940 resultados para Security issues
Resumo:
The introduction of agent technology raises several security issues that are beyond conventional security mechanisms capability and considerations, but research in protecting the agent from malicious host attack is evolving. This research proposes two approaches to protecting an agent from being attacked by a malicious host. The first approach consists of an obfuscation algorithm that is able to protect the confidentiality of an agent and make it more difficult for a malicious host to spy on the agent. The algorithm uses multiple polynomial functions with multiple random inputs to convert an agent's critical data to a value that is meaningless to the malicious host. The effectiveness of the obfuscation algorithm is enhanced by addition of noise code. The second approach consists of a mechanism that is able to protect the integrity of the agent using state information, recorded during the agent execution process in a remote host environment, to detect a manipulation attack by a malicious host. Both approaches are implemented using a master-slave agent architecture that operates on a distributed migration pattern. Two sets of experimental test were conducted. The first set of experiments measures the migration and migration+computation overheads of the itinerary and distributed migration patterns. The second set of experiments is used to measure the security overhead of the proposed approaches. The protection of the agent is assessed by analysis of its effectiveness under known attacks. Finally, an agent-based application, known as Secure Flight Finder Agent-based System (SecureFAS) is developed, in order to prove the function of the proposed approaches.
Resumo:
Strategic sourcing has increased in importance in recent years, and now plays an important role in companies’ planning. The current volatility in supply markets means companies face multiple challenges involving lock-in situations, supplier bankruptcies or supply security issues. In addition, their exposure can increase due to natural disasters, as witnessed recently in the form of bird flu, volcanic ash and tsunamis. Therefore, the primary focus of this study is risk management in the context of strategic sourcing. The study presents a literature review on sourcing based on the 15 years from 1998–2012, and considers 131 academic articles. The literature describes strategic sourcing as a strategic, holistic process in managing supplier relationships, with a long-term focus on adding value to the company and realising competitive advantage. Few studies discovered the real risk impact and status of risk management in strategic sourcing, and evaluation across countries and industries was limited, with the construction sector particularly under-researched. This methodology is founded on a qualitative study of twenty cases across Ger-many and the United Kingdom from the construction sector and electronics manufacturing industries. While considering risk management in the context of strategic sourcing, the thesis takes into account six dimensions that cover trends in strategic sourcing, theoretical and practical sourcing models, risk management, supply and demand management, critical success factors and the strategic supplier evaluation. The study contributes in several ways. First, recent trends are traced and future needs identified across the research dimensions of countries, industries and companies. Second, it evaluates critical success factors in contemporary strategic sourcing. Third, it explores the application of theoretical and practical sourcing models in terms of effectiveness and sustainability. Fourth, based on the case study findings, a risk-oriented strategic sourcing framework and a model for strategic sourcing are developed. These are based on the validation of contemporary requirements and a critical evaluation of the existing situation. It contemplates the empirical findings and leads to a structured process to manage risk in strategic sourcing. The risk-oriented framework considers areas such as trends, corporate and sourcing strategy, critical success factors, strategic supplier selection criteria, risk assessment, reporting, strategy alignment and reporting. The proposed model highlights the essential dimensions in strategic sourcing and guides us to a new definition of strategic sourcing supported by this empirical study.
Resumo:
Security issues have played an important role in widening the European Union with eight Central and Eastern European economies. The time since have proved these concerns to be correct. The present North-South tension within the Euro-zone highlights even more the West-East tensions inherent in the international relations since the Eastern enlargement. Various divisions – political and economic alike – have already been felt throughout the whole period of 2004-20122 (Balázs, J.1985, 1993, 1995, 1996). The worldwide economic crisis of 2008, however, has revealed even more the hidden tensions in these relations. The political events after the 2010 election in Hungary, those in Romania in 2012, the continuous anti-EU declarations of the Czech president present ample evidence to the fact: the enlargement has been based more on political wishes and will than on firm economic reasoning. The outcome is constant struggle between the parties to keep face and save the state of the European Union. Ongoing political and economic struggles around Greece, Portugal and Spain are other forms of fundamental problems within the European Union. It is worthwhile, hence to study the almost forgotten centre – periphery relations in this respect.
