990 resultados para security engineering
Resumo:
The invention of asymmetric encryption back in the seventies was a conceptual leap that vastly increased the expressive power of encryption of the times. For the first time, it allowed the sender of a message to designate the intended recipient in an cryptographic way, expressed as a “public key” that was related to but distinct from the “private key” that, alone, embodied the ability to decrypt. This made large-scale encryption a practical and scalable endeavour, and more than anything else—save the internet itself—led to the advent of electronic commerce as we know and practice it today.
Resumo:
Enterprises, both public and private, have rapidly commenced using the benefits of enterprise resource planning (ERP) combined with business analytics and “open data sets” which are often outside the control of the enterprise to gain further efficiencies, build new service operations and increase business activity. In many cases, these business activities are based around relevant software systems hosted in a “cloud computing” environment. “Garbage in, garbage out”, or “GIGO”, is a term long used to describe problems in unqualified dependency on information systems, dating from the 1960s. However, a more pertinent variation arose sometime later, namely “garbage in, gospel out” signifying that with large scale information systems, such as ERP and usage of open datasets in a cloud environment, the ability to verify the authenticity of those data sets used may be almost impossible, resulting in dependence upon questionable results. Illicit data set “impersonation” becomes a reality. At the same time the ability to audit such results may be an important requirement, particularly in the public sector. This paper discusses the need for enhancement of identity, reliability, authenticity and audit services, including naming and addressing services, in this emerging environment and analyses some current technologies that are offered and which may be appropriate. However, severe limitations to addressing these requirements have been identified and the paper proposes further research work in the area.
Resumo:
An increasing number of countries are faced with an aging population increasingly needing healthcare services. For any e-health information system, the need for increased trust by such clients with potentially little knowledge of any security scheme involved is paramount. In addition notable scalability of any system has become a critical aspect of system design, development and ongoing management. Meanwhile cryptographic systems provide the security provisions needed for confidentiality, authentication, integrity and non-repudiation. Cryptographic key management, however, must be secure, yet efficient and effective in developing an attitude of trust in system users. Digital certificate-based Public Key Infrastructure has long been the technology of choice or availability for information security/assurance; however, there appears to be a notable lack of successful implementations and deployments globally. Moreover, recent issues with associated Certificate Authority security have damaged trust in these schemes. This paper proposes the adoption of a centralised public key registry structure, a non-certificate based scheme, for large scale e-health information systems. The proposed structure removes complex certificate management, revocation and a complex certificate validation structure while maintaining overall system security. Moreover, the registry concept may be easier for both healthcare professionals and patients to understand and trust.
Resumo:
Enterprise resource planning (ERP) systems are rapidly being combined with “big data” analytics processes and publicly available “open data sets”, which are usually outside the arena of the enterprise, to expand activity through better service to current clients as well as identifying new opportunities. Moreover, these activities are now largely based around relevant software systems hosted in a “cloud computing” environment. However, the over 50- year old phrase related to mistrust in computer systems, namely “garbage in, garbage out” or “GIGO”, is used to describe problems of unqualified and unquestioning dependency on information systems. However, a more relevant GIGO interpretation arose sometime later, namely “garbage in, gospel out” signifying that with large scale information systems based around ERP and open datasets as well as “big data” analytics, particularly in a cloud environment, the ability to verify the authenticity and integrity of the data sets used may be almost impossible. In turn, this may easily result in decision making based upon questionable results which are unverifiable. Illicit “impersonation” of and modifications to legitimate data sets may become a reality while at the same time the ability to audit any derived results of analysis may be an important requirement, particularly in the public sector. The pressing need for enhancement of identity, reliability, authenticity and audit services, including naming and addressing services, in this emerging environment is discussed in this paper. Some current and appropriate technologies currently being offered are also examined. However, severe limitations in addressing the problems identified are found and the paper proposes further necessary research work for the area. (Note: This paper is based on an earlier unpublished paper/presentation “Identity, Addressing, Authenticity and Audit Requirements for Trust in ERP, Analytics and Big/Open Data in a ‘Cloud’ Computing Environment: A Review and Proposal” presented to the Department of Accounting and IT, College of Management, National Chung Chen University, 20 November 2013.)
