Página 1 dos resultados de 157 itens digitais encontrados em 0.027 segundos

MOS - Modelo Ontológico de Segurança para negociação de política de controle de acesso em multidomínios. ; MOS - Ontological Security Model for access control policy negotiation in multi-domains.

Venturini, Yeda Regina
Fonte: Biblioteca Digitais de Teses e Dissertações da USP Publicador: Biblioteca Digitais de Teses e Dissertações da USP
Tipo: Tese de Doutorado Formato: application/pdf
Publicado em 07/07/2006 PT
Relevância na Pesquisa
46.11%
A evolução nas tecnologias de redes e o crescente número de dispositivos fixos e portáteis pertencentes a um usuário, os quais compartilham recursos entre si, introduziram novos conceitos e desafios na área de redes e segurança da informação. Esta nova realidade estimulou o desenvolvimento de um projeto para viabilizar a formação de domínios de segurança pessoais e permitir a associação segura entre estes domínios, formando um multidomínio. A formação de multidomínios introduziu novos desafios quanto à definição da política de segurança para o controle de acesso, pois é composto por ambientes administrativos distintos que precisam compartilhar seus recursos para a realização de trabalho colaborativo. Este trabalho apresenta os principais conceitos envolvidos na formação de domínio de segurança pessoal e multidomínios, e propõe um modelo de segurança para viabilizar a negociação e composição dinâmica da política de segurança para o controle de acesso nestes ambientes. O modelo proposto é chamado de Modelo Ontológico de Segurança (MOS). O MOS é um modelo de controle de acesso baseado em papéis, cujos elementos são definidos por ontologia. A ontologia define uma linguagem semântica comum e padronizada...

Engineering security methodologies for distributed systems.

Uzunov, Anton Victor
Fonte: Universidade de Adelaide Publicador: Universidade de Adelaide
Tipo: Tese de Doutorado
Publicado em //2014
Relevância na Pesquisa
35.82%
Over the last decade, researchers and practitioners have increasingly come to acknowledge that the introduction of security into software systems – especially complex, distributed systems – should proceed by means of a structured, systematic approach, combining principles from both software and security engineering. Such systematic approaches, particularly those implying some sort of process aligned with the development life-cycle, are termed security methodologies. While there are numerous methodologies in the literature, each with its own peculiar advantages and disadvantages, making it more or less suitable for a given set of project situations, none can lay claim to being universal, i.e. able to take into account all system-specific attributes, all technologies, all skill levels, and – in general – to be applicable to all project situations. In other words, the literature does not currently present developers with an “ideal” methodology (in an absolute sense); and, indeed, such a requirement would be infeasible, since “ideal” must necessarily be interpreted with respect to a given situation – encompassing system types, technologies, skillsets and whatever other qualities are seen as desirable. The problem facing the area is thus not so much the construction of “bigger and better” methodologies with novel or interesting features – i.e. (unattainably) ideal methodologies in an absolute sense – but the construction of (attainably) ideal methodologies for particular project situations. This thesis proposes a comprehensive solution to the latter problem by developing a conceptual “toolkit” for engineering security methodologies...

A security domain model for implementing trusted subject behaviors

Shaffer, Alan B.; Irvine, Cynthia E.; Levin, Timothy E.; Auguston, Mikhail
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Relatório
Relevância na Pesquisa
65.89%
Within a multilevel secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control (MAC) policy enforcement mechanisms. These subjects are trusted not to conduct malicious activity or degrade system security. We present a formal definition for trusted subject behaviors, which depends upon a representation of information flow and control dependencies generated during a program execution. We describe a security Domain Model (DM) designed in the Alloy specification language for conducting static analysis of programs to identify illicit information flows, access control flaws and covert channel vulnerabilities. The DM is compiled from a representation of a target program, written in an intermediate Implementation Modeling Language (IML), and a specification of the security policy written in Alloy. The Alloy Analyzer tool is used to perform static analysis of the DM to detect potential security policy violations in the target program. In particular, since the operating system upon which the trusted subject runs has limited ability to control its actions, static analysis of trusted subject operations can contribute to the security of the system.