Resumo:
Modern software systems are often large and complicated. To better understand, develop, and manage large software systems, researchers have studied software architectures that provide the top level overall structural design of software systems for the last decade. One major research focus on software architectures is formal architecture description languages, but most existing research focuses primarily on the descriptive capability and puts less emphasis on software architecture design methods and formal analysis techniques, which are necessary to develop correct software architecture design. ^ Refinement is a general approach of adding details to a software design. A formal refinement method can further ensure certain design properties. This dissertation proposes refinement methods, including a set of formal refinement patterns and complementary verification techniques, for software architecture design using Software Architecture Model (SAM), which was developed at Florida International University. First, a general guideline for software architecture design in SAM is proposed. Second, specification construction through property-preserving refinement patterns is discussed. The refinement patterns are categorized into connector refinement, component refinement and high-level Petri nets refinement. These three levels of refinement patterns are applicable to overall system interaction, architectural components, and underlying formal language, respectively. Third, verification after modeling as a complementary technique to specification refinement is discussed. Two formal verification tools, the Stanford Temporal Prover (STeP) and the Simple Promela Interpreter (SPIN), are adopted into SAM to develop the initial models. Fourth, formalization and refinement of security issues are studied. A method for security enforcement in SAM is proposed. The Role-Based Access Control model is formalized using predicate transition nets and Z notation. The patterns of enforcing access control and auditing are proposed. Finally, modeling and refining a life insurance system is used to demonstrate how to apply the refinement patterns for software architecture design using SAM and how to integrate the access control model. ^ The results of this dissertation demonstrate that a refinement method is an effective way to develop a high assurance system. The method developed in this dissertation extends existing work on modeling software architectures using SAM and makes SAM a more usable and valuable formal tool for software architecture design. ^
Resumo:
It is often speculated that the high allocation of funds to retirement pension systems has influenced the capacity of Central American and Dominican Republic military to modernize. Yet, the comparative study of the allocation of pension and social funds in these particular countries suggest that there is not direct linkage between the poor funding of military modernization plans and the allocation of funds to military pension systems. The research conducted on this subject shows the following results: 1. The Dominican Republic is the only country that has embarked on a considerable procurement of modern equipment and still reports the largest proportion of social expenditures. 2. El Salvador’s defense budget allocates minimal funding to Social Welfare Institute, which as alternative sources of funding. In 2009, El Salvador increased 15 percent funding to the military to respond to increased role in domestic security issues. 3. The Guatemalan defense expenditure on social programs is fairly low, but it has grown during the past six years due to processes of demobilization. However, the Military Social Welfare Institute is administered by a decentralized institution funded directly by the Ministry of Finance. If it were to be considered as a part of the defense budget, its social expenses would account for almost 16% of it. 4. The Honduran Defense Budget has faced a considerable enlargement during the past four years, with social spending expenses taken precedence over modernization efforts. 2 5. The Nicaraguan system of military pensions is administered by a decentralized entity (IPSM) through a system of salary deductions. Information on the funding of this entity is inconclusive. The Nicaraguan Defense spending on social services has reported a drastic 90% drop since the year 2007.
Resumo:
Internet users consume online targeted advertising based on information collected about them and voluntarily share personal information in social networks. Sensor information and data from smart-phones is collected and used by applications, sometimes in unclear ways. As it happens today with smartphones, in the near future sensors will be shipped in all types of connected devices, enabling ubiquitous information gathering from the physical environment, enabling the vision of Ambient Intelligence. The value of gathered data, if not obvious, can be harnessed through data mining techniques and put to use by enabling personalized and tailored services as well as business intelligence practices, fueling the digital economy. However, the ever-expanding information gathering and use undermines the privacy conceptions of the past. Natural social practices of managing privacy in daily relations are overridden by socially-awkward communication tools, service providers struggle with security issues resulting in harmful data leaks, governments use mass surveillance techniques, the incentives of the digital economy threaten consumer privacy, and the advancement of consumergrade data-gathering technology enables new inter-personal abuses. A wide range of fields attempts to address technology-related privacy problems, however they vary immensely in terms of assumptions, scope and approach. Privacy of future use cases is typically handled vertically, instead of building upon previous work that can be re-contextualized, while current privacy problems are typically addressed per type in a more focused way. Because significant effort was required to make sense of the relations and structure of privacy-related work, this thesis attempts to transmit a structured view of it. It is multi-disciplinary - from cryptography to economics, including distributed systems and information theory - and addresses privacy issues of different natures. As existing work is framed and discussed, the contributions to the state-of-theart done in the scope of this thesis are presented. The contributions add to five distinct areas: 1) identity in distributed systems; 2) future context-aware services; 3) event-based context management; 4) low-latency information flow control; 5) high-dimensional dataset anonymity. Finally, having laid out such landscape of the privacy-preserving work, the current and future privacy challenges are discussed, considering not only technical but also socio-economic perspectives.
Resumo:
O uso de dispositivos móveis está a ganhar cada vez mais espaço dentro das organizações. O aumento do consumo de material informático por parte dos consumidores está a levar a que os mesmos comecem a tentar utilizar os seus dispositivos móveis1 Notebooks, Tablets e Smartphones no interior das organizações. Este tipo de comportamento, levou ao aparecimento de uma nova tendência – o Bring Your Own Device (BYOD), a utilização de dispositivos móveis para fins laborais, levanta várias e sérias questões de segurança aos departamentos de TI das organizações, fazendo com que as organizações necessitem de definir novas políticas de segurança para que a sua informação e os seus dados se mantenham seguros. O trabalho adiante desenvolvido pretende mostrar de que forma as organizações veem esta mudança de paradigma, em que os próprios colaboradores utilizam os seus dispositivos móveis como ferramenta de trabalho na organização. Por outro lado analisar os modelos de segurança que se podem associar ao BYOD e aos dispositivos móveis para permitir uma maior segurança dos dados e informação que circula entre a organização e o dispositivo móvel.
