an integrity assurance mechanism for run-time programs

Chinese Assoc Cryptol Res, State Key Lab Informat Secur, Inst Software, Grad Univ Chinese Acad Sci, Natl Nat Sci Fdn China

基于多特征模糊聚类的图像融合方法

首先利用模糊C-均值聚类算法在多特征形成的特征空间上对图像进行区域分割,并在此基础上对区域进行多尺度小波分解;然后利用柯西函数构造区域的模糊相似度,应用模糊相似度及区域信息量构造加权因子,从而得到融合图像的小波系数;最后利用小波逆变换得到融合图像·采用均方根误差、峰值信噪比、熵、交叉熵和互信息5种准则评价融合算法的性能·实验结果表明,文中方法具有良好的融合特性·

O comportamento do consumidor de software de gestão e contabilidade das PMEs em Portugal, França e Espanha

Dissertação de Mestrado apresentada à Universidade Fernando Pessoa como parte dos requisitos para obtenção do grau de Mestre em Ciências Empresariais.

Analysis of Bayesian classification-based approaches for Android malware detection

Mobile malware has been growing in scale and complexity spurred by the unabated uptake of smartphones worldwide. Android is fast becoming the most popular mobile platform resulting in sharp increase in malware targeting the platform. Additionally, Android malware is evolving rapidly to evade detection by traditional signature-based scanning. Despite current detection measures in place, timely discovery of new malware is still a critical issue. This calls for novel approaches to mitigate the growing threat of zero-day Android malware. Hence, the authors develop and analyse proactive machine-learning approaches based on Bayesian classification aimed at uncovering unknown Android malware via static analysis. The study, which is based on a large malware sample set of majority of the existing families, demonstrates detection capabilities with high accuracy. Empirical results and comparative analysis are presented offering useful insight towards development of effective static-analytic Bayesian classification-based solutions for detecting unknown Android malware.

Editorial: Special Issue on Secure Physical Layer Communications

In wireless networks, the broadcast nature of the propagation medium makes the communication process vulnerable to malicious nodes (e.g. eavesdroppers) which are in the coverage area of the transmission. Thus, security issues play a vital role in wireless systems. Traditionally, information security has been addressed in the upper layers (e.g. the network layer) through the design of cryptographic protocols. Cryptography-based security aims to design a protocol such that it is computationally prohibitive for the eavesdropper to decode the information. The idea behind this approach relies on the limited computational power of the eavesdroppers. However, with advances in emerging hardware technologies, achieving secure communications relying on protocol-based mechanisms alone become insufficient. Owing to this fact, a new paradigm of secure communications has been shifted to implement the security at the physical layer. The key principle behind this strategy is to exploit the spatial-temporal characteristics of the wireless channel to guarantee secure data transmission without the need of cryptographic protocols.

Securing the smart grid

The availability of electricity is fundamental to modern society. It is at the top of the list of critical infrastructures and its interruption can have severe consequences. This highly important system is now evolving to become more reliable, efficient, and clean. This evolving infrastructure has become known as the smart grid; and these future smart grid systems will rely heavily on ICT. This infrastructure will require many servers and due to the nature of the grid, many of these systems will be geographically diverse requiring communication links. At the heart of this ICT infrastructure will be security. At each level of the smart grid from smart metering right through to remote sensing and control networks, security will be a key factor for system design consideration. With an increased number of ICT systems in place the security risk also increases. In this paper the authors discuss the changing nature of security in relation to the smart grid by looking at the move from legacy systems to more modern smart grid systems. The potential planes of attack for future smart grid systems are identified, and the general anatomy of a cyber-attack is presented. The authors then introduce the various threat levels of different types of attack and the mitigation techniques that could be put in place for each. Finally, the authors' introduce a Phasor Measurement Unit (PMU) communication system (operated by the authors) that can be used as a test-bed for some of the proposed future security research.

High accuracy android malware detection using ensemble learning

With over 50 billion downloads and more than 1.3 million apps in Google’s official market, Android has continued to gain popularity amongst smartphone users worldwide. At the same time there has been a rise in malware targeting the platform, with more recent strains employing highly sophisticated detection avoidance techniques. As traditional signature based methods become less potent in detecting unknown malware, alternatives are needed for timely zero-day discovery. Thus this paper proposes an approach that utilizes ensemble learning for Android malware detection. It combines advantages of static analysis with the efficiency and performance of ensemble machine learning to improve Android malware detection accuracy. The machine learning models are built using a large repository of malware samples and benign apps from a leading antivirus vendor. Experimental results and analysis presented shows that the proposed method which uses a large feature space to leverage the power of ensemble learning is capable of 97.3 % to 99% detection accuracy with very low false positive rates.

Electronic health records for mobile citizens: a secure and collaborative architecture

