985 resultados para Software Security
Resumo:
With this document, we provide a compilation of in-depth discussions on some of the most current security issues in distributed systems. The six contributions have been collected and presented at the 1st Kassel Student Workshop on Security in Distributed Systems (KaSWoSDS’08). We are pleased to present a collection of papers not only shedding light on the theoretical aspects of their topics, but also being accompanied with elaborate practical examples. In Chapter 1, Stephan Opfer discusses Viruses, one of the oldest threats to system security. For years there has been an arms race between virus producers and anti-virus software providers, with no end in sight. Stefan Triller demonstrates how malicious code can be injected in a target process using a buffer overflow in Chapter 2. Websites usually store their data and user information in data bases. Like buffer overflows, the possibilities of performing SQL injection attacks targeting such data bases are left open by unwary programmers. Stephan Scheuermann gives us a deeper insight into the mechanisms behind such attacks in Chapter 3. Cross-site scripting (XSS) is a method to insert malicious code into websites viewed by other users. Michael Blumenstein explains this issue in Chapter 4. Code can be injected in other websites via XSS attacks in order to spy out data of internet users, spoofing subsumes all methods that directly involve taking on a false identity. In Chapter 5, Till Amma shows us different ways how this can be done and how it is prevented. Last but not least, cryptographic methods are used to encode confidential data in a way that even if it got in the wrong hands, the culprits cannot decode it. Over the centuries, many different ciphers have been developed, applied, and finally broken. Ilhan Glogic sketches this history in Chapter 6.
Resumo:
The basic idea behind improving local food security consists of two paths; first, accessibility (price, stock) and second, availability (quantity and biodiversity); both are perquisites to the provision of nutrients and a continuous food supply with locally available resources. The objectives of this thesis are to investigate if indigenous knowledge still plays an important role in traditional farming in the Minangkabau`s culture, thus supporting local food security. If the indigenous knowledge still plays a role in food culture in the Minangkabau`s culture which is linked to the matrilineal role and leads to a sound nutrition. Further, it should be tested if marantau influences traditional farming and food culture in Minangkabau`s, and if the local government plays a role in changing of traditional farming systems and food culture. Furthermore this thesis wants to prove if education and gender are playing a role in changing traditional farming system and food culture, and if the mass media affects traditional farming systems and food culture for the Minangkabau. The study was completed at four locations in West Sumatera; Nagari Ulakan (NU) (coastal area), Nagari Aia Batumbuak (NAB) (hilly area), Nagari Padang Laweh Malalo (NPLM) (lake area), Nagari Pandai Sikek (NPS) (hilly area). The rainfall ranged from 1400- 4800 mm annually with fertile soils. Data was collected by using PRA (Participatory Rural Appraisal) to investigate indigenous knowledge (IK) and its interactions, which is also combining with in depth-interview, life history, a survey using semi-structured-questionnaire, pictures, mapping, and expert interview. The data was collected from June - September 2009 and June 2010. The materials are; map of area, list of names, questionnaires, voices recorder, note book, and digital camera. The sampling method was snowball sampling which resulted in the qualitative and quantitative data taken. For qualitative data, ethnography and life history was used. For quantitative, a statistical survey with a semi-structured questionnaire was used. 50 respondents per each site participated voluntarily. Data was analyzed by performing MAXQDA 10, and F4 audio analysis software (created and developed by Philip-University Marburg). The data is clustered based on causality. The results show that; the role of IK on TFS (traditional farming system) shown on NPLM which has higher food crop biodiversity in comparison to the other three places even though it has relatively similar temperature and rainfall. This high food crop biodiversity is due to the awareness of local people who realized that they lived in unfavourable climate and topography; therefore they are more prepared for any changes that may occur. Carbohydrate intake is 100 % through rice even though they are growing different staple crops. Whereas most of the people said in the interviews that not eating rice is like not really eating for them. In addition to that, mothers still play an important role in kitchen activities. But when the agriculture income is low, mothers have to decide whether to change the meals or to feel insecure about their food supply. Marantau yields positive impact through the remittances it provides to invest on the farm. On the other hand, it results in fewer workers for agriculture, and therefore a negative impact on the transfer of IK. The investigation showed that the local government has a PTS (Padi Tanam Sabatang) programme which still does not guarantee that the farmers are getting sufficient revenue from their land. The low agricultural income leads to situation of potential food insecurity. It is evident that education is equal among men and women, but in some cases women tend to leave school earlier because of arranged marriages or the distances of school from their homes. Men predominantly work in agriculture and fishing, while women work in the kitchen. In NAB, even though women work on farmland they earn less then men. Weaving (NPS) and kitchen activity is recognized as women’s work, which also supports the household income. Mass media is not yielding any changes in TFS and food culture in these days. The traditional farming system has changed because of intensive agricultural extension which has introduced new methods of agriculture for the last three decades (since the 1980’s). There is no evidence that they want to change any of their food habits because of the mass media despite the lapau activity which allows them to get more food choices, instead preparing traditional meal at home. The recommendations of this thesis are: 1) The empowerment of farmers. It is regarding the self sufficient supply of manure, cooperative seed, and sustainable farm management. Farmers should know – where are they in their state of knowledge – so they can use their local wisdom and still collaborate with new sources of knowledge. Farmers should learn the prognosis of supply and demand next prior to harvest. There is a need for farm management guidelines; that can be adopted from both their local wisdom and modern knowledge. 2) Increase of non-agricultural income Increasing the non-agricultural income is strongly recommended. The remittances can be invested on non-agricultural jobs. 3) The empowerment of the mother. The mother plays an important role in farm to fork activities; the mother can be an initiator and promoter of cultivating spices in the backyard. Improvement of nutritional knowledge through information and informal public education can be done through arisan ibu-ibu and lapau activity. The challenges to apply these recommendations are: 1) The gap between institutions and organizations of local governments. There is more than one institution involved in food security policy. 2) Training and facilities for field extension agriculture (FEA) is needed because the rapid change of interaction between local government and farmer’s dependent on this agency.
