Página 1 dos resultados de 2064 itens digitais encontrados em 0.138 segundos

Regions Security Policy (RSP) : applying regions to network security; RSP : applying regions to network security

Baratz, Joshua W. (Joshua William), 1981-
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 65 p.; 3243771 bytes; 3243575 bytes; application/pdf; application/pdf
ENG
Relevância na Pesquisa
75.6%
The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly.; by Joshua W. Baratz.; Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.; Includes bibliographical references (p. 51-54).

Dynamic security for medical record sharing

Cody, Patrick M. (Patrick Michael), 1980-
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 53 p.; 3234030 bytes; 3238342 bytes; application/pdf; application/pdf
EN_US
Relevância na Pesquisa
75.53%
Information routinely collected by health care organizations is used by researchers to analyze the causes of illness and evaluate the effectiveness of potential cures. Medical information sharing systems are built to encourage hospitals to contribute patient data for use in clinical studies. These organizations possess a wide variety of environments and risk assessments, and require sufficient assurances of patient privacy. This thesis introduces mechanisms to dynamically generate an applicable security policy for medical information sharing systems. We present implementation-independent mechanisms that are capable of interoperating with different security settings at different sites to produce security configurations with significantly different characteristics and vulnerabilities. We also present a rules-based agent to assist in the selection process. This approach gives maximum freedom to generate the appropriate system according to the tradeoffs between cost, patient privacy, and data accessibility.; by Patrick M. Cody.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2003.; Includes bibliographical references (p. 52-53).

Enhancing availability and security through boundless memory blocks

Cadar, Cristian
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 52 leaves; 2070965 bytes; 2071920 bytes; application/pdf; application/pdf
ENG
Relevância na Pesquisa
85.51%
We present a new technique, boundless memory blocks, that automatically eliminates buffer overflow errors, enabling programs to continue to execute through memory errors without memory corruption. Buffer overflow vulnerabilities are caused by programming errors that allow an attacker to cause the program to write beyond the bounds of an allocated memory block to corrupt other data structures. The standard way to exploit a buffer overflow vulnerability involves a request that is too large for the buffer intended to hold it. The buffer overflow error causes the program to write part of the request beyond the bounds of the buffer, corrupting the address space of the program and causing the program to execute injected code contained in the request. Our boundless memory blocks compiler inserts checks that dynamically detect all out of bounds accesses. When it detects an out of bounds write, it stores the value away in a hash. Our compiler can then return the stored value as the result of an out of bounds read to that address. In the case of uninitialized addresses, our compiler simply returns a predefined value. We have acquired several widely used open source applications (Apache, Sendmail, Pine, Mutt, and Midnight Commander). With standard compilers...

Mandatory security and performance of services in Asbestos

Ziegler, David Patrick
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 66 p.; 2890479 bytes; 2893146 bytes; application/pdf; application/pdf
ENG
Relevância na Pesquisa
75.51%
This thesis presents the design and implementation for several system services, including network access and database storage, on a new operating system design, Asbestos. Using the security mechanism provided by Asbestos, Asbestos labels, these services are used to support the construction of secure Web applications. The network and database services serve as the foundation for a Web server that supports mandatory security policies, such that even a compromised Web application cannot improperly disclose private data. The methods used in this thesis allow Web application developers to be freed from worries about flawed applications, if developers are willing to place trust in the underlying services used.; by David Patrick Ziegler.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.; Includes bibliographical references (p. 61-66).

Modeling and assessing secure Voice over IP performance; Performance of Voice-Over Internet Protocol in airborne networks

Zue, Cory L
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 106 p.; 9454143 bytes; 9458539 bytes; application/pdf; application/pdf
ENG
Relevância na Pesquisa
75.51%
Voice over Internet Protocol (VoIP) systems enable efficient communications over data networks, but security of VoIP and the impact of that security on communications quality has not been quantitatively modeled. A conversational model is adapted for VoIP and a computational model of communication quality - the Z-Model - is developed. VolIP conversations are simulated for networks with a range of performance characteristics including differing bandwidth, latency and bit error rates to evaluate the impact of security on communication quality. Results show that improving conficlentiality via encryption of conversation data packets does not introduce significant delays, but does increase bandwidth. In certain restricted-bandwidth environments this results in dramatic reductions of perceived conversation quality.; by Cory L. Zue.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.; Includes bibliographical references (p. 102-106).