Resumo:
Fisheries and aquaculture are important for food security, income generation and are critical to long term sustainability of many countries. Freshwater prawns have been harvested in the streams and creeks in Vanuatu, however due to over-exploitation catches have declined in recent years. To satisfy high demand for this product, Vanuatu government intends to establish economically viable small-scale aquaculture industries. The current project showed that wild Macrobrachium lar in Vanuatu constitute a single population for management purposes and that M. rosenbergii grows much faster than M. lar in simple pond grow-out systems, hence is a better species for culture in Vanuatu.
Resumo:
At the end of the first decade of the twenty-first century, there is unprecedented awareness of the need for a transformation in development, to meet the needs of the present while also preserving the ability of future generations to meet their own needs. However, within engineering, educators still tend to regard such development as an ‘aspect’ of engineering rather than an overarching meta-context, with ad hoc and highly variable references to topics. Furthermore, within a milieu of interpretations there can appear to be conflicting needs for achieving sustainable development, which can be confusing for students and educators alike. Different articulations of sustainable development can create dilemmas around conflicting needs for designers and researchers, at the level of specific designs and (sub-) disciplinary analysis. Hence sustainability issues need to be addressed at a meta-level using a whole of system approach, so that decisions regarding these dilemmas can be made. With this appreciation, and in light of curriculum renewal challenges that also exist in engineering education, this paper considers how educators might take the next step to move from sustainable development being an interesting ‘aspect’ of the curriculum, to sustainable development as a meta-context for curriculum renewal. It is concluded that capacity building for such strategic considerations is critical in engineering education.
Resumo:
Purpose This paper aims to present key findings from an inquiry into engineering accreditation and curricula renewal. The research attempted to ascertain conceptions of requisite sustainability themes among engineering academics and professionals. The paper also reflects on the potential role of professional engineering institutions (PEIs) in embedding sustainability through their programme accreditation guidelines and wider implications in terms of rapid curricula renewal. Design/methodology/approach This research comprised an International Engineering Academic Workshop held during the 2010 International Symposium on Engineering Education in Ireland, on “accreditation and sustainable engineering”. This built on the findings of a literature review that was distributed prior to the workshop. Data collection included individual questionnaires administered during the workshop, and notes scribed by workshop participants. Findings The literature review highlighted a wide range of perspectives across and within engineering disciplines, regarding what sustainability/sustainable development (SD) themes should be incorporated into engineering curricula, and regarding language and terminology. This was also reflected in the workshop discussions. Notwithstanding this diversity, clusters of sustainability themes and priority considerations were distilled from the literature review and workshop. These related to resources, technology, values, ethics, inter- and intra-generational equity, transdisciplinarity, and systems and complex thinking. Themes related to environmental and economic knowledge and skills received less attention by workshop participants than represented in the literature. Originality/value This paper provides an appreciation of the diversity of opinion regarding priority sustainability themes for engineering curricula, among a group of self-selected engineering academics who have a common interest in education for SD. It also provides some insights and caveats on how these themes might be rapidly integrated into engineering curricula.
Resumo:
At the end of the first decade of the twenty-first century, there is unprecedented awareness of the need for a transformation in development, to meet the needs of the present while also preserving the ability of future generations to meet their own needs. However, within engineering, educators still tend to regard such development as an ‘aspect’ of engineering rather than an overarching meta-context, with ad hoc and highly variable references to topics. Furthermore, within a milieu of interpretations there can appear to be conflicting needs for achieving sustainable development, which can be confusing for students and educators alike. Different articulations of sustainable development can create dilemmas around conflicting needs for designers and researchers, at the level of specific designs and (sub-) disciplinary analysis. Hence sustainability issues need to be addressed at a meta-level using a whole of system approach, so that decisions regarding these dilemmas can be made. With this appreciation, and in light of curriculum renewal challenges that also exist in engineering education, this paper considers how educators might take the next step to move from sustainable development being an interesting ‘aspect’ of the curriculum, to sustainable development as a meta-context for curriculum renewal. It is concluded that capacity building for such strategic considerations is critical in engineering education.