360 degree port MDA - a strategy to improve port security

Leary, Timothy P.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Relevância na Pesquisa
35.78%
CHDS State/Local; Our national security and prosperity depend in part on secure and competitive ports. Effective public and private sector collaboration is needed in a world with myriad security challenges and fierce global competition. Although steps have been taken in the years since 9/11 to realize these twin goals, much more needs to be done. The current maritime domain awareness (MDA) paradigm needs to be expanded to provide comprehensive awareness of intermodal operations in our ports. An effective Open Source Intelligence (OSINT) program that succeeds in leveraging intermodal data is fundamental to better port-level MDA. Developing effective port level MDA and using it to enhance the security of our ports relies on the effective organization of public and private sector resources. The joint operations centers called for in the SAFE Port Act, once broadened to include key intermodal players, provide an excellent organizational model to pursue enhanced port security.

An application of Alloy to static analysis for secure information flow and verification of software systems

Shaffer, Alan B.
Fonte: Monterey, California. Naval Postgraduate School, 2008. Publicador: Monterey, California. Naval Postgraduate School, 2008.
Relevância na Pesquisa
35.84%
Within a multilevel secure (MLS) system, flaws in design and implementation can result in overt and covert channels, both of which may be exploited by malicious software to cause unauthorized information flows. To address this problem, the use of control dependency tracing has been explored to present a precise, formal definition for information flow. This work describes a security Domain Model (DM), designed in the Alloy formal specification language, for conducting static analysis of programs to identify illicit information flows, such as control dependency flaws and covert channel vulnerabilities. The model includes a formal definition for trusted subjects, which are granted extraordinary privileges to perform system operations that require relaxation of the mandatory access control (MAC) policy mechanisms imposed on normal subjects, but are trusted to behave benignly and not to degrade system security. The DM defines the concepts of program state, information flow and security policy rules, and specifies the behavior of a target program. The DM is compiled from a representation of the target program, written in a specialized Implementation Modeling Language (IML), and a specification of the security policy written in the Alloy language. The Alloy Analyzer tool is used to perform static analysis of the DM to detect potential security policy violations in the target program. This approach demonstrates that it is possible to establish a framework for formally representing a program implementation and for formalizing the security rules defined by a security policy...

SITREP: The NPS Maritime Defense and Security Research Program Newsletter ; v. 41 (October-December 2009)

Fonte: Naval Postgraduate School (U.S.). Maritime Defense and Security Research Program Publicador: Naval Postgraduate School (U.S.). Maritime Defense and Security Research Program
Tipo: Periódico
Relevância na Pesquisa
45.78%
This issue of The Naval Postgraduate School (NPS) Maritime Domain Protection Newsletter covers topics such as interagency information sharing economics, information education, and a research highlight on Maritime Domain Awareness (MDA) and the Maritime Information Exchange Model (MIEM).

SITREP: The NPS Maritime Defense and Security Research Program Newsletter ; v. 40 (July-September 2009)

Fonte: Naval Postgraduate School (U.S.). Maritime Defense and Security Research Program Publicador: Naval Postgraduate School (U.S.). Maritime Defense and Security Research Program
Tipo: Periódico
Relevância na Pesquisa
45.78%
This issue of The NPS Maritime Domain Protection Newsletter covers topics such as interagency information sharing economics, information education, and a research highlight on Maritime Domain Awareness (MDA) and the Maritime Information Exchange Model (MIEM).

Introduction of First Passage Time (FPT) Analysis for Software Reliability and Network Security

Ma, Zhanshan (Sam); Krings, Axel W.; Millar, Richard C.
Fonte: Escola de Pós-Graduação Naval Publicador: Escola de Pós-Graduação Naval
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
35.78%
The Fifth CSIIRW '2009, April 13-15, Oak Ridge National Lab, Oak Ridge, Tennessee, USA. Includes a powerpoint presentation.; The study of the First Passage Time (FPT) problem (also known as first passage problem, FPP) started more than a century ago, but its diverse applications in science and engineering mostly emerged in the last two to three decades. Assuming that X(t) is a one-dimensional stochastic process, the First Passage Time is defined as the time (T) when X(t) first crosses a threshold. Engineering reliability is obviously a suitable application domain, and indeed applications such as optimal dam design in hydrology and analysis of structural failure in civil and mechanical engineering are typical examples. Although we envision that the FPT problem has great potential in network and software reliability, it should be more useful for network security and survivability because the approaches developed for the FPT problem are mostly analytical. The assumption for this inference is that in reliability analysis, experimental or historical data are often more readily available, which makes statistical approaches such as survival analysis more convenient and likely more realistic. In contrast, data is generally more difficult to obtain in security and survivability analyses...

