WorldWideScience

Sample records for active computing security

  1. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  2. A New Approach to Practical Active-Secure Two-Party Computation

    DEFF Research Database (Denmark)

    Nielsen, Jesper Buus; Nordholt, Peter Sebastian; Orlandi, Claudio;

    2012-01-01

    We propose a new approach to practical two-party computation secure against an active adversary. All prior practical protocols were based on Yao’s garbled circuits. We use an OT-based approach and get efficiency via OT extension in the random oracle model. To get a practical protocol we introduce...

  3. Security in Computer Applications

    CERN Document Server

    CERN. Geneva

    2004-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

  4. Cognitive Computing for Security.

    Energy Technology Data Exchange (ETDEWEB)

    Debenedictis, Erik [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rothganger, Fredrick [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Aimone, James Bradley [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Marinella, Matthew [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Evans, Brian Robert [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Warrender, Christina E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Mickel, Patrick [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2015-12-01

    Final report for Cognitive Computing for Security LDRD 165613. It reports on the development of hybrid of general purpose/ne uromorphic computer architecture, with an emphasis on potential implementation with memristors.

  5. Computer Security Handbook

    CERN Document Server

    Bosworth, Seymour; Whyne, Eric

    2012-01-01

    The classic and authoritative reference in the field of computer security, now completely updated and revised With the continued presence of large-scale computers; the proliferation of desktop, laptop, and handheld computers; and the vast international networks that interconnect them, the nature and extent of threats to computer security have grown enormously. Now in its fifth edition, Computer Security Handbook continues to provide authoritative guidance to identify and to eliminate these threats where possible, as well as to lessen any losses attributable to them. With seventy-seven chapter

  6. Indirection and computer security.

    Energy Technology Data Exchange (ETDEWEB)

    Berg, Michael J.

    2011-09-01

    The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyze common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.

  7. Secure cloud computing

    CERN Document Server

    Jajodia, Sushil; Samarati, Pierangela; Singhal, Anoop; Swarup, Vipin; Wang, Cliff

    2014-01-01

    This book presents a range of cloud computing security challenges and promising solution paths. The first two chapters focus on practical considerations of cloud computing. In Chapter 1, Chandramouli, Iorga, and Chokani describe the evolution of cloud computing and the current state of practice, followed by the challenges of cryptographic key management in the cloud. In Chapter 2, Chen and Sion present a dollar cost model of cloud computing and explore the economic viability of cloud computing with and without security mechanisms involving cryptographic mechanisms. The next two chapters addres

  8. CLOUD COMPUTING SECURITY

    Directory of Open Access Journals (Sweden)

    DANISH JAMIL,

    2011-04-01

    Full Text Available It is no secret that cloud computing is becoming more and more popular today and is ever increasing inpopularity with large companies as they share valuable resources in a cost effective way. Due to this increasingdemand for more clouds there is an ever growing threat of security becoming a major issue. This paper shalllook at ways in which security threats can be a danger to cloud computing and how they can be avoided.

  9. CLOUD COMPUTING AND SECURITY

    Directory of Open Access Journals (Sweden)

    Asharani Shinde

    2015-10-01

    Full Text Available This document gives an insight into Cloud Computing giving an overview of key features as well as the detail study of exact working of Cloud computing. Cloud Computing lets you access all your application and documents from anywhere in the world, freeing you from the confines of the desktop thus making it easier for group members in different locations to collaborate. Certainly cloud computing can bring about strategic, transformational and even revolutionary benefits fundamental to future enterprise computing but it also offers immediate and pragmatic opportunities to improve efficiencies today while cost effectively and systematically setting the stage for the strategic change. As this technology makes the computing, sharing, networking easy and interesting, we should think about the security and privacy of information too. Thus the key points we are going to be discussed are what is cloud, what are its key features, current applications, future status and the security issues and the possible solutions.

  10. Computer Security Systems Enable Access.

    Science.gov (United States)

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  11. A Portable Computer Security Workshop

    Science.gov (United States)

    Wagner, Paul J.; Phillips, Andrew T.

    2006-01-01

    We have developed a computer security workshop designed to instruct post-secondary instructors who want to start a course or laboratory exercise sequence in computer security. This workshop has also been used to provide computer security education to IT professionals and students. It is effective in communicating basic computer security principles…

  12. Computer Science Security

    OpenAIRE

    Ocotlan Diaz-Parra; Ruiz-Vanoye, Jorge A.; Barrera-Cámara, Ricardo A.; Alejandro Fuentes-Penna; Natalia Sandoval

    2014-01-01

    Soft Systems Methodology (SSM) is a problem-solving methodology employing systems thinking. SSM has been applied to the management, planning, health and medical systems, information systems planning, human resource management, analysis of the logistics systems, knowledge management, project management, construction management and engineering, and development of expert systems. This paper proposes using SSM for strategic planning of Enterprise Computer Security.

  13. Security Dynamics of Cloud Computing

    OpenAIRE

    Khaled M. Khan

    2009-01-01

    This paper explores various dimensions of cloud computing security. It argues that security concerns of cloud computing need to be addressed from the perspective of individual stakeholder. Security focuses of cloud computing are essentially different in terms of its characteristics and business model. Conventional way of viewing as well as addressing security such as ‘bolting-in’ on the top of cloud computing may not work well. The paper attempts to portray the security spectrum necessary for...

  14. New computer security campaign

    CERN Multimedia

    Alizée Dauvergne

    2010-01-01

    A new campaign is taking shape to promote computer security. The slogan “SEC_RITY is not complete without U!” reminds users of the importance of their contribution. The campaign kicks off on 10 June with a public awareness day in the Council Chamber.   The new campaign, organised by CERN’s computer security team, will focus on prevention and involving the user. “This is an education and awareness-raising campaign for all users at CERN,” explains Stefan Lueders, in charge of computer security. “Every day, we register thousands of computer attacks against CERN: there are attempts to tamper with web pages, hack into user accounts, take over servers, and much more. A successful attack could mean confidential user information being divulged, services being interrupted or data being lost. It could even affect operations at CERN. Another factor is the damage that a successful attack could inflict on the Organization’s reputation. &...

  15. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  16. Computer Security: the security marathon, part 2

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

  17. Computer Security Day

    CERN Multimedia

    CERN Bulletin

    2010-01-01

      Viruses, phishing, malware and cyber-criminals can all threaten your computer and your data, even at CERN! Experts will share their experience with you and offer solutions to keep your computer secure. Thursday, 10 June 2010, 9.30, Council Chamber Make a note in your diary! Presentations in French and English: How do hackers break into your computer? Quels sont les enjeux et conséquences des attaques informatiques contre le CERN ? How so criminals steal your money on the Internet? Comment utiliser votre ordinateur de manière sécurisée ? and a quiz: test your knowledge and win one of the many prizes that will be on offer! For more information and to follow the day's events via a live webcast go to: http://cern.ch/SecDay.  

  18. CLOUD COMPUTING SECURITY ISSUES

    Directory of Open Access Journals (Sweden)

    Florin OGIGAU-NEAMTIU

    2012-01-01

    Full Text Available The term “cloud computing” has been in the spotlights of IT specialists the last years because of its potential to transform this industry. The promised benefits have determined companies to invest great sums of money in researching and developing this domain and great steps have been made towards implementing this technology. Managers have traditionally viewed IT as difficult and expensive and the promise of cloud computing leads many to think that IT will now be easy and cheap. The reality is that cloud computing has simplified some technical aspects of building computer systems, but the myriad challenges facing IT environment still remain. Organizations which consider adopting cloud based services must also understand the many major problems of information policy, including issues of privacy, security, reliability, access, and regulation. The goal of this article is to identify the main security issues and to draw the attention of both decision makers and users to the potential risks of moving data into “the cloud”.

  19. CLOUD COMPUTING SECURITY

    Directory of Open Access Journals (Sweden)

    Ştefan IOVAN

    2016-05-01

    Full Text Available Cloud computing reprentes the software applications offered as a service online, but also the software and hardware components from the data center.In the case of wide offerd services for any type of client, we are dealing with a public cloud. In the other case, in wich a cloud is exclusively available for an organization and is not available to the open public, this is consider a private cloud [1]. There is also a third type, called hibrid in which case an user or an organization might use both services available in the public and private cloud. One of the main challenges of cloud computing are to build the trust and ofer information privacy in every aspect of service offerd by cloud computingle. The variety of existing standards, just like the lack of clarity in sustenability certificationis not a real help in building trust. Also appear some questions marks regarding the efficiency of traditionsecurity means that are applied in the cloud domain. Beside the economic and technology advantages offered by cloud, also are some advantages in security area if the information is migrated to cloud. Shared resources available in cloud includes the survey, use of the "best practices" and technology for advance security level, above all the solutions offered by the majority of medium and small businesses, big companies and even some guvermental organizations [2].

  20. New computer security measures

    CERN Multimedia

    IT Department

    2008-01-01

    As a part of the long-term strategy to improve computer security at CERN, and especially given the attention focused to CERN by the start-up of the LHC, two additional security measures concerning DNS and Tor will shortly be introduced. These are described in the following texts and will affect only a small number of users. "PHISHING" ATTACKS CONTINUE CERN computer users continue to be subjected to attacks by people trying to infect our machines and obtain passwords and other confidential information by social engineering trickery. Recent examples include an e-mail message sent from "La Poste" entitled "Colis Postal" on 21 August, a fake mail sent from web and mail services on 8 September, and an e-mail purporting to come from Hallmark Cards announcing the arrival of an electronic postcard. However, there are many other examples and there are reports of compromised mail accounts being used for more realistic site-specific phishing attempts. Given the increased publicity rela...

  1. Visualization Tools for Teaching Computer Security

    Science.gov (United States)

    Yuan, Xiaohong; Vega, Percy; Qadah, Yaseen; Archer, Ricky; Yu, Huiming; Xu, Jinsheng

    2010-01-01

    Using animated visualization tools has been an important teaching approach in computer science education. We have developed three visualization and animation tools that demonstrate various information security concepts and actively engage learners. The information security concepts illustrated include: packet sniffer and related computer network…

  2. Security basics for computer architects

    CERN Document Server

    Lee, Ruby B

    2013-01-01

    Design for security is an essential aspect of the design of future computers. However, security is not well understood by the computer architecture community. Many important security aspects have evolved over the last several decades in the cryptography, operating systems, and networking communities. This book attempts to introduce the computer architecture student, researcher, or practitioner to the basic concepts of security and threat-based design. Past work in different security communities can inform our thinking and provide a rich set of technologies for building architectural support fo

  3. Computational Intelligence, Cyber Security and Computational Models

    CERN Document Server

    Anitha, R; Lekshmi, R; Kumar, M; Bonato, Anthony; Graña, Manuel

    2014-01-01

    This book contains cutting-edge research material presented by researchers, engineers, developers, and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security and Computational Models (ICC3) organized by PSG College of Technology, Coimbatore, India during December 19–21, 2013. The materials in the book include theory and applications for design, analysis, and modeling of computational intelligence and security. The book will be useful material for students, researchers, professionals, and academicians. It will help in understanding current research trends and findings and future scope of research in computational intelligence, cyber security, and computational models.

  4. Scalable and Unconditionally Secure Multiparty Computation

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Nielsen, Jesper Buus

    2007-01-01

    We present a multiparty computation protocol that is unconditionally secure against adaptive and active adversaries, with communication complexity O(Cn)k+O(Dn^2)k+poly(nk), where C is the number of gates in the circuit, n is the number of parties, k is the bit-length of the elements of the field...... over which the computation is carried out, D is the multiplicative depth of the circuit, and κ is the security parameter. The corruption threshold is t security the corruption threshold is t secure......, the protocol has so called everlasting security....

  5. Security Architecture of Cloud Computing

    Directory of Open Access Journals (Sweden)

    V.KRISHNA REDDY

    2011-09-01

    Full Text Available The Cloud Computing offers service over internet with dynamically scalable resources. Cloud Computing services provides benefits to the users in terms of cost and ease of use. Cloud Computing services need to address the security during the transmission of sensitive data and critical applications to shared and public cloud environments. The cloud environments are scaling large for data processing and storage needs. Cloud computing environment have various advantages as well as disadvantages on the data security of service consumers. This paper aims to emphasize the main security issues existing in cloud computing environments. The security issues at various levels of cloud computing environment is identified in this paper and categorized based on cloud computing architecture. This paper focuses on the usage of Cloud services and security issues to build these cross-domain Internet-connected collaborations.

  6. Los Alamos Center for Computer Security formal computer security model

    Energy Technology Data Exchange (ETDEWEB)

    Dreicer, J.S.; Hunteman, W.J.; Markin, J.T.

    1989-01-01

    This paper provides a brief presentation of the formal computer security model currently being developed at the Los Alamos Department of Energy (DOE) Center for Computer Security (CCS). The need to test and verify DOE computer security policy implementation first motivated this effort. The actual analytical model was a result of the integration of current research in computer security and previous modeling and research experiences. The model is being developed to define a generic view of the computer and network security domains, to provide a theoretical basis for the design of a security model, and to address the limitations of present formal mathematical models for computer security. The fundamental objective of computer security is to prevent the unauthorized and unaccountable access to a system. The inherent vulnerabilities of computer systems result in various threats from unauthorized access. The foundation of the Los Alamos DOE CCS model is a series of functionally dependent probability equations, relations, and expressions. The model is undergoing continued discrimination and evolution. We expect to apply the model to the discipline of the Bell and LaPadula abstract sets of objects and subjects. 6 refs.

  7. Reminder: Mandatory Computer Security Course

    CERN Multimedia

    IT Department

    2011-01-01

    Just like any other organization, CERN is permanently under attack – even right now. Consequently it's important to be vigilant about security risks, protecting CERN's reputation - and your work. The availability, integrity and confidentiality of CERN's computing services and the unhindered operation of its accelerators and experiments come down to the combined efforts of the CERN Security Team and you. In order to remain par with the attack trends, the Security Team regularly reminds CERN users about the computer security risks, and about the rules for using CERN’s computing facilities. Therefore, a new dedicated basic computer security course has been designed informing you about the “Do’s” and “Dont’s” when using CERN's computing facilities. This course is mandatory for all person owning a CERN computer account and must be followed once every three years. Users who have never done the course, or whose course needs to be renewe...

  8. New Mandatory Computer Security Course

    CERN Multimedia

    CERN Bulletin

    2010-01-01

    Just like any other organization, CERN is permanently under attack - even right now. Consequently it's important to be vigilant about security risks, protecting CERN's reputation - and your work. The availability, integrity and confidentiality of CERN's computing services and the unhindered operation of its accelerators and experiments come down to the combined efforts of the CERN Security Team and you. In order to remain par with the attack trends, the Security Team regularly reminds CERN users about the computer security risks, and about the rules for using CERN’s computing facilities. Since 2007, newcomers have to follow a dedicated basic computer security course informing them about the “Do’s” and “Dont’s” when using CERNs computing facilities. This course has recently been redesigned. It is now mandatory for all CERN members (users and staff) owning a CERN computer account and must be followed once every three years. Members who...

  9. Cloud Computing Security: A Survey

    Directory of Open Access Journals (Sweden)

    Issa M. Khalil

    2014-02-01

    Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

  10. Cloud Computing Security Issue: Survey

    Science.gov (United States)

    Kamal, Shailza; Kaur, Rajpreet

    2011-12-01

    Cloud computing is the growing field in IT industry since 2007 proposed by IBM. Another company like Google, Amazon, and Microsoft provides further products to cloud computing. The cloud computing is the internet based computing that shared recourses, information on demand. It provides the services like SaaS, IaaS and PaaS. The services and recourses are shared by virtualization that run multiple operation applications on cloud computing. This discussion gives the survey on the challenges on security issues during cloud computing and describes some standards and protocols that presents how security can be managed.

  11. Security and policy driven computing

    CERN Document Server

    Liu, Lei

    2010-01-01

    Security and Policy Driven Computing covers recent advances in security, storage, parallelization, and computing as well as applications. The author incorporates a wealth of analysis, including studies on intrusion detection and key management, computer storage policy, and transactional management.The book first describes multiple variables and index structure derivation for high dimensional data distribution and applies numeric methods to proposed search methods. It also focuses on discovering relations, logic, and knowledge for policy management. To manage performance, the text discusses con

  12. Computer and information security handbook

    CERN Document Server

    Vacca, John R

    2012-01-01

    The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed

  13. Secure computing, economy, and trust

    DEFF Research Database (Denmark)

    Bogetoft, Peter; Damgård, Ivan B.; Jakobsen, Thomas;

    In this paper we consider the problem of constructing secure auctions based on techniques from modern cryptography. We combine knowledge from economics, cryptography and security engineering and develop and implement secure auctions for practical real-world problems. In essence this paper...... is an overview of the research project which attempts to build auctions for real applications using secure multiparty computation. The main contributions of this project are: A generic setup for secure evaluation of integer arithmetic including comparisons; general double auctions expressed by such operations...

  14. Computer Network Security- The Challenges of Securing a Computer Network

    Science.gov (United States)

    Scotti, Vincent, Jr.

    2011-01-01

    This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

  15. A methodology for performing computer security reviews

    International Nuclear Information System (INIS)

    DOE Order 5637.1, ''Classified Computer Security,'' requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, we have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system. 1 tab

  16. A methodology for performing computer security reviews

    International Nuclear Information System (INIS)

    This paper reports on DIE Order 5637.1, Classified Computer Security, which requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, the authors have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system

  17. Computer Security: professionalism in security, too

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    At CERN, we apply a great deal of dedication and professionalism to all the work we do. This is necessary because of the complexity and sophistication of the devices we deal with. However, when it comes to computer security, we can all agree that there is room for improvement.   In some cases, we’ve observed devices that are connected to our Intranet networks without the adequate level of protection. Also, in order to allow it to be disseminated easily with peers, information is often disclosed on public webpages, sometimes without appropriate consideration of important security-related aspects. Program code is lost due to a lack of proper version control or the use of central storage systems. Systems are brought down by “finger trouble”, confusing the right and wrong IP addresses. Software or system development is done directly on production devices, impinging on their proper operation up to the point where the system grinds to a halt. Applications full of useful fe...

  18. Computer Security: Security operations at CERN (4/4)

    CERN Document Server

    CERN. Geneva

    2012-01-01

    Stefan Lueders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and infrastructure control systems against cyber-threats. Subsequently, he joined the CERN Computer Security Incident Response Team and is today heading this team as CERN's Computer Security Officer with the mandate to coordinate all aspects of CERN's computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN's operational needs. Dr. Lueders has presented on these topics at many different occasions to international bodies, governments, and companies, and published several articles. With the prevalence of modern information technologies and...

  19. Change of Computer Security Officer

    CERN Multimedia

    IT Department

    2008-01-01

    After many years of successfully protecting the CERN site in her role as Computer Security Officer (CSO), Denise Heagerty is being assigned to a new role within the IT Department. David Myers has been appointed to the position of CSO for one year from 1st September. W. von Rüden, IT Department Head

  20. Secure multiparty computation goes live

    DEFF Research Database (Denmark)

    Bogetoft, Peter; Christensen, Dan Lund; Damgård, Ivan Bjerre;

    2009-01-01

    In this note, we report on the first large-scale and practical application of secure multiparty computation, which took place in January 2008. We also report on the novel cryptographic protocols that were used. This work was supported by the Danish Strategic Research Council and the European...

  1. LEGO for Two-Party Secure Computation

    DEFF Research Database (Denmark)

    Nielsen, Jesper Buus; Orlandi, Claudio

    2009-01-01

    This paper continues the recent line of work of making Yao’s garbled circuit approach to two-party computation secure against an active adversary. We propose a new cut-and-choose based approach called LEGO (Large Efficient Garbled-circuit Optimization): It is specifically aimed at large circuits...

  2. World of Cloud Computing & Security

    Directory of Open Access Journals (Sweden)

    Ashish Kumar

    2012-06-01

    Full Text Available Cloud computing promises to increase the velocity with which application are deployed, increase innovation and lower costs, all while increasing business agility and hence envisioned as the next generation architecture of IT Enterprise. Nature of cloud computing builds an established trend for driving cost out of the delivery of services while increasing the speed and agility with which services are deployed. Cloud Computing incorporates virtualization, on demand deployment, Internet delivery of services and open source software .From another perspective, everything is new because cloud computing changes how we invent, develop, deploy, scale, update, maintain and pay for application and the infrastructure on which they run. Because of these benefits of Cloud Computing, it requires an effective and flexible dynamic security scheme to ensure the correctness of users’ data in the cloud. Quality of service is an important aspect and hence, extensive cloud data security and performance is required. Normal 0 false false false EN-US X-NONE X-NONE ashish.kumar@bharatividyapeeth.edu

  3. Computer access security code system

    Science.gov (United States)

    Collins, Earl R., Jr. (Inventor)

    1990-01-01

    A security code system for controlling access to computer and computer-controlled entry situations comprises a plurality of subsets of alpha-numeric characters disposed in random order in matrices of at least two dimensions forming theoretical rectangles, cubes, etc., such that when access is desired, at least one pair of previously unused character subsets not found in the same row or column of the matrix is chosen at random and transmitted by the computer. The proper response to gain access is transmittal of subsets which complete the rectangle, and/or a parallelepiped whose opposite corners were defined by first groups of code. Once used, subsets are not used again to absolutely defeat unauthorized access by eavesdropping, and the like.

  4. Securing a HENP Computing Facility

    CERN Document Server

    Misawa, S; Throwe, T

    2003-01-01

    Traditionally, HENP computing facilities have been open facilities that are accessed in many different ways by users that are both internal and external to the facility. However, the need to protect the facility from cybersecurity threats has made it difficult to maintain the openness of the facility to off-site and on-site users. In this paper, we discuss the strategy we have used and the architecture we have developed and deployed to increase the security the US ATLAS and RHIC Computing Facilities, while trying to maintain the openness and accessibility that our user community has come to expect. Included in this discussion are the tools that we have used and the operational experience we have had with the deployed architecture.

  5. The importance of trust in computer security

    DEFF Research Database (Denmark)

    Jensen, Christian D.

    2014-01-01

    The computer security community has traditionally regarded security as a “hard” property that can be modelled and formally proven under certain simplifying assumptions. Traditional security technologies assume that computer users are either malicious, e.g. hackers or spies, or benevolent, compete...

  6. The importance of trust in computer security

    DEFF Research Database (Denmark)

    Jensen, Christian D.

