Página 1 dos resultados de 8247 itens digitais encontrados em 0.018 segundos

Regions Security Policy (RSP) : applying regions to network security; RSP : applying regions to network security

Baratz, Joshua W. (Joshua William), 1981-
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 65 p.; 3243771 bytes; 3243575 bytes; application/pdf; application/pdf
ENG
Relevância na Pesquisa
56.24%
The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly.; by Joshua W. Baratz.; Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.; Includes bibliographical references (p. 51-54).

Investigation and development of a hypervisor-based security architecture utilising a state-of-the-art hardware trust anchor

Schramm, Martin
Fonte: University of Limerick Publicador: University of Limerick
Tipo: Master thesis (Research); all_ul_research; ul_published_reviewed; ul_theses_dissertations; none
ENG
Relevância na Pesquisa
56.23%
peer-reviewed; Trusted Computing is a relatively new approach to computer security in which a system should be permanently maintained in a well-defined state - and therefore it will reside in a trustworthy state. The word "trustworthy" in this context means that the system always behaves in a specific way as defined by the platform manufacturer and/or the administrator/owner. A key element of this approach is to employ a security module, which is implemented in hardware, and which is tied to the platform so as to serve as a trust anchor. Based on that ’root of trust’ and other features, an effective security architecture is proposed in this research. Virtualization techniques, which were formerly developed for server consolidation, cost reduction, and conservation of energy are now gaining more and more interest in the field of trusted computing. Virtualization can greatly enhance the security of a system by isolating applications, or even whole operating systems, by splitting the computer system into smaller parts, whose integrity can be more easily assured. This project is concerned with the development of a system that will effectively combine the isolation features of the virtualization schemes with a state-of-the-art hardware security module. This system will provide reliable protection against sophisticated software-based attacks and will withstand elementary hardware-based attacks. The building block approach of this proposed security architecture makes sure that many different application fields can archive a high level of security by combining the appropriate components. The research examines some emerging approaches to computer security and proposes a novel security architecture based on a hardware trust anchor. An experimental system is developed to provide a ’proof-of-concept’ model for evaluation. The target application area for the architecture is the embedded computing space...

Toward a Taxonomy and Costing Method for Security Services

Irvine, Cynthia E.; Levin. Timothy E.
Fonte: Proceedings of the 15th Computer Security Application Conference Publicador: Proceedings of the 15th Computer Security Application Conference
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
56.15%
A wide range of security services may be available to applications in a heterogeneous computer network environment. Resource Management Systems (RMSs) responsible for assigning computing and network resources to tasks need to know the resource-utilization costs associated with the various network security services. In order to understand the range of security services an RMS needs to manage, a preliminary security service taxonomy is defined. The taxonomy is used as a framework for defining the costs associated with network security services.

The Reference Monitor Concept as a Unifying Principle in Computer Security Education

Irvine, Cynthia E.
Fonte: Proceeding IFIP TC11 WC11.8 First World Conference on INFOSEC Education Publicador: Proceeding IFIP TC11 WC11.8 First World Conference on INFOSEC Education
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
56.17%
For over twenty-five years, the Reference Monitor Concept [1] has proved itself to be a useful tool for computer security practitioners. It can also be used as a conceptual tool in computer security education. This paper describes a computer security education program at the Naval Postgraduate School that has used the Reference Monitor concept as a unifying principle for courses, laboratory work, and student research. The intent of the program is to produce graduates who will think critically about the design and implementation of systems intended to enforce security policies.

Monitoring information systems to enforce computer security policies

Graham, Scott W.; Mills, Stephen E.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
EN_US
Relevância na Pesquisa
56.25%
Approved for public release; distribution is unlimited; Many computer security policies are written relatively vaguely. In many ways this is intentional to allow for easier access to all the functionality of the computer network. However, too much leeway allows users, without a need to access many of the network functions, the ability to execute functions that might cause harm to the system or provide access to information they have no need to see. With this in mind, this paper takes a look at computer security. We start with a brief history of computer security and continue with a look at internal security. Since our focus is on computer misuse and detection, a look at internal security provides a look at the reasons why we should attempt to monitor the activities of users. Misuse detection requires at least two features. These are audit reduction and profiling ability. When audit features are enabled in the operating system, massive files can build up. By establishing profiles of personnel usage, the automated audit features can quickly scan audit files, look for usage that falls outside what is determined to be normal, notify administrators, and delete old audit data. A misuse detection system, such as the Computer Misuse Detection System marketed by ODS Networks...