Resumo:
This paper is written through the vision on integrating Internet-of-Things (IoT) with the power of Cloud Computing and the intelligence of Big Data analytics. But integration of all these three cutting edge technologies is complex to understand. In this research we first provide a security centric view of three layered approach for understanding the technology, gaps and security issues. Then with a series of lab experiments on different hardware, we have collected performance data from all these three layers, combined these data together and finally applied modern machine learning algorithms to distinguish 18 different activities and cyber-attacks. From our experiments we find classification algorithm RandomForest can identify 93.9% attacks and activities in this complex environment. From the existing literature, no one has ever attempted similar experiment for cyber-attack detection for IoT neither with performance data nor with a three layered approach.
Resumo:
RFID and Cloud computing are widely used in the IoT (Internet of Things). However, there are few research works which combine RFID ownership transfer schemes with Cloud computing. Subsequently, this paper points out the weaknesses in two protocols proposed by Xie et al. (2013) [3] and Doss et al. (2013) [9]. To solve the security issues of these protocols, we present a provably secure RFID ownership transfer protocol which achieves the security and privacy requirements for cloud-based applications. To be more specific, the communication channels among the tags, mobile readers and the cloud database are insecure. Besides, an encrypted hash table is used in the cloud database. Next, the presented protocol not only meets backward untraceability and the proposed strong forward untraceability, but also resists against replay attacks, tracing attacks, inner reader malicious impersonation attacks, tag impersonation attacks and desynchronization attacks. The comparisons of security and performance properties show that the proposed protocol has more security, higher efficiency and better scalability compared with other schemes.
Resumo:
Scientific workflow is a complicated data intensive application. How to achieve an effective data placement schema in hybrid cloud environment has become a crucial issue nowadays, especially with the new challenges brought by the security issues. Traditional data placement strategies usually adopt load balancing-based partition model to allocate datasets. Although these data placement schemas can have good performance in load balancing, their data transfer time may not be optimal. In contrast to traditional strategies, this paper focuses on the hybrid cloud environment and proposes a data dependency destruction-based partition model to achieve the minimal data dependency destruction partition. In addition, it presents a novel datacenter-oriented data placement strategy. This strategy allocates high dependency datasets to one datacenter according to the new partition model and thus significantly reduces data transfer time between datacenters. Experimental results show that the proposed strategy can effectively reduce data transfer time during workflow's execution.
Resumo:
Travail dirigé présenté à la Faculté des études supérieures en vue de l’obtention du grade de maître ès sciences (M.Sc.) en criminologie option sécurité intérieure
Resumo:
Travail dirigé présenté à la Faculté des études supérieures en vue de l’obtention du grade de maître ès sciences (M.Sc.) en criminologie option sécurité intérieure
Resumo:
Vehicular ad hoc network (VANET) is an increasing important paradigm, which not only provides safety enhancement but also improves roadway system efficiency. However, the security issues of data confidentiality, and access control over transmitted messages in VANET have remained to be solved. In this paper, we propose a secure and efficient message dissemination scheme (SEMD) with policy enforcement in VANET, and construct an outsourcing decryption of ciphertext-policy attribute-based encryption (CP-ABE) to provide differentiated access control services, which makes the vehicles delegate most of the decryption computation to nearest roadside unit (RSU). Performance evaluation demonstrates its efficiency in terms of computational complexity, space complexity, and decryption time. Security proof shows that it is secure against replayable choosen-ciphertext attacks (RCCA) in the standard model.
Resumo:
The Queensland Department of Public Works (QDPW) and the Queensland Department of Main Roads (QDMR) have identified a need for industry e-contracting guidelines in the short to medium term. Each of these organisations conducts tenders and contracts for over $600 million annually. This report considers the security and legal issues relating to the shift from a paper-based tendering system to an electronic tendering system. The research objectives derived from the industry partners include: • a review of current standards and e-tendering systems; • a summary of legal requirements impacting upon e-tendering; • an analysis of the threats and requirements for any e-tendering system; • the identification of outstanding issues; • an evaluation of possible e-tendering architectures; • recommendations for e-tendering systems.
Resumo:
Following the collapse across the last decade of a number of large organizations such as Enron in the USA and several domestic organizations including Ansett Airlines, HIH Insurance and One.Tel, much discussion has ensued about the need to secure employee entitlements. However, tangible improvements in this area are elusive. Good corporate governance policies would suggest that deferred obligations as well as current debts should not be neglected and that appropriate arrangements be put in place to adequately fund employee entitlements. In this paper we consider recent Australian attempts to introduce better governance of employee entitlements.