Asbestos : operating system security for mobile devices; Operating system security for mobile devices

Stevenson, Martijn
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 78 p.
ENG
Relevância na Pesquisa
75.5%
This thesis presents the design and implementation of a port of the Asbestos operating system to the ARM processor. The port to the ARM allows Asbestos to run on mobile devices such as cell phones and personal digital assistants. These mobile, wireless-enabled devices are at risk for data attacks because they store private data but often roam in public networks. The Asbestos operating system is designed to prevent disclosure of such data. The port includes a file system and a network driver, which together enable future development of Asbestos applications on the ARM platform. This thesis evaluates the port with a performance comparison between Asbestos running on an HP iPAQ hand held computer and the original x86 Asbestos.; by Martijn Stevenson.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.; Includes bibliographical references (p. 75-78).

CargoNet : micropower sensate tags for supply-chain management and security; Micropower sensate tags for supply-chain management and security

Malinowski, Mateusz Ksawery
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 113 p.
ENG
Relevância na Pesquisa
85.51%
This thesis describes the development of a system of sensate active RFID tags for supply-chain management and security applications, necessitated by the current lack of commercial platforms capable of monitoring the state of shipments at the crate and case level. To make a practical prototype, off-the-shelf components and custom-designed circuits that minimize power consumption and cost were assembled and integrated into an interrupt-driven, quasi-passive system that can monitor, log, and report environmental conditions inside a shipping crate while consuming only 23.7 microwatts of average power. To prove the feasibility of the system, the tags were tested in the laboratory and aboard transport conveyances.; by Mateusz Ksawery Malinowski.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.; Includes bibliographical references (p. 109-113).

IntuiSec : a framework for intuitive user interaction with security in the smart home; Framework for intuitive user interaction with security in the smart home

Shakhshir, Saad Zafer
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 104 p.
ENG
Relevância na Pesquisa
75.56%
This thesis presents IntuiSec, a framework for intuitive user interaction with Smart Home security. The design approach of IntuiSec is to introduce a layer of indirection between user-level intent and the system-level security infrastructure. This layer is implemented by a collection of distributed middleware and user-level tools. It encapsulates system-level security events and exposes only concepts and real-world metaphors that are intuitive to non-expert users. It also translates user intent to the appropriate system-level security actions. The IntuiSec framework presents the user with intuitive steps for setting up a secure home network, establishing trusted relationships between devices, and granting temporal, selective access for both home occupants and visitors to devices within the home. The middleware exposes APIs that allow other applications to present the user with meaningful visualizations of security-related parameters and concepts. I present the IntuiSec system design and an example proof-of-concept implementation, which demonstrates the user experience and provides more insight into the framework.; by Saad Safer Shakhshir.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science...

Security proofs for the MD6 hash function mode of operation

Crutchfield, Christopher Yale
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 84 p.
ENG
Relevância na Pesquisa
75.51%
In recent years there have been a series of serious and alarming cryptanalytic attacks on several commonly-used hash functions, such as MD4, MD5, SHA-0, and SHA1 [13, 38]. These culminated with the celebrated work of Wang, Yin, and Yu from 2005, which demonstrated relatively efficient methods for finding collisions in the SHA-1 hash function [37]. Although there are several cryptographic hash functions - such as the SHA-2 family [28] - that have not yet succumbed to such attacks, the U.S. National Institute of Standards and Technology (NIST) put out a call in 2007 for candidate proposals for a new cryptographic hash function family, to be dubbed SHA-3 [29]. Hash functions are algorithms for converting an arbitrarily large input into a fixed-length message digest. They are typically composed of a compression function or block cipher that operate on fixed-length pieces of the input and a mode of operation that governs how apply the compression function or block cipher repeatedly on these pieces in order to allow for arbitrary-length inputs. Cryptographic hash functions are furthermore required to have several important and stringent security properties including (but not limited to) first-preimage resistance, second-preimage resistance...