    2014-01-01

    The computer security community has traditionally regarded security as a “hard” property that can be modelled and formally proven under certain simplifying assumptions. Traditional security technologies assume that computer users are either malicious, e.g. hackers or spies, or benevolent, competent...... and well informed about the security policies. Over the past two decades, however, computing has proliferated into all aspects of modern society and the spread of malicious software (malware) like worms, viruses and botnets have become an increasing threat. This development indicates a failure in some...... of the fundamental assumptions that underpin existing computer security technologies and that a new view of computer security is long overdue. In this paper, we examine traditionalmodels, policies and mechanisms of computer security in order to identify areas where the fundamental assumptions may fail. In particular...

  7. Cloud Security A Comprehensive Guide to Secure Cloud Computing

    CERN Document Server

    Krutz, Ronald L

    2010-01-01

    Well-known security experts decipher the most challenging aspect of cloud computing-security. Cloud computing allows for both large and small organizations to have the opportunity to use Internet-based services so that they can reduce start-up costs, lower capital expenditures, use services on a pay-as-you-use basis, access applications only as needed, and quickly reduce or increase capacities. However, these benefits are accompanied by a myriad of security issues, and this valuable book tackles the most common security challenges that cloud computing faces. The authors offer you years of unpa

  8. Knowledge-based computer security advisor

    International Nuclear Information System (INIS)

    The rapid expansion of computer security information and technology has included little support to help the security officer identify the safeguards needed to comply with a policy and to secure a computing system. This paper reports that Los Alamos is developing a knowledge-based computer security system to provide expert knowledge to the security officer. This system includes a model for expressing the complex requirements in computer security policy statements. The model is part of an expert system that allows a security officer to describe a computer system and then determine compliance with the policy. The model contains a generic representation that contains network relationships among the policy concepts to support inferencing based on information represented in the generic policy description

  9. Managing Security in Advanced Computational Infrastructure

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    Proposed by Education Ministry of China, Advanced Computational Infrastructure (ACI) aims at sharing geographically distributed high-performance computing and huge-capacity data resource among the universities of China. With the fast development of large-scale applications in ACI, the security requirements become more and more urgent. The special security needs in ACI is first analyzed in this paper, and security management system based on ACI is presented. Finally, the realization of security management system is discussed.

  10. Computer Security: drive-bye

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2016-01-01

    Like a lion waiting to ambush gazelles at a waterhole, malware can catch you by surprise.    As some of you might have noticed, the Computer Security Team had to block the news site “20min.ch” a while ago, as it was found to be distributing malware. This block comes after similar incidents at other Swiss organizations. Our blocking is protective in order to safeguard your computers, laptops, tablets and smartphones. Unfortunately, this is not the first time we have seen these so-called drive-by/waterhole attacks: once you have visited an affected website, embedded third-party malicious code is downloaded to your computer and subsequently infects it (if running Windows or Android as well as, less likely, Mac operating systems). Hence the name “drive-by”. As “20min.ch” is a very frequented website among CERN staff members and users, it makes it a perfect source for attacks against CERN (or other Geneva-based organisations): inste...

  11. Discussion on the Hospital Computer Security Active Defense Technology%医院计算机安全主动防御技术探讨

    Institute of Scientific and Technical Information of China (English)

    彭利华

    2014-01-01

    With the development of computer network technology, it has been widely used in hospitals, especial y with the arrival of the era of big data, the hospital computer management and ef ective implementation of the network management of patient information, treatment of case data, has become an important part of hospital information, but facing the hospital computer security issues have become increasingly prominent. In this paper, a detailed analysis of the relevant factors of hospital computer security, at the same time, the model of computer security active defense, and in-depth analysis of the architecture of computer security active defense technology, so as to bet er use the computer, computer use perception.%随着计算机网络技术的发展,其在医院得到了广泛地应用,尤其是随着大数据时代的到来,医院计算机网络的使用有效地实现了患者信息、治疗案例等数据的联网管理,已经成为医院信息化的重要组成部分,但是医院计算机网络安全面临的问题日益突出。本文分析了医院计算机网络安全的相关因素,阐述了计算机网络安全主动防御模型,同时深入地分析了计算机网络安全主动防御技术的体系架构,以便人们更好地使用计算机,提升计算机使用的感知度。

  12. A Computer Security Course in the Undergraduate Computer Science Curriculum.

    Science.gov (United States)

    Spillman, Richard

    1992-01-01

    Discusses the importance of computer security and considers criminal, national security, and personal privacy threats posed by security breakdown. Several examples are given, including incidents involving computer viruses. Objectives, content, instructional strategies, resources, and a sample examination for an experimental undergraduate computer…

  13. Computer Security: SAHARA - Security As High As Reasonably Achievable

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    History has shown us time and again that our computer systems, computing services and control systems have digital security deficiencies. Too often we deploy stop-gap solutions and improvised hacks, or we just accept that it is too late to change things.    In my opinion, this blatantly contradicts the professionalism we show in our daily work. Other priorities and time pressure force us to ignore security or to consider it too late to do anything… but we can do better. Just look at how “safety” is dealt with at CERN! “ALARA” (As Low As Reasonably Achievable) is the objective set by the CERN HSE group when considering our individual radiological exposure. Following this paradigm, and shifting it from CERN safety to CERN computer security, would give us “SAHARA”: “Security As High As Reasonably Achievable”. In other words, all possible computer security measures must be applied, so long as ...

  14. A REVIEW ON SECURED CLOUD COMPUTING ENVIRONMENT

    Directory of Open Access Journals (Sweden)

    M. Hemanth Chakravarthy

    2014-01-01

    Full Text Available Nowadays, the scientific problem becomes very complex; therefore, it requires more computing power and storage space. These requirements are very common in an organization while dealing with current technological data and requirements. Based on these basic requirements, need of higher computational resources is an important issue when dealing with current technological methodology. Hence, cloud computing has become the most important computing paradigm of recent world. The cloud computing is an open source and using Internet as network model. Rapid growth in the field of “cloud computing” also increases severe security concerns, because security has a constant issue. This study reviews security models of cloud computing.

  15. Computers, business, and security the new role for security

    CERN Document Server

    Schweitzer, James A

    1987-01-01

    Computers, Business, and Security: The New Role for Security addresses the professional security manager's responsibility to protect all business resources, with operating environments and high technology in mind. This book discusses the technological aspects of the total security programs.Organized into three parts encompassing 10 chapters, this book begins with an overview of how the developing information age is affecting business management, operations, and organization. This text then examines a number of vulnerabilities that arise in the process of using business computing and communicat

  16. OT-Combiners Via Secure Computation

    DEFF Research Database (Denmark)

    Harnik, Danny; Ishai, Yuval; Kushilevitz, Eyal;

    2008-01-01

    An OT-combiner implements a secure oblivious transfer (OT) protocol using oracle access to n OT-candidates of which at most t may be faulty. We introduce a new general approach for combining OTs by making a simple and modular use of protocols for secure computation. Specifically, we obtain an OT......-combiner from any instantiation of the following two ingredients: (1) a t-secure n-party protocol for the OT functionality, in a network consisting of secure point-to-point channels and a broadcast primitive; and (2) a secure two-party protocol for a functionality determined by the former multiparty protocol......, in a network consisting of a single OT-channel. Our approach applies both to the “semi-honest” and the “malicious” models of secure computation, yielding the corresponding types of OT-combiners. Instantiating our general approach with secure computation protocols from the literature, we conceptually simplify...

  17. Tailored Security and Safety for Pervasive Computing

    Science.gov (United States)

    Blass, Erik-Oliver; Zitterbart, Martina

    Pervasive computing makes high demands on security: devices are seriously resource-restricted, communication takes place spontaneously, and adversaries might control some of the devices. We claim that 1.) today’s research, studying traditional security properties for pervasive computing, leads to inefficient, expensive, and unnecessary strong and unwanted security solutions. Instead, security solutions tailored to the demands of a user, the scenario, or the expected adversary are more promising. 2.) Today’s research for security in pervasive computing makes naive, inefficient, and unrealistic assumptions regarding safety properties, in particular the quality of basic communication. Therefore, future security research has to consider safety characteristics and has to jointly investigate security and safety for efficient, tailored solutions.

  18. Banking Security Characteristics in Cloud Computing Technology

    OpenAIRE

    Jeflea Victor; Georgescu Mircea

    2014-01-01

    Cloud Computing technology has become an imminent reality by penetrating all the environments. Although the benefits of implementing Cloud Computing solutions are obvious, there is still a reluctance to use them, especially in the banking sector. Some authors have compared the banking environment itself to the Cloud Computing technology in terms of security and confidence. In what follows, we propose to highlight the main aspects of Cloud Computing security and to detect any elements of vulne...

  19. Applied computation and security systems

    CERN Document Server

    Saeed, Khalid; Choudhury, Sankhayan; Chaki, Nabendu

    2015-01-01

    This book contains the extended version of the works that have been presented and discussed in the First International Doctoral Symposium on Applied Computation and Security Systems (ACSS 2014) held during April 18-20, 2014 in Kolkata, India. The symposium has been jointly organized by the AGH University of Science & Technology, Cracow, Poland and University of Calcutta, India. The Volume I of this double-volume book contains fourteen high quality book chapters in three different parts. Part 1 is on Pattern Recognition and it presents four chapters. Part 2 is on Imaging and Healthcare Applications contains four more book chapters. The Part 3 of this volume is on Wireless Sensor Networking and it includes as many as six chapters. Volume II of the book has three Parts presenting a total of eleven chapters in it. Part 4 consists of five excellent chapters on Software Engineering ranging from cloud service design to transactional memory. Part 5 in Volume II is on Cryptography with two book...

  20. A Framework for Secure Cloud Computing

    Directory of Open Access Journals (Sweden)

    Ahmed E. Youssef

    2012-07-01

    Full Text Available Cloud computing is one of the most discussed topics today in the field of information technology. It introduces a new Internet-based environment for on-demand, dynamic provision of reconfigurable computing resources. The biggest challenge in cloud computing is the security and privacy problems caused by its multi-tenancy nature and the outsourcing of infrastructure, sensitive data and critical applications. In this paper, we propose a framework that identifies security and privacy challenges in cloud computing. It highlights cloud-specific attacks and risks and clearly illustrates their mitigations and countermeasures. We also propose a generic cloud computing security model that helps satisfy security and privacy requirements in the clouds and protect them against various vulnerabilities. The purpose of this work is to advise on security and privacy considerations that should be taken and solutions that might be considered when using the cloud environment by individuals and organizations.

  1. Secure Computation with Fixed-Point Numbers

    Science.gov (United States)

    Catrina, Octavian; Saxena, Amitabh

    Secure computation is a promising approach to business problems in which several parties want to run a joint application and cannot reveal their inputs. Secure computation preserves the privacy of input data using cryptographic protocols, allowing the parties to obtain the benefits of data sharing and at the same time avoid the associated risks. These business applications need protocols that support all the primitive data types and allow secure protocol composition and efficient application development. Secure computation with rational numbers has been a challenging problem. We present in this paper a family of protocols for multiparty computation with rational numbers using fixed-point representation. This approach offers more efficient solutions for secure computation than other usual representations.

  2. Motivating Contributions for Home Computer Security

    Science.gov (United States)

    Wash, Richard L.

    2009-01-01

    Recently, malicious computer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to…

  3. Why SCADA security is NOT like Computer Centre Security

    CERN Document Server

    CERN. Geneva

    2014-01-01

    Today, the industralized world lives in symbiosis with control systems (aka SCADA systems): it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and discuss the differences (or not) between computer center cyber-security and control system cyber-security.

  4. FORMATION OF A COMPUTER SECURITY POLICY BOARD

    CERN Multimedia

    2001-01-01

    In view of the increasing number of security incidents at CERN, the Directorate has set up a Computer Security Policy Board. Information about the mandate and the meetings of the Board is linked from http://cern.ch/security, which is the entry point for computer security information at CERN. FILE SERVICES COMPUTING RULE The use of CERN's Computing facilities are governed by Operational Circular No 5 and its subsidiary rules. To protect file servers at CERN from unauthorised use, the Organization has issued a new subsidiary rule related to file services. Details hereof and of the complete set of rules applicable to the use of CERN computing facilities are available at http://cern.ch/ComputingRules.

  5. FORMATION OF A COMPUTER SECURITY POLICY BOARD

    CERN Multimedia

    2001-01-01

    In view of the increasing number of security incidents at CERN, the Directorate has set up a Computer Security Policy Board. Information about the mandate and the meetings of the Board is linked from http://cern.ch/security which is the entry point for computer security information at CERN. File Services Computing Rule The use of CERN's Computing facilities are governed by Operational Circular No 5 and its subsidiary rules. To protect file servers at CERN from unauthorised use, the Organization has issued a new subsidiary rule related to file services. Details hereof and of the complete set of rules applicable to the use of CERN computing facilities are available at http://cern.ch/ComputingRules

  6. Implementing Security for Active Networks in Internet

    Institute of Scientific and Technical Information of China (English)

    Tang Yin; Wang Weiran

    2003-01-01

    Active networks is primarily a Defense Advanced Research Projects Agency(DARPA)-funded project focusing on the research of mechanisms, applications, and operating systems to develop a reconfigurable network infrastructure. This letter proposes an Secure Active Tracing System (SATS) to implementing security for active networking in Internet. Unlike currently existing schemes, SATS reduces the computational overloads by executing the filtering operation on selected packet streams only when needed.

  7. A common language for computer security incidents

    Energy Technology Data Exchange (ETDEWEB)

    John D. Howard; Thomas A Longstaff

    1998-10-01

    Much of the computer security information regularly gathered and disseminated by individuals and organizations cannot currently be combined or compared because a common language has yet to emerge in the field of computer security. A common language consists of terms and taxonomies (principles of classification) which enable the gathering, exchange and comparison of information. This paper presents the results of a project to develop such a common language for computer security incidents. This project results from cooperation between the Security and Networking Research Group at the Sandia National Laboratories, Livermore, CA, and the CERT{reg_sign} Coordination Center at Carnegie Mellon University, Pittsburgh, PA. This Common Language Project was not an effort to develop a comprehensive dictionary of terms used in the field of computer security. Instead, the authors developed a minimum set of high-level terms, along with a structure indicating their relationship (a taxonomy), which can be used to classify and understand computer security incident information. They hope these high-level terms and their structure will gain wide acceptance, be useful, and most importantly, enable the exchange and comparison of computer security incident information. They anticipate, however, that individuals and organizations will continue to use their own terms, which may be more specific both in meaning and use. They designed the common language to enable these lower-level terms to be classified within the common language structure.

  8. Secure Computation, I/O-Efficient Algorithms and Distributed Signatures

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Kölker, Jonas; Toft, Tomas

    2012-01-01

    .We consider a setting where a set of n players use a set of m servers to store a large, private data set. Later the players decide on functions they want to compute on the data without the servers needing to know which computation is done, while the computation should be secure against a malicious...... as if random access was possible. We show that for sorting, priority queues and data mining, this can indeed be done. We show actively secure protocols of complexity within a constant factor of the passively secure solution. As a technical contribution towards this goal, we develop techniques for generating...

  9. Review your Computer Security Now and Frequently!

    CERN Multimedia

    IT Department

    2009-01-01

    The start-up of LHC is foreseen to take place in the autumn and we will be in the public spotlight again. This increases the necessity to be vigilant with respect to computer security and the defacement of an experiment’s Web page in September last year shows that we should be particularly attentive. Attackers are permanently probing CERN and so we must all do the maximum to reduce future risks. Security is a hierarchical responsibility and requires to balance the allocation of resources between making systems work and making them secure. Thus all of us, whether users, developers, system experts, administrators, or managers are responsible for securing our computing assets. These include computers, software applications, documents, accounts and passwords. There is no "silver bullet" for securing systems, which can only be achieved by a painstaking search for all possible vulnerabilities followed by their mitigation. Additional advice on particular topics can be obtained from the relevant I...

  10. A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE

    Directory of Open Access Journals (Sweden)

    Arijit Ukil

    2013-09-01

    Full Text Available In a typical cloud computing diverse facilitating components like hardware, software, firmware,networking, and services integrate to offer different computational facilities, while Internet or a privatenetwork (or VPN provides the required backbone to deliver the services. The security risks to the cloud system delimit the benefits of cloud computing like “on-demand, customized resource availability and performance management”. It is understood that current IT and enterprise security solutions are not adequate to address the cloud security issues. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solutions. We propose analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing,particularly in Infrastructure-as-a-Service (IaaS and Platform-as-a-Service (PaaS systems. The proposedarchitecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the underlying backbone. This would facilitate to manage the cloud system more effectively and provide the administrator to include the specific solution to counter the threat. We have also shown using experimental data how a cloud service provider can estimate the charging based on the security service it provides and security-related cost-benefit analysis can be estimated.

  11. STP/HAMPI and Computer Security

    CERN Document Server

    Ganesh, Vijay

    2012-01-01

    In the past several years I have written two SMT solvers called STP and HAMPI that have found widespread use in computer security research by leading groups in academia, industry and the government. In this brief note I summarize the features of STP/HAMPI that make them particularly suited for computer security research, and a listing of some of the more important projects that use them.

  12. CLOUD COMPUTING SECURITY THROUGH SYMMETRIC CIPHER MODEL

    Directory of Open Access Journals (Sweden)

    Subramanian Anbazhagan

    2014-10-01

    Full Text Available Cloud computing can be defined as an application and services which runs on distributed network using virtualized and it is accessed through internet protocols and networking. Cloud computing resources and virtual and limitless and information’s of the physical systems on which software running are abstracted from the user. Cloud Computing is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the "cloud" that supports them. To satisfy the needs of the users the concept is to incorporate technologies which have the common theme of reliance on the internet Software and data are stored on the servers whereas cloud computing services are provided through applications online which can be accessed from web browsers. Lack of security and access control is the major drawback in the cloud computing as the users deal with sensitive data to public clouds .Multiple virtual machine in cloud can access insecure information flows as service provider; therefore to implement the cloud it is necessary to build security. Therefore the main aim of this paper is to provide cloud computing security through symmetric cipher model. This article proposes symmetric cipher model in order to implement cloud computing security so that data can accessed and stored securely.

  13. Computer Security: transparent monitoring for your protection

    CERN Document Server

    Stefan Lueders, Computer Security Team

    2016-01-01

    Computer security can be handled in one of two ways: in secrecy, behind a black curtain; or out in the open, subject to scrutiny and with full transparency. We believe that the latter is the only right way for CERN, and have always put that belief into practice. In keeping with this spirit, here is a reminder of how we monitor (your) CERN activities in order to guarantee timely responses to computer security incidents.   We monitor all network traffic coming into and going out of CERN. Automatic tools look for suspicious patterns like connections to known malicious IP addresses, web pages or domains. They check for malicious files being downloaded and make statistical analyses of connections in order to identify unusual behaviour. The automatic analysis of the logs from the CERN Domain Name Servers complements this and provides a redundant means of detection. We also constantly scan the CERN office network and keep an inventory of the individual network services running on each device: w...

  14. Practical Computer Security through Cryptography

    Science.gov (United States)

    McNab, David; Twetev, David (Technical Monitor)

    1998-01-01

    The core protocols upon which the Internet was built are insecure. Weak authentication and the lack of low level encryption services introduce vulnerabilities that propagate upwards in the network stack. Using statistics based on CERT/CC Internet security incident reports, the relative likelihood of attacks via these vulnerabilities is analyzed. The primary conclusion is that the standard UNIX BSD-based authentication system is by far the most commonly exploited weakness. Encryption of Sensitive password data and the adoption of cryptographically-based authentication protocols can greatly reduce these vulnerabilities. Basic cryptographic terminology and techniques are presented, with attention focused on the ways in which technology such as encryption and digital signatures can be used to protect against the most commonly exploited vulnerabilities. A survey of contemporary security software demonstrates that tools based on cryptographic techniques, such as Kerberos, ssh, and PGP, are readily available and effectively close many of the most serious security holes. Nine practical recommendations for improving security are described.

  15. Towards An Engineering Discipline of Computational Security

    Energy Technology Data Exchange (ETDEWEB)

    Mili, Ali [New Jersey Insitute of Technology; Sheldon, Frederick T [ORNL; Jilani, Lamia Labed [Institut Superieur de Gestion; Ayed, Rahma Ben [University of Tunis, Belvedere, Tunisia

    2007-01-01

    George Boole ushered the era of modern logic by arguing that logical reasoning does not fall in the realm of philosophy, as it was considered up to his time, but in the realm of mathematics. As such, logical propositions and logical arguments are modeled using algebraic structures. Likewise, we submit that security attributes must be modeled as formal mathematical propositions that are subject to mathematical analysis. In this paper, we approach this problem by attempting to model security attributes in a refinement-like framework that has traditionally been used to represent reliability and safety claims. Keywords: Computable security attributes, survivability, integrity, dependability, reliability, safety, security, verification, testing, fault tolerance.

  16. SECURITY FOR DATA STORAGE IN CLOUD COMPUTING

    OpenAIRE

    Prof. S.A.Gade; Mukesh P.Patil

    2015-01-01

    Cloud computing is nothing but a specific style of computing where everything from computing power to business apps are provided facility. This application moves the various data to the large data centers through computing where security provided fully trustworthy. The data stored in the cloud may be frequently updated by the users (registered user) including actions like insertion, deletion, modification etc. To ensure that data storage in cl oud this web applicatio...

  17. Cloud Computing Security Latest Issues amp Countermeasures

    Directory of Open Access Journals (Sweden)

    Shelveen Pandey

    2015-08-01

    Full Text Available Abstract Cloud computing describes effective computing services provided by a third-party organization known as cloud service provider for organizations to perform different tasks over the internet for a fee. Cloud service providers computing resources are dynamically reallocated per demand and their infrastructure platform and software and other resources are shared by multiple corporate and private clients. With the steady increase in the number of cloud computing subscribers of these shared resources over the years security on the cloud is a growing concern. In this review paper the current cloud security issues and practices are described and a few innovative solutions are proposed that can help improve cloud computing security in the future.

  18. New mechanism for Cloud Computing Storage Security

    Directory of Open Access Journals (Sweden)

    Almokhtar Ait El Mrabti

    2016-07-01

    Full Text Available Cloud computing, often referred to as simply the cloud, appears as an emerging computing paradigm which promises to radically change the way computer applications and services are constructed, delivered, managed and finally guaranteed as dynamic computing environments for end users. The cloud is the delivery of on-demand computing resources - everything from applications to data centers - over the Internet on a pay-for-use basis. The revolution of cloud computing has provided opportunities for research in all aspects of cloud computing. Despite the big progress in cloud computing technologies, funding concerns in cloud, security may limit a broader adoption. This paper presents a technique to tolerate both accidental and intentional faults, which is fragmentation-redundancy-scattering (FRS. The possibility to use the FRS technique as an intrusion tolerance one is investigated for providing secure and dependable storage in the cloud environment. Also a cloud computing security (CCS based on the FRS technique is proposed to explore how this proposal can then be used via several scenarios. To demonstrate the robustness of the proposal, we formalize our design and we carry out a security as well as performance evaluations of the approach and we compare it with the classical model. The paper concludes by strongly suggesting future research proposals for the CCS framework.

