985 resultados para Software Security
Resumo:
Questa tesi ha l’obiettivo di comprendere e valutare se l’approccio al paradigma SDN, che verrà spiegato nel capitolo 1, può essere utilizzato efficacemente per implementare dei sistemi atti alla protezione e alla sicurezza di una rete più o meno estesa. Oltre ad introdurre il paradigma SDN con i relativi componenti basilari, si introduce il protocollo fondamentale OpenFlow, per la gestione dei vari componenti. Per ottenere l’obiettivo prestabilito, si sono seguiti alcuni passaggi preliminari. Primo tra tutti si è studiato cos’è l’SDN. Esso introduce una potenziale innovazione nell’utilizzo della rete. La combinazione tra la visione globale di tutta la rete e la programmabilità di essa, rende la gestione del traffico di rete un processo abbastanza complicato in termini di livello applicativo, ma con un risultato alquanto performante in termini di flessibilità. Le alterazioni all’architettura di rete introdotte da SDN devono essere valutate per garantire che la sicurezza di rete sia mantenuta. Le Software Defined Network (come vedremo nei primi capitoli) sono in grado di interagire attraverso tutti i livelli del modello ISO/OSI e questa loro caratteristica può creare problemi. Nelle reti odierne, quando si agisce in un ambiente “confinato”, è facile sia prevedere cosa potrebbe accadere, che riuscire a tracciare gli eventi meno facilmente rilevabili. Invece, quando si gestiscono più livelli, la situazione diventa molto più complessa perché si hanno più fattori da gestire, la variabilità dei casi possibili aumenta fortemente e diventa più complicato anche distinguere i casi leciti da quelli illeciti. Sulla base di queste complicazioni, ci si è chiesto se SDN abbia delle problematiche di sicurezza e come potrebbe essere usato per la sicurezza. Per rispondere a questo interrogativo si è fatta una revisione della letteratura a riguardo, indicando, nel capitolo 3, alcune delle soluzioni che sono state studiate. Successivamente si sono chiariti gli strumenti che vengono utilizzati per la creazione e la gestione di queste reti (capitolo 4) ed infine (capitolo 5) si è provato ad implementare un caso di studio per capire quali sono i problemi da affrontare a livello pratico. Successivamente verranno descritti tutti i passaggi individuati in maniera dettagliata ed alla fine si terranno alcune conclusioni sulla base dell’esperienza svolta.
Resumo:
I problemi di sicurezza nel software sono in crescita e gli strumenti di analisi adottati nei sistemi GNU/Linux non permettono di evidenziare le finestre di vulnerabilità a cui un pacchetto è stato soggetto. L'obiettivo di questa tesi è quello di sviluppare uno strumento di computer forensics in grado di ricostruire, incrociando informazioni ottenute dal package manager con security advisory ufficiali, i problemi di sicurezza che potrebbero aver causato una compromissione del sistema in esame.
Resumo:
This article reviews Article 6 of the Software Directive and discusses the need for a revision. Beyond clarification of the scope of the very limited provision on reverse engineering, it seems that the introduction of the clause into copyright was unfortunate. The indirect protection of ideas by prohibiting reverse engineering is foreign to the copyright concept. Permitting reverse engineering altogether would promote research and development and further other goals like ICT security. Innovation would not be retarded, which is the reason why US trade secret law permits reverse engineering based also on economic arguments. The notions of compatibility Article 6 tries to address are better dealt with by Competition Law, which was demonstrated by the Microsoft Decision of the European Court in 2007.
Resumo:
Service providers make use of cost-effective wireless solutions to identify, localize, and possibly track users using their carried MDs to support added services, such as geo-advertisement, security, and management. Indoor and outdoor hotspot areas play a significant role for such services. However, GPS does not work in many of these areas. To solve this problem, service providers leverage available indoor radio technologies, such as WiFi, GSM, and LTE, to identify and localize users. We focus our research on passive services provided by third parties, which are responsible for (i) data acquisition and (ii) processing, and network-based services, where (i) and (ii) are done inside the serving network. For better understanding of parameters that affect indoor localization, we investigate several factors that affect indoor signal propagation for both Bluetooth and WiFi technologies. For GSM-based passive services, we developed first a data acquisition module: a GSM receiver that can overhear GSM uplink messages transmitted by MDs while being invisible. A set of optimizations were made for the receiver components to support wideband capturing of the GSM spectrum while operating in real-time. Processing the wide-spectrum of the GSM is possible using a proposed distributed processing approach over an IP network. Then, to overcome the lack of information about tracked devices’ radio settings, we developed two novel localization algorithms that rely on proximity-based solutions to estimate in real environments devices’ locations. Given the challenging indoor environment on radio signals, such as NLOS reception and multipath propagation, we developed an original algorithm to detect and remove contaminated radio signals before being fed to the localization algorithm. To improve the localization algorithm, we extended our work with a hybrid based approach that uses both WiFi and GSM interfaces to localize users. For network-based services, we used a software implementation of a LTE base station to develop our algorithms, which characterize the indoor environment before applying the localization algorithm. Experiments were conducted without any special hardware, any prior knowledge of the indoor layout or any offline calibration of the system.