POSH : a generalized CAPTCHA with security applications; Generalized CAPTCHA with security applications

Daher, Waseem S. (Waseem Sebastian)
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 53 p.
ENG
Relevância na Pesquisa
75.51%
A puzzle only solvable by humans, or POSH, is a prompt or question with three important properties: it can be generated by a computer, it can be answered consistently by a human, and a human answer cannot be efficiently predicted by a computer. In fact, a POSH does not necessarily have to be verifiable by a computer at all. One application of POSHes is a scheme proposed by Canetti et al. that limits on-line dictionary attacks against password-protected local storage, without the use of any secure hardware or secret storage. We explore the area of POSHes, implement several candidate POSHes and have users solve them, to evaluate their effectiveness. Given these data, we then implement the above scheme as an extension to the Mozilla Firefox web browser, where it is used to protect user certificates and saved passwords. In the course of doing so, we also define certain aspects of the threat model for our implementation (and the scheme) more precisely.; by Waseem S. Daher.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2008.; This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.; Includes bibliographical references (p. 51-53).

Use of Evaluation Criteria in Security Education

Nguyen, Thuy D.; Irvine, Cynthia E.
Fonte: International Conference on Information Warfare and Security (ICIW 2008), April 2008, Omaha, Nebraska, USA Publicador: International Conference on Information Warfare and Security (ICIW 2008), April 2008, Omaha, Nebraska, USA
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
75.55%
Success in information warfare will depend on resilient, reconstitutable cyber assets and the ability to assess and respond to attacks. A cornerstone of this success will be the ability of Information Assurance professionals to develop sound security requirements and determine the suitability of evaluated security products for mission-specific systems. Recognizing the pedagogical value of applying security evaluation criteria such as the Common Criteria (CC) to information security education, we recently introduced a graduate-level Computer Science course focusing on methodical security requirements engineering based on the CC. This course aims to provide students with an understanding of how security evaluation criteria can be used to specify system security objectives, derive security requirements from security objectives, establish life cycle and development processes, and provide an organizational framework for research and development. Although imperfect, the paradigmatic process of the CC provides a usable framework for in-depth study of various tasks relating to system requirements derivation and verification activities: system requirements elicitation, threat analysis, security objectives definition and security requirements expression. In-class discussions address fundamental security design principles and disciplines for information and software assurance (e.g....

Security for Classroom Learning Partner; Security for CLP

Iancu, Karin
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 44 p.
ENG
Relevância na Pesquisa
75.55%
This MENG thesis implements a security system for a classroom presentation system called the Classroom Learning Partner (CLP). The goal of the security system is to prevent cheating on electronic quizzes. CLP is a system that uses Tablet PCs in the classroom to enhance learning and encourage interaction between the instructor and students. The instructor creates exercises which are displayed on slides on the students' Tablet PCs. The students complete the exercises and submit them to the instructor and to a central database. The security implementation makes it possible to extend this framework for electronic quiz administration. This thesis discusses current cheating prevention methodologies and extends them to account for electronic quiz-taking scenarios. The basis of the security system is SQL Server authentication for authentication to a central database, and SSL for encryption of network traffic.; by Karin Iancu.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.; Includes bibliographical references (p. 43-44).

Steganography and collusion in cryptographic protocols

Lepinski, Matthew (Matthew Baker), 1978-
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 62 leaves
ENG
Relevância na Pesquisa
75.53%
Steganography, the hiding of covert messages inside innocuous communication, is an active area of cryptographic research. Recent research has shown that provably undetectable steganography is possible in a wide variety of settings. We believe that the existence of such undetectable steganography will have far reaching implications. In this thesis, we investigate the impact of steganography on the design of cryptographic protocols. In particular, we show that that all existing cryptographic protocols allow malicious players to collude and coordinate their actions by steganographicly hiding covert messages inside legitimate protocol traffic. Such collusion is devastating in many settings, and thus we argue that it's elimination is an important direction for cryptographic research. Defeating such steganographic collusion requires not only new cryptographic protocols, but also a new notion of protocol security. Traditional notions of protocol security attempt to minimize the injuries to privacy and correctness inflicted by malicious participants who collude during run-time. They do not, however, prevent malicious parties from colluding and coordinating their actions in the first place! We therefore put forward the notion of a collusion-free protocol which guarantees that no set of players can use the protocol to maliciously coordinate their actions.; (cont.) As should be expected...