Resumo:
Este plan exportador proyectado a un plazo de 3 años, servirá a ITAC IT APPLICATIONS CONSULTING S.A. para direccionar sus actividades en el mercado internacional para los años 2009, 2010, 2011. La prioridad de los 2 primeros años será el mejoramiento interno de la empresa, que será la aplicación de estrategias en diferentes campos como: capital humano, capital intelectual, capital cultural, crecimiento económico, estrategia comercial en el área internacional, construcción de capital financiero para la generación de ingresos. Para tener participación en mercados internacionales, mostrar su potencial exportador y lograr las expectativas de crecimiento de las ventas independientes a las obtenidas en el marcado local; pretende empezar en el año 2009, en el mercado Peruano con exportaciones por $36.000 USD correspondiente a 30 unidades, aumentando a $ 72000 USD con 60 unidades en el 2010 y $ 108000 USD y 90 unidades en el 2011. El Servicio a exportar fue “SecureFile” a partir del cual se definieron factores de éxito como lo son las ventajas competitivas del producto en sí mismo enumeradas a continuación: 1) Precio muy competitivo en el mercado, 2) Automatización del proceso de intercambio de información, 3) Software basado en estándares, 4) Se ejecuta en cualquier sistema operativo. A su vez se realizaron consultorías donde se diagnosticó todas las áreas de la empresa arrojando algunos resultados: La estructura organizacional esta bien definida, pero por su crecimiento y necesidad de incluir nuevo personal, no hay claridad en las funciones dentro del organigrama y depende totalmente de la dirección general. Por esto la gerencia debe estructurar mejor los departamentos comerciales creando nuevos cargos de acuerdo al proceso de internacionalización. Las políticas de personal se trabajan de manera informal con criterios validos para promover trabajadores (mérito, antigüedad, etc.), se realizan actualizaciones Tecnológicas mensuales, reconocimiento y participación en la empresa a sus funcionarios, excelentes relaciones personales que permiten hacer evaluaciones de desempeño acorde a las metas, gran variedad de motivación y responsabilidad social encaminada a los niños de bajos recursos. Aunque se debe crear un área de gestión humana y definir la frecuencia de las capacitaciones. Los ingresos son provenientes de la prestación de servicios de IT con incrementando de 256% durante los tres años anteriores para obtener $ 2`032.784.683 millones de pesos en el 2007. El nivel de endeudamiento también ha ido en aumento, por la necesidad de capacidad instalada, contrataciones de personal, el cumplimiento de requisitos del mercado y la necesidad generar buena imagen crediticia con entidades financieras. Cuenta con un musculo financiero para respaldar sus obligaciones inmediatas con $4,42 por $1 comprometido en el 2007 a pesar de ser el año con mayor nivel de endeudamiento arrojando pasivos corrientes por $127.715.281,37. Los cuatro socios cuentan con un comportamiento de 164,67% (2006) y 132,97% (2007) de rendimiento de sobre la inversión antes de impuestos. Para este año más del 95% de su información financiera y contable se maneja de manera sistematizada. El área Financiera de la empresa no es la más débil, pero no existe un departamento financiero con un solo responsable a la cabeza, por esto deben destinar un área separada de la administrativa con un asesor financiero que tenga disponibilidad de 100%. En el caso particular del proyecto de exportación los costos de producción se centran en SecureFile versión 3.0 que no representa costos marginales, ya que la replica de este software puede hacerse cuantas veces sea requerido sin afectar en ninguna proporción los costos. La empresa no utiliza un método formal para calcular sus costos de operación y desarrollo de programas. Pero ha desarrollado un sistema de evaluación de costos en tablas de Excel que de manera organizada logran un costeo acorde a sus necesidades específicas. Para la selección de los países: objetivo, alterno y contingente; se realizó una matriz de Selección de 6 países basados en la exigencia gubernamental en términos de seguridad de la información vía internet, y la percepción de los empresarios, competencia y otros factores económicos; arrojando como resultado a Perú, Costa Rica y México.