  19. Computer Security: Mac security – nothing for old versions

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2016-01-01

    A fundamental pillar of computer security is the regular maintenance of your code, operating system and application software – or, in computer lingo: patching, patching, patching.   Only software which is up-to-date should be free from any known vulnerabilities and thus provide you with a basic level of computer security. Neglecting regular updates is putting your computer at risk – and consequently your account, your password, your data, your photos, your videos and your money. Therefore, prompt and automatic patching is paramount. But the Microsofts, Googles and Apples of this world do not always help… Software vendors handle their update policy in different ways. While Android is a disaster – not because of Google, but due to the slow adaptation of many smartphone vendors (see “Android’s Armageddon”) – Microsoft provides updates for their Windows 7, Windows 8 and Windows 10 operating systems through their &ldq...

  20. Leakage Resilient Secure Two-Party Computation

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Hazay, Carmit; Patra, Arpita

    2012-01-01

    and returns its result. Almost independently of secure computation, the area of {\\em leakage resilient cryptography} has recently been evolving intensively, studying the question of designing cryptographic primitives that remain secure even when some information about the secret key is leaked. In this paper...... Definitions.} We formalize the notion of secure two-party computation in the presence of leakage and introduce security definitions in the {\\em ideal/real framework}. Our formalization induces two types of adversarial attacks. We further study the feasibility of our definitions in the computational setting...... and explore some of the conditions under which these definitions are met. \\item {\\em Composition Theorems.} We provide compositions theorems for our new modelings. Our results provide compositions theorems for the case where the inputs of the parties are sampled from a min-entropy source distribution. \\item...

  1. Computational social networks security and privacy

    CERN Document Server

    2012-01-01

    Presents the latest advances in security and privacy issues in computational social networks, and illustrates how both organizations and individuals can be protected from real-world threats Discusses the design and use of a wide range of computational tools and software for social network analysis Provides experience reports, survey articles, and intelligence techniques and theories relating to specific problems in network technology

  2. Artificial immune system applications in computer security

    CERN Document Server

    Tan, Ying

    2016-01-01

    This book provides state-of-the-art information on the use, design, and development of the Artificial Immune System (AIS) and AIS-based solutions to computer security issues. Artificial Immune System: Applications in Computer Security focuses on the technologies and applications of AIS in malware detection proposed in recent years by the Computational Intelligence Laboratory of Peking University (CIL@PKU). It offers a theoretical perspective as well as practical solutions for readers interested in AIS, machine learning, pattern recognition and computer security. The book begins by introducing the basic concepts, typical algorithms, important features, and some applications of AIS. The second chapter introduces malware and its detection methods, especially for immune-based malware detection approaches. Successive chapters present a variety of advanced detection approaches for malware, including Virus Detection System, K-Nearest Neighbour (KNN), RBF networ s, and Support Vector Machines (SVM), Danger theory, ...

  3. Privacy and Security issues in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Anita Kumari Nanda , Brojo Kishore Mishra

    2012-12-01

    Full Text Available “Cloud computing” – a relatively recent term, defines the paths ahead in computer science world. Being built on decades of research it utilizes all recent achievements in virtualization, distributed computing, utility computing, and networking. It implies a service oriented architecture through offering software and platforms as services, reduced information technology overhead for the end-user, great flexibility, reduced total cost of ownership, on demand services and many other things. Security concerns the confidentiality, availability and integrity of data or information. Security may also include authentication and non-repudiation. This paper is a brief survey based on readings of “cloud” computing and it tries to address related research topics, privacy and security issues ahead and possible solution.

  4. Secure Multiparty Computation with Partial Fairness

    CERN Document Server

    Beimel, Amos; Orlov, Ilan

    2010-01-01

    A protocol for computing a functionality is secure if an adversary in this protocol cannot cause more harm than in an ideal computation where parties give their inputs to a trusted party which returns the output of the functionality to all parties. In particular, in the ideal model such computation is fair -- all parties get the output. Cleve (STOC 1986) proved that, in general, fairness is not possible without an honest majority. To overcome this impossibility, Gordon and Katz (Eurocrypt 2010) suggested a relaxed definition -- 1/p-secure computation -- which guarantees partial fairness. For two parties, they construct 1/p-secure protocols for functionalities for which the size of either their domain or their range is polynomial (in the security parameter). Gordon and Katz ask whether their results can be extended to multiparty protocols. We study 1/p-secure protocols in the multiparty setting for general functionalities. Our main result is constructions of 1/p-secure protocols when the number of parties is c...

  5. International Conference on Computational Intelligence, Cyber Security, and Computational Models

    CERN Document Server

    Ramasamy, Vijayalakshmi; Sheen, Shina; Veeramani, C; Bonato, Anthony; Batten, Lynn

    2016-01-01

    This book aims at promoting high-quality research by researchers and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security, and Computational Models ICC3 2015 organized by PSG College of Technology, Coimbatore, India during December 17 – 19, 2015. This book enriches with innovations in broad areas of research like computational modeling, computational intelligence and cyber security. These emerging inter disciplinary research areas have helped to solve multifaceted problems and gained lot of attention in recent years. This encompasses theory and applications, to provide design, analysis and modeling of the aforementioned key areas.

  6. REVIEW PAPER ON MOBILE CLOUD COMPUTING SECURITY

    Directory of Open Access Journals (Sweden)

    Priyanka d. Raut

    2015-10-01

    Full Text Available Nowadays smart-phones are being capable of supporting a broad range of applications, many of which demand an increasing computational power. This leads to a challenge because smart-phones are resource-constrained devices with finite computation power, memory, storage, and energy. With the development of mobility and cloud computing, mobile cloud computing (MCC has introduced and become a point of research. With the need of extendibility and on-demand self-service, it can provide the good infrastructure, platform and software services in a cloud to mobile clients through the mobile network. Therefore, Cloud computing is anticipated to bring an innovation in mobile computing, where the mobile devices can make use of clouds for data processing, storage and other intensive operations. Despite the surprising advancement achieved by MCC, the clients of MCC are still below expectations due to the related risks in terms of security and confidentiality. The more and more information is placed onto the cloud by individuals and enterprises, the more the security issue begins to grow. This paper presents the various security issues that arise about how secure the mobile cloud computing environment is.

  7. The university computer network security system

    Institute of Scientific and Technical Information of China (English)

    张丁欣

    2012-01-01

    With the development of the times, advances in technology, computer network technology has been deep into all aspects of people's lives, it plays an increasingly important role, is an important tool for information exchange. Colleges and universities is to cultivate the cradle of new technology and new technology, computer network Yulu nectar to nurture emerging technologies, and so, as institutions of higher learning should pay attention to the construction of computer network security system.

  8. Cloud Computing Security in Business Information Systems

    CERN Document Server

    Ristov, Sasko; Kostoska, Magdalena

    2012-01-01

    Cloud computing providers' and customers' services are not only exposed to existing security risks, but, due to multi-tenancy, outsourcing the application and data, and virtualization, they are exposed to the emergent, as well. Therefore, both the cloud providers and customers must establish information security system and trustworthiness each other, as well as end users. In this paper we analyze main international and industrial standards targeting information security and their conformity with cloud computing security challenges. We evaluate that almost all main cloud service providers (CSPs) are ISO 27001:2005 certified, at minimum. As a result, we propose an extension to the ISO 27001:2005 standard with new control objective about virtualization, to retain generic, regardless of company's type, size and nature, that is, to be applicable for cloud systems, as well, where virtualization is its baseline. We also define a quantitative metric and evaluate the importance factor of ISO 27001:2005 control objecti...

  9. Levels of Security Issues in Cloud Computing

    Directory of Open Access Journals (Sweden)

    R. Charanya

    2013-04-01

    Full Text Available Nowadays, Cloud computing is booming in most of the IT industry. Most of the organizations are moving to cloud computing due to various reasons. It provide elastic architecture accessible through internet and also it eliminate the setting up of high cost computing infrastructure for the IT based solutions and services. Cloud computing is pay-per-use model, on-demand network access to a sharedpool of configurable computing resources like Application-as a service, Platform as a services and infrastructure as a services. In this paper, survey of security issues at different levels such as application level, host level and network level is presented.

  10. Flexible And Secure Access To Computing Clusters

    OpenAIRE

    Jan Meizner; Maciej Malawski; Marian Bubak

    2010-01-01

    The investigation presented in this paper was prompted by the need to provide a manageablesolution for secure access to computing clusters with a federated authentication framework.This requirement is especially important for scientists who need direct access to computingnodes in order to run their applications (e.g. chemical or medical simulations) with proprietary,open-source or custom-developed software packages. Our existing software, whichenables non-Web clients to use Shibboleth-secured...

  11. Academic Training Lecture Regular Programme: Computer Security - Introduction to information and computer security (1/4)

    CERN Multimedia

    2012-01-01

    Computer Security: Introduction to information and computer security (1/4), by Sebastian Lopienski (CERN).   Monday, 21 May, 2012 from 11:00 to 12:00 (Europe/Zurich) at CERN ( 31-3-004 - IT Auditorium ) Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Ai...

  12. Los Alamos CCS (Center for Computer Security) formal computer security model

    Energy Technology Data Exchange (ETDEWEB)

    Dreicer, J.S.; Hunteman, W.J. (Los Alamos National Lab., NM (USA))

    1989-01-01

    This paper provides a brief presentation of the formal computer security model currently being developed at the Los Alamos Department of Energy (DOE) Center for Computer Security (CCS). The initial motivation for this effort was the need to provide a method by which DOE computer security policy implementation could be tested and verified. The actual analytical model was a result of the integration of current research in computer security and previous modeling and research experiences. The model is being developed to define a generic view of the computer and network security domains, to provide a theoretical basis for the design of a security model, and to address the limitations of present models. Formal mathematical models for computer security have been designed and developed in conjunction with attempts to build secure computer systems since the early 70's. The foundation of the Los Alamos DOE CCS model is a series of functionally dependent probability equations, relations, and expressions. The mathematical basis appears to be justified and is undergoing continued discrimination and evolution. We expect to apply the model to the discipline of the Bell-Lapadula abstract sets of objects and subjects. 5 refs.

  13. Overview of Security issues in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Ajey Singh

    2012-03-01

    Full Text Available Cloud computing may be defined as management and provision of resources, software, applications and information as services over the cloud (internet on demand. Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. "Cloud computing continues to gain acceptance as a critical way to deliver on-demand information and resources to customers,” The cloud architecture is implemented in such a way that it provides you the flexibility to share application as well as other network resources (hardware etc[1]. This will lead to a need based flexible architecture where the resources will expand or contract with a little configuration changes. Cloud computing is often provided "as a service" over the Internet, typically in the form of infrastructure as a service (IaaS, platform as a service (PaaS, or software as a service (SaaS.From an end users perspective, you don’t need to care for the OS, the plug-ins, web security or the software platform[2]. Everything should be in place without any worry. This paper focuses on technical security issues in cloud computing, cloud computing has various benefits in an enterprise but major concern is how security is implemented in cloud computing.

  14. Computation, cryptography, and network security

    CERN Document Server

    Rassias, Michael

    2015-01-01

    Analysis, assessment, and data management are core competencies for operation research analysts. This volume addresses a number of issues and developed methods for improving those skills. It is an outgrowth of a conference held in April 2013 at the Hellenic Military Academy, and brings together a broad variety of mathematical methods and theories with several applications. It discusses directions and pursuits of scientists that pertain to engineering sciences. It is also presents the theoretical background required for algorithms and techniques applied to a large variety of concrete problems. A number of open questions as well as new future areas are also highlighted.   This book will appeal to operations research analysts, engineers, community decision makers, academics, the military community, practitioners sharing the current “state-of-the-art,” and analysts from coalition partners. Topics covered include Operations Research, Games and Control Theory, Computational Number Theory and Information Securi...

  15. Soft computing techniques in voltage security analysis

    CERN Document Server

    Chakraborty, Kabir

    2015-01-01

    This book focuses on soft computing techniques for enhancing voltage security in electrical power networks. Artificial neural networks (ANNs) have been chosen as a soft computing tool, since such networks are eminently suitable for the study of voltage security. The different architectures of the ANNs used in this book are selected on the basis of intelligent criteria rather than by a “brute force” method of trial and error. The fundamental aim of this book is to present a comprehensive treatise on power system security and the simulation of power system security. The core concepts are substantiated by suitable illustrations and computer methods. The book describes analytical aspects of operation and characteristics of power systems from the viewpoint of voltage security. The text is self-contained and thorough. It is intended for senior undergraduate students and postgraduate students in electrical engineering. Practicing engineers, Electrical Control Center (ECC) operators and researchers will also...

  16. Cloud Computing Security in Business Information Systems

    Directory of Open Access Journals (Sweden)

    Sasko Ristov

    2012-03-01

    Full Text Available Cloud computing providers‘ and customers‘ services are not only exposed to existing security risks, but, due to multi-tenancy, outsourcing the application and data, and virtualization, they are exposed to the emergent, as well. Therefore, both the cloud providers and customers must establish information security system and trustworthiness each other, as well as end users. In this paper we analyze main international and industrial standards targeting information security and their conformity with cloud computing security challenges. We evaluate that almost all main cloud service providers (CSPs are ISO 27001:2005 certified, at minimum. As a result, we propose an extension to the ISO 27001:2005 standard with new control objective about virtualization, to retain generic, regardless of company’s type, size and nature, that is, to be applicable for cloud systems, as well, where virtualization is its baseline. We also define a quantitative metric and evaluate the importance factor of ISO 27001:2005 control objectives if customer services are hosted on-premise or in cloud. The conclusion is that obtaining the ISO 27001:2005 certificate (or if already obtained will further improve CSP and CC information security systems, and introduce mutual trust in cloud services but will not cover all relevant issues. In this paper we also continue our efforts in business continuity detriments cloud computing produces, and propose some solutions that mitigate the risks.

  17. Computer Security: Geneva, Suisse Romande and beyond

    CERN Multimedia

    Computer Security Team

    2014-01-01

    To ensure good computer security, it is essential for us to keep in close contact and collaboration with a multitude of official and unofficial, national and international bodies, agencies, associations and organisations in order to discuss best practices, to learn about the most recent (and, at times, still unpublished) vulnerabilities, and to handle jointly any security incident. A network of peers - in particular a network of trusted peers - can provide important intelligence about new vulnerabilities or ongoing attacks much earlier than information published in the media. In this article, we would like to introduce a few of the official peers we usually deal with.*   Directly relevant for CERN are SWITCH, our partner for networking in Switzerland, and our contacts within the WLCG, i.e. the European Grid Infrastructure (EGI), and the U.S. Open Science Grid (OSG). All three are essential partners when discussing security implementations and resolving security incidents. SWITCH, in...

  18. MOBILE COMPUTING AND MCOMMERCE SECURITY ISSUES

    Directory of Open Access Journals (Sweden)

    Krishna Prakash

    2014-09-01

    Full Text Available The radical evolution of computers and advancement of technology in the area of hardware (smaller size, weight, low power consumption and cost, high performance and communications has introduced the notion of mobile computing. Mobile Commerce is an evolving area of e-commerce, where users can interact with service providers through a mobile and wireless network using mobile device for information retrieval and transaction processing. Mobile wireless market is increasing by leaps and bounds. The quality and speeds available in the mobile environment must match the fixed networks if the convergence of the mobile wireless and fixed communication network is to happen in the real sense. The challenge for mobile network lie in providing very large footprint of mobile services with high speed and security. Online transactions using mobile devices must ensure high security for user credentials and it should not be possible for misuse. The paper discusses issues related to M-Commerce security.

  19. Overview of Security issues in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Mr. Ajey Singh

    2012-03-01

    Full Text Available Cloud computing may be defined as management andprovision of resources, software, applications andinformation as services over the cloud (internet on demand.Cloud computing comes into focus only when you thinkabout what IT always needs: a way to increase capacity oradd capabilities on the fly without investing in newinfrastructure, training new personnel, or licensing newsoftware. "Cloud computing continues to gain acceptanceas a critical way to deliver on-demand information andresources to customers,” The cloud architecture isimplemented in such a way that it provides you the flexibilityto share application as well as other network resources(hardware etc[1]. This will lead to a need based flexiblearchitecture where the resources will expand or contractwith a little configuration changes. Cloud computing isoften provided "as a service" over the Internet, typically inthe form of infrastructure as a service (IaaS, platform as aservice (PaaS, or software as a service (SaaS.From an endusers perspective, you don’t need to care for the OS, theplug-ins, web security or the software platform[2].Everything should be in place without any worry. This paperfocuses on technical security issues in cloud computing,cloud computing has various benefits in an enterprise butmajor concern is how security is implemented in cloudcomputing.

  20. Securing Local Support for Your Computer Project.

    Science.gov (United States)

    Roecks, Alan L.

    1979-01-01

    Guidelines for securing and maintaining local funding for computer-related projects include suggestions in the areas of establishing and maintaining project/school board relationships, encountering social and political factors, and defining guidelines for project implementation. Successes and failures of the MICA project are provided as…

  1. Guidelines for computer security in general practice

    Directory of Open Access Journals (Sweden)

    Peter Schattner

    2007-06-01

    Conclusions This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making these guidelines relevant to local contexts should help maximise their uptake.

  2. Cloud computing security requirements: a systematic review

    NARCIS (Netherlands)

    Iankoulova, Iliana; Daneva, Maya; Rolland, C.; Castro, J.; Pastor, O.

    2012-01-01

    Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide

  3. Computer Security: Computer security threats, vulnerabilities and attacks (3/4)

    CERN Document Server

    CERN. Geneva

    2012-01-01

    Antonio Perez Perez works in the Computer Security Team doing software development, sysadmin tasks and operations. He is also involved on grid security and does 1st line security support at CERN on ROTA. With the prevalence of modern information technologies and its increasing integration into our daily live, digital systems become more and more playground for evil people. While in the past, attacks were driven by fame& kudos, nowadays money is the motivating factor. Just the recent months have shown several successful attacks against e.g. Sony, PBS, UNESCO, RSAsecurity, Citibank, and others. Credit card information of hundreds of thousands of people got exposed. Affected companies not only lost their assets and data, also their reputation has suffered. Thus, proper computer security measures are essential. Without question, security must even more become an inherent ingredient when developing, deploying, and operating applications, web sites, and computing services. These lectures shall give an ove...

  4. Security for small computer systems a practical guide for users

    CERN Document Server

    Saddington, Tricia

    1988-01-01

    Security for Small Computer Systems: A Practical Guide for Users is a guidebook for security concerns for small computers. The book provides security advice for the end-users of small computers in different aspects of computing security. Chapter 1 discusses the security and threats, and Chapter 2 covers the physical aspect of computer security. The text also talks about the protection of data, and then deals with the defenses against fraud. Survival planning and risk assessment are also encompassed. The last chapter tackles security management from an organizational perspective. The bo

  5. Software For Computer-Security Audits

    Science.gov (United States)

    Arndt, Kate; Lonsford, Emily

    1994-01-01

    Information relevant to potential breaches of security gathered efficiently. Automated Auditing Tools for VAX/VMS program includes following automated software tools performing noted tasks: Privileged ID Identification, program identifies users and their privileges to circumvent existing computer security measures; Critical File Protection, critical files not properly protected identified; Inactive ID Identification, identifications of users no longer in use found; Password Lifetime Review, maximum lifetimes of passwords of all identifications determined; and Password Length Review, minimum allowed length of passwords of all identifications determined. Written in DEC VAX DCL language.

  6. Security Issues in Cloud Computing - A Review

    Directory of Open Access Journals (Sweden)

    Irfan Hussain

    2014-09-01

    Full Text Available Cloud Computing is the most emerging trend in Information Technology now days. It is attracting the organizations due to its advantages of scalability, throughput, easy and cheap access and on demand up and down grading of SaaS, PaaS and IaaS. Besides all the salient features of cloud environment, there are the big challenges of privacy and security. In this paper, a review of different security issues like trust, confidentiality, authenticity, encryption, key management and resource sharing are presented along with the efforts made on how to overcome these issues.

  7. SECURITY AND PRIVACY ISSUES IN CLOUD COMPUTING

    Directory of Open Access Journals (Sweden)

    Amina AIT OUAHMAN

    2014-10-01

    Full Text Available Today, cloud computing is defined and talked about across the ICT industry under different contexts and with different definitions attached to it. It is a new paradigm in the evolution of Information Technology, as it is one of the biggest revolutions in this field to have taken place in recent times. According to the National Institute for Standards and Technology (NIST, “cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services that can be rapidly provisioned and released with minimal management effort or service provider interaction” [1]. The importance of Cloud Computing is increasing and it is receiving a growing attention in the scientific and industrial communities. A study by Gartner [2] considered Cloud Computing as the first among the top 10 most important technologies and with a better prospect in successive years by companies and organizations. Clouds bring out tremendous benefits for both individuals and enterprises. Clouds support economic savings, outsourcing mechanisms, resource sharing, any-where any-time accessibility, on-demand scalability, and service flexibility. Clouds minimize the need for user involvement by masking technical details such as software upgrades, licenses, and maintenance from its customers. Clouds could also offer better security advantages over individual server deployments. Since a cloud aggregates resources, cloud providers charter expert security personnel while typical companies could be limited with a network administrator who might not be well versed in cyber security issues. The new concepts introduced by the clouds, such as computation outsourcing, resource sharing, and external data warehousing, increase the security and privacy concerns and create new security challenges. Moreover, the large scale of the clouds, the proliferation of mobile access devices (e

  8. Computer Security: better code, fewer problems

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2016-01-01

    The origin of many security incidents is negligence or unintentional mistakes made by web developers or programmers. In the rush to complete the work, due to skewed priorities, or just to ignorance, basic security principles can be omitted or forgotten.   The resulting vulnerabilities lie dormant until the evil side spots them and decides to hit hard. Computer security incidents in the past have put CERN’s reputation at risk due to websites being defaced with negative messages about the Organization, hash files of passwords being extracted, restricted data exposed… And it all started with a little bit of negligence! If you check out the Top 10 web development blunders, you will see that the most prevalent mistakes are: Not filtering input, e.g. accepting “<“ or “>” in input fields even if only a number is expected.  Not validating that input: you expect a birth date? So why accept letters? &...

  9. The Role of Trust in Computer Security

    DEFF Research Database (Denmark)

    Jensen, Christian D.