Improving the security of the U.S. Aeronautical Domain : adopting an intelligence-led, risk-based strategy and partnership

Williams, David S.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xx, 127 p. : ill. ;
Relevância na Pesquisa
35.91%
CHDS State/Local; Approved for public release; distribution is unlimited; Nine years after the 9/11 attacks--and despite the passage of federal legislation, the creation of a U.S. Department of Homeland Security and the appropriation of billions of dollars for this nation's security--the National Aeronautical Domain (NAD) is still vulnerable to exploitation and attack. Indeed, as has been evidenced time and again since September 11, 2001, ideologically-driven actors remain committed to exploiting the residual weaknesses of the U.S. aviation security apparatus. This thesis examines three critical areas within the U.S. aviation security system and concludes that, in order to effectively and efficiently reduce the nation's exposure to aviation-based acts of terrorism, both federal and local levels of collaboration in the following areas is urgently required: 1) improved sharing of threat intelligence information; 2) identification and uniform utilization of a specific risk-assessment methodology; and; adaptation of an intelligence-led policing management model within the aviation security field. In order to achieve the strategic goal of protecting the United States through its aeronautical domain, each of the subject areas referenced is discussed as an interdisciplinary process. Finally...

A Security Domain Model for Static Analysis and Verification of Software Programs

Shaffer, Alan B.
Fonte: Escola de Pós-Graduação Naval Publicador: Escola de Pós-Graduação Naval
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
65.95%
Unauthorized information flows can result from malicious software exploiting covert channels and overt flaws in access control design. To address this problem, we present a precise, formal definition for information flow that relies on control flow dependency tracing through program execution, and extends Dennings’ and follow-on classic work in secure information flow [7][19][27]. We describe a formal security Domain Model (DM) for conducting static analysis of programs to identify illicit information flows, access control flaws and covert channel vulnerabilities. The DM is comprised of an Invariant Model, which defines the generic concepts of program state, information flow, and security policy rules; and an Implementation Model, which specifies the behavior of a target program. The DM is compiled from a representation of the program, written in a domain-specific Implementation Modeling Language (IML), and a specification of the security policy written in Alloy. The Alloy Analyzer tool is used to perform static analysis of the DM to automatically detect potential covert channel vulnerabilities and security policy violations in the target program.

Toward a Security Domain Model for Static Analysis and Verification of Information Systems

Shaffer, Alan; Auguston, Mikhail; Irvine, Cynthia E.; Levin, Tim.
Fonte: OOPSLA Workshop on Domain-Specific Modelling (DSM '07). Montreal, Canada. Publicador: OOPSLA Workshop on Domain-Specific Modelling (DSM '07). Montreal, Canada.
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
116.03%
OOPSLA Workshop on Domain-Specific Modeling (DSM '07). Montreal, Canada.; Evaluation of high assurance secure computer systems requires that they be designed, developed, verified and tested using rigorous processes and formal methods. The evaluation process must include correspondence between security policy objectives, security specifications, and program implementation. This research presents an approach to the verification of programs represented in a specialized Implementation Modeling Language (IML) using a formal security Domain Model (DM). The DM is comprised of an invariant part, which defines the generic concepts of program state, information flow, and other security properties; and a variable part, specifying the behavior of the target program. The DM is written using the Alloy formal specification language, and its verification is accomplished using the Alloy Analyzer tool. It was found that, by separating the structural framework of the security policy from the semantics of the target program, efficiency of the Alloy Analyzer in detecting execution paths that violate the security properties specified in the DM is significantly improved.

A Security Domain Model to Assess Software for Exploitable Covert Channels

Auguston, Mikhail; Levin, Timothy; Shaffer, Alan; Irvine, Cynthia E.
Fonte: Association for Computing Machinery (ACM) Publicador: Association for Computing Machinery (ACM)
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
95.97%
Within a multilevel secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control (MAC) policy enforcement mechanisms. These subjects are trusted not to conduct malicious activity or degrade system security. We present a formal definition for trusted subject behaviors, which depends upon a representation of information flow and control dependencies generated during a program execution. We describe a security Domain Model (DM) designed in the Alloy specification language for conducting static analysis of programs to identify illicit information flows, access control flaws and covert channel vulnerabilities. The DM is compiled from a representation of a target program, written in an intermediate Implementation Modeling Language (IML), and a specification of the security policy written in Alloy. The Alloy Analyzer tool is used to perform static analysis of the DM to detect potential security policy violations in the target program. In particular, since the operating system upon which the trusted subject runs has limited ability to control its actions, static analysis of trusted subject operations can contribute to the security of the system.

