984 resultados para PRIVATE SECURITY
Resumo:
In today's internet world, web browsers are an integral part of our day-to-day activities. Therefore, web browser security is a serious concern for all of us. Browsers can be breached in different ways. Because of the over privileged access, extensions are responsible for many security issues. Browser vendors try to keep safe extensions in their official extension galleries. However, their security control measures are not always effective and adequate. The distribution of unsafe extensions through different social engineering techniques is also a very common practice. Therefore, before installation, users should thoroughly analyze the security of browser extensions. Extensions are not only available for desktop browsers, but many mobile browsers, for example, Firefox for Android and UC browser for Android, are also furnished with extension features. Mobile devices have various resource constraints in terms of computational capabilities, power, network bandwidth, etc. Hence, conventional extension security analysis techniques cannot be efficiently used by end users to examine mobile browser extension security issues. To overcome the inadequacies of the existing approaches, we propose CLOUBEX, a CLOUd-based security analysis framework for both desktop and mobile Browser EXtensions. This framework uses a client-server architecture model. In this framework, compute-intensive security analysis tasks are generally executed in a high-speed computing server hosted in a cloud environment. CLOUBEX is also enriched with a number of essential features, such as client-side analysis, requirements-driven analysis, high performance, and dynamic decision making. At present, the Firefox extension ecosystem is most susceptible to different security attacks. Hence, the framework is implemented for the security analysis of the Firefox desktop and Firefox for Android mobile browser extensions. A static taint analysis is used to identify malicious information flows in the Firefox extensions. In CLOUBEX, there are three analysis modes. A dynamic decision making algorithm assists us to select the best option based on some important parameters, such as the processing speed of a client device and network connection speed. Using the best analysis mode, performance and power consumption are improved significantly. In the future, this framework can be leveraged for the security analysis of other desktop and mobile browser extensions, too.
Resumo:
Thesis--Florida State University.
Resumo:
Includes bibliographical references.
Resumo:
"Prepared for the U.S. Department of Labor under research grant J-P-P-6-0209."
Resumo:
Index for 1867-1907 issued as the Office's Bulletin no. 407.
Resumo:
Security and reliability of LDPC based public-key cryptosystems are discussed and analysed. We study attacks on the cryptosystem when partial knowledge of one or more of the private key components and/or of the plaintext have been acquired.
Resumo:
The advent of personal communication systems within the last decade has depended upon the utilization of advanced digital schemes for source and channel coding and for modulation. The inherent digital nature of the communications processing has allowed the convenient incorporation of cryptographic techniques to implement security in these communications systems. There are various security requirements, of both the service provider and the mobile subscriber, which may be provided for in a personal communications system. Such security provisions include the privacy of user data, the authentication of communicating parties, the provision for data integrity, and the provision for both location confidentiality and party anonymity. This thesis is concerned with an investigation of the private-key and public-key cryptographic techniques pertinent to the security requirements of personal communication systems and an analysis of the security provisions of Second-Generation personal communication systems is presented. Particular attention has been paid to the properties of the cryptographic protocols which have been employed in current Second-Generation systems. It has been found that certain security-related protocols implemented in the Second-Generation systems have specific weaknesses. A theoretical evaluation of these protocols has been performed using formal analysis techniques and certain assumptions made during the development of the systems are shown to contribute to the security weaknesses. Various attack scenarios which exploit these protocol weaknesses are presented. The Fiat-Sharmir zero-knowledge cryptosystem is presented as an example of how asymmetric algorithm cryptography may be employed as part of an improved security solution. Various modifications to this cryptosystem have been evaluated and their critical parameters are shown to be capable of being optimized to suit a particular applications. The implementation of such a system using current smart card technology has been evaluated.