Toward a taxonomy and costing method for security services

Irvine, Cynthia; Levin, Timothy
Fonte: Naval Postgraduate School Publicador: Naval Postgraduate School
Tipo: Relatório
EN_US
Relevância na Pesquisa
56.17%
A wide range of security services may be available to applications in a heterogeneous computer network. Resource Management Systems (RMSs) responsible for assigning computing and network resources to tasks need to know the resource-utilization costs associated with the various network security services. In order to understand the range of security services and RMS needs to manage, a preliminary security service taxonomy is defined. The taxonomy is used as framework for a preliminary method for defining the costs associated with network security services.

Introduction to the Applications of Evolutionary Computation in Computer Security and Cryptography

Isasi, Pedro; Hernández, Julio C.
Fonte: Blackwell Publicador: Blackwell
Tipo: Artigo de Revista Científica Formato: application/pdf
Publicado em /08/2004 ENG
Relevância na Pesquisa
66.15%
Provides information on the applications of evolutionary computation in computer security and cryptography. Main applications of evolutionary computations in cryptology; Achievements of several researchers in the field of artificial intelligence applications to computer security and cryptology; Examples of successful research.

A study of computer security policies for the Indonesian Navy

Herusutopo, Antonius
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: 126 p.
EN_US
Relevância na Pesquisa
76.27%
Approved for public release; distribution is unlimited.; The Indonesian Navy recognized the need for a computer security program over ten years ago. They published their first computer security regulation in 1981. But that regulation is now obsolete because of the advances in technology and the increased availability of powerful computer systems. As computer systems become bigger, more complicated, easier to use, more interconnected, and more important, they become more vulnerable to hackers, terrorist, and disgruntled employees. This thesis demonstrates the need for an updated computer security regulation. To add in meeting that need, the thesis proposes a security program for the Indonesian Navy that is based on the multilevel trusted computer criteria published by the NCSC in the 'Orange Book', the Canadian Trusted Product Evaluation Criteria and ITSEC. The proposed program includes additional regulations concerning physical security, data security, integrity and availability, and recommended trusted evaluation guide; http://archive.org/details/studyofcomputers00heru; Major, Indonesian Navy

Modeling and analyzing intrusion attempts to a computer network operating in a defense-in-depth posture

Givens, Mark Allen
Fonte: Monterey California. Naval Postgraduate School Publicador: Monterey California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xvi, 91 p. : ill. (some col.) ;
Relevância na Pesquisa
56.14%
Approved for public release; distribution is unlimited; In order to ensure the confidentially, integrity, and availability of networked resources operating on the Global Information Grid, the Department of Defense has incorporated a "Defense-in-Depth" posture. This posture includes the use of network security mechanisms and does not rely on a single defense for protection. Firewalls, Intrusion Detection Systems (IDS's), Anti-Virus (AV) software, and routers are such tools used. In recent years, computer security discussion groups have included IDS's as one of their most relevant issues. These systems help identify intruders that exploit vulnerabilities associated with operating systems, application software, and computing hardware. When IDS's are utilized on a host computer or network, there are two primary approaches to detecting and / or preventing attacks. Traditional IDS's, like most AV software, rely on known "signatures" to detect attacks. This thesis will focus on the secondary approach: Anomaly or "behavioral based" IDS's look for abnormal patterns of activity on a network to identify suspicious behavior.; Major, United States Marine Corps

Security aspects of computer supported collaborative work

Haroutunian, George V.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: 79 p.
EN_US
Relevância na Pesquisa
56.14%
Approved for public release; distribution is unlimited; Computer Supported Collaborative Work (CSCW) is a topic of considerable academic inquiry and rapid commercial development. Meeting Room Systems, Conferencing System, Co-authoring and Argumentation Systems, Message Systems and Autonomous Agents which support group collaboration currently exist; however, Department of Defense (DoD) computer security requirements as they impact CSCW system design has received little attention. This thesis describes CSCW systems and relates group dynamic issues to predict the form of the sophisticated CSCW which will probably become commonplace in the future. Next the Trusted Computer security Evaluation criteria (TCSEC) with which all DoD systems must comply are synopsized. An extension of the Bell-LaPadula model underlying the TCSEC requirements is proposed which would allow 'Functionally Trusted CSCW' (FT-CSCW), CSCW which would meet many but not all of the TCSEC requirements. Possible first order (efficiency) effects of FT-CSCW, including the effect of sparse group domains, the breakdown of compartmentation, and organizational stratification are discussed. Second order (social) effects are also discussed, as are possible FT-CSCW problems (unstable group membership...