Resumo:
Service providers make use of cost-effective wireless solutions to identify, localize, and possibly track users using their carried MDs to support added services, such as geo-advertisement, security, and management. Indoor and outdoor hotspot areas play a significant role for such services. However, GPS does not work in many of these areas. To solve this problem, service providers leverage available indoor radio technologies, such as WiFi, GSM, and LTE, to identify and localize users. We focus our research on passive services provided by third parties, which are responsible for (i) data acquisition and (ii) processing, and network-based services, where (i) and (ii) are done inside the serving network. For better understanding of parameters that affect indoor localization, we investigate several factors that affect indoor signal propagation for both Bluetooth and WiFi technologies. For GSM-based passive services, we developed first a data acquisition module: a GSM receiver that can overhear GSM uplink messages transmitted by MDs while being invisible. A set of optimizations were made for the receiver components to support wideband capturing of the GSM spectrum while operating in real-time. Processing the wide-spectrum of the GSM is possible using a proposed distributed processing approach over an IP network. Then, to overcome the lack of information about tracked devices’ radio settings, we developed two novel localization algorithms that rely on proximity-based solutions to estimate in real environments devices’ locations. Given the challenging indoor environment on radio signals, such as NLOS reception and multipath propagation, we developed an original algorithm to detect and remove contaminated radio signals before being fed to the localization algorithm. To improve the localization algorithm, we extended our work with a hybrid based approach that uses both WiFi and GSM interfaces to localize users. For network-based services, we used a software implementation of a LTE base station to develop our algorithms, which characterize the indoor environment before applying the localization algorithm. Experiments were conducted without any special hardware, any prior knowledge of the indoor layout or any offline calibration of the system.
Resumo:
This research addressed the development of a consolidated model designed especially to cover the security and usability attributes of a software product. As a starting point, we built a new usability model on the basis of well-known quality standards and models. We then used an existing security model to analyse the relationship between these two approaches. This analysis consisted of a systematic mapping study of the relationship between security and usability as global quality factors. We identified five relationship types: inverse, direct, relative, one-way inverse, and no relationship. Most authors agree that there is an inverse relationship between security and usability. However, this is not a unanimous finding, and this study unveils a number of open questions, like application domain dependency and the need to explore lower-level relationships between attribute subcharacteristics. In order to clarify the questions raised during the research, we conducted a second systematic mapping to further analyse the finer-grained structure of these factors, such as authentication as a subset of security and user efficiency as a subset of usability. The most relevant finding is that efficiency does not depend on the security level during the authentication process. There are other subfactors that require analysis. Accordingly, this research is the first part of a larger project to develop a full-blown consolidated model for security and usability.
Resumo:
As the user base of the Internet has grown tremendously, the need for secure services has increased accordingly. Most secure protocols, in digital business and other fields, use a combination of symmetric and asymmetric cryptography, random generators and hash functions in order to achieve confidentiality, integrity, and authentication. Our proposal is an integral security kernel based on a powerful mathematical scheme from which all of these cryptographic facilities can be derived. The kernel requires very little resources and has the flexibility of being able to trade off speed, memory or security; therefore, it can be efficiently implemented in a wide spectrum of platforms and applications, either software, hardware or low cost devices. Additionally, the primitives are comparable in security and speed to well known standards.
Resumo:
The main goal of this thesis is to report patterns of perceived safety in the context of airport infrastructure, taking the airport of Bologna as reference. Many personal and environmental attributes are investigated to paint the profile of the sensitive passenger and to understand why precise factors of the transit environment are so impactful on the individual. The main analyses are based on a 2014-2015 passengers’ survey, involving almost six thousand of incoming and outgoing passengers. Other reports are used to implement and support the resource. The analysis is carried out by using a combination of Chi-square tests and binary logistic regressions. Findings shows that passengers result to be particularly affected by the perception of airport’s environment (e.g., state and maintenance of facilities, clarity and efficacy of information system, functionality of elevators and escalators), but also by the way how the passenger reaches the airport and the quality of security checks. In relation to such results, several suggestions are provided for the improvement of passenger satisfaction with safety. The attention is then focused on security checkpoints and related operations, described on a theoretical and technical ground. We present an example of how to realize a proper model of the security checks area of Bologna’s airport, with the aim to assess present performances of the system and consequences of potential variations. After a brief introduction to Arena, a widespread simulation software, the existing model is described, pointing out flaws and limitations. Such model is finally updated and changed in order to make it more reliable and more representative of the reality. Different scenarios are tested and results are compared using graphs and tables.
Resumo:
Item 247.
Resumo:
"June 12, 2006."
Resumo:
Electronic communications devices intended for government or military applications must be rigorously evaluated to ensure that they maintain data confidentiality. High-grade information security evaluations require a detailed analysis of the device's design, to determine how it achieves necessary security functions. In practice, such evaluations are labour-intensive and costly, so there is a strong incentive to find ways to make the process more efficient. In this paper we show how well-known concepts from graph theory can be applied to a device's design to optimise information security evaluations. In particular, we use end-to-end graph traversals to eliminate components that do not need to be evaluated at all, and minimal cutsets to identify the smallest group of components that needs to be evaluated in depth.
Resumo:
Communications devices for government or military applications must keep data secure, even when their electronic components fail. Combining information flow and risk analyses could make fault-mode evaluations for such devices more efficient and cost-effective.