Resumo:
O presente estudo de investigação-ação partiu da necessidade de investigar e aprofundar a aprendizagem do mecanismo da leitura e da escrita numa criança com Paralisia Cerebral mediante a aplicação do software educativo “Comunicar com Símbolos”. O trabalho desenvolveu-se inicialmente num Centro Escolar de um Agrupamento de Escolas da zona centro do país, no distrito de Santarém, passando a realizar-se, após avaliação diagnóstica, numa Instituição Particular de Segurança Social - Centro de Deficientes Profundos da mesma região e analisa essencialmente o desenvolvimento da aprendizagem da leitura e da escrita numa criança com Paralisia Cerebral Espástica Bilateral com predomínio nos membros inferiores através da aplicação de dez sessões planificadas com base na utilização do software educativo Comunicar com Símbolos, da Cnotinfor – Imagina. Após a intervenção e a análise dos resultados, concluiu-se que o programa informático supramencionado apresenta vantagens significativas na consolidação da leitura e da escrita da criança com Paralisia Cerbral. Este trabalho de natureza interventiva não pretende, de forma alguma, dar respostas únicas na implementação de estratégias na melhoria do desenvolvimento do mecanismo da leitura e da escrita em crianças com Paralisia Cerebral, mas apenas contribuir para uma reflexão aprofundada sobre a importância da aplicação das tecnologias de apoio na prática pedagógica com crianças com Necessidades Educativas Especiais, no geral.
Resumo:
Security administrators face the challenge of designing, deploying and maintaining a variety of configuration files related to security systems, especially in large-scale networks. These files have heterogeneous syntaxes and follow differing semantic concepts. Nevertheless, they are interdependent due to security services having to cooperate and their configuration to be consistent with each other, so that global security policies are completely and correctly enforced. To tackle this problem, our approach supports a comfortable definition of an abstract high-level security policy and provides an automated derivation of the desired configuration files. It is an extension of policy-based management and policy hierarchies, combining model-based management (MBM) with system modularization. MBM employs an object-oriented model of the managed system to obtain the details needed for automated policy refinement. The modularization into abstract subsystems (ASs) segment the system-and the model-into units which more closely encapsulate related system components and provide focused abstract views. As a result, scalability is achieved and even comprehensive IT systems can be modelled in a unified manner. The associated tool MoBaSeC (Model-Based-Service-Configuration) supports interactive graphical modelling, automated model analysis and policy refinement with the derivation of configuration files. We describe the MBM and AS approaches, outline the tool functions and exemplify their applications and results obtained. Copyright (C) 2010 John Wiley & Sons, Ltd.
Resumo:
Policy hierarchies and automated policy refinement are powerful approaches to simplify administration of security services in complex network environments. A crucial issue for the practical use of these approaches is to ensure the validity of the policy hierarchy, i.e. since the policy sets for the lower levels are automatically derived from the abstract policies (defined by the modeller), we must be sure that the derived policies uphold the high-level ones. This paper builds upon previous work on Model-based Management, particularly on the Diagram of Abstract Subsystems approach, and goes further to propose a formal validation approach for the policy hierarchies yielded by the automated policy refinement process. We establish general validation conditions for a multi-layered policy model, i.e. necessary and sufficient conditions that a policy hierarchy must satisfy so that the lower-level policy sets are valid refinements of the higher-level policies according to the criteria of consistency and completeness. Relying upon the validation conditions and upon axioms about the model representativeness, two theorems are proved to ensure compliance between the resulting system behaviour and the abstract policies that are modelled.
Resumo:
Recent advances in technology and new software applications are steadily transforming human civilization into what is called the Information Society. This is manifested by the new terminology appearing in our daily activities. E-Business, E-Government, E-Learning, E-Contracting, and E-Voting are just a few of the ever-growing list of new terms that are shaping the Information Society. Nonetheless, as "Information" gains more prominence in our society, the task of securing it against all forms of threats becomes a vital and crucial undertaking. Addressing the various security issues confronting our new Information Society, this volume is divided into 13 parts covering the following topics: Information Security Management; Standards of Information Security; Threats and Attacks to Information; Education and Curriculum for Information Security; Social and Ethical Aspects of Information Security; Information Security Services; Multilateral Security; Applications of Information Security; Infrastructure for Information Security Advanced Topics in Security; Legislation for Information Security; Modeling and Analysis for Information Security; Tools for Information Security. Security in the Information Society: Visions and Perspectives comprises the proceedings of the 17th International Conference on Information Security (SEC2002), which was sponsored by the International Federation for Information Processing (IFIP), and jointly organized by IFIP Technical Committee 11 and the Department of Electronics and Electrical Communications of Cairo University. The conference was held in May 2002 in Cairo, Egypt. This volume is essential reading for scholars, researchers, and practitioners interested inkeeping pace with the ever-growing field of Information Security.