    2012-01-01

    technologies and show how many of them concern the placement of trust on human or system agents. We argue that making such assumptions about trust explicit is an essential requirement for the future of system security and argue why the formalisation of computational trust is necessary when we wish to reason......Summary form only given. Traditional security technologies are based on numerous assumptions about the environment in which systems are used. This includes assumptions about the enforcement of legislative and contractual frameworks, limitations of particular technologies and the constraints...... on human behaviour imposed by social and religious norms. Most of these assumptions, however, are implicit and they will fail when the environment of the systems change, e.g., when systems are used on a global scale on the Internet. This talk identifies such implicit assumptions in current security...

  10. Audit and Evaluation of Computer Security. Computer Science and Technology.

    Science.gov (United States)

    Ruthberg, Zella G.

    This is a collection of consensus reports, each produced at a session of an invitational workshop sponsored by the National Bureau of Standards. The purpose of the workshop was to explore the state-of-the-art and define appropriate subjects for future research in the audit and evaluation of computer security. Leading experts in the audit and…

  11. Computer Security: Introduction to information and computer security (1/4)

    CERN Document Server

    CERN. Geneva

    2012-01-01

    Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Aix-en-Provence and Haute Ecole de Gestion in Geneva in 2010. His professional interests include software and network security, distributed systems, and Web and mobile technologies. With the prevalence of modern information te...

  12. Customer Security Issues in Cloud Computing

    OpenAIRE

    Nimmati Satheesh

    2013-01-01

    The Cloud computing concept offers dynamically scalable resources provisioned as a service overthe Internet. Economic benefits are the main driver for the Cloud, since it promises the reduction of capitalexpenditure (CapEx) and operational expenditure (OpEx). In order for this to become reality, however, thereare still some challenges to be solved. Amongst these are security and trust issues, since the user's data has tobe released to the Cloud and thus leaves the protection-sphere of the dat...

  13. Extreme Scale Computing to Secure the Nation

    Energy Technology Data Exchange (ETDEWEB)

    Brown, D L; McGraw, J R; Johnson, J R; Frincke, D

    2009-11-10

    Since the dawn of modern electronic computing in the mid 1940's, U.S. national security programs have been dominant users of every new generation of high-performance computer. Indeed, the first general-purpose electronic computer, ENIAC (the Electronic Numerical Integrator and Computer), was used to calculate the expected explosive yield of early thermonuclear weapons designs. Even the U. S. numerical weather prediction program, another early application for high-performance computing, was initially funded jointly by sponsors that included the U.S. Air Force and Navy, agencies interested in accurate weather predictions to support U.S. military operations. For the decades of the cold war, national security requirements continued to drive the development of high performance computing (HPC), including advancement of the computing hardware and development of sophisticated simulation codes to support weapons and military aircraft design, numerical weather prediction as well as data-intensive applications such as cryptography and cybersecurity U.S. national security concerns continue to drive the development of high-performance computers and software in the U.S. and in fact, events following the end of the cold war have driven an increase in the growth rate of computer performance at the high-end of the market. This mainly derives from our nation's observance of a moratorium on underground nuclear testing beginning in 1992, followed by our voluntary adherence to the Comprehensive Test Ban Treaty (CTBT) beginning in 1995. The CTBT prohibits further underground nuclear tests, which in the past had been a key component of the nation's science-based program for assuring the reliability, performance and safety of U.S. nuclear weapons. In response to this change, the U.S. Department of Energy (DOE) initiated the Science-Based Stockpile Stewardship (SBSS) program in response to the Fiscal Year 1994 National Defense Authorization Act, which requires, 'in the

  14. Security Issues Associated with Big Data in Cloud Computing

    OpenAIRE

    Venkata Narasimha Inukollu; Sailaja Arsi; Srinivasa Rao Ravuri

    2014-01-01

    In this paper, we discuss security issues for cloud computing, Big data, Map Reduce and Hadoop environment. The main focus is on security issues in cloud computing that are associated with big data. Big data applications are a great benefit to organizations, business, companies and many large scale and small scale industries.We also discuss various possible solutions for the issues in cloud computing security and Hadoop. Cloud computing security is developing at a rapid pace which includes co...

  15. SEED: A Suite of Instructional Laboratories for Computer Security Education

    Science.gov (United States)

    Du, Wenliang; Wang, Ronghua

    2008-01-01

    The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles…

  16. 48 CFR 952.204-77 - Computer security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006)...

  17. Securing Embedded Smart Cameras with Trusted Computing

    Directory of Open Access Journals (Sweden)

    Winkler Thomas

    2011-01-01

    Full Text Available Camera systems are used in many applications including video surveillance for crime prevention and investigation, traffic monitoring on highways or building monitoring and automation. With the shift from analog towards digital systems, the capabilities of cameras are constantly increasing. Today's smart camera systems come with considerable computing power, large memory, and wired or wireless communication interfaces. With onboard image processing and analysis capabilities, cameras not only open new possibilities but also raise new challenges. Often overlooked are potential security issues of the camera system. The increasing amount of software running on the cameras turns them into attractive targets for attackers. Therefore, the protection of camera devices and delivered data is of critical importance. In this work we present an embedded camera prototype that uses Trusted Computing to provide security guarantees for streamed videos. With a hardware-based security solution, we ensure integrity, authenticity, and confidentiality of videos. Furthermore, we incorporate image timestamping, detection of platform reboots, and reporting of the system status. This work is not limited to theoretical considerations but also describes the implementation of a prototype system. Extensive evaluation results illustrate the practical feasibility of the approach.

  18. Computer-Aided Sensor Development Focused on Security Issues

    Directory of Open Access Journals (Sweden)

    Andrzej Bialas

    2016-05-01

    Full Text Available The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.

  19. Computer-Aided Sensor Development Focused on Security Issues.

    Science.gov (United States)

    Bialas, Andrzej

    2016-01-01

    The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research. PMID:27240360

  20. Computer-Aided Sensor Development Focused on Security Issues.

    Science.gov (United States)

    Bialas, Andrzej

    2016-05-26

    The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.

  1. On technical security issues in cloud computing

    DEFF Research Database (Denmark)

    Jensen, Meiko; Schwenk, Jörg; Gruschka, Nils;

    2009-01-01

    The Cloud Computing concept offers dynamically scalable resources provisioned as a service over the Internet. Economic benefits are the main driver for the Cloud, since it promises the reduction of capital expenditure (CapEx) and operational expenditure (OpEx). In order for this to become reality......, however, there are still some challenges to be solved. Amongst these are security and trust issues, since the user's data has to be released to the Cloud and thus leaves the protection sphere of the data owner. Most of the discussions on this topics are mainly driven by arguments related to organisational...... means. This paper focusses on technical security issues arising from the usage of Cloud services and especially by the underlying technologies used to build these cross-domain Internet-connected collaborations. © 2009 IEEE....

  2. Flexible And Secure Access To Computing Clusters

    Directory of Open Access Journals (Sweden)

    Jan Meizner

    2010-01-01

    Full Text Available The investigation presented in this paper was prompted by the need to provide a manageablesolution for secure access to computing clusters with a federated authentication framework.This requirement is especially important for scientists who need direct access to computingnodes in order to run their applications (e.g. chemical or medical simulations with proprietary,open-source or custom-developed software packages. Our existing software, whichenables non-Web clients to use Shibboleth-secured services, has been extended to providedirect SSH access to cluster nodes using the Linux Pluggable Authentication Modules mechanism.This allows Shibboleth users to run the required software on clusters. Validationand performance comparison with existing SSH authentication mechanisms confirm that thepresented tools satisfy the stated requirements.

  3. An Overview of Computer Network security and Research Technology

    OpenAIRE

    Rathore, Vandana

    2016-01-01

    The rapid development in the field of computer networks and systems brings both convenience and security threats for users. Security threats include network security and data security. Network security refers to the reliability, confidentiality, integrity and availability of the information in the system. The main objective of network security is to maintain the authenticity, integrity, confidentiality, availability of the network. This paper introduces the details of the technologies used in...

  4. Security Issues Associated with Big Data in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Venkata Narasimha Inukollu

    2014-06-01

    Full Text Available In this paper, we discuss security issues for cloud computing, Big data, Map Reduce and Hadoop environment. The main focus is on security issues in cloud computing that are associated with big data. Big data applications are a great benefit to organizations, business, companies and many large scale and small scale industries.We also discuss various possible solutions for the issues in cloud computing security and Hadoop. Cloud computing security is developing at a rapid pace which includes computer security, network security, information security, and data privacy. Cloud computing plays a very vital role in protecting data, applications and the related infrastructure with the help of policies, technologies, controls, and big data tools Moreover, cloud computing, big data and its applications, advantages are likely to represent the most promising new frontiers in science.

  5. Secure medical information sharing in cloud computing.

    Science.gov (United States)

    Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

    2015-01-01

    Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.

  6. Secure Two-Party Computational Geometry

    Institute of Scientific and Technical Information of China (English)

    Shun-Dong Li; Yi-Qi Dai

    2005-01-01

    Secure Multi-party Computation has been a research focus in international cryptographic community in recent years. In this paper the authors investigate how some computational geometric problems could be solved in a cooperative environment, where two parties need to solve a geometric problem based on their joint data, but neither wants to disclose its private data to the other party. These problems are the distance between two private points, the relation between a private point and a circle area, the relation between a private point and an ellipse area and the shortest distance between two point sets. The paper gives solutions to these specific geometric problems, and in doing so a building block is developed,the protocol for the distance between two private points, that is also useful in the solutions to other geometric problems and combinatorial problems.

  7. Computer Network Security: Best Practices for Alberta School Jurisdictions.

    Science.gov (United States)

    Alberta Dept. of Education, Edmonton.

    This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

  8. Science and Technology Resources on the Internet: Computer Security.

    Science.gov (United States)

    Kinkus, Jane F.

    2002-01-01

    Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

  9. Security in Cloud Computing : A Security Assessment of Cloud Computing Providers for an Online Receipt Storage

    OpenAIRE

    Blakstad, Kåre Marius; Andreassen, Mats

    2010-01-01

    Considerations with regards to security issues and demands must be addressed before migrating an application into a cloud computing environment. Different vendors, Microsoft Azure, Amazon Web Services and Google AppEngine, provide different capabilities and solutions to the individual areas of concern presented by each application. Through a case study of an online receipt storage application from the company dSafe, a basis is formed for the evaluation. The three cloud computing vendors are a...

  10. Restricted access processor - An application of computer security technology

    Science.gov (United States)

    Mcmahon, E. M.

    1985-01-01

    This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

  11. Computer Security: is your code sane?

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    How many of us write code? Software? Programs? Scripts? How many of us are properly trained in this and how well do we do it? Do we write functional, clean and correct code, without flaws, bugs and vulnerabilities*? In other words: are our codes sane?   Figuring out weaknesses is not that easy (see our quiz in an earlier Bulletin article). Therefore, in order to improve the sanity of your code, prevent common pit-falls, and avoid the bugs and vulnerabilities that can crash your code, or – worse – that can be misused and exploited by attackers, the CERN Computer Security team has reviewed its recommendations for checking the security compliance of your code. “Static Code Analysers” are stand-alone programs that can be run on top of your software stack, regardless of whether it uses Java, C/C++, Perl, PHP, Python, etc. These analysers identify weaknesses and inconsistencies including: employing undeclared variables; expressions resu...

  12. Computer Security: Your privacy at CERN matters

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Congrats to all those who spotted that our last contribution to the CERN Bulletin (“CERN Secure Password Competition” – see here) was an April Fools’ Day hoax. Of course, there is no review and no jury and there won’t be any competition. Consequently, we are sorry to say that we cannot announce any winners. The extension of the password history rule and the initiative of finding password duplicates are absolute nonsense too.   In fact, the Computer Security team, just like the CERN Account Management service, the Single Sign-On team and the ServiceDesk, does not know and has no need to know your password. Passwords are actually salted and hashed using the SHA256 cryptographic hash function. Thus, there is no literal password database and no way that anyone apart from you can know your password – unless you have given it away intentionally or inadvertently… Remember, your password is yours and only yours, so please do not...

  13. Computer Security: WWW censorship? Not at CERN

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2016-01-01

    Whoops! We received a number of critical responses to our previous article on the upcoming DNS firewall (“DNS to the rescue!” - see here). While they were mostly constructive, the main question was “How dare we censor Internet access?” Let us clarify this.   Computer security at CERN must always find the right balance between CERN’s academic environment, its operations and security itself. Of course we can easily overdo it one way or another, but that would kill our academic freedom and bring the Organization to a halt. That certainly isn’t in our interest. On the other hand, CERN is permanently under attack and we have to do everything possible to ensure that those attacks are kept at bay. Otherwise they could impact CERN’s operations… So, have we found the right balance? Concerning access to the Internet and in particular to the web, we have not and will not block random websites because of their content unless &a...

  14. Computer Security: The dilemma of fractal defence

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Aren’t mathematical fractals just beautiful? The Mandelbrot set and the Julia set, the Sierpinski gasket, the Menger sponge, the Koch curve (see here)… Based on very simple mathematical rules, they quickly develop into a mosaic of facets slightly different from each other. More and more features appear the closer you zoom into a fractal and expose similar but not identical features of the overall picture.   Computer security is like these fractals, only much less pretty: simple at first glance, but increasingly complex and complicated when you look more closely at the details. The deeper you dig, the more and more possibilities open up for malicious people as the attack surface grows, just like that of “Koch’s snowflakes”, where the border length grows exponentially. Consequently, the defensive perimeter also increases when we follow the bits and bytes layer by layer from their processing in the CPU, trickling up the software stack thro...

  15. Java Parallel Secure Stream for Grid Computing

    Institute of Scientific and Technical Information of China (English)

    JieChen; WaltAkers; 等

    2001-01-01

    The emergence of high speed wide area networks makes grid computing a reality.However grid applications that need reliable data transfer still have difficulties to achieve optimal TCP performance due to metwork tuning of TCP window size to imporvethe bandwidth and to reduce latency on a high speed wide area network.This paper presents a pure Java package called JPARSS(java Parallel Secure Stream) that divides data into partitions that are sent over several parallel Java Streams simultaneously and allows Java or Web applications to achieve optimal TCP performance in a gird environment without the necessity of tuning the TCP window size.Several experimental results are provided to show that using parallel stream is more effective than tuning TCP window size.In addition X.509 certificate based single sign-on mechanism and SSL based connection establishment are integrated into this package ,Finally a few applications using this package will be discussed.

  16. Java parallel secure stream for grid computing

    International Nuclear Information System (INIS)

    The emergence of high speed wide area networks makes grid computing a reality. However grid applications that need reliable data transfer still have difficulties to achieve optimal TCP performance due to network tuning of TCP window size to improve the bandwidth and to reduce latency on a high speed wide area network. The authors present a pure Java package called JPARSS (Java Parallel Secure Stream) that divides data into partitions that are sent over several parallel Java streams simultaneously and allows Java or Web applications to achieve optimal TCP performance in a gird environment without the necessity of tuning the TCP window size. Several experimental results are provided to show that using parallel stream is more effective than tuning TCP window size. In addition X.509 certificate based single sign-on mechanism and SSL based connection establishment are integrated into this package. Finally a few applications using this package will be discussed

  17. Teaching Objectives of a Simulation Game for Computer Security

    OpenAIRE

    Irvine, Cynthia E.; Thompson, Michael

    2003-01-01

    This paper describes a computer simulation game being developed to teach computer security principles. The player of the game constructs computer networks and makes choices affecting the ability of these networks and the game's virtual users to protect valuable assets from attack by both vandals and well-motivated professionals. The game introduces the player to the need for well formed information security policies, allowing the player to deploy a variety of means to enforce security policie...

  18. A Security Kernel Architecture Based Trusted Computing Platform

    Institute of Scientific and Technical Information of China (English)

    CHEN You-lei; SHEN Chang-xiang

    2005-01-01

    A security kernel architecture built on trusted computing platform in the light of thinking about trusted computing is presented. According to this architecture, a new security module TCB (Trusted Computing Base) is added to the operation system kernel and two operation interface modes are provided for the sake of self-protection. The security kernel is divided into two parts and trusted mechanism is separated from security functionality. The TCB module implements the trusted mechanism such as measurement and attestation,while the other components of security kernel provide security functionality based on these mechanisms. This architecture takes full advantage of functions provided by trusted platform and clearly defines the security perimeter of TCB so as to assure self-security from architectural vision. We also present function description of TCB and discuss the strengths and limitations comparing with other related researches.

  19. An Overview of the Security Concerns in Enterprise Cloud Computing

    CERN Document Server

    Bisong, Anthony; Rahman, M; 10.5121/ijnsa.2011.3103

    2011-01-01

    Deploying cloud computing in an enterprise infrastructure bring significant security concerns. Successful implementation of cloud computing in an enterprise requires proper planning and understanding of emerging risks, threats, vulnerabilities, and possible countermeasures. We believe enterprise should analyze the company/organization security risks, threats, and available countermeasures before adopting this technology. In this paper, we have discussed security risks and concerns in cloud computing and enlightened steps that an enterprise can take to reduce security risks and protect their resources. We have also explained cloud computing strengths/benefits, weaknesses, and applicable areas in information risk management.

  20. An Overview Of The Security Concerns In Enterprise Cloud Computing

    Directory of Open Access Journals (Sweden)

    Anthony Bisong

    2011-01-01

    Full Text Available Deploying cloud computing in an enterprise infrastructure bring significant security concerns.Successful implementation of cloud computing in an enterprise requires proper planning andunderstanding of emerging risks, threats, vulnerabilities, and possible countermeasures. We believe enterprise should analyze the company/organization security risks, threats, and available countermeasures before adopting this technology. In this paper, we have discussed security risks and concerns in cloud computing and enlightened steps that an enterprise can take to reduce security risksand protect their resources. We have also explained cloud computing strengths/benefits, weaknesses, and applicable areas in information risk management.

  1. Computer Security: oops, there it goes...

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Do you love riddles, hide and seek or picture puzzles a la “Where’s Wally”? Then take a look at the photo below, and try to spot the error.   It is hard to spot: the yellow sticker on the computer screen shows a password providing access to the web application running on the screen. Surprising! Fortunately, this sticker was quickly removed by the corresponding system owners and the password changed. However, we can all make improvements: passwords must never be written down and definitely not on stickers attached to screens, keyboards, or desks. Remember: your password is your “toothbrush” - a toothbrush you do not share and you change regularly. Neither your colleagues, your supervisor, the Service Desk or the Computer Security Team have any valid reason to ask for it. They should not and will never do so. The same is valid for any external company: UBS, Paypal, Amazon, Facebook or Google will never ask you for your pass...

  2. A Novel Open Security Framework for Cloud Computing

    Directory of Open Access Journals (Sweden)

    Devki Gaurav Pal

    2012-06-01

    Full Text Available The evolution of cloud computing enables organizations to reduce their expenditure on IT infrastructure and is advantageous to both the serving and served organizations. But security issue is major concern in adoption of cloud. This paper focuses on the problem of lack of security considerations in Service Level Agreements and top security threats and vulnerability which are suggested by security experts. The Security framework for end to end security in cloud computing has also been proposed in the present work. This paper also draws attention on need of Open Security Framework. Proposed framework is developed by collective participation of security experts, practitioners, Cloud Service Providers and Clients. It is in line with various government policies, legislation and standards like ISO 27000 series, SOX, HIPPA, COBIT, ITIL etc. to comply with them. This step will boost mutual trust and privacy of participants.

  3. Computer Security: in the name of CERN

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    This summer, the American/Canadian dating website Ashley Madison was successfully compromised by a group of hackers (see here) who subsequently published tons of confidential information: addresses, dates of birth, e-mail addresses, ethnicities, genders, names, passwords, payment histories, phone numbers, security questions, sexual preferences, usernames and website activity.   Initially, these attackers blackmailed Ashley Madison and requested that the service be shut down. Later, however, they just made their stolen data public on the Internet. More than 30 million unique e-mail addresses – a hallelujah for miscreants. What can they do with this data? One possibility is blackmailing the people whose e-mail addresses were exposed by threatening to tell their spouses (“Pay me X bitcoins or I will tell your spouse that you are looking for a date!”). Another is targeting those people who have registered with their company e-...

  4. Secure system design and trustable computing

    CERN Document Server

    Potkonjak, Miodrag

    2016-01-01

    This book provides the foundations for understanding hardware security and trust, which have become major concerns for national security over the past decade.  Coverage includes issues related to security and trust in a variety of electronic devices and systems related to the security of hardware, firmware and software, spanning system applications, online transactions, and networking services.  This serves as an invaluable reference to the state-of-the-art research that is of critical significance to the security of, and trust in, modern society’s microelectronic-supported infrastructures.

  5. Implementation of computer security at nuclear facilities in Germany

    Energy Technology Data Exchange (ETDEWEB)

    Lochthofen, Andre; Sommer, Dagmar [Gesellschaft fuer Anlagen- und Reaktorsicherheit mbH (GRS), Koeln (Germany)

    2013-07-01

    In recent years, electrical and I and C components in nuclear power plants (NPPs) were replaced by software-based components. Due to the increased number of software-based systems also the threat of malevolent interferences and cyber-attacks on NPPs has increased. In order to maintain nuclear security, conventional physical protection measures and protection measures in the field of computer security have to be implemented. Therefore, the existing security management process of the NPPs has to be expanded to computer security aspects. In this paper, we give an overview of computer security requirements for German NPPs. Furthermore, some examples for the implementation of computer security projects based on a GRS-best-practice-approach are shown. (orig.)

  6. Deliberate Secure Grid Computing Blueprint Design in Indian Context

    Directory of Open Access Journals (Sweden)

    Sanjeev Puri

    2012-06-01

    Full Text Available The novel concept of grid computing, clusters of computational power is constructed from a network of many small and widespread different computers servers or workstations into a single resource. We now proceed to translate the grid security problem into specific grid security requirements. The purpose of Grid technologies is to support the secure sharing and scalable coordinated use of diverse resources in dynamic, distributed VOs. We propose a secure blueprint design for grid systems that addresses requirements for single sign-on, interoperability with local policies of any grid city of India, with dynamically varying resource demands.

  7. Secure Two-Party Computation with Low Communication

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Faust, Sebastian; Hazay, Carmit

    2011-01-01

    We propose a 2-party UC-secure computation protocol that can compute any function securely. The protocol requires only two messages, communication that is poly-logarithmic in the size of the circuit description of the function, and the workload for one of the parties is also only poly-logarithmic...