Towards a Security Engineering Process Model for Electronic Business Processes

Eichler, Jörn
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 05/04/2012
Relevância na Pesquisa
35.9%
Business process management (BPM) and accompanying systems aim at enabling enterprises to become adaptive. In spite of the dependency of enterprises on secure business processes, BPM languages and techniques provide only little support for security. Several complementary approaches have been proposed for security in the domain of BPM. Nevertheless, support for a systematic procedure for the development of secure electronic business processes is still missing. In this paper, we pinpoint the need for a security engineering process model in the domain of BPM and identify key requirements for such process model.; Comment: Ninth European Dependable Computing Conference (EDCC 2012)

Predictive Cyber-security Analytics Framework: A non-homogenous Markov model for Security Quantification

Abraham, Subil; Nair, Suku
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 08/01/2015
Relevância na Pesquisa
35.9%
Numerous security metrics have been proposed in the past for protecting computer networks. However we still lack effective techniques to accurately measure the predictive security risk of an enterprise taking into account the dynamic attributes associated with vulnerabilities that can change over time. In this paper we present a stochastic security framework for obtaining quantitative measures of security using attack graphs. Our model is novel as existing research in attack graph analysis do not consider the temporal aspects associated with the vulnerabilities, such as the availability of exploits and patches which can affect the overall network security based on how the vulnerabilities are interconnected and leveraged to compromise the system. Gaining a better understanding of the relationship between vulnerabilities and their lifecycle events can provide security practitioners a better understanding of their state of security. In order to have a more realistic representation of how the security state of the network would vary over time, a nonhomogeneous model is developed which incorporates a time dependent covariate, namely the vulnerability age. The daily transition-probability matrices are estimated using Frei's Vulnerability Lifecycle model. We also leverage the trusted CVSS metric domain to analyze how the total exploitability and impact measures evolve over a time period for a given network.; Comment: 16 pages...

A Predictive Framework for Cyber Security Analytics using Attack Graphs

Abraham, Subil; Nair, Suku
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 04/02/2015
Relevância na Pesquisa
35.86%
Security metrics serve as a powerful tool for organizations to understand the effectiveness of protecting computer networks. However majority of these measurement techniques don't adequately help corporations to make informed risk management decisions. In this paper we present a stochastic security framework for obtaining quantitative measures of security by taking into account the dynamic attributes associated with vulnerabilities that can change over time. Our model is novel as existing research in attack graph analysis do not consider the temporal aspects associated with the vulnerabilities, such as the availability of exploits and patches which can affect the overall network security based on how the vulnerabilities are interconnected and leveraged to compromise the system. In order to have a more realistic representation of how the security state of the network would vary over time, a nonhomogeneous model is developed which incorporates a time dependent covariate, namely the vulnerability age. The daily transition-probability matrices are estimated using Frei's Vulnerability Lifecycle model. We also leverage the trusted CVSS metric domain to analyze how the total exploitability and impact measures evolve over a time period for a given network.; Comment: 17 pages...

Detecting and Refactoring Operational Smells within the Domain Name System

Radwan, Marwan; Heckel, Reiko
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 10/04/2015
Relevância na Pesquisa
35.82%
The Domain Name System (DNS) is one of the most important components of the Internet infrastructure. DNS relies on a delegation-based architecture, where resolution of names to their IP addresses requires resolving the names of the servers responsible for those names. The recursive structures of the inter dependencies that exist between name servers associated with each zone are called dependency graphs. System administrators' operational decisions have far reaching effects on the DNSs qualities. They need to be soundly made to create a balance between the availability, security and resilience of the system. We utilize dependency graphs to identify, detect and catalogue operational bad smells. Our method deals with smells on a high-level of abstraction using a consistent taxonomy and reusable vocabulary, defined by a DNS Operational Model. The method will be used to build a diagnostic advisory tool that will detect configuration changes that might decrease the robustness or security posture of domain names before they become into production.; Comment: In Proceedings GaM 2015, arXiv:1504.02448

The Abandoned Side of the Internet: Hijacking Internet Resources When Domain Names Expire