Resumo:
We have recently proposed the framework of independent blind source separation as an advantageous approach to steganography. Amongst the several characteristics noted was a sensitivity to message reconstruction due to small perturbations in the sources. This characteristic is not common in most other approaches to steganography. In this paper we discuss how this sensitivity relates the joint diagonalisation inside the independent component approach, and reliance on exact knowledge of secret information, and how it can be used as an additional and inherent security mechanism against malicious attack to discovery of the hidden messages. The paper therefore provides an enhanced mechanism that can be used for e-document forensic analysis and can be applied to different dimensionality digital data media. In this paper we use a low dimensional example of biomedical time series as might occur in the electronic patient health record, where protection of the private patient information is paramount.
Resumo:
In recent years, the European Union has come to view cyber security, and in particular, cyber crime as one of the most relevant challenges to the completion of its Area of Freedom, Security and Justice. Given European societies’ increased reliance on borderless and decentralized information technologies, this sector of activity has been identified as an easy target for actors such as organised criminals, hacktivists or terrorist networks. Such analysis has been accompanied by EU calls to step up the fight against unlawful online activities, namely through increased cooperation among law enforcement authorities (both national and extra- communitarian), the approximation of legislations, and public- private partnerships. Although EU initiatives in this field have, so far, been characterized by a lack of interconnection and an integrated strategy, there has been, since the mid- 2000s, an attempt to develop a more cohesive and coordinated policy. An important part of this policy is connected to the activities of Europol, which have come to assume a central role in the coordination of intelligence gathering and analysis of cyber crime. The European Cybercrime Center (EC3), which will become operational within Europol in January 2013, is regarded, in particular, as a focal point of the EU’s fight against this phenomenon. Bearing this background in mind, the present article wishes to understand the role of Europol in the development of a European policy to counter the illegal use of the internet. The article proposes to reach this objective by analyzing, through the theoretical lenses of experimental governance, the evolution of this agency’s activities in the area of cyber crime and cyber security, its positioning as an expert in the field, and the consequences for the way this policy is currently developing and is expected to develop in the near future.
Resumo:
A method is proposed to offer privacy in computer communications, using symmetric product block ciphers. The security protocol involved a cipher negotiation stage, in which two communicating parties select privately a cipher from a public cipher space. The cipher negotiation process includes an on-line cipher evaluation stage, in which the cryptographic strength of the proposed cipher is estimated. The cryptographic strength of the ciphers is measured by confusion and diffusion. A method is proposed to describe quantitatively these two properties. For the calculation of confusion and diffusion a number of parameters are defined, such as the confusion and diffusion matrices and the marginal diffusion. These parameters involve computationally intensive calculations that are performed off-line, before any communication takes place. Once they are calculated, they are used to obtain estimation equations, which are used for on-line, fast evaluation of the confusion and diffusion of the negotiated cipher. A technique proposed in this thesis describes how to calculate the parameters and how to use the results for fast estimation of confusion and diffusion for any cipher instance within the defined cipher space.
Resumo:
In this article we evaluate the most widely used spread decomposition models using Exchange Traded Funds (ETFs). These funds are an example of a basket security and allow the diversification of private information causing these securities to have lower adverse selection costs than individual securities. We use this feature as a criterion for evaluating spread decomposition models. Comparisons of adverse selection costs for ETF's and control securities obtained from spread decomposition models show that only the Glosten-Harris (1988) and the Madhavan-Richardson-Roomans (1997) models provide estimates of the spread that are consistent with the diversification of private information in a basket security. Our results are robust even after controlling for the stock exchange. © 2011 Copyright Taylor and Francis Group, LLC.