  8. A Novel Cloud Computing Algorithm of Security and Privacy

    Directory of Open Access Journals (Sweden)

    Chih-Yung Chen

    2013-01-01

    Full Text Available The emergence of cloud computing has simplified the flow of large-scale deployment distributed system of software suppliers; when issuing respective application programs in a sharing clouds service to different user, the management of material becomes more complex. Therefore, in multitype clouds service of trust environment, when enterprises face cloud computing, what most worries is the issue of security, but individual users are worried whether the privacy material will have an outflow risk. This research has mainly analyzed several different construction patterns of cloud computing, and quite relevant case in the deployment construction security of cloud computing by fit and unfit quality, and proposed finally an optimization safe deployment construction of cloud computing and security mechanism of material protection calculating method, namely, Global Authentication Register System (GARS, to reduce cloud material outflow risk. We implemented a system simulation to test the GARS algorithm of availability, security and performance. By experimental data analysis, the solutions of cloud computing security, and privacy derived from the research can be effective protection in cloud information security. Moreover, we have proposed cloud computing in the information security-related proposals that would provide related units for the development of cloud computing security practice.

  9. Practical Secure Computation with Pre-Processing

    DEFF Research Database (Denmark)

    Zakarias, Rasmus Winther

    2016-01-01

    , communicating O(n log∗ n) ele- ments in the small field and performing O(n log n log log n) operations on small field elements. The fourth main result of the dissertation is a generic and efficient protocol for proving knowledge of a witness for circuit satisfiability in Zero-Knowledge. We prove our......Secure Multiparty Computation has been divided between protocols best suited for binary circuits and protocols best suited for arithmetic circuits. With their MiniMac protocol in [DZ13], Damgård and Zakarias take an important step towards bridging these worlds with an arithmetic protocol tuned for...... yields an astonishing fast evaluation per AES block of 400μs = 400 ∗ 10−6 seconds. Our techniques focus on AES but work in general. In particular we reduce round complexity of the protocol using oblivious table lookup to take care of the non-linear parts. At first glance one might expect table lookup to...

  10. Computer Security: “New_invoice.zip”

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Thanks for reading this. But I wonder, what do you expect? Why did this generic title catch your interest? Of course, you might read our articles on a regular basis and it is the “Computer Security:” that brought you here. But still, was there anything else? You should stop reading here... unless you believe this text is meant for you. Or if you are curious. Or if you expect to learn something. Actually, that’s it. “New_invoice.zip” taught more than 40 people at CERN a lesson... the hard way.   “New_invoice.zip” was the name of an attachment to a rather blunt e-mail sent directly to many of our dear colleagues. Others received the e-mail via mailing lists like “it-dep”. The subject of the mail was “invoice” and its message read “Check the document” (see Image 1). The recipient list was vast and full of many different, not necessarily connected names. Clicking on t...

  11. Food Security Strategy Based on Computer Innovation

    OpenAIRE

    Ruihui Mu

    2015-01-01

    Case analysis to identify innovative strategies for food security occurred in the Oriental Hotel, voluntarily implement food safety control. Food security strategy investigation and the reasons for their use of multiple data sources, including accommodation and catering industry to implement and document interviews with key decision makers in the hotel performed to observe the business environment were examined. This finding suggests that addressing food security, not only is the food control...

  12. Secret Sharing and Secure Computing from Monotone Formulae

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Kölker, Jonas; Miltersen, Peter Bro

    2012-01-01

    We present a construction of log-depth formulae for various threshold functions based on atomic threshold gates of constant size. From this, we build a new family of linear secret sharing schemes that are multiplicative, scale well as the number of players increases and allows to raise a shared...... computation over non-Abelian groups in a way that is much simpler than previously known and we also show how to get a protocol in this setting that is efficient and actively secure against a constant fraction of corrupted parties, a long standing open problem. Finally, we show a negative result on usage...

  13. On the Power of Correlated Randomness in Secure Computation

    DEFF Research Database (Denmark)

    Ishai, Yuval; Kushilevitz, Eyal; Meldgaard, Sigurd Torkel;

    2013-01-01

    We investigate the extent to which correlated secret randomness can help in secure computation with no honest majority. It is known that correlated randomness can be used to evaluate any circuit of size s with perfect security against semi-honest parties or statistical security against malicious...... parties, where the communication complexity grows linearly with s. This leaves open two natural questions: (1) Can the communication complexity be made independent of the circuit size? (2) Is it possible to obtain perfect security against malicious parties? We settle the above questions, obtaining both...... positive and negative results on unconditionally secure computation with correlated randomness. Concretely, we obtain the following results. Minimizing communication. Any multiparty functionality can be realized, with perfect security against semi-honest parties or statistical security against malicious...

  14. Secure User Data in Cloud Computing using RSA Algorithm

    OpenAIRE

    Sunny Behal

    2014-01-01

    Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services of the internet. Cloud computing provides customers the way to share distributed resources and services that belong to different organizations or sites. Cloud computing allows consumers and businesses to use applications without installation and access their personal files at any computer with internet access. This paper explores various security methods su...

  15. Peer-to-Peer Secure Multi-Party Numerical Computation

    CERN Document Server

    Bickson, Danny; Dolev, Danny; Pinkas, Benny

    2008-01-01

    We propose an efficient framework for enabling secure multi-party numerical computations in a Peer-to-Peer network. This problem arises in a range of applications such as collaborative filtering, distributed computation of trust and reputation, monitoring and numerous other tasks, where the computing nodes would like to preserve the privacy of their inputs while performing a joint computation of a certain function. Although there is a rich literature in the field of distributed systems security concerning secure multi-party computation, in practice it is hard to deploy those methods in very large scale Peer-to-Peer networks. In this work, we examine several possible approaches and discuss their feasibility. Among the possible approaches, we identify a single approach which is both scalable and theoretically secure. An additional novel contribution is that we show how to compute the neighborhood based collaborative filtering, a state-of-the-art collaborative filtering algorithm, winner of the Netflix progress ...

  16. Security Implications of Typical Grid Computing Usage Scenarios

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.

    2001-06-05

    A Computational Grid is a collection of heterogeneous computers and resources spread across multiple administrative domains with the intent of providing users uniform access to these resources. There are many ways to access the resources of a Computational Grid, each with unique security requirements and implications for both the resource user and the resource provider. A comprehensive set of Grid usage scenarios are presented and analyzed with regard to security requirements such as authentication, authorization, integrity, and confidentiality. The main value of these scenarios and the associated security discussions are to provide a library of situations against which an application designer can match, thereby facilitating security-aware application use and development from the initial stages of the application design and invocation. A broader goal of these scenarios are to increase the awareness of security issues in Grid Computing.

  17. Security Implications of Typical Grid Computing Usage Scenarios

    International Nuclear Information System (INIS)

    A Computational Grid is a collection of heterogeneous computers and resources spread across multiple administrative domains with the intent of providing users uniform access to these resources. There are many ways to access the resources of a Computational Grid, each with unique security requirements and implications for both the resource user and the resource provider. A comprehensive set of Grid usage scenarios are presented and analyzed with regard to security requirements such as authentication, authorization, integrity, and confidentiality. The main value of these scenarios and the associated security discussions are to provide a library of situations against which an application designer can match, thereby facilitating security-aware application use and development from the initial stages of the application design and invocation. A broader goal of these scenarios are to increase the awareness of security issues in Grid Computing

  18. Food Security Strategy Based on Computer Innovation

    Directory of Open Access Journals (Sweden)

    Ruihui Mu

    2015-04-01

    Full Text Available Case analysis to identify innovative strategies for food security occurred in the Oriental Hotel, voluntarily implement food safety control. Food security strategy investigation and the reasons for their use of multiple data sources, including accommodation and catering industry to implement and document interviews with key decision makers in the hotel performed to observe the business environment were examined. This finding suggests that addressing food security, not only is the food control strategy, when the issue of marketing and business strategy is very important. The results of this study also demonstrated the relationship between reward and food security strategies. Interview analysis showed that the attitude of senior management in the hotel's food security policy, the company's ability to significantly dependent on the corporate image.

  19. Robust Security System for Critical Computers

    Directory of Open Access Journals (Sweden)

    Preet Inder Singh

    2012-06-01

    Full Text Available Among the various means of available resource protection including biometrics, password based system is most simple, user friendly, cost effective and commonly used, but this system having high sensitivity with attacks. Most of the advanced methods for authentication based on password encrypt the contents of password before storing or transmitting in physical domain. But all conventional cryptographic based encryption methods are having its own limitations, generally either in terms of complexity, efficiency or in terms of security. In this paper a simple method is developed that provide more secure and efficient means of authentication, at the same time simple in design for critical systems. Apart from protection, a step toward perfect security has taken by adding the feature of intruder detection along with the protection system. This is possible by merging various security systems with each other i.e password based security with keystroke dynamic, thumb impression with retina scan associated with the users. This new method is centrally based on user behavior and users related security system, which provides the robust security to the critical systems with intruder detection facilities.

  20. Managing computer security: How can research help

    Energy Technology Data Exchange (ETDEWEB)

    Bailey, D.J.

    1990-01-01

    This paper points out significant problems in managing the security of large systems. Addressed to the research community, it suggests research questions whose solution would benefit the people charged with protecting actual systems, and, hence, would create real improvements in system security. The problems of managing connection-rich distributed systems are discussed, and a research direction leading to a solution for the problems of distributed systems is suggested.

  1. Security Framework for Agent-Based Cloud Computing

    Directory of Open Access Journals (Sweden)

    K Venkateshwaran

    2015-06-01

    Full Text Available Agent can play a key role in bringing suitable cloud services to the customer based on their requirements. In agent based cloud computing, agent does negotiation, coordination, cooperation and collaboration on behalf of the customer to make the decisions in efficient manner. However the agent based cloud computing have some security issues like (a. addition of malicious agent in the cloud environment which could demolish the process by attacking other agents, (b. denial of service by creating flooding attacks on other involved agents. (c. Some of the exceptions in the agent interaction protocol such as Not-Understood and Cancel_Meta protocol can be misused and may lead to terminating the connection of all the other agents participating in the negotiating services. Also, this paper proposes algorithms to solve these issues to ensure that there will be no intervention of any malicious activities during the agent interaction.

  2. A survey on top security threats in cloud computing

    Directory of Open Access Journals (Sweden)

    Muhammad Kazim

    2015-03-01

    Full Text Available Cloud computing enables the sharing of resources such as storage, network, applications and software through internet. Cloud users can lease multiple resources according to their requirements, and pay only for the services they use. However, despite all cloud benefits there are many security concerns related to hardware, virtualization, network, data and service providers that act as a significant barrier in the adoption of cloud in the IT industry. In this paper, we survey the top security concerns related to cloud computing. For each of these security threats we describe, i how it can be used to exploit cloud components and its effect on cloud entities such as providers and users, and ii the security solutions that must be taken to prevent these threats. These solutions include the security techniques from existing literature as well as the best security practices that must be followed by cloud administrators.

  3. A Survey on Cloud Computing Security

    OpenAIRE

    Modares, Hero; Salleh, Rosli; Moravejosharieh, Amirhosein; Keshavarz, Hassan; Shahgoli, Majid Talebi

    2012-01-01

    Computation encounter the new approach of cloud computing which maybe keeps the world and possibly can prepare all the human's necessities. In other words, cloud computing is the subsequent regular step in the evolution of on-demand information technology services and products. The Cloud is a metaphor for the Internet and is a concept for the covered complicated infrastructure; it also depends on sketching in computer network diagrams. In this paper we will focus on concept of cloud computing...

  4. A REVIEW ON SECURED CLOUD COMPUTING ENVIRONMENT

    OpenAIRE

    M. Hemanth Chakravarthy; E. Kannan

    2014-01-01

    Nowadays, the scientific problem becomes very complex; therefore, it requires more computing power and storage space. These requirements are very common in an organization while dealing with current technological data and requirements. Based on these basic requirements, need of higher computational resources is an important issue when dealing with current technological methodology. Hence, cloud computing has become the most important computing paradigm of recent world. The cloud computing is ...

  5. Securing the Data Storage and Processing in Cloud Computing Environment

    Science.gov (United States)

    Owens, Rodney

    2013-01-01

    Organizations increasingly utilize cloud computing architectures to reduce costs and energy consumption both in the data warehouse and on mobile devices by better utilizing the computing resources available. However, the security and privacy issues with publicly available cloud computing infrastructures have not been studied to a sufficient depth…

  6. Security Issues Model on Cloud Computing: A Case of Malaysia

    OpenAIRE

    Komeil Raisian; Jamaiah Yahaya

    2015-01-01

    By developing the cloud computing, viewpoint of many people regarding the infrastructure architectures, software distribution and improvement model changed significantly. Cloud computing associates with the pioneering deployment architecture, which could be done through grid calculating, effectiveness calculating and autonomic calculating. The fast transition towards that, has increased the worries regarding a critical issue for the effective transition of cloud computing. From the security v...

  7. Analysis on Cloud Computing Information Security Problems and the Countermeasures

    Institute of Scientific and Technical Information of China (English)

    2012-01-01

    Cloud computing is one of the most popular terms in the present IT industry, as well as one of the most prosperous technology. This paper introduces the concept, principle and characteristics of cloud computing, analyzes information security problems resulted from cloud computing, and puts forward corresponding solutions.

  8. Computer Security: Cryptography and authentication (2/4)

    CERN Document Server

    CERN. Geneva

    2012-01-01

    Remi Mollon studied computer security at University and he first worked on Grids, with the EGEE project, for a French Bioinformatics institute. Information security being crucial in that field, he developed an encrypted file management system on top of Grid middleware, and he contributed in integrating legacy applications with Grids. Then, he was hired by CERN as a Grid Data Management developer, and he joined the Grid Operational Security Coordination Team. Remi has now moved to CERN Computer Security Team. Remi is involved in the daily security operations, in addition to be responsible to design Team's computer infrastructure, and to participate to several projects, like multi-factor authentication at CERN. With the prevalence of modern information technologies and its increasing integration into our daily live, digital systems become more and more playground for evil people. While in the past, attacks were driven by fame& kudos, nowadays money is the motivating factor. Just the recent months have s...

  9. Optimizing security of cloud computing within the DoD

    OpenAIRE

    Antedomenico, Noemi

    2010-01-01

    What countermeasures best strengthen the confidentiality, integrity and availability (CIA) of the implementation of cloud computing within the DoD? This question will be answered by analyzing threats and countermeasures within the context of the ten domains comprising the Certified Information System Security Professional (CISSP) Common Body of Knowledge (CBK). The ten domains that will be used in this analysis include access control; telecommunications and network security; information secur...

  10. A Novel Trusted Computing Model for Network Security Authentication

    Directory of Open Access Journals (Sweden)

    Ling Xing

    2014-02-01

    Full Text Available Network information poses great threats from malicious attacks due to the openness and virtuality of network structure. Traditional methods to ensure infor- mation security may fail when both integrity and source authentication for information are required. Based on the security of data broadcast channel, a novel Trusted Com- puting Model (TCM of network security authentication is proposed to enhance the security of network information. In this model, a method of Uniform content locator security Digital Certificate (UDC, which is capable of fully and uniquely index network information, is developed. Standard of MPEG-2 Transport Streams (TS is adopted to pack UDC data. Additionally, a UDC hashing algorithm (UHA512 is designed to compute the integrity and security of data infor- mation . Experimental results show that the proposed model is feasible and effective to network security authentication. 

  11. A SECURE KEY COMPUTATION PROTOCOL FOR SECURE GROUP COMMUNICATION WITH PASSWORD BASED AUTHENTICATION

    Directory of Open Access Journals (Sweden)

    Velumadhava Rao R

    2013-02-01

    Full Text Available Providing security in group communication is more essential in this new network environment. Authentication and Confidentiality are the major concerns in secure group communication. Our proposed approach uses an authenticated group key transfer protocol that relies on trusted key generation center (KGC. KGC computes group pair for each individual and transport the pair of values to all group members in a secured manner. Password based authentication mechanism is used to avoid the illegal member access in a group Also, the proposed approach facilitates efficient key computation technique such that only authorized group members will be able to computer and retrieve the secret key and unauthorized members cannot retrieve the key. The proposed algorithm is more efficient and relies on NP class. In addition, the distribution of key is also safe and secure. Moreover, the pair generated for the computation of key is also very strong since the cryptographic techniques are used which provides efficient computation.

  12. Constant-overhead secure computation of Boolean circuits using preprocessing

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Zakarias, S.

    2013-01-01

    We present a protocol for securely computing a Boolean circuit C in presence of a dishonest and malicious majority. The protocol is unconditionally secure, assuming a preprocessing functionality that is not given the inputs. For a large number of players the work for each player is the same...

  13. Position paper on active countermeasures for computer networks.

    Energy Technology Data Exchange (ETDEWEB)

    Van Randwyk, Jamie A.

    2003-07-01

    Computer security professionals have used passive network countermeasures for several years in order to secure computer networks. Passive countermeasures such as firewalls and intrusion detection systems are effective but their use alone is not enough to protect a network. Active countermeasures offer new ways of protecting a computer network. Corporations and government entities should adopt active network countermeasures as a means of protecting their computer networks.

  14. Effective Ways of Secure Private and Trusted Cloud Computing

    Directory of Open Access Journals (Sweden)

    Pardeep Kumar

    2011-05-01

    Full Text Available Cloud computing is an Internet-based computing, where shared resources, software and information, are provided to computers and devices on-demand. It provides people the way to share distributed resources and services that belong to different organization. Since cloud computing uses distributed resources in open environment, thus it is important to provide the security and trust to share the data for developing cloud computing applications. In this paper we assess how can cloud providers earn their customers' trust and provide the security, privacy and reliability, when a third party is processing sensitive data in a remote machine located in various countries? A concept of utility cloud has been represented to provide the various services to the users. Emerging technologies can help address the challenges of Security, Privacy and Trust in cloud computing.

  15. Effective Ways of Secure, Private and Trusted Cloud Computing

    CERN Document Server

    Kumar, Pardeep; Chauhan, Durg Singh; Gupta, P K; Diwakar, Manoj

    2011-01-01

    Cloud computing is an Internet-based computing, where shared resources, software and information, are provided to computers and devices on-demand. It provides people the way to share distributed resources and services that belong to different organization. Since cloud computing uses distributed resources in open environment, thus it is important to provide the security and trust to share the data for developing cloud computing applications. In this paper we assess how can cloud providers earn their customers' trust and provide the security, privacy and reliability, when a third party is processing sensitive data in a remote machine located in various countries? A concept of utility cloud has been represented to provide the various services to the users. Emerging technologies can help address the challenges of Security, Privacy and Trust in cloud computing.

  16. A Compendium Over Cloud Computing Cryptographic Algorithms and Security Issues

    Directory of Open Access Journals (Sweden)

    Neha Mishra

    2015-01-01

    Full Text Available Cloud computing is an emerging and revolutionary approach towards the computing and becoming more risk prone than ever before. It is an evolutionary approach of using resources and services on demand and as per need of consumers. Cloud computing providing a platform rose on the Internet for usage of IT services and flexible infrastructure to the consumers and business. Deployment and management of services or resources are maintained by the third party. Whereas there are innumerable advantages to approaching the cloud computing, it also contains various issues such as confidentiality, Integrity, Authenticity and Privacy. One of the prominent barrier to adopt the cloud computing is security. This paper comprises the elaborated study on various security issues allied to cloud computing are presented by consolidating literature reviews on cryptographic algorithms used for data security.

  17. Cloud Computing Security Latest Issues amp Countermeasures

    OpenAIRE

    Shelveen Pandey; Mohammed Farik

    2015-01-01

    Abstract Cloud computing describes effective computing services provided by a third-party organization known as cloud service provider for organizations to perform different tasks over the internet for a fee. Cloud service providers computing resources are dynamically reallocated per demand and their infrastructure platform and software and other resources are shared by multiple corporate and private clients. With the steady increase in the number of cloud computing subscribers of these shar...

  18. SECURED SMART SYSTEM DESING IN PERVASIVE COMPUTING ENVIRONMENT USING VCS

    OpenAIRE

    M.Varaprasad Rao; Prof N Ch Bharta Chryulu

    2015-01-01

    Ubiquitous Computing uses mobile phones or tiny devices for application development with sensors embedded in mobile phones. The information generated by these devices is a big task in collection and storage. For further, the data transmission to the intended destination is delay tolerant. In this paper, we made an attempt to propose a new security algorithm for providing security to Pervasive Computing Environment (PCE) system using Public-key Encryption (PKE) algorithm, Biometric...

  19. Auditing cloud computing a security and privacy guide

    CERN Document Server

    Halpert, Ben

    2011-01-01

    The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment Many organizations are reporting or projecting a significant cost savings through the use of cloud computing-utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among othe

  20. Computer Security: Bye, Bye, Windows XP security... Welcome infections!

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Rest in peace, Windows XP. Since your birth on 25 October 2001, you have struggled hard to survive this harsh Internet world. You fell prey to “Melissa”, “Sasser” and “Conficker”, and brought CERN its last large-scale infection with “Blaster” in 2004.    After being upgraded to “SP2”, you discovered software development lifecycles, regular “Patch Tuesdays” and a local firewall that rejected everything by default. In the end, you outlived your weird brother “Vista” and survived as the ugly duckling cousin to the beautiful Mr. Mac. But all your ups and downs are over now. On 8 April 2014, you were given your very last security updates. These life-sustaining measures will be stopped now. Game over. From now on, you are a zombie: presumed dead, but still kept running by your master/owner/user. They might not even understand that you now pose a risk ...

  1. Strategies for safeguarding security of mobile computing.

    Science.gov (United States)

    Green, Hays

    2013-02-01

    An effective mobile health strategy should comprise, in the very least, six key steps: Conduct a mobile security risk assessment. Establish policies and procedures. Develop a training program. Implement measures to prevent unauthorized access. Perform a clinical workflow analysis. Establish the organization's approach for responding to a breach. PMID:23413675

  2. An Improved Grid Security Infrastructure by Trusted Computing

    Institute of Scientific and Technical Information of China (English)

    YAN Fei; ZHANG Huanguo; SUN Qi; SHEN Zhidong; ZHANG Liqiang; QIANG Weizhong

    2006-01-01

    Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.

  3. On Some Security Issues in Pervasive Computing - Light Weight Cryptography

    Directory of Open Access Journals (Sweden)

    Rukma Rekha N

    2012-02-01

    Full Text Available Pervasive Computing Environment is a world where technologies fadeout into the background. The technology is invisible to the user and he is least distracted by the technology. This paper tries to focus on the issues of pervasive computing and reveals the security issues in pervasive computing. We try to find out the role of light weight cryptography in pervasive computing and a comparison between traditional and light weight cryptographic approaches was made.