Durante as ultimas décadas, os registos de saúde eletrónicos (EHR) têm evoluído para se adaptar a novos requisitos. O cidadão tem-se envolvido cada vez mais na prestação dos cuidados médicos, sendo mais pró ativo e desejando potenciar a utilização do seu registo. A mobilidade do cidadão trouxe mais desafios, a existência de dados dispersos, heterogeneidade de sistemas e formatos e grande dificuldade de partilha e comunicação entre os prestadores de serviços. Para responder a estes requisitos, diversas soluções apareceram, maioritariamente baseadas em acordos entre instituições, regiões e países. Estas abordagens são usualmente assentes em cenários federativos muito complexos e fora do controlo do paciente. Abordagens mais recentes, como os registos pessoais de saúde (PHR), permitem o controlo do paciente, mas levantam duvidas da integridade clinica da informação aos profissionais clínicos. Neste cenário os dados saem de redes e sistemas controlados, aumentando o risco de segurança da informação. Assim sendo, são necessárias novas soluções que permitam uma colaboração confiável entre os diversos atores e sistemas. Esta tese apresenta uma solução que permite a colaboração aberta e segura entre todos os atores envolvidos nos cuidados de saúde. Baseia-se numa arquitetura orientada ao serviço, que lida com a informação clínica usando o conceito de envelope fechado. Foi modelada recorrendo aos princípios de funcionalidade e privilégios mínimos, com o propósito de fornecer proteção dos dados durante a transmissão, processamento e armazenamento. O controlo de acesso _e estabelecido por políticas definidas pelo paciente. Cartões de identificação eletrónicos, ou certificados similares são utilizados para a autenticação, permitindo uma inscrição automática. Todos os componentes requerem autenticação mútua e fazem uso de algoritmos de cifragem para garantir a privacidade dos dados. Apresenta-se também um modelo de ameaça para a arquitetura, por forma a analisar se as ameaças possíveis foram mitigadas ou se são necessários mais refinamentos. A solução proposta resolve o problema da mobilidade do paciente e a dispersão de dados, capacitando o cidadão a gerir e a colaborar na criação e manutenção da sua informação de saúde. A arquitetura permite uma colaboração aberta e segura, possibilitando que o paciente tenha registos mais ricos, atualizados e permitindo o surgimento de novas formas de criar e usar informação clínica ou complementar.

O ajustamento de crianças com doença crónica e o brincar no hospital

Este trabalho procura averiguar o impacte das doenças crónicas no ajustamento psicológico das crianças, tendo em conta diferentes tipos de doenças, as suas características e a perceção dos pais acerca das mesmas. Para além disso procura perceber a perceção dos pais e dos profissionais de saúde em relação à importância atribuída ao brincar em contexto hospitalar. A amostra é constituída por 176 crianças, dos 3 aos 10 anos, distribuídas por quatro grupos: crianças com asma, crianças com cancro, crianças com patologia uro-nefrológica e crianças sem doença. A recolha de dados teve lugar nas salas de espera de consulta externa de Pediatria do Hospital Infante D. Pedro e de Oncologia Médica do Hospital Pediátrico de Coimbra. Este estudo recorreu a metodologia quantitativa e qualitativa. Desta forma os instrumentos utilizados foram a Escala de Observação do Brincar (POS), alguns itens do Revised Illness Perception Questionnaire (IPQ-R), o Questionário de Capacidades e de Dificuldades (SDQ) e a entrevista semi-estruturada. O ajustamento psicológico foi avaliado através de questionários aplicados aos pais mas também através da observação direta do brincar da criança, colmatando assim uma das principais lacunas nesta área – o acesso a uma única fonte de informação e forma de avaliação. A análise dos resultados permitiu perceber que não existe uma relação linear entre o ajustamento psicológico das crianças e a presença de uma doença crónica e que a avaliação do ajustamento da criança através da observação direta do brincar nem sempre é coincidente com a perspetiva dos pais acerca desse ajustamento. Tanto os pais como os profissionais de saúde reconhecem ainda inúmeras vantagens na utilização do brincar em crianças com doença crónica.

Geofencing Components and Existing Models

This paper describes the various Geofencing Components and Existing Models in terms of their Information Security Control Attribute Profiles. The profiles will dictate the security attributes that should accompany each and every Geofencing Model used for Wi-Fi network security control in an organization, thus minimizing the likelihood of malfunctioning security controls. Although it is up to an organization to investigate the best way of implementing information security for itself, by looking at the related models that have been used in the past this paper will present models commonly used to implement information security controls in the organizations. Our findings will highlight the strengths and weaknesses of the various models and present what our experiment and prototype consider as a robust Geofencing Security Model for securing Wi-Fi Networks

Dar a conhecer : a informação que liga as escolas do agrupamento de Marrazes

Trabalho de projecto de mestrado, Educação (TIC e Educação), Universidade de Lisboa, Instituto de Educação, 2011

Understanding what drives the purchase decision in pension and investment products

The aims of this paper are to first seek an understanding of consumer decision-making when purchasing pension and investment products, and second to ascertain how this decision-making affects the consumer's choice of distribution route. The study employed both focus groups and postal questionnaire survey methods based on the framework of a classical decision-making model that investigated problem recognition, information search, evaluation tools used and post-purchase. The findings show that the decision-making process experience differed to a lesser or greater degree depending on the distribution route. The majority of respondents had recognised the need to make a purchase decision long before seeking information. Younger respondents on all incomes believed that they must make some pension provision for themselves as opposed to relying on the government's retirement provision. Many changed channels for information searches, but tended to settle with the Independent Financial Adviser (IFA). The two main evaluation tools for pension and investment were found to be the ‘charges’ and ‘historic fund performance’. The vast majority of respondents reiterated their worry that the outcomes would not be known until retirement. In terms of analysis by the level of ‘financial literacy’, respondents who scored in the upper quartile were more inclined to be on a higher income, less inclined to evaluate on charges and more proactive in discussing the investment strategy of their pension fund. Respondents who scored in the lower quartile had opposite results. One of the implications of these findings is that the younger respondents’ recognition of pension savings favours the government's intention to reverse the existing balance of pension distribution. The other main implication is that the findings will be of help to managers in appreciating the dominance of the IFA channel by providing an explanation of why consumers choose this route, and, additionally, can assist direct marketing managers in identifying customers who will be more likely to use multichannel or single-channel shoppers. It can also help the marketing manager increase the usage of different channels by addressing the factors driving the purchase decision and distribution choice.