Resumo:
This research involves the design, development, and theoretical demonstration of models resulting in integrated misbehavior resolution protocols for ad hoc networked devices. Game theory was used to analyze strategic interaction among independent devices with conflicting interests. Packet forwarding at the routing layer of autonomous ad hoc networks was investigated. Unlike existing reputation based or payment schemes, this model is based on repeated interactions. To enforce cooperation, a community enforcement mechanism was used, whereby selfish nodes that drop packets were punished not only by the victim, but also by all nodes in the network. Then, a stochastic packet forwarding game strategy was introduced. Our solution relaxed the uniform traffic demand that was pervasive in other works. To address the concerns of imperfect private monitoring in resource aware ad hoc networks, a belief-free equilibrium scheme was developed that reduces the impact of noise in cooperation. This scheme also eliminated the need to infer the private history of other nodes. Moreover, it simplified the computation of an optimal strategy. The belief-free approach reduced the node overhead and was easily tractable. Hence it made the system operation feasible. Motivated by the versatile nature of evolutionary game theory, the assumption of a rational node is relaxed, leading to the development of a framework for mitigating routing selfishness and misbehavior in Multi hop networks. This is accomplished by setting nodes to play a fixed strategy rather than independently choosing a rational strategy. A range of simulations was carried out that showed improved cooperation between selfish nodes when compared to older results. Cooperation among ad hoc nodes can also protect a network from malicious attacks. In the absence of a central trusted entity, many security mechanisms and privacy protections require cooperation among ad hoc nodes to protect a network from malicious attacks. Therefore, using game theory and evolutionary game theory, a mathematical framework has been developed that explores trust mechanisms to achieve security in the network. This framework is one of the first steps towards the synthesis of an integrated solution that demonstrates that security solely depends on the initial trust level that nodes have for each other.^
Resumo:
The economic rationale for public intervention into private markets through price mechanisms is twofold: to correct market failures and to redistribute resources. Financial incentives are one such price mechanism. In this dissertation, I specifically address the role of financial incentives in providing social goods in two separate contexts: a redistributive policy that enables low income working families to access affordable childcare in the US and an experimental pay-for-performance intervention to improve population health outcomes in rural India. In the first two papers, I investigate the effects of government incentives for providing grandchild care on grandmothers’ short- and long-term outcomes. In the third paper, coauthored with Manoj Mohanan, Grant Miller, Katherine Donato, and Marcos Vera-Hernandez, we use an experimental framework to consider the the effects of financial incentives in improving maternal and child health outcomes in the Indian state of Karnataka.
Grandmothers provide a significant amount of childcare in the US, but little is known about how this informal, and often uncompensated, time transfer impacts their economic and health outcomes. The first two chapters of this dissertation address the impact of federally funded, state-level means-tested programs that compensate grandparent-provided childcare on the retirement security of older women, an economically vulnerable group of considerable policy interest. I use the variation in the availability and generosity of childcare subsidies to model the effect of government payments for grandchild care on grandmothers’ time use, income, earnings, interfamily transfers, and health outcomes. After establishing that more generous government payments induce grandmothers to provide more hours of childcare, I find that grandmothers adjust their behavior by reducing their formal labor supply and earnings. Grandmothers make up for lost earnings by claiming Social Security earlier, increasing their reliance on Supplemental Security Income (SSI) and reducing financial transfers to their children. While the policy does not appear to negatively impact grandmothers’ immediate economic well-being, there are significant costs to the state, in terms of both up-front costs for care payments and long-term costs as a result of grandmothers’ increased reliance on social insurance.
The final paper, The Role of Non-Cognitive Traits in Response to Financial Incentives: Evidence from a Randomized Control Trial of Obstetrics Care Providers in India, is coauthored with Manoj Mohanan, Grant Miller, Katherine Donato and Marcos Vera-Hernandez. We report the results from “Improving Maternal and Child Health in India: Evaluating Demand and Supply Side Strategies” (IMACHINE), a randomized controlled experiment designed to test the effectiveness of supply-side incentives for private obstetrics care providers in rural Karnataka, India. In particular, the experimental design compares two different types of incentives: (1) those based on the quality of inputs providers offer their patients (inputs contracts) and (2) those based on the reduction of incidence of four adverse maternal and neonatal health outcomes (outcomes contracts). Along with studying the relative effectiveness of the different financial incentives, we also investigate the role of provider characteristics, preferences, expectations and non-cognitive traits in mitigating the effects of incentive contracts.