Automated analysis of security APIs; Automated analysis of security Application Programming Interfaces

Lin, Amerson H
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 124 p.; 5465732 bytes; 5471913 bytes; application/pdf; application/pdf
ENG
Relevância na Pesquisa
75.55%
Attacks on security systems within the past decade have revealed that security Application Programming Interfaces (APIs) expose a large and real attack surface but remain to be a relatively unexplored problem. In 2000, Bond et al. discovered API- chaining and type-confusion attacks on hardware security modules used in large banking systems. While these first attacks were found through human inspection of the API specifications, we take the approach of modeling these APIs formally and using an automated-reasoning tool to discover attacks. In particular, we discuss the techniques we used to model the Trusted Platform Module (TPM) v1.2 API and how we used OTTER, a theorem-prover, and ALLOY, a model-finder, to find both API- chaining attacks and to manage API complexity. Using ALLOY, we also developed techniques to capture attacks that weaken, but not fully compromise, a system's security. Finally, we demonstrate a number of real and "near-miss" vulnerabilities that were discovered against the TPM.; by Amerson H. Lin.; Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.; Includes bibliographical references (p. 123-124).

Recognition of 3D compressed images and its traffic monitoring applications; Recognition of three-dimensional compressed images and its traffic monitoring applications

Love, Nicole S. (Nicole Sharlene)
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 139 leaves; 6480315 bytes; 6498727 bytes; application/pdf; application/pdf
ENG
Relevância na Pesquisa
75.51%
The need for improved security requires the development of better monitoring systems. These systems must manage large numbers of images sent over communication networks. For example, a high transmission load results when security cameras continuously transmit images. Operators are bored and fatigued from viewing cycled images on a few monitors. In this thesis, we present a smart camera network that reduces transmission load and provides operators with relevant images. A smart camera is capable of compressing and processing images. Our 3D compression method (based on Mizuki's 2D method) retains features (contour, color, depth, and motion) that form the basis of object detection. The compressed image is used directly in segmentation. To reduce transmission loads, we use mobile agents to filter the network. Mobile agents are dispatched to smart cameras with user defined goals that conditionally allow image transmission. For traffic monitoring, smart cameras determine traffic flow and accidents. Mobile agents send images or information based on image content. The contribution of this work is the 3D compression method designed for processing compressed image data and the design of a system to improve camera centered networks using smart cameras and mobile agents. Our system can be used in security systems...

Design principles and patterns for computer systems that are simultaneously secure and usable

Garfinkel, Simson
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 472 p.; 29543936 bytes; 31405031 bytes; application/pdf; application/pdf
ENG
Relevância na Pesquisa
75.55%
It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications. Specific design principles and patterns are presented that can accomplish this goal. Patterns are presented that minimize the release of confidential information through remnant and remanent data left on hard drives, in web browsers, and in documents. These patterns are based on a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of information leakage in documents. Patterns are presented that enable secure messaging through the adoption of new key management techniques. These patterns are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals. Patterns are presented for promoting secure operation and for reducing the danger of covert monitoring. These patterns are supported by the literature review and an analysis of current systems.; (cont.) In every case considered...

Response to The Department of the Prime Minister and Cabinet's discussion paper "Connecting with Confidence"