Assumptions, trust, and names in computer security protocols

Shearer, Charles Dylan
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xii, 71 p. ;
Relevância na Pesquisa
66.11%
Approved for public release; distribution is unlimited.; A major goal of using any security protocol is to create certain beliefs in the participants. A security protocol will use techniques like cryptography to guarantee some things, but it will still require a participant to make assumptions about other things that the protocol cannot guarantee; such assumptions often constitute trust in other participants. In this thesis, we attempt to precisely identify the required assumptions of some example protocols. In the process, we find that we must consider the names that participants use to reason about each other. It turns out that naming is a complex topic with a rich body of philosophical work, and we apply some ideas from this work to the problem of identifying security protocols' required assumptions. Finally, we begin work on a mathematical model of protocols and beliefs to which a formal logic of belief could be applied. The model is left incomplete because of some unresolved problems with modeling belief caused by the design requirement that the model's elements have clear operational meanings. The solution of these problems is left as future work.

Cyberciege scenario illustrating integrity risks to a military like facility

Fielk, Klaus W.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xviii, 106 p. ;
Relevância na Pesquisa
56.17%
Approved for public release; distribution is unlimited.; Note: the appendix file for this item is not available.; As the number of computer users continues to grow, attacks on assets stored on computer devices have increased. Despite an increase in computer security awareness, many users and policy makers still do not implement security principles in their daily lives. Ineffective education and the lack of personal experience and tacit understanding might be a main cause. The CyberCIEGE game can be used to convey requisite facts and to generate tacit understanding of general computer security concepts to a broad audience. This thesis asked if a Scenario Definition File (SDF) for the CyberCIEGE game could be developed to educate and train players in Information Assurance on matters related to information integrity in a networking environment. The primary educational concern is the protection of stored data. Another goal was to test whether the game engine properly simulates real world behavior. The research concluded that it is possible to create SDFs for the CyberCIEGE game engine to teach specifically about integrity issues. Three specific SDFs were developed for teaching purposes. Several SDFs were developed to demonstrate the game engine's ability to simulate real world behavior for specific...

Teaching Objectives of a Simulation Game for Computer Security

Irvine, Cynthia E.; Thompson, Michael
Fonte: Informing Science and Information Technology Joint Conference Publicador: Informing Science and Information Technology Joint Conference
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
66.17%
This paper describes a computer simulation game being developed to teach computer security principles. The player of the game constructs computer networks and makes choices affecting the ability of these networks and the game's virtual users to protect valuable assets from attack by both vandals and well-motivated professionals. The game introduces the player to the need for well formed information security policies, allowing the player to deploy a variety of means to enforce security policies, including authentication, audit and access controls. The game will depict a number of vulnerabilities ranging from trivial passwords to trap doors planted by highly skilled, well-funded adversaries.

Human factors in Coast Guard Computer Security - an analysis of current awareness and potential techniques to improve security program viability

Whalen, Timothy J.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xxi, 106 p. ; 28 cm.
Relevância na Pesquisa
56.15%
The Coast Guard is becoming increasingly reliant upon our nation's information infrastructure. As such, our ability to ensure the security of those systems is also increasing in import. Traditional information security measures tend to be system-oriented and often fail to address the human element that is critical to system success. In order to ensure information system security, both system and human factors requirements must be addressed. This thesis attempts to identify both the susceptibility of Coast Guard information systems to human factors-based security risks and possible means for increasing user awareness of those risks. This research is meant to aid the Coast Guard in continuing to capitalize on emerging technologies while simultaneously providing a secure information systems environment.; US Coast Guard (USCG) author

Servicios de seguridad informática ofrecidos por parte de las empresas de seguridad privada en Colombia; Computer security services offered by private security firms in Colombia

Duarte García, Hector Leónidas; Ferrer, Luis Gabriel
Fonte: Universidad Militar Nueva Granada; Facultad de Relaciones Internacionales, Estrategia y Seguridad; Especialización en Administración de Seguridad Publicador: Universidad Militar Nueva Granada; Facultad de Relaciones Internacionales, Estrategia y Seguridad; Especialización en Administración de Seguridad
Tipo: bachelorThesis; Trabajo de grado Formato: pdf; pdf
SPA
Relevância na Pesquisa
56.12%
Las empresas de vigilancia en Colombia han ampliado el portafolio de servicios desde la seguridad a personas, a instalaciones hasta el monitoreo centralizado de edificios, fabricas, bodegas entre otros empleando Circuitos Cerrados de Televisión (CCTV), cubriendo las necesidades del mercado y respaldando las operaciones con la implementación de avances tecnológicos; hoy en día se ha creado una nueva necesidad, seguridad de la información, la cual se ha convertido en un nicho de mercado muy poco explorado por las empresas de seguridad privada, y considerando los requerimientos de los estándares de la NTC/ISO 27001, marcos de referencia COBIT 5, y los avances realizados por estas empresas en aspectos como el diseño, implementación, seguimiento y monitoreo de Políticas de Seguridad, Organización Interna en temas de Seguridad Física, Gestión de Activos, Gestión del Talento Humano, Control de Acceso, Gestión de Incidentes en la Seguridad y cumplimiento de la normatividad vigente para el mercado.; Supervisory companies in Colombia have expanded the portfolio of services from security to people, facilities to centralized monitoring of buildings, factories, warehouses and others using Closed Circuit Television (CCTV), covering market needs and supporting operations with the implementation of technological advances; today it has created a new need...

