which can be presented with varying degrees of detail, reflecting the needs of the evaluator. The framework is flexible and divides the problem space into smaller, more accomplishable subtasks with the means to focus on specific problems, aspects or system scopes. The evaluation method is focusing on technological components and is based on, but not limited to, the Security Functional Requirements (SFR) of the Common Criteria. Informationsteknik Quantitative Security Evaluation Threat Assessment Distributed Information Systems Common Criteria Evaluation Framework Component Security Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
17	Applications of Artificial Intelligence in Power Systems Rastgoufard, Samin 18 May 2018 (has links) Artificial intelligence tools, which are fast, robust and adaptive can overcome the drawbacks of traditional solutions for several power systems problems. In this work, applications of AI techniques have been studied for solving two important problems in power systems. The first problem is static security evaluation (SSE). The objective of SSE is to identify the contingencies in planning and operations of power systems. Numerical conventional solutions are time-consuming, computationally expensive, and are not suitable for online applications. SSE may be considered as a binary-classification, multi-classification or regression problem. In this work, multi-support vector machine is combined with several evolutionary computation algorithms, including particle swarm optimization (PSO), differential evolution, Ant colony optimization for the continuous domain, and harmony search techniques to solve the SSE. Moreover, support vector regression is combined with modified PSO with a proposed modification on the inertia weight in order to solve the SSE. Also, the correct accuracy of classification, the speed of training, and the final cost of using power equipment heavily depend on the selected input features. In this dissertation, multi-object PSO has been used to solve this problem. Furthermore, a multi-classifier voting scheme is proposed to get the final test output. The classifiers participating in the voting scheme include multi-SVM with different types of kernels and random forests with an adaptive number of trees. In short, the development and performance of different machine learning tools combined with evolutionary computation techniques have been studied to solve the online SSE. The performance of the proposed techniques is tested on several benchmark systems, namely the IEEE 9-bus, 14-bus, 39-bus, 57-bus, 118-bus, and 300-bus power systems. The second problem is the non-convex, nonlinear, and non-differentiable economic dispatch (ED) problem. The purpose of solving the ED is to improve the cost-effectiveness of power generation. To solve ED with multi-fuel options, prohibited operating zones, valve point effect, and transmission line losses, genetic algorithm (GA) variant-based methods, such as breeder GA, fast navigating GA, twin removal GA, kite GA, and United GA are used. The IEEE systems with 6-units, 10-units, and 15-units are used to study the efficiency of the algorithms. Artificial Intelligence and Robotics Electrical and Electronics Power and Energy Theory and Algorithms
18	Enhancing security in distributed systems with trusted computing hardware Reid, Jason Frederick January 2007 (has links) The need to increase the hostile attack resilience of distributed and internet-worked computer systems is critical and pressing. This thesis contributes to concrete improvements in distributed systems trustworthiness through an enhanced understanding of a technical approach known as trusted computing hardware. Because of its physical and logical protection features, trusted computing hardware can reliably enforce a security policy in a threat model where the authorised user is untrusted or when the device is placed in a hostile environment. We present a critical analysis of vulnerabilities in current systems, and argue that current industry-driven trusted computing initiatives will fail in efforts to retrofit security into inherently flawed operating system designs, since there is no substitute for a sound protection architecture grounded in hardware-enforced domain isolation. In doing so we identify the limitations of hardware-based approaches. We argue that the current emphasis of these programs does not give sufficient weight to the role that operating system security plays in overall system security. New processor features that provide hardware support for virtualisation will contribute more to practical security improvement because they will allow multiple operating systems to concurrently share the same processor. New operating systems that implement a sound protection architecture will thus be able to be introduced to support applications with stringent security requirements. These can coexist alongside inherently less secure mainstream operating systems, allowing a gradual migration to less vulnerable alternatives. We examine the effectiveness of the ITSEC and Common Criteria evaluation and certification schemes as a basis for establishing assurance in trusted computing hardware. Based on a survey of smart card certifications, we contend that the practice of artificially limiting the scope of an evaluation in order to gain a higher assurance rating is quite common. Due to a general lack of understanding in the marketplace as to how the schemes work, high evaluation assurance levels are confused with a general notion of 'high security strength'. Vendors invest little effort in correcting the misconception since they benefit from it and this has arguably undermined the value of the whole certification process. We contribute practical techniques for securing personal trusted hardware devices against a type of attack known as a relay attack. Our method is based on a novel application of a phenomenon known as side channel leakage, heretofore considered exclusively as a security vulnerability. We exploit the low latency of side channel information transfer to deliver a communication channel with timing resolution that is fine enough to detect sophisticated relay attacks. We avoid the cost and complexity associated with alternative communication techniques suggested in previous proposals. We also propose the first terrorist attack resistant distance bounding protocol that is efficient enough to be implemented on resource constrained devices. We propose a design for a privacy sensitive electronic cash scheme that leverages the confidentiality and integrity protection features of trusted computing hardware. We specify the command set and message structures and implement these in a prototype that uses Dallas Semiconductor iButtons. We consider the access control requirements for a national scale electronic health records system of the type that Australia is currently developing. We argue that an access control model capable of supporting explicit denial of privileges is required to ensure that consumers maintain their right to grant or withhold consent to disclosure of their sensitive health information in an electronic system. Finding this feature absent in standard role-based access control models, we propose a modification to role-based access control that supports policy constructs of this type. Explicit denial is difficult to enforce in a large scale system without an active central authority but centralisation impacts negatively on system scalability. We show how the unique properties of trusted computing hardware can address this problem. We outline a conceptual architecture for an electronic health records access control system that leverages hardware level CPU virtualisation, trusted platform modules, personal cryptographic tokens and secure coprocessors to implement role based cryptographic access control. We argue that the design delivers important scalability benefits because it enables access control decisions to be made and enforced locally on a user's computing platform in a reliable way. trusted computing trusted computing hardware trusted systems operating system security distributed systems security smart card security evaluation tamper resistance distance bounding protocol side channel leakage electronic cash electronic health records role-based access control
19	Performance Analysis of Security Protocols Donta, Praveen Kumar 01 January 2007 (has links) Security is critical to a wide range of applications and services. Numerous security mechanisms and protocols have been developed and are widely used with today’s Internet. These protocols, which provide secrecy, authentication, and integrity control, are essential to protecting electronic information. There are many types of security protocols and mechanisms, such as symmetric key algorithms, asymmetric key algorithms, message digests, digital certificates, and secure socket layer (SSL) communication. Symmetric and asymmetric key algorithms provide secrecy. Message digests are used for authentication. SSL communication provides a secure connection between two sockets. The purpose of this graduate project was to do performance analysis on various security protocols. These are performance comparisons of symmetric key algorithms DES (Data Encryption Standard), 3DES (Triple DES), AES (Advanced Encryption Standard), and RC4; of public-private key algorithms RSA and ElGamal; of digital certificates using message digests SHA1 (Secure Hash Algorithm) and MD5; and of SSL (Secure Sockets Layer) communication using security algorithms 3DES with SHA1 and RC4 with MD5. UNF University of North Florida School of Computing Computer security -- Evaluation Computer network protocols -- Evaluation Computer Sciences
20	Bezpečnostní metriky platformy SAP / Security Metrics of SAP Platform Třeštíková, Lenka January 2017 (has links) Main goal of this thesis is analyzing potential security risks of the SAP NetWeaver platform and identifying various vulnerabilities, that are results of poor system configuration, incorrect segregation of duties or insufficient patch management. Methodology for platform evaluation is defined by vulnerabilities, security requirements and controls will be created.

Search results