Schlamp, Johann; Gustafsson, Josef; Wählisch, Matthias; Schmidt, Thomas C.; Carle, Georg
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
35.77%
The vulnerability of the Internet has been demonstrated by prominent IP prefix hijacking events. Major outages such as the China Telecom incident in 2010 stimulate speculations about malicious intentions behind such anomalies. Surprisingly, almost all discussions in the current literature assume that hijacking incidents are enabled by the lack of security mechanisms in the inter-domain routing protocol BGP. In this paper, we discuss an attacker model that accounts for the hijacking of network ownership information stored in Regional Internet Registry (RIR) databases. We show that such threats emerge from abandoned Internet resources (e.g., IP address blocks, AS numbers). When DNS names expire, attackers gain the opportunity to take resource ownership by re-registering domain names that are referenced by corresponding RIR database objects. We argue that this kind of attack is more attractive than conventional hijacking, since the attacker can act in full anonymity on behalf of a victim. Despite corresponding incidents have been observed in the past, current detection techniques are not qualified to deal with these attacks. We show that they are feasible with very little effort, and analyze the risk potential of abandoned Internet resources for the European service region: our findings reveal that currently 73 /24 IP prefixes and 7 ASes are vulnerable to be stealthily abused. We discuss countermeasures and outline research directions towards preventive solutions.; Comment: Final version for TMA 2015

Peer-to-Peer Secure Multi-Party Numerical Computation Facing Malicious Adversaries

Bickson, Danny; Reinman, Tzachy; Dolev, Danny; Pinkas, Benny
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 18/01/2009
Relevância na Pesquisa
35.86%
We propose an efficient framework for enabling secure multi-party numerical computations in a Peer-to-Peer network. This problem arises in a range of applications such as collaborative filtering, distributed computation of trust and reputation, monitoring and other tasks, where the computing nodes is expected to preserve the privacy of their inputs while performing a joint computation of a certain function. Although there is a rich literature in the field of distributed systems security concerning secure multi-party computation, in practice it is hard to deploy those methods in very large scale Peer-to-Peer networks. In this work, we try to bridge the gap between theoretical algorithms in the security domain, and a practical Peer-to-Peer deployment. We consider two security models. The first is the semi-honest model where peers correctly follow the protocol, but try to reveal private information. We provide three possible schemes for secure multi-party numerical computation for this model and identify a single light-weight scheme which outperforms the others. Using extensive simulation results over real Internet topologies, we demonstrate that our scheme is scalable to very large networks, with up to millions of nodes. The second model we consider is the malicious peers model...

IP address registration database: Definitions for access, security, and implementation

Ouellette, Lesa
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
EN_US
Relevância na Pesquisa
35.78%
This thesis analyzes the process of IP assignment and internet policing and proves that a national IP address database will allow law enforcement and governmental agencies improvements in real-time, secure access to subscriber identifying information without compromising the security and privacy of internet users. For the last three decades, the process of monitoring access, usage and IP address assignments has fallen on the internet service providers who allow access to the internet through their IP portals. Since they held the door to the internet, there was reasonability in the idea that they should monitor who goes in and out of that door. That concept remained stagnant because an alternative methodology did not exist and numerous regulations, fees, restrictions, and uses were developed over time to fit that model. This thesis details how the implementation of a centralized IP address database will provide a transition from the legacy `provider assigned and monitored' model and offer a first-of-its-kind system that migrates policing functions back under the control of the policing authorities. The system establishes the best segregation of expertise, allowing the providers to provide service, the policing authorities to provide policing...

Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

Betarte,Gustavo; Luna,Carlos
Fonte: CLEI Electronic Journal Publicador: CLEI Electronic Journal
Tipo: Artigo de Revista Científica Formato: text/html
Publicado em 01/12/2015 EN
Relevância na Pesquisa
35.98%
In this work we investigate the security of security-critical applications, i.e. applications in which a failure may produce consequences that are unacceptable. We consider three areas: mobile devices, virtualization platforms, and domain name systems. The Java Micro Edition platform defines the Mobile Information Device Profile (MIDP) to facilitate the development of applications for mobile devices, like cell phones and PDAs. We first study and compare formally several variants of the security model specified by MIDP to access sensitive resources of a mobile device. Hypervisors allow multiple guest operating systems to run on shared hardware, and offer a compelling means of improving the security and the flexibility of software systems. In this work we present a formalization of an idealized model of a hypervisor. We establish (formally) that the hypervisor ensures strong isolation properties between the different operating systems, and guarantees that requests from guest operating systems are eventually attended. We show also that virtualized platforms are transparent, i.e. a guest operating system cannot distinguish whether it executes alone or together with other guest operating systems on the platform. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications that provides origin authentication and integrity assurance services for DNS data. We finally introduce a minimalistic specification of a DNSSEC model which provides the grounds needed to formally state and verify security properties concerning the chain of trust of the DNSSEC tree. We develop all our formalizations in the Calculus of Inductive Constructions -formal language that combines a higher-order logic and a richly-typed functional programming language- using the Coq proof assistant.