We find that both contract types input incentive contracts reduce rates of post-partum hemorrhage, the leading cause of maternal mortality in India by about 20%. We also find some evidence of multitasking as output incentive contract providers reduce the level of postnatal newborn care received by their patients. We find that patient health improvements in response to both contract types are concentrated among higher trained providers. We find improvements in patient care to be concentrated among the lower trained providers. Contrary to our expectations, we also find improvements in patient health to be concentrated among the most risk averse providers, while more patient providers respond relatively little to the incentives, and these difference are most evident in the outputs contract arm. The results are opposite for patient care outcomes; risk averse providers have significantly lower rates of patient care and more patient providers provide higher quality care in response to the outputs contract. We find evidence that overconfidence among providers about their expectations about possible improvements reduces the effectiveness of both types of incentive contracts for improving both patient outcomes and patient care. Finally, we find no heterogeneous response based on non-cognitive traits.
Resumo:
Background: Outbreaks of infectious diseases such as Ebola have dramatic economic impacts on affected nations due to significant direct costs and indirect costs, as well as increased expenditure by the government to meet the health and security crisis. Despite its dense population, Nigeria was able to contain the outbreak swiftly and was declared Ebola free on 13th October 2014. Although Nigeria’s Ebola containment success was multifaceted, the private sector played a key role in Nigeria’s fight against Ebola. An epidemic of a disease like Ebola, not only consumes health resources but also detrimentally disrupts trade and travel to impact both public and private sector resulting in the ‘fearonomic’ effect of the contagion. In this thesis, I have defined ‘fearonomics’ or the ‘fearonomic effects’ of a disease as the intangible and intangible economic effects of both informed and misinformed aversion behavior exhibited by individuals, organizations, or countries during an outbreak. During an infectious disease outbreak, there is a significant potential for public-private sector collaborations that can help offset some of the government’s cost of controlling the epidemic.
Objective: The main objective of this study is to understand the ‘fearonomics’ of Ebola in Nigeria and to evaluate the role of the key private sector stakeholders in Nigeria’s Ebola response.
Methods: This retrospective qualitative study was conducted in Nigeria and utilizes grounded theory to look across different economic sectors in Nigeria to understand the impact of Ebola on Nigeria’s private sector and how it dealt with the various challenges posed by the disease and its ‘fearonomic effects'.
Results: Due to swift containment of Ebola in Nigeria, the economic impact of the disease was limited especially in comparison to the other Ebola-infected countries such as Liberia, Sierra Leone, and Guinea. However, the 2014 Ebola outbreak had more than a just direct impact on the country’s economy and despite the swift containment, no economic sector was immune to the disease’s fearonomic impact. The potential scale of the fearonomic impact of a disease like Ebola was one of the key motivators for the private sector engagement in the Ebola response.
The private sector in Nigeria played an essential role in facilitating the country’s response to Ebola. The private sector not only provided in-cash donations but significant in-kind support to both the Federal and State governments during the outbreak. Swift establishment of an Ebola Emergency Operation Centre (EEOC) was essential to the country’s response and was greatly facilitated by the private sector, showcasing the crucial role of private sector in the initial phase of an outbreak. The private sector contributed to Nigeria’s fight against Ebola not only by donating material assets but by continuing operations and partaking in knowledge sharing and advocacy. Some sector such as the private health sector, telecom sector, financial sector, oil and gas sector played a unique role in orchestrating the Nigerian Ebola response and were among the first movers during the outbreak.
This paper utilizes the lessons from Nigeria’s containment of Ebola to highlight the potential of public-private partnerships in preparedness, response, and recovery during an outbreak.
Resumo:
This project looks at the ways Northeastern Ontario citizens in rural communities regulate their private property through traditional and contemporary surveillance means. Through art and objects, this project allows viewers the opportunity to experience surveillance in rural areas through visual and creative ways that encourage interaction and critique. This project defines organic surveillance by looking at the ways ruralists in Markstay Ontario practice surveillance and deterrence which is influenced by characteristics of land, risks and other determining factors such as psychology, resourcefulness, sustainability, technology and private property. Organic surveillance argues that surveillance and deterrence is prevalent far beyond datamining, GPS tracking and social media. Surveillance and deterrence as methods of survival are found everywhere, even in the farthest, most “wild” and forested areas.