  4. Secure Two-Party Computation with Low Communication

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Kölker, Jonas; Faust, Sebastian;

    2012-01-01

    We propose a 2-party UC-secure protocol that can compute any function securely. The protocol requires only two messages, communication that is poly-logarithmic in the size of the circuit description of the function, and the workload for one of the parties is also only poly-logarithmic in the size...... of the circuit. This implies, for instance, delegatable computation that requires no expensive off-line phase and remains secure even if the server learns whether the client accepts its results. To achieve this, we define two new notions of extractable hash functions, propose an instantiation based...

  5. Computer Security: one click and BOOM…

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2016-01-01

    Browsing the World Wide Web is not as easy as it seems… One wrong click and all your passwords (CERN, Facebook, PayPal, Amazon, etc.) could be stolen; all your activities could be clandestinely monitored (mouse movements and clicks, words typed, screenshots, microphone and webcam recordings, etc.); confidential documents could be stolen; and an attack path (a so-called back-door) into CERN could be opened…    As a result, you would have to reinstall your computer from scratch and change all your passwords! One of our colleagues learned this the hard way. One wrong click in summer 2015 permitted malicious attackers to infiltrate CERN but, fortunately, no real damage was done. Still, the cost of investigating the incident ran to several tens of thousands of Swiss francs and a lot of time was wasted trying to understand the attacker’s intent and the extent of the infiltration... With the goal of increasing more awareness of the risk of clicking on li...

  6. TOWARD HIGHLY SECURE AND AUTONOMIC COMPUTING SYSTEMS: A HIERARCHICAL APPROACH

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Hsien-Hsin S

    2010-05-11

    The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniques and system software for achieving a robust, secure, and reliable computing system toward our goal.

  7. Current Cloud Computing Security Concerns from Consumer Perspective

    Institute of Scientific and Technical Information of China (English)

    Hafiz Gulfam Ahmad; Zeeshan Ahmad

    2013-01-01

    In recent years cloud computing is the subject of extensive research in the emerging field of information technology and has become a promising business.The reason behind this widespread interest is its abilityto increase the capacity and capability of enterprises,having no investment for new infrastructure,no software license requirement and no need of any training. Security concern is the main limitation factor in the growth of this new born technology.The secur-ity responsibilities of both,the provider and the consumer greatly differ between cloud service models.In this paper we discuss a variety of security risks,authentication issues,trust,and legal regularity in cloud environment with consumer perspective.Early research focused only on techni-cal and business consequences of cloud computing and ignored consumer perspective.There-fore,this paper discusses the consumer security and privacy preferences.

  8. Security prospects through cloud computing by adopting multiple clouds

    DEFF Research Database (Denmark)

    Jensen, Meiko; Schwenk, Jörg; Bohli, Jens Matthias;

    2011-01-01

    Clouds impose new security challenges, which are amongst the biggest obstacles when considering the usage of cloud services. This triggered a lot of research activities in this direction, resulting in a quantity of proposals targeting the various security threats. Besides the security issues coming...... with the cloud paradigm, it can also provide a new set of unique features which open the path towards novel security approaches, techniques and architectures. This paper initiates this discussion by contributing a concept which achieves security merits by making use of multiple distinct clouds at the same time...

  9. OS friendly microprocessor architecture: Hardware level computer security

    Science.gov (United States)

    Jungwirth, Patrick; La Fratta, Patrick

    2016-05-01

    We present an introduction to the patented OS Friendly Microprocessor Architecture (OSFA) and hardware level computer security. Conventional microprocessors have not tried to balance hardware performance and OS performance at the same time. Conventional microprocessors have depended on the Operating System for computer security and information assurance. The goal of the OS Friendly Architecture is to provide a high performance and secure microprocessor and OS system. We are interested in cyber security, information technology (IT), and SCADA control professionals reviewing the hardware level security features. The OS Friendly Architecture is a switched set of cache memory banks in a pipeline configuration. For light-weight threads, the memory pipeline configuration provides near instantaneous context switching times. The pipelining and parallelism provided by the cache memory pipeline provides for background cache read and write operations while the microprocessor's execution pipeline is running instructions. The cache bank selection controllers provide arbitration to prevent the memory pipeline and microprocessor's execution pipeline from accessing the same cache bank at the same time. This separation allows the cache memory pages to transfer to and from level 1 (L1) caching while the microprocessor pipeline is executing instructions. Computer security operations are implemented in hardware. By extending Unix file permissions bits to each cache memory bank and memory address, the OSFA provides hardware level computer security.

  10. Security Scheme and Its Application towards Vehicular Computing

    Directory of Open Access Journals (Sweden)

    Maria baby

    2014-04-01

    Full Text Available Cloud computing is a colloquial expression used to describe a variety of different types of computing that involves a large number of computers that are connected through real time communication network. Cloud computing is a ability to run a program on many connected computers at the same time. Another technology VANET uses moving car as nodes in a network to create a mobile network, allowing a car approximately 100 to 300 meters each other to connectand in turn, create a network with a wide range. Vehicular Computing is a similar toVANET, which have 2 types: infrastructure based VCand autonomous VC. This work is using infrastructure based VC; drivers will be able to access services by network communications involving the roadside infrastructure. Security challenges, which provides the most extensive analysis of the document in the public arena. Although security issues have received attention in cloud computing and vehicular network and identify security challenges that are specific to VCs. E.g.: challenges interface, tangled identifies and locations and the complexity of establishing trust relationships among multiple players caused by intermittent short- range communications. We provide a privacy and security in cloud computing in this paper for vehicular computing

  11. Security and Fault aware Scheduling in Computational Grid

    Directory of Open Access Journals (Sweden)

    Mansour Noshfar

    2013-09-01

    Full Text Available Grid Computation is an issue that has received much attention from researchers in recent years. Its aim is to use the computational power of idle resources which have been distributed in different places and under different policies and security conditions. Therefore, one of the challenges facing this technology is the issue of security of jobs and the computational sites. Distributed jobs in computational sites may become problematic due to some infections and malwares. As a result, the risks and security levels should be considered; computing resources must be evaluated by resource owners for task execution, and scheduling should be based on requested users' security levels. This is the matter that has been ignored in the previous scheduling algorithms, which leads to waste of time and overhead. In this paper, a new method based on a combination of Genetic and Imperialism Competitive algorithm is presented to implement a security-aware scheduling and failure algorithm. The proposed method is compared with the previous methods such as Min-Min, Suffrage and genetic algorithms, has become near optimal and led to reduce the overhead caused by violation of security conditions. Additionally, Due to the usage of fault tolerance mechanisms, the performance of these mechanisms has been evaluated and it was found that the replication mechanism had the lowest failure rate and the check point mechanism had a direct effect on the performance and it should be fully supervised and be smart.

  12. Actively Secure Two-Party Evaluation of Any Quantum Operation

    DEFF Research Database (Denmark)

    Dupuis, Frédéric; Nielsen, Jesper Buus; Salvail, Louis

    2012-01-01

    We provide the first two-party protocol allowing Alice and Bob to evaluate privately even against active adversaries any completely positive, trace-preserving map , given as a quantum circuit, upon their joint quantum input state . Our protocol leaks no more to any active adversary than an ideal ...... functionality for provided Alice and Bob have the cryptographic resources for active secure two-party classical computation. Our protocol is constructed from the protocol for the same task secure against specious adversaries presented in [4]....

  13. Computer Security: improve software, avoid blunder

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Recently, a severe vulnerability has been made public about how Apple devices are wrongly handling encryption. This vulnerability rendered SSL/TLS protection useless, and permitted attackers checking out a wireless network to capture or modify data in encrypted sessions.   In other words, all confidential data like passwords, banking information, etc. could have been siphoned off by a targeted attack. While Apple has been quick in providing adequate security patches for iOS devices and Macs, it is an excellent example of how small mistakes can lead to big security holes. Here is the corresponding code from Apple’s Open Source repository. Can you spot the issue? 1 static OSStatus 2 SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) 3 { 4              OSStatus &nb...

  14. FREQUENCY OPTIMIZATION FOR SECURITY MONITORING OF COMPUTER SYSTEMS

    Directory of Open Access Journals (Sweden)

    Вogatyrev V.A.

    2015-03-01

    Full Text Available The subject areas of the proposed research are monitoring facilities for protection of computer systems exposed to destructive attacks of accidental and malicious nature. The interval optimization model of test monitoring for the detection of hazardous states of security breach caused by destructive attacks is proposed. Optimization function is to maximize profit in case of requests servicing in conditions of uncertainty, and intensity variance of the destructive attacks including penalties when servicing of requests is in dangerous conditions. The vector task of system availability maximization and minimization of probabilities for its downtime and dangerous conditions is proposed to be reduced to the scalar optimization problem based on the criterion of profit maximization from information services (service of requests that integrates these private criteria. Optimization variants are considered with the definition of the averaged periodic activities of monitoring and adapting of these periods to the changes in the intensity of destructive attacks. Adaptation efficiency of the monitoring frequency to changes in the activity of the destructive attacks is shown. The proposed solutions can find their application for optimization of test monitoring intervals to detect hazardous conditions of security breach that makes it possible to increase the system effectiveness, and specifically, to maximize the expected profit from information services.

  15. Information Security in the Age of Cloud Computing

    Science.gov (United States)

    Sims, J. Eric

    2012-01-01

    Information security has been a particularly hot topic since the enhanced internal control requirements of Sarbanes-Oxley (SOX) were introduced in 2002. At about this same time, cloud computing started its explosive growth. Outsourcing of mission-critical functions has always been a gamble for managers, but the advantages of cloud computing are…

  16. Security issues occur in Cloud Computing and there Solutions

    Directory of Open Access Journals (Sweden)

    Karamjit Singh

    2012-05-01

    Full Text Available Cloud computing is a recent advancement wherein IT infrastructure and applications are provided as “services” to end-users under a usage-based payment model. Many organizations, such as Google, Amazon, IBM and many others, accelerate their paces in developing Cloud computing systems and providing services to user with best affords but there phases many difficulties regarding securityproblem and users also afraid toward security of own data i.e. whether cloud providers able to maintain data integrity ,confidentiality as well as authentication. To resolve the security issues in cloud computing, this paper presents various solutions for different issues.

  17. A cancellable and fuzzy fingerprint scheme for mobile computing security

    Science.gov (United States)

    Yang, Wencheng; Xi, Kai; Li, Cai

    2012-09-01

    Fingerprint recognition provides an effective user authentication solution for mobile computing systems. However, as a fingerprint template protection scheme, fingerprint fuzzy vault is subject to cross-matching attacks, since the same finger might be registered for various applications. In this paper, we propose a fingerprint-based biometric security scheme named the cancellable and fuzzy fingerprint scheme, which combines a cancellable non-linear transformation with the client/server version of fuzzy vault, to address the cross-matching attack in a mobile computing system. Experimental results demonstrate that our scheme can provide reliable and secure protection to the mobile computing system while achieving an acceptable matching performance.

  18. Computationally Efficient Neural Network Intrusion Security Awareness

    Energy Technology Data Exchange (ETDEWEB)

    Todd Vollmer; Milos Manic

    2009-08-01

    An enhanced version of an algorithm to provide anomaly based intrusion detection alerts for cyber security state awareness is detailed. A unique aspect is the training of an error back-propagation neural network with intrusion detection rule features to provide a recognition basis. Network packet details are subsequently provided to the trained network to produce a classification. This leverages rule knowledge sets to produce classifications for anomaly based systems. Several test cases executed on ICMP protocol revealed a 60% identification rate of true positives. This rate matched the previous work, but 70% less memory was used and the run time was reduced to less than 1 second from 37 seconds.

  19. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    Energy Technology Data Exchange (ETDEWEB)

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

  20. Computer Security: the value of your password

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2016-01-01

    Of course, your passwords have a value to you as they allow you to access your computer and your Facebook page, to buy on Amazon, to create a Twitter feed, and to use a multitude of computing services provided by CERN. But have you ever thought of their value to the malicious people of this world?    With your account password, I can take over your computer. I can install software allowing me to enable your microphone and listen to your communications and what is happening around you as long as your computer is turned on. I can take regular screenshots and monitor you while you work. With that, I can try to determine your working habits, your online behaviour, the way you write e-mails… Useful, if I want to impersonate you believably (e.g. to attack CERN and the systems you are working on at CERN). What’s more, with access to your computer, I can install a keylogger to record your every keystroke – including when you type all your other passwords: ...

  1. SECURED SMART SYSTEM DESING IN PERVASIVE COMPUTING ENVIRONMENT USING VCS

    Directory of Open Access Journals (Sweden)

    M Varaprasad Rao

    2015-05-01

    Full Text Available Ubiquitous Computing uses mobile phones or tiny devices for application development with sensors embedded in mobile phones. The information generated by these devices is a big task in collection and storage. For further, the data transmission to the intended destination is delay tolerant. In this paper, we made an attempt to propose a new security algorithm for providing security to Pervasive Computing Environment (PCE system using Public-key Encryption (PKE algorithm, Biometric Security (BS algorithm and Visual Cryptography Scheme (VCS algorithm. In the proposed PCE monitoring system it automates various home appliances using VCS and also provides security against intrusion using Zigbee IEEE 802.15.4 based Sensor Network, GSM and Wi-Fi networks are embedded through a standard Home gateway.

  2. Secure and Stability Practical Outsourcing in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Mr.V.Sudarshan

    2012-09-01

    Full Text Available Cloud computing has great potential of providing robust computational power to the society at reduced cost. It enables customers with limited computational resources to outsource their large computation workloads to the cloud, and economically enjoy the massive computational power, bandwidth, storage, and even appropriate software that can be shared in a pay-per-use manner. Despite the tremendous benefits, security is the primary obstacle that prevents the wide adoption of this promising computing model, especially for customers when their confidential data are consumed and produced during the computation. Treating the cloud as an intrinsically insecure computing platform from the viewpoint of the cloud customers, we must design mechanisms that not only protect sensitive information by enabling computations with encrypted data, but also protect customers from malicious behaviors by enabling the validation of the computation result. Such a mechanism of general secure computation outsourcing was recently shown to be feasible in theory, but to design mechanisms that are practically efficient remains a very challenging problem. Focusing on engineering computing and optimization tasks, this paper investigates secure outsourcing of widely applicable linear programming (LP computations. In order to achieve practical efficiency, our mechanism design explicitly decomposes the LP computation outsourcing into public LP solvers running on the cloud and private LP parameters owned by the customer. The resulting flexibility allows us to explore appropriate security efficiency tradeoff via higher-level abstraction of LP computations than the general circuit representation. In particular, by formulating private data owned by the customer for LP problem as a set of matrices and vectors, we are able to develop a set of efficient privacy-preserving problem transformation techniques, which allow customers to transform original LP problem into some arbitrary one

  3. Computer Security: your car, my control

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    We have discussed the Internet of Things (IoT) and its security implications already in past issues of the CERN Bulletin, for example in “Today’s paranoia, tomorrow’s reality” (see here). Unfortunately, tomorrow has come. At this years's Black Hat conference researchers presented their findings on how easily your car can be hacked and controlled remotely. Sigh.   While these researchers have just shown that they can wirelessly hijack a Jeep Cherokee, others have performed similar studies with SmartCars, Fords, a Tesla, a Corvette, BMWs, Chryslers and Mercedes! With the increasing computerisation of cars, the engine management system, air conditioning, anti-lock braking system, electronic stability programme, etc. are linked to the infotainment, navigation and communication systems, opening the door for these vehicles to be hacked remotely. The now prevalent Bluetooth connection with smartphones is one entry vector to attack your car remotely...

  4. Securing applications in personal computers: the relay race approach.

    OpenAIRE

    Wright, James Michael

    1991-01-01

    Approved for public release; distribution is unlimited This Thesis reviews the increasing need for security in a personal computer (PC) environment and proposes a new approach for securing PC applications at the application layer. The Relay Race Approach extends two standard approaches : data encryption and password access control at the main program level, to the subprogram level by the use of a special parameter, the "Baton" . The applicability of this approach is de...

  5. The New Trend of Security in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Xiangdong Li

    2012-12-01

    Full Text Available The use of services of cloud computing has been growing widely in industry, organizations and institutions recently, due to its tempting benefits, for example, the scalability, efficiency, flexibility and lower cost. The security issues have been studied and analyzed extensively. In order to understand the risk issues existing in today’s cloud, we discuss the new trend of security of cloud in this paper. The preventing methods are also discussed.

  6. An information security education initiative for engineering and computer science

    OpenAIRE

    Chin, Shiu-Kai; Irvine, Cynthia E.; Frincke, Deborah

    1997-01-01

    This paper puts forward a case for an educational initiative in information security at both the undergraduate and graduate levels. Its focus is on the need for such education, the desired educational outcomes, and how the outcomes may be assessed. A basic thesis of this paper is that the goals, methods, and evaluation techniques of information and computer security are consistent with and supportive of the stated goals of engineering education and the growing movement for outcomes based a...

  7. Computer Security: downloading films is no peccadillo

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Dear Summer Students, within the Organization, you have many possibilities to pursue your natural curiosity and acquire as much new knowledge as you can siphon into your brain. CERN provides you with the academic freedom to do so, with almost no limitations. But hold on: “free” and “no limitations” don’t mean that you can do whatever you want…   Please note that, when using CERN’s computing facilities, when sending e-mails from your CERN e-mail address, when using your laptop/smartphone/computer, you must follow a basic framework of rules, the CERN Computing Rules. I would like to focus on one particular aspect of those rules: that of accessing music, videos, films or computer games from popular websites like ThePirateBay or using Bittorrent.  CERN has an awesome connection to the Internet, lots of bandwidth and a high capacity for web downloads. However, this does not mean that downloading music, videos...

  8. Guaranteeing Data Storage Security in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Viswanath Aiyer

    2015-05-01

    Full Text Available Cloud Computing has been imagined as the next generation structural engineering of IT Enterprise. .By using the homomorphic token with dispersed verification of eradication coded information, our plan attains to the combination of capacity rightness protection and information blunder limitation, i.e., the identification of getting rowdy server(s

  9. Quality Function Deployment (QFD House of Quality for Strategic Planning of Computer Security of SMEs

    Directory of Open Access Journals (Sweden)

    Jorge A. Ruiz-Vanoye

    2013-01-01

    Full Text Available This article proposes to implement the Quality Function Deployment (QFD House of Quality for strategic planning of computer security for Small and Medium Enterprises (SME. The House of Quality (HoQ applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security.

  10. Complete Fairness in Secure Two-Party Computation

    DEFF Research Database (Denmark)

    Gordon, S. Dov; Hazay, Carmit; Katz, Jonathan;

    2011-01-01

    In the setting of secure two-party computation, two mutually distrusting parties wish to compute some function of their inputs while preserving, to the extent possible, various security properties such as privacy, correctness, and more. One desirable property is fairness which guarantees, informa......In the setting of secure two-party computation, two mutually distrusting parties wish to compute some function of their inputs while preserving, to the extent possible, various security properties such as privacy, correctness, and more. One desirable property is fairness which guarantees......, informally, that if one party receives its output, then the other party does too. Cleve [1986] showed that complete fairness cannot be achieved in general without an honest majority. Since then, the accepted folklore has been that nothing non-trivial can be computed with complete fairness in the two......-party setting. We demonstrate that this folklore belief is false by showing completely fair protocols for various nontrivial functions in the two-party setting based on standard cryptographic assumptions. We first show feasibility of obtaining complete fairness when computing any function over polynomial...

  11. Computer Security: posting and mis-posting

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    This is what can happen at CERN if you don't lock your computer screen...   “Hi, I am looking for a partner either male or female to attend salsa lessons. I have a great body and enjoy rubbing it against other people on the dance floor. I would consider dinner after with the right person. If you think you can keep up with me and enjoy getting sweaty send me a reply. Stay sexy…” This is the original text of a recent posting on the CERN Market webpage. Some people might find this appealing, some people think this is funny. Personally, I couldn’t care less. But professionally, we had to follow up as this text can be perceived as inappropriate and, thus, in violation of the Terms of Usage of the CERN Market as well as the CERN Computing Rules and its annex on private usage of the CERN computing facilities. We remind you that the CERN Market is a public website that can be used by people within but also outside CERN. All posts are visible world...

  12. Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

    Energy Technology Data Exchange (ETDEWEB)

    Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

    2015-07-28

    Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

  13. Computer Security: White hats for CERN

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2016-01-01

    CERN is under attack. Permanently. Even right now. In particular, the CERN web environment, with its thousands of websites and millions of webpages, is a popular target for evil-doers as well as for security researchers.   Usually, their attacks are unsuccessful and fade away over time. Sometimes, however, they are successful and manage to break into a CERN website or web server… It is imperative that we learn about our weaknesses before others do – and fix them! Hackers with bad intentions are usually named “black hats” as they misuse their power to cause destruction or downtime via any weakness they can find. “Grey hats” are more moderate and might just have some fun with the weaknesses they find, for example by putting naked teddy bears or a personal message (such as “I hacked U”) on the compromised website. Last but not least, “white hats” report their findings directly to us and suggest that...

  14. Computer Security: what is your identity?

    CERN Document Server

    Stefan Lueders, Computer Security Team

    2016-01-01

    In the physical world this is fairly clear; your sense of self is multi-faceted and highly complex but the entity of “you” is well defined.  You can prove your identity simply, typically by showing your ID card or by having someone vouch for you. You are a being layered with attributes. Other people may request some of these attributes: your first name at Starbucks or your shoe size at the bowling alley. But only your most trusted contacts are granted access to your entire set of attributes… or maybe you never expose your identity entirely!   Online, your identity is a very different beast. It is fragmented. Each piece of your identity is typically verified by its own username and password. Occasionally pieces are forgotten or lost to the depths of the Internet. The hundreds of accounts that identify “you” present a security problem. Can you keep track of these accounts and is it even realistic to use unique, non-trivial passwords for ea...

  15. Computer Security: Our life in symbiosis*

    CERN Document Server

    Stefan Lueders, Computer Security Team

    2014-01-01

    Do you recall our Bulletin articles on control system cyber-security (“Hacking control systems, switching lights off!” and “Hacking control systems, switching... accelerators off?”) from early 2013? Let me shed some light on this issue from a completely different perspective.   I was raised in Europe during the 80s. With all the conveniences of a modern city, my environment made me a cyborg - a human entangled with technology - supported but also dependent on software and hardware. Since my childhood, I have eaten food packaged by machines and shipped through a sophisticated network of ships and lorries, keeping it fresh or frozen until it arrives in supermarkets. I heat my house with the magic of nuclear energy provided to me via a complicated electrical network. In fact, many of the amenities and gadgets I use are based on electricity and I just need to tap a power socket. When on vacation, I travel by taxi, train and airplane. And I enjoy the beautifu...

