858 resultados para IT Security, Internet, Personal Firewall, Security Mechanism, Security System, Security Threat, Security Usability, Security Vulnerability
Resumo:
A browser is a convenient way to access resources located remotely on computer networks. Security in browsers has become a crucial issue for users who use them for sensitive applications without knowledge ofthe hazards. This research utilises a structure approach to analyse and propose enhancements to browser security. Standard evaluation for computer products is important as it helps users to ensure that the product they use is appropriate for their needs. Security in browsers, therefore, has been evaluated using the Common Criteria. The outcome of this was a security requirements profile which attempts to formalise the security needs of browsers. The information collected during the research was used to produce a prototype model for a secure browser program. Modifications to the Lynx browser were made to demonstrate the proposed enhancements.
Resumo:
In most of the digital image watermarking schemes, it becomes a common practice to address security in terms of robustness, which is basically a norm in cryptography. Such consideration in developing and evaluation of a watermarking scheme may severely affect the performance and render the scheme ultimately unusable. This paper provides an explicit theoretical analysis towards watermarking security and robustness in figuring out the exact problem status from the literature. With the necessary hypotheses and analyses from technical perspective, we demonstrate the fundamental realization of the problem. Finally, some necessary recommendations are made for complete assessment of watermarking security and robustness.
Resumo:
Many commentators have treated the internet as a site of democratic freedom and as a new kind of public sphere. While there are good reasons for optimism, like any social space digital space also has its dark side. Citizens and governments alike have expressed anxiety about cybercrime and cyber-security. In August 2011, the Australian government introduced legislation to give effect to Australia becoming a signatory to the European Convention on Cybercrime (2001). At the time of writing, that legislation is still before the Parliament. In this article, attention is given to how the legal and policy-making process enabling Australia to be compliant with the European Convention on Cybercrime came about. Among the motivations that informed both the development of the Convention in Europe and then the Australian exercise of legislating for compliance with it was a range of legitimate concerns about the impact that cybercrime can have on individuals and communities. This article makes the case that equal attention also needs to be given to ensuring that legislators and policy makers differentiate between legitimate security imperatives and any over-reach evident in the implementation of this legislation that affects rule of law principles, our capacity to engage in democratic practices, and our civic and human rights.
Resumo:
Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways from payment systems to assisting the lives of elderly or disabled people. Security threats for these devices become increasingly dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level. Therefore, third-party developers have the opportunity to develop kernel-based low-level security tools which is not normal for smartphone platforms. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS for example, holding the greatest market share among all smartphone OSs, was closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners privacy. In this work, we present our current results in analyzing the security of Android smartphones with a focus on its Linux side. Our results are not limited to Android, they are also applicable to Linux-based smartphones such as OpenMoko Neo FreeRunner. Our contribution in this work is three-fold. First, we analyze android framework and the Linux-kernel to check security functionalities. We survey wellaccepted security mechanisms and tools which can increase device security. We provide descriptions on how to adopt these security tools on Android kernel, and provide their overhead analysis in terms of resource usage. As open smartphones are released and may increase their market share similar to Symbian, they may attract attention of malware writers. Therefore, our second contribution focuses on malware detection techniques at the kernel level. We test applicability of existing signature and intrusion detection methods in Android environment. We focus on monitoring events on the kernel; that is, identifying critical kernel, log file, file system and network activity events, and devising efficient mechanisms to monitor them in a resource limited environment. Our third contribution involves initial results of our malware detection mechanism basing on static function call analysis. We identified approximately 105 Executable and Linking Format (ELF) executables installed to the Linux side of Android. We perform a statistical analysis on the function calls used by these applications. The results of the analysis can be compared to newly installed applications for detecting significant differences. Additionally, certain function calls indicate malicious activity. Therefore, we present a simple decision tree for deciding the suspiciousness of the corresponding application. Our results present a first step towards detecting malicious applications on Android-based devices.
Resumo:
Advances in Information and Communication Technologies have the potential to improve many facets of modern healthcare service delivery. The implementation of electronic health records systems is a critical part of an eHealth system. Despite the potential gains, there are several obstacles that limit the wider development of electronic health record systems. Among these are the perceived threats to the security and privacy of patients health data, and a widely held belief that these cannot be adequately addressed. We hypothesise that the major concerns regarding eHealth security and privacy cannot be overcome through the implementation of technology alone. Human dimensions must be considered when analysing the provision of the three fundamental information security goals: confidentiality, integrity and availability. A sociotechnical analysis to establish the information security and privacy requirements when designing and developing a given eHealth system is important and timely. A framework that accommodates consideration of the legislative requirements and human perspectives in addition to the technological measures is useful in developing a measurable and accountable eHealth system. Successful implementation of this approach would enable the possibilities, practicalities and sustainabilities of proposed eHealth systems to be realised.