Resumo:
This paper addresses the role of security in the collaborative e-learning environment, and in particular, the social aspects of security and the importance of identity. It represents a case study, completed in Nov 2004, which was conducted to test the sense of security that students experienced whilst using the wiki platform as a means of online collaboration in the tertiary education environment. Wikis, fully editable Web sites, are easily accessible, require no software and allow its contributors (in this case students) to feel a sense of responsibility and ownership. A comparison between two wiki studies will be made whereby one group employed user login and the other maintained anonymity throughout the course of the study. The results consider the democratic participation and evolution of the work requirements over time, which in fact ascertains the nonvalidity of administrative identification.
Resumo:
IT security outsourcing is the establishment of a contractual relationship with an outside vendor to assume responsibility for one or more security functions. Outsourcing in IS has had a variable history of success and the complexity of the decision making process leads to a substantial degree of uncertainty. This is especially so in the realm of IS security since the protection of both hardware and software systems in is placed in the hands of an external provider. This is the second paper discussing the improvement of the effectiveness of the decision making process by means of a conceptual model using Soft System Methodology techniques that integrates security benefits, costs and their respective performance measures. In this paper the methodology used to develop the model and its validation are discussed.
Resumo:
IT security outsourcing is the establishment of a contractual relationship between an organization with an outside vendor which assumes responsibility for the organisation’s security functions. Outsourcing in IS has had a variable history of success and the complexity of the decision making process leads to a substantial degree of uncertainty. This is especially so in the realm of IS security since the protection of both hardware and software systems is placed in the hands of an external provider. This paper is a fuller and more comprehensive paper of a previous paper outlining the effectiveness of the decision making process by means of a conceptual model using Soft System Methodology techniques that integratessecurity benefits, costs and their respective performance measures. In this paper the methodology used to develop the model is discussed in detail.
Resumo:
Today's security program developers are not only facing an uphill battle of developing and implementing. But now have to take into consideration, the emergence of next generation of multi-core system, and its effect on security application design. In our previous work, we developed a framework called bodyguard. The objective of this framework was to help security software developers, shift from their use of serialized paradigm, to a multi-core paradigm. Working within this paradigm, we developed a security bodyguard system called Farmer. This abstract framework placed particular applications into categories, like security or multi-media, which were ran on separate core processors within the multi-core system. With further analysis of the bodyguard paradigm, we found that this paradigm was suitable to be used in other computer science areas, such as spam filtering and multi-media. In this paper, we update our research work within the bodyguard paradigm, and showed a marked improvement of 110% speedup performance with an average cost of 1.5 ms.
Resumo:
Virtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.
Resumo:
Detecting malicious software or malware is one of the major concerns in information security governance as malware authors pose a major challenge to digital forensics by using a variety of highly sophisticated stealth techniques to hide malicious code in computing systems, including smartphones. The current detection techniques are futile, as forensic analysis of infected devices is unable to identify all the hidden malware, thereby resulting in zero day attacks. This chapter takes a key step forward to address this issue and lays foundation for deeper investigations in digital forensics. The goal of this chapter is, firstly, to unearth the recent obfuscation strategies employed to hide malware. Secondly, this chapter proposes innovative techniques that are implemented as a fully-automated tool, and experimentally tested to exhaustively detect hidden malware that leverage on system vulnerabilities. Based on these research investigations, the chapter also arrives at an information security governance plan that would aid in addressing the current and future cybercrime situations.
Resumo:
Trust problem in Software as a Service Cloud Computing is a broad range of a Data Owner’s concerns about the data in the Cloud. The Data Owner’s concerns about the data arise from the way the data is handled in locations and machines that are unknown to the Data Owner.
Resumo:
Software-defined network (SDN) is the next generation of networking architecture that is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today's applications. In SDN, network management is facilitated through software rather than low-level device configurations. However, the centralized control plane introduced by SDN imposes a great challenge for the network security. In this paper, we present a secure SDN structure, in which each device is managed by multiple controllers rather than a single one as in a traditional manner. It can resist Byzantine attacks on controllers and the communication links between controllers and SDN switches. Furthermore, we design a cost-efficient controller assignment algorithm to minimize the number of required controllers for a given set of switches. Extensive simulations have been conducted to show that our proposed algorithm significantly outperforms random algorithms. © 2014 IEEE.