  16. Computer Security: DNS to the rescue!

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2016-01-01

    Why you should be grateful to the Domain Name System at CERN.   Incidents involving so-called “drive-by” infections and “ransomware” are on the rise. Whilst an up-to-date and fully patched operating system is essential; whilst running anti-virus software with current virus signature files is a must; whilst “stop --- think --- don’t click” surely helps, we can still go one step further in better protecting your computers: DNS to the rescue. The DNS, short for Domain Name System, translates the web address you want to visit (like “http://cern.ch”) to a machine-readable format (the IP address, here: “188.184.9.234”). For years, we have automatically monitored the DNS translation requests made by your favourite web browser (actually by your operating system, but that doesn’t matter here), and we have automatically informed you if your computer tried to access a website known to hos...

  17. Control Systems Cyber Security Standards Support Activities

    Energy Technology Data Exchange (ETDEWEB)

    Robert Evans

    2009-01-01

    The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

  18. Computer Security: Hacking CERN - a win-win for all

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    The first round of the CERN WhiteHat Challenge has finished (see here). At the end of March, CERN was "attacked" by a dozen students from the St. Pölten University of Applied Sciences, Austria.   These attacks were part of their Master's degree in computer science and computer security, where they study penetration testing and vulnerability scanning, i.e. finding weaknesses in computing systems: techniques, tools, approaches and ethics. Usually, such studies are done against mock-ups like “Google Gruyere”, the “Damn Vulnerable Web Application” or OWASP’s “WebGoat” and “Hackademic”. However, while those mock-ups are in principle useful, they rarely resemble the operational reality of the Internet. CERN has offered computer security professors an alternative: the opportunity to use CERN’s web-ecosystem and all other systems open to th...

  19. 计算机网络安全技术%Security Technologies of Computer Network

    Institute of Scientific and Technical Information of China (English)

    罗明宇; 卢锡城; 卢泽新; 韩亚欣

    2000-01-01

    With the development of computer network,requirements of computer network security have been more and more urgent. In tills paper, goals of network security are reviewed. Several network attack methods,such as interruption,interception, modification, fabrication,are studied. Network security technologies,such as security mechan!sm,encryption,security detection,firewall,were discussed.

  20. Computer virus security in the Department of the Navy

    OpenAIRE

    Salters, Michael Jerome

    1992-01-01

    Approved for public release; distribution is unlimited This thesis discusses the growing threat of computer viruses and their impact on Automated Information Systems. In particular, it attempts to show a need to establish sound security programs that properly address computer viruses. A major area of the thesis focuses on current guidance by the Department of Defense and the Department of the Navy and provides recommendation for an effective Navy organization to effectively ...

  1. Placing computer security at the heart of learning

    OpenAIRE

    Richards, Mike; Price, Blaine A.; Nuseibeh, Bashar

    2008-01-01

    In this paper we present the approach adopted at the UK’s Open University for teaching computer security to large numbers of students at a distance through supported open learning. We discuss how the production of learning materials at the university has had to change to reflect the ever-increasing rate of technological, legislative and social change within the computing discipline, and how the university has had to rethink the role of the academic in the course development process. We argue ...

  2. Security Considerations and Recommendations in Computer-Based Testing

    Directory of Open Access Journals (Sweden)

    Saleh M. Al-Saleem

    2014-01-01

    Full Text Available Many organizations and institutions around the globe are moving or planning to move their paper-and-pencil based testing to computer-based testing (CBT. However, this conversion will not be the best option for all kinds of exams and it will require significant resources. These resources may include the preparation of item banks, methods for test delivery, procedures for test administration, and last but not least test security. Security aspects may include but are not limited to the identification and authentication of examinee, the risks that are associated with cheating on the exam, and the procedures related to test delivery to the examinee. This paper will mainly investigate the security considerations associated with CBT and will provide some recommendations for the security of these kinds of tests. We will also propose a palm-based biometric authentication system incorporated with basic authentication system (username/password in order to check the identity and authenticity of the examinee.

  3. Security considerations and recommendations in computer-based testing.

    Science.gov (United States)

    Al-Saleem, Saleh M; Ullah, Hanif

    2014-01-01

    Many organizations and institutions around the globe are moving or planning to move their paper-and-pencil based testing to computer-based testing (CBT). However, this conversion will not be the best option for all kinds of exams and it will require significant resources. These resources may include the preparation of item banks, methods for test delivery, procedures for test administration, and last but not least test security. Security aspects may include but are not limited to the identification and authentication of examinee, the risks that are associated with cheating on the exam, and the procedures related to test delivery to the examinee. This paper will mainly investigate the security considerations associated with CBT and will provide some recommendations for the security of these kinds of tests. We will also propose a palm-based biometric authentication system incorporated with basic authentication system (username/password) in order to check the identity and authenticity of the examinee.

  4. Soft Computing - A step towards building Secure Cognitive WLAN

    CERN Document Server

    Lingareddy, S C; Babu, Dr Vinaya; Dhruve, Kashyap

    2010-01-01

    Wireless Networks rendering varied services has not only become the order of the day but the demand of a large pool of customers as well. Thus, security of wireless networks has become a very essential design criterion. This paper describes our research work focused towards creating secure cognitive wireless local area networks using soft computing approaches. The present dense Wireless Local Area Networks (WLAN) pose a huge threat to network integrity and are vulnerable to attacks. In this paper we propose a secure Cognitive Framework Architecture (CFA). The Cognitive Security Manager (CSM) is the heart of CFA. The CSM incorporates access control using Physical Architecture Description Layer (PADL) and analyzes the operational matrices of the terminals using multi layer neural networks, acting accordingly to identify authorized access and unauthorized usage patterns.

  5. Engineering Secure Two-Party Computation Protocols Design, Optimization, and Applications of Efficient Secure Function Evaluation

    CERN Document Server

    Schneider, Thomas

    2012-01-01

    Secure two-party computation, called secure function evaluation (SFE), enables two mutually mistrusting parties, the client and server, to evaluate an arbitrary function on their respective private inputs while revealing nothing but the result. Originally the technique was considered to be too inefficient for practical privacy-preserving applications, but in recent years rapid speed-up in computers and communication networks, algorithmic improvements, automatic generation, and optimizations have enabled their application in many scenarios. The author offers an extensive overview of the most pr

  6. CERN Technical Training: new courses on computer security

    CERN Multimedia

    HR Department

    2009-01-01

    Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Centre. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour course designed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions o...

  7. CERN Technical Training: new courses on computer security

    CERN Multimedia

    HR Department

    2009-01-01

    Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Center. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour training aimed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions o...

  8. CERN Technical Training: new courses on computer security

    CERN Multimedia

    HR Department

    2009-01-01

    Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Centre. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour course designed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions ...

  9. Computer Security: How to succeed in software deployment

    CERN Multimedia

    Computer Security Team

    2014-01-01

    The summer student period has ended and we would like to congratulate all those who successfully accomplished their project! In particular, well done to those who managed to develop and deploy sophisticated web applications in the short summer season. Unfortunately, not all web applications made the final cut, moved into production and became visible on the Internet. We had to reject some... let me explain why.   Making a web application visible on the Internet requires an opening in the CERN outer perimeter firewall. Such a request is usually made through the CERN WebReq web interface. As standard procedure, the CERN Computer Security team reviews every request and performs a security assessment. This is where you, your supervisee and the Computer Security team all start to get frustrated. Many summer students delivered awesome web applications with great new functions and a good “look and feel” following precise use cases, using modern web technologies, dashboards, integr...

  10. Computationally Secure Pattern Matching in the Presence of Malicious Adversaries

    DEFF Research Database (Denmark)

    Hazay, Carmit; Toft, Tomas

    2014-01-01

    We propose a protocol for the problem of secure two-party pattern matching, where Alice holds a text t∈{0,1}∗ of length n, while Bob has a pattern p∈{0,1}∗ of length m. The goal is for Bob to (only) learn where his pattern occurs in Alice’s text, while Alice learns nothing. Private pattern matching...... is an important problem that has many applications in the area of DNA search, computational biology and more. Our construction guarantees full simulation in the presence of malicious, polynomial-time adversaries (assuming the hardness of DDH assumption) and exhibits computation and communication costs of O...... for important variations of the secure pattern matching problem that are significantly more efficient than the current state of art solutions: First, we deal with secure pattern matching with wildcards. In this variant the pattern may contain wildcards that match both 0 and 1. Our protocol requires O...

  11. Secure Genomic Computation through Site-Wise Encryption.

    Science.gov (United States)

    Zhao, Yongan; Wang, XiaoFeng; Tang, Haixu

    2015-01-01

    Commercial clouds provide on-demand IT services for big-data analysis, which have become an attractive option for users who have no access to comparable infrastructure. However, utilizing these services for human genome analysis is highly risky, as human genomic data contains identifiable information of human individuals and their disease susceptibility. Therefore, currently, no computation on personal human genomic data is conducted on public clouds. To address this issue, here we present a site-wise encryption approach to encrypt whole human genome sequences, which can be subject to secure searching of genomic signatures on public clouds. We implemented this method within the Hadoop framework, and tested it on the case of searching disease markers retrieved from the ClinVar database against patients' genomic sequences. The secure search runs only one order of magnitude slower than the simple search without encryption, indicating our method is ready to be used for secure genomic computation on public clouds. PMID:26306278

  12. Computer Security: USB sticks - the silent killers

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    You've just found a USB stick in Restaurant 1. You'd like to return it … but who is the owner? Maybe the contents can tell you? Connect it to your laptop, and you might figure it out. But hold on, what if its content is dangerous…?   USB sticks are an excellent vehicle for infecting countless PCs and laptops. Years ago, several dozen laptops were infected during a conference when someone passed around a USB stick with flight departure information. Unfortunately, this stick was infected. Similarly, we have seen a domino effect of infections in the FP and EN departments after some USB sticks made the rounds, infecting one PC after another. In the end, a massive number of PCs had to be reinstalled. Some USB sticks are even worse. They pretend to be “just a keyboard” (named “RubberDucky”) and, once inserted, they execute a pre-programmed sequence of keystrokes intended to extract information from your computer or take ...

  13. Computer Security: protect CERN - respect copyrights

    CERN Document Server

    Computer Security Team

    2014-01-01

    Are you a physicist who does complex mathematical calculations? Are you a webmaster who regularly embeds visual contents? Do you regularly present to large audiences? Are you an engineer who does sophisticated simulations of heat transfers, structural stability or electric circuits? Are you a technician who often uses CAD software? Do you like listening to music while being at CERN? Go ahead!   But make sure that you have legitimately obtained the software/images/music/videos you are using and hold valid licenses to run your software. Using illegal or pirated software/images/music/videos is not a trivial offense. It violates the CERN Computing Rules (OC5) and puts the Organization at risk! Vendors deserve credit and compensation. So make sure to buy your software via legitimate channels and use a valid and honestly obtained license. This also applies to “shareware” and software under open licenses, which might also come with a cost. Usually, only “freeware&rd...

  14. Secure Dynamic access control scheme of PHR in cloud computing.

    Science.gov (United States)

    Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

    2012-12-01

    With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access

  15. A Survey on Mobile Cloud Computing with Embedded Security Considerations

    Directory of Open Access Journals (Sweden)

    Victor Onomza Waziri

    2014-04-01

    Full Text Available The emergence of cloud computing hold a promise to computing where software is provided as a services (SaaS via the Internet. Mobile cloud computing integrates cloud computing with mobile devices. By this architecture, certain challenges (e.g., battery life, storage, and bandwidth of mobile devices are addressed. Cloud computing provides the foundation for mobile cloud computing through the delivery of services, software, storage and computational capacity over the Internet, thereby reducing cost, increasing storage, improving battery life of mobile devices and providing flexibility and mobility of data and information. However, the realization of some of these benefits is far from reality in mobile applications, as a result, opens new areas of research such as security of privacy and services. To better understand how to facilitate the development of mobile cloud computing, we surveyed existing work in mobile cloud computing in the context and principles of its foundational cloud computing technology. We provided a definition of mobile cloud computing and gave a summary of results from this review, in particular, the models, architecture, applications and challenges of mobile cloud computing. We concluded with recommendations for how this better understanding of mobile cloud computing can assist in the development of better and stronger mobile applications.

  16. Computer Security: a plea to Santa Claus

    CERN Document Server

    Stefan Lueders, Computer Security Team

    2015-01-01

    Running pirated software or illegal licences, using cracking tools to bypass software activation measures, sharing music and films – these are problems that academic environments unfortunately have to deal with. All violate the copyright of the software/music/film owners, and copyright owners are not Santa Claus...    CERN, like other research organisations and universities, regularly receives allegations from external companies complaining about laptops or PCs running illegal software or sharing their films, videos or music with peers – and thus violating copyright.  Usually, we then contact the owners of the corresponding devices in order to understand whether these allegations are true. Very often such allegations boil down to a laptop whose owner replies “I confirm that a torrent client was left up and running on my device by mistake” or “This is a file that is stored on my personal hard disk.” As if those allegatio...

  17. Secure Computation in a Bidirectional Relay

    CERN Document Server

    Kashyap, Navin; Thangaraj, Andrew

    2012-01-01

    Bidirectional relaying, where a relay helps two user nodes to exchange equal length binary messages, has been an active area of recent research. A popular strategy involves a modified Gaussian MAC, where the relay decodes the XOR of the two messages using the naturally-occurring sum of symbols simultaneously transmitted by user nodes. In this work, we consider the Gaussian MAC in bidirectional relaying with an additional secrecy constraint for protection against a honest but curious relay. The constraint is that, while the relay should decode the XOR, it should be fully ignorant of the individual messages of the users. We exploit the symbol addition that occurs in a Gaussian MAC to design explicit strategies that achieve perfect independence between the received symbols and individual transmitted messages. Our results actually hold for a more general scenario where the messages at the two user nodes come from a finite Abelian group, and the relay must decode the sum within the group of the two messages. We pr...

  18. Constant-Overhead Secure Computation of Boolean Circuits using Preprocessing

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Zakarias, Sarah Nouhad Haddad

    We present a protocol for securely computing a Boolean circuit $C$ in presence of a dishonest and malicious majority. The protocol is unconditionally secure, assuming access to a preprocessing functionality that is not given the inputs to compute on. For a large number of players the work done...... by each player is the same as the work needed to compute the circuit in the clear, up to a constant factor. Our protocol is the first to obtain these properties for Boolean circuits. On the technical side, we develop new homomorphic authentication schemes based on asymptotically good codes...... with an additional multiplication property. We also show a new algorithm for verifying the product of Boolean matrices in quadratic time with exponentially small error probability, where previous methods would only give a constant error....

  19. Design and Implementation of Enhanced Secured Cloud Computing

    Directory of Open Access Journals (Sweden)

    M. Gayatri

    2014-03-01

    Full Text Available Cloud computing plays a major role in providing different resources in the form of web services like tax calculation web service, e-banking web service etc., for smooth running of our daily lives. We can rely on cloud computing if these useful web services are really secure enough to use. This paper focuses on analyzing limitations of current cryptographic schemes used in providing security to data on cloud and highlights the usage of Elliptic Curve Cryptography scheme (ECC used in cloud based applications and implements Elliptic curve digital signature algorithm on cloud data and compares its performance with RSA based scheme. The performance of elliptic curve cryptosystem heavily depends on an operation called point multiplication. In this paper a new point multiplication method using modified base representation is used. This method reduces the point addition as well as pint doubling operations thereby increasing the efficiency of computing time in performing encryption and decryption operations

  20. Researches on Grid Security Authentication Algorithm in Cloud Computing

    OpenAIRE

    Keshou Wu; Lizhao Liu; Jian Liu; Weifeng Li; Gang Xie; Xiaona Tong; Yun Lin

    2011-01-01

    Focusing on multi-machine distributed computing security problems in cloud computing, the paper has proposed a grid distributed parallel authentication model based on trusted computing, which can realize simultaneous verification of grid authentication and grid behavior on upper layer of SSL and&...

  1. Protecting Terminals by Security Domain Mechanism Based on Trusted Computing

    Institute of Scientific and Technical Information of China (English)

    ZHOU Zheng; ZHANG Jun; LI Jian; LIU Yi

    2006-01-01

    Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and access or breaking the conditions only under witch attack or virus can be invoked in those terminals would be the most effective way to protect information systems. The concept of trusted computing was first introduced into terminal virus immunity. Then a model of security domain mechanism based on trusted computing to protect computers from proposed from abstracting the general information systems. The principle of attack resistant and venture limitation of the model was demonstrated by means of mathematical analysis, and the realization of the model was proposed.

  2. Quantum And Relativistic Protocols For Secure Multi-Party Computation

    CERN Document Server

    Colbeck, Roger

    2009-01-01

    After a general introduction, the thesis is divided into four parts. In the first, we discuss the task of coin tossing, principally in order to highlight the effect different physical theories have on security in a straightforward manner, but, also, to introduce a new protocol for non-relativistic strong coin tossing. This protocol matches the security of the best protocol known to date while using a conceptually different approach to achieve the task. In the second part variable bias coin tossing is introduced. This is a variant of coin tossing in which one party secretly chooses one of two biased coins to toss. It is shown that this can be achieved with unconditional security for a specified range of biases, and with cheat-evident security for any bias. We also discuss two further protocols which are conjectured to be unconditionally secure for any bias. The third section looks at other two-party secure computations for which, prior to our work, protocols and no-go theorems were unknown. We introduce a gene...

  3. Bootstrapped Oblivious Transfer and Secure Two-Party Function Computation

    CERN Document Server

    Wang, Ye

    2009-01-01

    We propose an information theoretic framework for the secure two-party function computation (SFC) problem and introduce the notion of SFC capacity. We study and extend string oblivious transfer (OT) to sample-wise OT. We propose an efficient, perfectly private OT protocol utilizing the binary erasure channel or source. We also propose the bootstrap string OT protocol which provides disjoint (weakened) privacy while achieving a multiplicative increase in rate, thus trading off security for rate. Finally, leveraging our OT protocol, we construct a protocol for SFC and establish a general lower bound on SFC capacity of the binary erasure channel and source.

  4. X.509 Authentication Services to Enhance the Data Security in Cloud Computing

    OpenAIRE

    Surbhi Chauhan; Kamal Kant; Arjun Singh

    2012-01-01

    This paper represents a method to build a Cloud Security by giving concept of X.509 authentication services. We are discussing theory of cloud computing, feature of cloud computing and cloud security .We proposed a X.509 format to enhances data security in cloud (Public). Cloud computing is a new computational paradigm that offers an innovative business model for organization.

  5. A Protocol for Provably Secure Authentication of a Tiny Entity to a High Performance Computing One

    Directory of Open Access Journals (Sweden)

    Siniša Tomović

    2016-01-01

    Full Text Available The problem of developing authentication protocols dedicated to a specific scenario where an entity with limited computational capabilities should prove the identity to a computationally powerful Verifier is addressed. An authentication protocol suitable for the considered scenario which jointly employs the learning parity with noise (LPN problem and a paradigm of random selection is proposed. It is shown that the proposed protocol is secure against active attacking scenarios and so called GRS man-in-the-middle (MIM attacking scenarios. In comparison with the related previously reported authentication protocols the proposed one provides reduction of the implementation complexity and at least the same level of the cryptographic security.

  6. 77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Science.gov (United States)

    2012-12-18

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Office of Personnel Management (OPM))--Match Number 1307 AGENCY: Social Security Administration....

  7. 75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

    Science.gov (United States)

    2010-02-01

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match Number 1308 AGENCY: Social Security Administration...

  8. Computer Security: today’s paranoia, tomorrow’s reality

    CERN Multimedia

    Computer Security Team

    2014-01-01

    When the Internet opened its gates to academia in the late 80s and, together with the World Wide Web a few years later, to the general public, computer security was considered somehow irrelevant. People pointing to vulnerabilities and security risks (“hackers”) were labelled as paranoid. But they woke to reality during the outbreak of the “ILOVEYOU” virus in 2000, which caused large scale infections of Windows PCs (including many at CERN).    Similarly, warnings about weaknesses and insecure control systems, issued by CERN and others (see our Bulletin article “Hacking control systems, switching lights off!"), were ignored until the “Stuxnet” attack against control systems in Iran proved them right in 2010. Reality beat 'paranoia' again. Last year, the paranoid fear of many security experts that our whole IT infrastructure might have been infiltrated and spied on turned real, if you believe ...

  9. Techniques for Efficiently Ensuring Data Storage Security in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Vasu Raju

    2011-09-01

    Full Text Available The Cloud Computing is the next generation architecture of IT Enterprise. It moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. Here, focus is on cloud data storage security, an important aspect of quality of service. To ensure the correctness of users’ data in the cloud, we propose an effective and flexible distributed scheme with two salient features. By utilizing the homomorphic token with distributed verification of erasure-coded data, the scheme achieves the integration of storage correctness and data error localization. The new scheme further supports secure and efficient dynamic operations on data blocks, including: data update, delete and append. Extensive security and performance analysis shows that the proposed scheme is efficient and resilient against Byzantine failure, malicious data modification attack, and server colluding attacks.

  10. Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation

    Science.gov (United States)

    Wen, Qiaoyan; Zhang, Hua; Jin, Zhengping; Li, Wenmin

    2014-01-01

    We focus on how to securely outsource computation task to the cloud and propose a secure outsourcing multiparty computation protocol on lattice-based encrypted data in two-cloud-servers scenario. Our main idea is to transform the outsourced data respectively encrypted by different users' public keys to the ones that are encrypted by the same two private keys of the two assisted servers so that it is feasible to operate on the transformed ciphertexts to compute an encrypted result following the function to be computed. In order to keep the privacy of the result, the two servers cooperatively produce a custom-made result for each user that is authorized to get the result so that all authorized users can recover the desired result while other unauthorized ones including the two servers cannot. Compared with previous research, our protocol is completely noninteractive between any users, and both of the computation and the communication complexities of each user in our solution are independent of the computing function. PMID:24982949

  11. Two-cloud-servers-assisted secure outsourcing multiparty computation.

    Science.gov (United States)

    Sun, Yi; Wen, Qiaoyan; Zhang, Yudong; Zhang, Hua; Jin, Zhengping; Li, Wenmin

    2014-01-01

    We focus on how to securely outsource computation task to the cloud and propose a secure outsourcing multiparty computation protocol on lattice-based encrypted data in two-cloud-servers scenario. Our main idea is to transform the outsourced data respectively encrypted by different users' public keys to the ones that are encrypted by the same two private keys of the two assisted servers so that it is feasible to operate on the transformed ciphertexts to compute an encrypted result following the function to be computed. In order to keep the privacy of the result, the two servers cooperatively produce a custom-made result for each user that is authorized to get the result so that all authorized users can recover the desired result while other unauthorized ones including the two servers cannot. Compared with previous research, our protocol is completely noninteractive between any users, and both of the computation and the communication complexities of each user in our solution are independent of the computing function.