Resumo:
Even though web security protocols are designed to make computer communication secure, it is widely known that there is potential for security breakdowns at the human-machine interface. This paper examines findings from a qualitative study investigating the identification of security decisions used on the web. The study was designed to uncover how security is perceived in an individual user's context. Study participants were tertiary qualified individuals, with a focus on HCI designers, security professionals and the general population. The study identifies that security frameworks for the web are inadequate from an interaction perspective, with even tertiary qualified users having a poor or partial understanding of security, of which they themselves are acutely aware. The result is that individuals feel they must protect themselves on the web. The findings contribute a significant mapping of the ways in which individuals reason and act to protect themselves on the web. We use these findings to highlight the need to design for trust at three levels, and the need to ensure that HCI design does not impact on the users' main identified protection mechanism: separation.
Resumo:
For decades Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) have used computers to monitor and control physical processes in many critical industries, including electricity generation, gas pipelines, water distribution, waste treatment, communications and transportation. Increasingly these systems are interconnected with corporate networks via the Internet, making them vulnerable and exposed to the same risks as those experiencing cyber-attacks on a conventional network. Very often SCADA networks services are viewed as a specialty subject, more relevant to engineers than standard IT personnel. Educators from two Australian universities have recognised these cultural issues and highlighted the gap between specialists with SCADA systems engineering skills and the specialists in network security with IT background. This paper describes a learning approach designed to help students to bridge this gap, gain theoretical knowledge of SCADA systems' vulnerabilities to cyber-attacks via experiential learning and acquire practical skills through actively participating in hands-on exercises.
Resumo:
A new era of cyber warfare has appeared on the horizon with the discovery and detection of Stuxnet. Allegedly planned, designed, and created by the United States and Israel, Stuxnet is considered the first known cyber weapon to attack an adversary state. Stuxnet's discovery put a lot of attention on the outdated and obsolete security of critical infrastructure. It became very apparent that electronic devices that are used to control and operate critical infrastructure like programmable logic controllers (PLCs) or supervisory control and data acquisition (SCADA) systems lack very basic security and protection measures. Part of that is due to the fact that when these devices were designed, the idea of exposing them to the Internet was not in mind. However, now with this exposure, these devices and systems are considered easy prey to adversaries.
Resumo:
The Secure Shell (SSH) protocol is widely used to provide secure remote access to servers, making it among the most important security protocols on the Internet. We show that the signed-Diffie--Hellman SSH ciphersuites of the SSH protocol are secure: each is a secure authenticated and confidential channel establishment (ACCE) protocol, the same security definition now used to describe the security of Transport Layer Security (TLS) ciphersuites. While the ACCE definition suffices to describe the security of individual ciphersuites, it does not cover the case where parties use the same long-term key with many different ciphersuites: it is common in practice for the server to use the same signing key with both finite field and elliptic curve Diffie--Hellman, for example. While TLS is vulnerable to attack in this case, we show that SSH is secure even when the same signing key is used across multiple ciphersuites. We introduce a new generic multi-ciphersuite composition framework to achieve this result in a black-box way.
Resumo:
This thesis evaluates the security of Supervisory Control and Data Acquisition (SCADA) systems, which are one of the key foundations of many critical infrastructures. Specifically, it examines one of the standardised SCADA protocols called the Distributed Network Protocol Version 3, which attempts to provide a security mechanism to ensure that messages transmitted between devices, are adequately secured from rogue applications. To achieve this, the thesis applies formal methods from theoretical computer science to formally analyse the correctness of the protocol.
Resumo:
This study examines how Finnish foreign and security policy has been influenced by the European Union and its Common Foreign and Security Policy. It points to a growing interplay and misfit between the external expectations originating from the European level and the domestic expectations and traditional ways-of-doing-things. It is concluded that the deepening European integration in the sphere of foreign, security and defence policy has played a significant role in a number of transformations in the Finnish policies since 1995. New, more European, meanings have been attached to the key concepts of Finnish foreign and security policy. Neutrality and traditional peacekeeping have been replaced by a minimalist reading of military non-alignment and participation in crisis management operations and EU battle groups. Traditional small state identity has been recast more and more as small member stateness . At the same time Finland has entered an era of post-consensus in national foreign and security policy. A key theoretical argument in the background of the study is that collective understandings attached to European policies, when not resonating well with domestic understandings, cause adaptation pressures on domestic-level processes and may lead to changes in the way interests and identities are constructed. This means that Europeanization is principally seen as identity reconstruction. Consequently, the theoretical framework of the study builds on the Europeanization research literature and constructivist IR theory on state identity. Foreign and security policy is defined as the practice in which state identity is reproduced, and the key foreign and security policy concepts are seen as the vehicles of identity production. It is concluded that for Finland, participation in the EU s foreign, security and defence policies represents not only a tool for responding to the changes in the international security environment but also a new means of self-identification. Concerning the Finnish attempts of projecting national interests on the European security policy agenda, it is concluded that they mainly relate to the compatibility of the potential development of EU s defence dimension with the Finnish military non-alignment. Although neutrality was cast aside in the official security policy when Finland joined the EU, the analysis shows that its impact has continued in the domestic political debate and in the mind-set of the decision-makers. The primary research material includes official Finnish foreign and security policy documentation and the related parliamentary debates from 1994 to 2007. This study serves also as a comprehensive empirical overview on Finland s reactions and contributions to the EU Common Foreign and Security Policy.