Australian Computer Society; Argy, Philip; Caelli, William J. (Bill); Choo, Raymond; Clarke, Roger; Harvey, Rick; Koulakis, George; Overmars, Anthony; Stewart-Rattray, Jo; Redman, Adam; Skeivys, Rimas; Valli, Craig; Varadharajan, Vijay; Warren, Matthew; W
Fonte: Australian Computer Society; https://www.acs.org.au/ Publicador: Australian Computer Society; https://www.acs.org.au/
Tipo: Working/Technical Paper; Working/Technical Paper Formato: 14 pages
Relevância na Pesquisa
85.47%
The ACS has prepared this response to the discussion paper to assist with the design of the cyber whitepaper expected in 2012. The ACS also welcomes the opportunity to promote discussion and support of our digital economy to position Australia for the future. Drawing from its membership of ICT professionals, and academics - particularly in areas of cyber resilience and security - the ACS established a Cyber Taskforce for this purpose. The ACS recommends: greater focus on education - noting that ICT education in primary and secondary schooling is essential - to developing ICT skills of the future and that school level educational activity forms the base on which appropriate tertiary level education programs can function for the education and training of ICT professionals; greater assistance to small and medium sized business as this is the engine room of the Australian economy; policy coordination on trusted identities; better coordination of cyber related education and research; providing consumers and businesses with resources directed to the everyday real-life challenges they face; global Internet governance changes designed to underpin and deliver trustworthy people, processes and systems including, where appropriate, a legislated mandatory baseline of trustworthiness attributes analogous to the non-excludable warranties implied in consumer contacts.

Exploration of the Gap Between Computer Science Curriculum and Industrial I.T Skills Requirements

Ayofe, Azeez Nureni; Ajetola, Azeez Raheem
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 29/08/2009
Relevância na Pesquisa
85.45%
This paper sets out to examine the skills gaps between the industrial application of Information Technology and university academic programmes (curriculum). It looks at some of the causes, and considers the probable solutions for bridging the gap between them and suggests the possibilities of exploring a new role for our universities and employers of labor. It also highlights strategies to abolish the misalignment between university and industry. The main concept is to blend the academic rigidity with the industrial relevance.; Comment: 10 pages IEEE Format, International Journal of Computer Science and Information Security, IJCSIS 2009, ISSN 1947 5500, Impact factor 0.423, http://sites.google.com/site/ijcsis/

Application and network layers design for wireless sensor network to supervise chemical active product warehouse

Zouinkhi, Ahmed; Mekki, Kais; Abdelkrim, Mohamed Naceur
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 06/01/2015
Relevância na Pesquisa
75.5%
Wireless sensor networks have profound effects on many application fields like security management which need an immediate and fast system reaction. Indeed, the monitoring of a dangerous product warehouse is a major issue in chemical industry field. This paper describes the design of chemical warehouse security system using the concept of active products and wireless sensor networks. A security application layer is developed to supervise and exchange messages between nodes and the control center to prevent industrial accident. Different security rules are proposed on this layer to monitor the internal state and incompatible products distance. If a critical event is detected, the application generates alert message which need a short end to end delay and low packet loss rate constraints by network layer. Thus, a QoS routing protocol is also developed in the network layer. The proposed solution is implemented in Castalia/OMNeT++ simulator. Simulation results show that the system reacts perfectly for critical event and can meet the QoS constraints of alert message.; Comment: 20 pages in International Journal of Computer Science, Engineering and Applications (IJCSEA), Vol.4, No.6, December 2014, pp. 53-72

An Approach to Provide Security in Mobile Ad-Hoc Networks Using Counter Mode of Encryption on Mac Layer

Kumar, Gulshan; Rai, Mritunjay
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 15/10/2011
Relevância na Pesquisa
75.52%
Security in any of the networks became an important issue in this paper we have implemented a security mechanism on Medium Access Control layer by Assured Neighbor based Security Protocol to provide authentication and confidentiality of packets along with High speed transmission for Ad hoc networks. Here we have divided the protocol into two different parts. The first part deals with Routing layer information; in this part we have tried to implement a possible strategy for detecting and isolating the malicious nodes. A trust counter for each node is determined which can be actively increased and decreased depending upon the trust value for the purpose of forwarding the packets from source node to destination node with the help of intermediate nodes. A threshold level is also predetermined to detect the malicious nodes. If the value of the node in trust counter is less than the threshold value then the node is denoted 'malicious'. The second part of our protocol deals with the security in the link layer. For this security reason we have used CTR (Counter) approach for authentication and encryption. We have simulated all our strategies and schemes in NS-2, the result of which gives a conclusion that our proposed protocol i.e. Assured Neighbor based Security Protocol can perform high packet delivery against various intruders and also packet delivery ratio against mobility with low delays and low overheads.; Comment: 11 pages...