Design principles and patterns for computer systems that are simultaneously secure and usable

Garfinkel, Simson
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 472 p.; 29543936 bytes; 31405031 bytes; application/pdf; application/pdf
ENG
Relevância na Pesquisa
56.14%
It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications. Specific design principles and patterns are presented that can accomplish this goal. Patterns are presented that minimize the release of confidential information through remnant and remanent data left on hard drives, in web browsers, and in documents. These patterns are based on a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of information leakage in documents. Patterns are presented that enable secure messaging through the adoption of new key management techniques. These patterns are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals. Patterns are presented for promoting secure operation and for reducing the danger of covert monitoring. These patterns are supported by the literature review and an analysis of current systems.; (cont.) In every case considered...

STP/HAMPI and Computer Security

Ganesh, Vijay
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 12/04/2012
Relevância na Pesquisa
56.15%
In the past several years I have written two SMT solvers called STP and HAMPI that have found widespread use in computer security research by leading groups in academia, industry and the government. In this brief note I summarize the features of STP/HAMPI that make them particularly suited for computer security research, and a listing of some of the more important projects that use them.

What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory

Swire, Peter P.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 24/09/2001
Relevância na Pesquisa
56.3%
"What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory" Peter P. Swire, George Washington University. Imagine a military base. It is defended against possible attack. Do we expect the base to reveal the location of booby traps and other defenses? No. But for many computer applications,a software developer will need to reveal a great deal about the code to get other system owners to trust the code and know how to operate with it. This article examines these conflicting intuitions and develops a theory about what should be open and hidden in computer security. Part I of the paper shows how substantial openness is typical for major computer security topics, such as firewalls, packaged software, and encryption. Part II shows what factors will lead to openness or hiddenness in computer security. Part III presents an economic analysis of the issue of what should be open in computer security. The owner who does not reveal the booby traps is like a monopolist, while the open-source software supplier is in a competitive market. This economic approach allows us to identify possible market failures in how much openness occurs for computer security. Part IV examines the contrasting approaches of Sun Tzu and Clausewitz to the role of hiddenness and deception in military strategy. The computer security...

Computer Security: Competing Concepts

Nissenbaum, Helen; Friedman, Batya; Felten, Edward
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
56.33%
This paper focuses on a tension we discovered in the philosophical part of our multidisciplinary project on values in web-browser security. Our project draws on the methods and perspectives of empirical social science, computer science, and philosophy to identify values embodied in existing web-browser security and also to prescribe changes to existing systems (in particular, Mozilla) so that values relevant to web-browser systems are better served than presently they are. The tension, which we had not seen explicitly addressed in any other work on computer security, emerged when we set out to extract from the concept of security the set values that ought to guide the shape of web-browser security. We found it impossible to construct an internally consistent set of values until we realized that two robust -- and in places competing -- conceptions of computer security were influencing our thinking. We needed to pry these apart and make a primary commitment to one. One conception of computer security invokes the ordinary meaning of security. According to it, computer security should protect people -- computer users -- against dangers, harms, and threats. Clearly this ordinary conception of security is already informing much of the work and rhetoric surrounding computer security. But another...

Distributed virtual environment scalability and security

Miller, John
Fonte: University of Cambridge; Faculty of Computer Science and Technology; Computer Laboratory; Microsoft Research Cambridge Publicador: University of Cambridge; Faculty of Computer Science and Technology; Computer Laboratory; Microsoft Research Cambridge
Tipo: Thesis; doctoral; PhD
EN
Relevância na Pesquisa
56.19%
Distributed virtual environments (DVEs) have been an active area of research and engineering for more than 20 years. The most widely deployed DVEs are network games such as Quake, Halo, and World of Warcraft (WoW), with millions of users and billions of dollars in annual revenue. Deployed DVEs remain expensive centralized implementations despite significant research outlining ways to distribute DVE workloads. This dissertation shows previous DVE research evaluations are inconsistent with deployed DVE needs. Assumptions about avatar movement and proximity - fundamental scale factors - do not match WoW?s workload, and likely the workload of other deployed DVEs. Alternate workload models are explored and preliminary conclusions presented. Using realistic workloads it is shown that a fully decentralized DVE cannot be deployed to today?s consumers, regardless of its overhead. Residential broadband speeds are improving, and this limitation will eventually disappear. When it does, appropriate security mechanisms will be a fundamental requirement for technology adoption. A trusted auditing system (?Carbon?) is presented which has good security, scalability, and resource characteristics for decentralized DVEs. When performing exhaustive auditing...