Resumo:
This research investigates the impacts of agricultural market liberalization on food security in developing countries and it evaluates the supply perspective of food security. This research theme is applied on the agricultural sector in Kenya and in Zambia by studying the role policies played in the maize sub-sector. An evaluation of selected policies introduced at the beginning of the 1980s is made, as well as an assessment of whether those policies influenced maize output. A theoretical model of agricultural production is then formulated to reflect cereal production in a developing country setting. This study begins with a review of the general framework and the aims of the structural adjustment programs and proceeds to their application in the maize sector in Kenya and Zambia. A literature review of the supply and demand synthesis of food security is presented with examples from various developing countries. Contrary to previous studies on food security, this study assesses two countries with divergent economic orientations. Agricultural sector response to economic and institutional policies in different settings is also evaluated. Finally, a dynamic time series econometric model is applied to assess the effects of policy on maize output. The empirical findings suggest a weak policy influence on maize output, but the precipitation and acreage variables stand out as core determinants of maize output. The policy dimension of acreage and how markets influence it is not discussed at length in this study. Due to weak land rights and tenure structures in these countries, the direct impact of policy change on land markets cannot be precisely measured. Recurring government intervention during the structural policy implementation period impeded efficient functioning of input and output markets, particularly in Zambia. Input and output prices of maize and fertilizer responded more strongly in Kenya than in Zambia, where the state often ceded to public pressure by revoking pertinent policy measures. These policy interpretations are based on the response of policy variables which are more responsive in Kenya than in Zambia. According the obtained regression results, agricultural markets in general, and the maize sub-sector in particular, responded more positively to implemented policies in Kenya, than in Zambia, which supported a more socialist economic system. It is observed in these results that in order for policies to be effective, sector and regional dimensions need to be considered. The regional and sector dimensions were not taken into account in the formulation and implementation of structural adjustment policies in the 1980s. It can be noted that countries with vibrant economic structures and institutions fared better than those which had a firm, socially founded system.
Resumo:
Pro gradu-tutkielma tutkii demokratian ja turvallisuuden paradoksia Pakistanissa esitellen kuusi tekij, jotka vaikuttavat kyseiseen paradoksiin. Nit tekijit ovat historiallinen kehitys; eliittihallinto; taloudellinen kehitys; Pakistanin poliittisten tekijiden demokratian eri mritelmt; opetuksen puuttuminen; ja valtataistelu hallituksen, armeijan, tiedustelupalvelun, oikeusjrjestelmn, poliittisten puolueiden sek eri heimojen, uskonnollisten ja etnisten ryhmien vlill. Tutkimus tarkastelee mys sit miten nm tekijt vaikuttavat demokratian kehitykseen Pakistanissa. Keskeinen argumentti on, ett lnsimainen demokratia ei esiinny eik toimi Pakistanissa vallitsevissa oloissa, etenkin historiallisen kehityksen ja ulkoisen turvallisuuden takia. Pro gradu-tutkielma kytt sekundrisi lhteit, kuten kirjoja, artikkeleita, maaraportteja, kommentaareja sek omiin kokemuksiin perustuvia havaintoja Pakistanin matkalta 2010-2011. Keskeiset teoriat gradussa ovat Guillermo O Donnelin delegaattidemokratia sek Duncan McCargon eliittihallintoteoria, jotka yhdess selittvt historiallista kehityst ja eliittihallinnon dynamiikkaa, mitk johtavat paradoksiin. Kautta historian armeija on hallinnut Pakistania, ja siviilihallinto on ainoastaan nelj kertaa onnistunut olemaan vallassa, mutta silloinkin siviilihallinto pttyi korruptiovitteisiin tai armeijan vallankaappaukseen. Armeijahallinnoille on luonteenomaista hyvt suhteet USA:n, positiivinen taloudellinen kehitys ja vakaus, kun taas siviilihallinnot ovat epvakaita ja korruptoituneita. Tm kehitys on paradoksin tausta, joka rakentuu turvallisuuspoliittisen tilanteen pohjalle eli hallitusten ja muiden tekijiden yritykseen lyt vastapaino Intian uhalle. Tm on ollut keskeinen huoli kelle tahansa poliittiselle pttjlle itsenisyydest lhtien. Loputon valtataistelu eri poliittisten tekijiden kesken sek eliittihallinto pitvt yll paradoksia, koska eliitit ovat kiinnostuneempia oman valtansa silyttmisest kuin kansan tahdon huomioonottamisesta. Koska valtaosa ihmisist ei ole koulutettuja, he ovat paljolti kiinnostuneita omasta selviytymisestn, ja tmn takia sek kansa ett eliitit suosivat armeijahallintoa, koska se tuo vakautta ja taloudellista kehityst. Sen vuoksi vallitsevissa oloissa demokratian tulevaisuus Pakistanissa nytt huonolta, koska liberaalidemokratian vaatimukset eivt tyty puoliksi vapaan oikeussysteemin, puoliksi vapaan lehdistn, valtavan korruption ja monien ihmisoikeusloukkauksien takia unohtamatta armeijan ja tiedustelupalvelun sekaantumista siviilihallintoon.