Resumo:
Energy efficiency is a complex topic to integrate into higher education curricula, with limited success internationally or in Australia. This paper discusses one of the successful initiatives within the Energy Efficiency Training Program, which was jointly managed and implemented by the New South Wales Office of Environment and Heritage and Department of Education and Communities. The state government initiative aimed to increase the knowledge and skills of the New South Wales workforce, help business to identify and implement energy efficiency projects, and provide professional development for the training providers. Key sectors targeted included property, construction, manufacturing and services. The Program was externally evaluated over the three years 2011 to 2013 and a range of insights were gained through these facilitated reflective opportunities, confirming and building upon literature on the topic to date. This paper presents lessons learned from the engineering part of the program (‘the project’), spanning government agencies, academic institutions, and academia. The paper begins with a contextual summary, followed by a synthesis of key learnings and implications for future training initiatives. It is intended that sharing these lessons will contribute to literature in the field, and assist other organisations in Australia and overseas planning similar initiatives.
Resumo:
Governments have recognised that the technological trades rely on knowledge embedded traditionally in science, technology, engineering and mathematics (STEM) disciplines. In this paper, we report preliminary findings on the development of two curricula that attempt to integrate science and mathematics with workplace knowledge and practices. We argue that these curricula provide educational opportunities for students to pursue their preferred career pathways. These curricula were co-developed by industry and educational personnel across two industry sectors, namely, mining and aerospace. The aim was to provide knowledge appropriate for students moving from school to the workplace in the respective industries. The analysis of curriculum and associated policy documents reveals that the curricula adopt applied learning orientations through teaching strategies and assessment practices which focus on practical skills. However, although key theoretical science and maths concepts have been well incorporated, the extent to which knowledge deriving from workplace practices is included varies across the curricula. Our findings highlight the importance of teachers having substantial practical industry experience and the role that whole school policies play in attempts to align the range of learning experiences with the needs of industry.
Resumo:
Sequential Design Molecular Weight Range Functional Monomers: Possibilities, Limits, and Challenges Block Copolymers: Combinations, Block Lengths, and Purities Modular Design End-Group Chemistry Ligation Protocols Conclusions
Resumo:
An accumulator based on bilinear pairings was proposed at CT-RSA'05. Here, it is first demonstrated that the security model proposed by Lan Nguyen does lead to a cryptographic accumulator that is not collision resistant. Secondly, it is shown that collision-resistance can be provided by updating the adversary model appropriately. Finally, an improvement on Nguyen's identity escrow scheme, with membership revocation based on the accumulator, by removing the trusted third party is proposed.
Resumo:
We study the multicast stream authentication problem when an opponent can drop, reorder and introduce data packets into the communication channel. In such a model, packet overhead and computing efficiency are two parameters to be taken into account when designing a multicast stream protocol. In this paper, we propose to use two families of erasure codes to deal with this problem, namely, rateless codes and maximum distance separable codes. Our constructions will have the following advantages. First, our packet overhead will be small. Second, the number of signature verifications to be performed at the receiver is O(1). Third, every receiver will be able to recover all the original data packets emitted by the sender despite losses and injection occurred during the transmission of information.
Resumo:
The primary motivation for signcryption was the gain in efficiency when both encryption and signing need to be performed. These two cryptographic operations may be done sequentially either by first encrypt and then sign (EtS) or alternatively, by first sign and then encrypt (StE). Further gains in efficiency can be achieved if encryption and signature are carried out in parallel (E&S). More importantly, however, is that these efficiency gains are complemented by gains in security, i.e., we may use relative weak encryption and signature schemes in order to obtain a “stronger” signcryption scheme. The reader is referred to Chaps. 2 and 3 for a discussion of the different “strengths” of security model (e.g., outsider vs. insider adversaries, two-user vs. multi-user setting).