  12. Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation

    Directory of Open Access Journals (Sweden)

    Yi Sun

    2014-01-01

    Full Text Available We focus on how to securely outsource computation task to the cloud and propose a secure outsourcing multiparty computation protocol on lattice-based encrypted data in two-cloud-servers scenario. Our main idea is to transform the outsourced data respectively encrypted by different users’ public keys to the ones that are encrypted by the same two private keys of the two assisted servers so that it is feasible to operate on the transformed ciphertexts to compute an encrypted result following the function to be computed. In order to keep the privacy of the result, the two servers cooperatively produce a custom-made result for each user that is authorized to get the result so that all authorized users can recover the desired result while other unauthorized ones including the two servers cannot. Compared with previous research, our protocol is completely noninteractive between any users, and both of the computation and the communication complexities of each user in our solution are independent of the computing function.

  13. FS-OpenSecurity: A Taxonomic Modeling of Security Threats in SDN for Future Sustainable Computing

    Directory of Open Access Journals (Sweden)

    Yunsick Sung

    2016-09-01

    Full Text Available Software Defined Networking (SDN has brought many changes in terms of the interaction processes between systems and humans. It has become the key enabler of software defined architecture, which allows enterprises to build a highly agile Information Technology (IT infrastructure. For Future Sustainability Computing (FSC, SDN needs to deliver on many information technology commitments—more automation, simplified design, increased agility, policy-based management, and network management bond to more liberal IT workflow systems. To address the sustainability problems, SDN needs to provide greater collaboration and tighter integration with networks, servers, and security teams that will have an impact on how enterprises design, plan, deploy and manage networks. In this paper, we propose FS-OpenSecurity, which is a new and pragmatic security architecture model. It consists of two novel methodologies, Software Defined Orchestrator (SDO and SQUEAK, which offer a robust and secure architecture. The secure architecture is required for protection from diverse threats. Usually, security administrators need to handle each threat individually. However, handling threats automatically by adapting to the threat landscape is a critical demand. Therefore, the architecture must handle defensive processes automatically that are collaboratively based on intelligent external and internal information.

  14. Information security: where computer science, economics and psychology meet.

    Science.gov (United States)

    Anderson, Ross; Moore, Tyler

    2009-07-13

    Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

  15. Policy-Based Security for Wireless Components in High Assurance Computer Systems

    OpenAIRE

    L. A. Wahsheh; J. Alves-Foss

    2007-01-01

    To enable the growth of wireless networks in high assurance computer systems, it is essential to establish a security engineering methodology that provides system security managers with a procedural engineering process to develop computer security policies. Our research demonstrates how wireless communication technology is deployed using the Multiple Independent Levels of Security (MILS) architecture for high assurance computer system design of security and safety-critical multi-enclave syste...

  16. 16th Department of Energy Computer Security Group Training Conference: Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    1994-04-01

    Various topic on computer security are presented. Integrity standards, smartcard systems, network firewalls, encryption systems, cryptography, computer security programs, multilevel security guards, electronic mail privacy, the central intelligence agency, internet security, and high-speed ATM networking are typical examples of discussed topics. Individual papers are indexed separately.

  17. Automated procedure for performing computer security risk analysis

    International Nuclear Information System (INIS)

    Computers, the invisible backbone of nuclear safeguards, monitor and control plant operations and support many materials accounting systems. Our automated procedure to assess computer security effectiveness differs from traditional risk analysis methods. The system is modeled as an interactive questionnaire, fully automated on a portable microcomputer. A set of modular event trees links the questionnaire to the risk assessment. Qualitative scores are obtained for target vulnerability, and qualitative impact measures are evaluated for a spectrum of threat-target pairs. These are then combined by a linguistic algebra to provide an accurate and meaningful risk measure. 12 references, 7 figures

  18. A Domain-Specific Programming Language for Secure Multiparty Computation

    DEFF Research Database (Denmark)

    Nielsen, Janus Dam; Schwartzbach, Michael Ignatieff

    2007-01-01

    We present a domain-specific programming language for Secure Multiparty Computation (SMC). Information is a resource of vital importance and considerable economic value to individuals, public administration, and private companies. This means that the confidentiality of information is crucial......, but at the same time significant value can often be obtained by combining confidential information from various sources. This fundamental conflict between the benefits of confidentiality and the benefits of information sharing may be overcome using the cryptographic method of SMC where computations are performed...

  19. 78 FR 38949 - Computer Security Incident Coordination (CSIC): Providing Timely Cyber Incident Response

    Science.gov (United States)

    2013-06-28

    ... From the Federal Register Online via the Government Publishing Office DEPARTMENT OF COMMERCE National Institute of Standards and Technology Computer Security Incident Coordination (CSIC): Providing... Technology (NIST) is seeking information relating to Computer Security Incident Coordination (CSIC). NIST...

  20. Computer Security: Protect your plant: a "serious game" about control system cyber-security

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Control system cyber-security is attracting increasing attention: from cybercriminals, from the media and from security researchers.   After the legendary “Stuxnet” attacks of 2010 against an Iranian uranium enrichment plant, the infiltration of Saudi Aramco in 2012, and most recently the hacking of German blast furnaces, we should be prepared. Just imagine what would happen if hackers turned off the lights in Geneva and the Pays-de-Gex for a month? (“Hacking control systems, switching lights off!"). Or if attackers infiltrated CERN’s accelerator or experiment control systems and stopped us from pursuing our core business: delivering beams and recording particle collisions (“Hacking control systems, switching... accelerators off?"). Now you can test your ability to protect an industrial plant against cyber-threats! The Computer Security Team, in collaboration with Kaspersky Lab, is organising a so-...

  1. On Data and Virtualization Security Risks and Solutions of Cloud Computing

    OpenAIRE

    Xiangyang Luo; Lin Yang; Dai Hao; Fenlin Liu; Daoshun Wang

    2014-01-01

    Data security and virtualization security issues are two key bottlenecks restricting the application of cloud computing promoting and applications, especially for the Cloud-based media computing system. In this paper, states of the art of the techniques on cloud computing data security issues, such as data encryption, access control, integrity authentication and other issues is surveyed, on this basis, the key technical issues of the cloud computing data security should concern about and focu...

  2. WLAN Security-Active Attack of WLAN Secure Network

    Directory of Open Access Journals (Sweden)

    Anil Kumar Singh

    2011-05-01

    Full Text Available In Wireless Local Area Network data transfer from one node to another node via air in the form of radio waves. There is no physical medium for transferring the data like traditional LAN. Because of its susceptible nature WLAN can open the door for the intruders and attackers that can come from any direction. Security is the most important element in WLAN. MAC address filtering is one of the security methods for securing the WLAN. But it is also vulnerable. In this paper we will demonstrate how hackers exploit the WLAN vulnerability (Identity theft of legitimate user to access the Wireless Local Area Network.

  3. Writing Across the Curriculum -- An Online Course in Computer Security

    Directory of Open Access Journals (Sweden)

    Neelu Sinha

    2006-01-01

    Full Text Available Writing fosters both critical thinking and student learning, serving as one of the most effective ways to understand a topic. Writing across the Curriculum (WAC began in the late 1970’s, as a pedagogical reform movement in response to a perceived deficiency in literacy among college students. Over the past two decades universities have worked to broaden the scope of student writing from composition classes to classes in the students’ major. This paper chronicles the application of WAC into the discipline of Computer Science. The purpose of this study is to develop an online Computer Security course (for sophomores and juniors in Computer Science, under the umbrella of WAC, to help improve the students’ writing overall and focus on skills students require in upper level courses in the major. Developing this course as an online course (rather than a traditional face-to-face course offers flexible configurability and scalability, features that are useful to prepare students for constantly changing real world security challenges. This paper includes all aspects of course design and insight into lessons learned. Results indicate that both the faculty and students benefit from such a writing intensive course. Reading and responding to the students’ writing enables faculty to gain valuable insights into the students’ thoughts, ideas, problems, and other issues. Students reported increased knowledge and comprehension of the subject material, deeper understanding of the conventions within Computer Science, improved analysis and reporting skills, ability to understand and present abstract concepts effectively, and skill in producing professional documents.

  4. A Survey on Security Issues in Cloud Computing

    CERN Document Server

    Bhadauria, Rohit; Chaki, Nabendu; Sanyal, Sugata

    2011-01-01

    Cloud Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for the IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet for lightweight portable devices. This would allow many-fold increase in the capacity or capabilities of the existing and new software. In a cloud computing environment, the entire data reside over a set of networked resources, enabling the data to be accessed through virtual machines. Since these data centers may lie in any corner of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and taken care of. Also, one can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario. This extensive survey paper aims...

  5. State of the Art of Network Security Perspectives in Cloud Computing

    Science.gov (United States)

    Oh, Tae Hwan; Lim, Shinyoung; Choi, Young B.; Park, Kwang-Roh; Lee, Heejo; Choi, Hyunsang

    Cloud computing is now regarded as one of social phenomenon that satisfy customers' needs. It is possible that the customers' needs and the primary principle of economy - gain maximum benefits from minimum investment - reflects realization of cloud computing. We are living in the connected society with flood of information and without connected computers to the Internet, our activities and work of daily living will be impossible. Cloud computing is able to provide customers with custom-tailored features of application software and user's environment based on the customer's needs by adopting on-demand outsourcing of computing resources through the Internet. It also provides cloud computing users with high-end computing power and expensive application software package, and accordingly the users will access their data and the application software where they are located at the remote system. As the cloud computing system is connected to the Internet, network security issues of cloud computing are considered as mandatory prior to real world service. In this paper, survey and issues on the network security in cloud computing are discussed from the perspective of real world service environments.

  6. Secure Data Sharing in Cloud Computing using Hybrid cloud

    Directory of Open Access Journals (Sweden)

    Er. Inderdeep Singh

    2015-06-01

    Full Text Available Cloud computing is fast growing technology that enables the users to store and access their data remotely. Using cloud services users can enjoy the benefits of on-demand cloud applications and data with limited local infrastructure available with them. While accessing the data from cloud, different users may have relationship among them depending on some attributes, and thus sharing of data along with user privacy and data security becomes important to get effective results. Most of the research has been done to secure the data authentication so that user’s don’t lose their private data stored on public cloud. But still data sharing is a significant hurdle to overcome by researchers. Research is going on to provide secure data sharing with enhanced user privacy and data access security. In this paper various research and challenges in this area are discussed in detail. It will definitely help the cloud users to understand the topic and researchers to develop a method to overcome these challenges.

  7. Secure Medical Images Sharing over Cloud Computing environment

    Directory of Open Access Journals (Sweden)

    Fatma E.-Z. A. Elgamal

    2013-06-01

    Full Text Available Nowadays, many applications have been appeared due to the rapid development in the term of telecommunication. One of these applications is the telemedicine where the patients' digital data can transfer between the doctors for farther diagnosis. Therefore, the protection of the exchanged medical data is essential especially when transferring these data in an insecure medium such as the cloud computing environment, where the security is considered a major issue. In this paper, two security approaches were presented to guarantee a secure sharing of medical images over the cloud computing environment by providing the mean of trust management between the authorized parities of these data and also allows the privacy sharing of the Electronic Patients' Records string data between those parities while preserving the shared medical image from the distortion. The first approach apply spatial watermarking technique while the second approach implements a hybrid spatial and transform techniques in order to achieve the needed goal. The experimental results show the efficiency of the proposed approaches and the robustness against various types of attacks.

  8. On Unconditionally Secure Computation with Vanishing Communication Cost

    CERN Document Server

    Wang, Ye; Sun, Wei; Ishwar, Prakash

    2010-01-01

    We propose a novel distortion-theoretic approach to a secure three-party computation problem. Alice and Bob have deterministic sequences, and Charlie wishes to compute a normalized sum-type function of those sequences. We construct three-party protocols that allow Charlie to compute the function with arbitrarily high accuracy, while maintaining unconditional privacy for Alice and Bob and achieving vanishing communication cost. This work leverages a striking dimensionality reduction that allows a high accuracy estimate to be produced from only a random subsampling of the sequences. The worst-case distortion of the estimate, across all arbitrary deterministic sequences of any length, is independent of the dimensionality (length) of the sequences and proportional to inverse square root of the number of samples that the estimate is based upon.

  9. Recent advances in computational intelligence in defense and security

    CERN Document Server

    Falcon, Rafael; Zincir-Heywood, Nur; Abbass, Hussein

    2016-01-01

    This volume is an initiative undertaken by the IEEE Computational Intelligence Society’s Task Force on Security, Surveillance and Defense to consolidate and disseminate the role of CI techniques in the design, development and deployment of security and defense solutions. Applications range from the detection of buried explosive hazards in a battlefield to the control of unmanned underwater vehicles, the delivery of superior video analytics for protecting critical infrastructures or the development of stronger intrusion detection systems and the design of military surveillance networks. Defense scientists, industry experts, academicians and practitioners alike will all benefit from the wide spectrum of successful applications compiled in this volume. Senior undergraduate or graduate students may also discover uncharted territory for their own research endeavors.

  10. Implementing AES via an Actively/Covertly Secure Dishonest-Majority MPC Protocol

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Keller, Marcel; Keller, Enrique;

    2012-01-01

    We describe an implementation of the protocol of Damgård, Pastro, Smart and Zakarias (SPDZ/Speedz) for multi-party computation in the presence of a dishonest majority of active adversaries. We present a number of modifications to the protocol; the first reduces the security to covert security...

  11. Techniques for Efficiently Ensuring Data Storage Security in Cloud Computing

    DEFF Research Database (Denmark)

    Banoth, Rajkumar

    2011-01-01

    The Cloud Computing is the next generation architecture of IT Enterprise. It moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. Here, focus is on cloud data storage security, an important aspect...... of quality of service. To ensure the correctness of users’ data in the cloud, we propose an effective and flexible distributed scheme with two salient features. By utilizing the homomorphic token with distributed verification of erasure-coded data, the scheme achieves the integration of storage correctness...

  12. Secure OpenID Authentication Model by Using Trusted Computing

    Directory of Open Access Journals (Sweden)

    E. Ghazizadeh

    2014-01-01

    Full Text Available The growth of Internet online services has been very quick in recent years. Each online service requires Internet users to create a new account to use the service. The problem can be seen when each user usually needs more than one service and, consequently, has numerous accounts. These numerous accounts have to be managed in a secure and simple way to be protected against identity theft. Single sign-on (SSO and OpenID have been used to decrease the complexity of managing numerous accounts required in the Internet identity environment. Trusted Platform Module (TPM and Trust Multitenancy are great trusted computing-based technologies to solve security concerns in the Internet identity environment. Since trust is one of the pillars of security in the cloud, this paper analyzes the existing cloud identity techniques in order to investigate their strengths and weaknesses. This paper proposes a model in which One Time Password (OTP, TPM, and OpenID are used to provide a solution against phishing as a common identity theft in cloud environment.

  13. Computationally Secure Pattern Matching in the Presence of Malicious Adversaries

    DEFF Research Database (Denmark)

    Hazay, Carmit; Toft, Tomas

    2010-01-01

    We propose a dedicated protocol for the highly motivated problem of secure two-party pattern matching: Alice holds a text t ∈ {0,1}*. of length n, while Bob has a pattern p ∈ {0,1}*. of length m. The goal is for Bob to learn where his pattern occurs in Alice's text. Our construction guarantees full...... simulation in the presence of malicious, polynomial-time adversaries (assuming that ElGamal encryption is semantically secure) and exhibits computation and communication costs of O(n + m) in a constant round complexity. In addition to the above, we propose a collection of protocols for variations...... of the secure pattern matching problem: The pattern may contain wildcards (O(nm) communication in O(1) rounds). The matches may be approximated, i.e., Hamming distance less than some threshold ((O(nm) communication in O(1) rounds). The length, m, of Bob's pattern is secret (O(nm) communication in O(1) rounds...

  14. Semiquantum key distribution with secure delegated quantum computation

    Science.gov (United States)

    Li, Qin; Chan, Wai Hong; Zhang, Shengyu

    2016-01-01

    Semiquantum key distribution allows a quantum party to share a random key with a “classical” party who only can prepare and measure qubits in the computational basis or reorder some qubits when he has access to a quantum channel. In this work, we present a protocol where a secret key can be established between a quantum user and an almost classical user who only needs the quantum ability to access quantum channels, by securely delegating quantum computation to a quantum server. We show the proposed protocol is robust even when the delegated quantum server is a powerful adversary, and is experimentally feasible with current technology. As one party of our protocol is the most quantum-resource efficient, it can be more practical and significantly widen the applicability scope of quantum key distribution.

  15. Security and computer forensics in web engineering education

    OpenAIRE

    Glisson, W.; Welland, R.; Glisson, L.M.

    2010-01-01

    The integration of security and forensics into Web Engineering curricula is imperative! Poor security in web-based applications is continuing to cost organizations millions and the losses are still increasing annually. Security is frequently taught as a stand-alone course, assuming that security can be 'bolted on' to a web application at some point. Security issues must be integrated into Web Engineering processes right from the beginning to create secure solutions and therefore security shou...

  16. Detecting Security threats in the Router using Computational Intelligence

    Directory of Open Access Journals (Sweden)

    J. Visumathi

    2010-04-01

    Full Text Available Information security is an issue of global concern. As the Internet is delivering great convenience and benefits to the modern society, the rapidly increasing connectivity and accessibility to the Internet is also posing a serious threat to security and privacy, to individuals, organizations, and nations alike. Finding effective ways to detect, prevent, and respond to intrusions and hacker attacks of networked computers and information systems. This paper presents a knowledge discovery frame work to detect DoS attacks at the boundary controllers (routers. The idea is to use machine learning approach to discover network features that can depict the state of the network connection. Using important network data (DoS relevant features, we have developed kernel machine based and soft computing detection mechanisms that achieve high detection accuracies. We also present our work of identifying DoS pertinent features and evaluating the applicability of these features in detecting novel DoS attacks. Architecture for detecting DoS attacks at the router is presented. We demonstrate that highly efficient and accurate signature based classifiers can be constructed by using important network features and machine learning techniques to detect DoS attacks at the boundary controllers.

  17. What then do we do about computer security?

    Energy Technology Data Exchange (ETDEWEB)

    Suppona, Roger A.; Mayo, Jackson R.; Davis, Christopher Edward; Berg, Michael J.; Wyss, Gregory Dane

    2012-01-01

    This report presents the answers that an informal and unfunded group at SNL provided for questions concerning computer security posed by Jim Gosler, Sandia Fellow (00002). The primary purpose of this report is to record our current answers; hopefully those answers will turn out to be answers indeed. The group was formed in November 2010. In November 2010 Jim Gosler, Sandia Fellow, asked several of us several pointed questions about computer security metrics. Never mind that some of the best minds in the field have been trying to crack this nut without success for decades. Jim asked Campbell to lead an informal and unfunded group to answer the questions. With time Jim invited several more Sandians to join in. We met a number of times both with Jim and without him. At Jim's direction we contacted a number of people outside Sandia who Jim thought could help. For example, we interacted with IBM's T.J. Watson Research Center and held a one-day, videoconference workshop with them on the questions.

  18. 移动计算安全性%Mobile Computing Security

    Institute of Scientific and Technical Information of China (English)

    胡健; 刘锦德

    2000-01-01

    In the first,security issues in open system that supports mobile computing are discussed in detail,and then the fundamental principle for building a security system in the environment of mobile computing is given.According to the principle,security issues and policies related to mobile code programming language and mobile agent system are further discussed.

  19. Security Model for Microsoft Based Mobile Sales Management Application in Private Cloud Computing

    Directory of Open Access Journals (Sweden)

    Kuan Chee Houng

    2013-05-01

    Full Text Available The Microsoft-based mobile sales management application is a sales force management application that currently running on Windows Mobile 6.5. It handles sales-related activity and cuts down the administrative task of sales representative. Then, Windows launch a new mobile operating system, Windows Phone and stop providing support to Windows Mobile. This has become an obstacle for Windows Mobile development. From time to time, Windows Mobile will be eliminated from the market due to no support provided by Microsoft. Besides that, Windows Mobile application cannot run on Windows Phone mobile operating system due to lack of compatibility. Therefore, applications those run on Windows Mobile need to find a solution addressing this problem. The rise of cloud computing technology in delivering software as a service becomes a solution. The Microsoft-based mobile sales management application delivers a service to run in a web browser, rather than limited by certain type of mobile that run the Windows Mobile operating system. However, there are some security issues need to concern in order to deliver the Microsoft-based mobile application as a service in private cloud computing. Therefore, security model is needed to answer the security issues in private cloud computing. This research is to propose a security model for the Microsoft-based mobile sales management application in private cloud computing. Lastly, a User Acceptance Test (UAT is carried out to test the compatibility between proposed security model of Microsoft-based mobile sales management application in a private cloud and tablet computers.

  20. Review of Enabling Technologies to Facilitate Secure Compute Customization

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pelfrey, Daniel S [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2014-12-01

    High performance computing environments are often used for a wide variety of workloads ranging from simulation, data transformation and analysis, and complex workflows to name just a few. These systems may process data for a variety of users, often requiring strong separation between job allocations. There are many challenges to establishing these secure enclaves within the shared infrastructure of high-performance computing (HPC) environments. The isolation mechanisms in the system software are the basic building blocks for enabling secure compute enclaves. There are a variety of approaches and the focus of this report is to review the different virtualization technologies that facilitate the creation of secure compute enclaves. The report reviews current operating system (OS) protection mechanisms and modern virtualization technologies to better understand the performance/isolation properties. We also examine the feasibility of running ``virtualized'' computing resources as non-privileged users, and providing controlled administrative permissions for standard users running within a virtualized context. Our examination includes technologies such as Linux containers (LXC [32], Docker [15]) and full virtualization (KVM [26], Xen [5]). We categorize these different approaches to virtualization into two broad groups: OS-level virtualization and system-level virtualization. The OS-level virtualization uses containers to allow a single OS kernel to be partitioned to create Virtual Environments (VE), e.g., LXC. The resources within the host's kernel are only virtualized in the sense of separate namespaces. In contrast, system-level virtualization uses hypervisors to manage multiple OS kernels and virtualize the physical resources (hardware) to create Virtual Machines (VM), e.g., Xen, KVM. This terminology of VE and VM, detailed in Section 2, is used throughout the report to distinguish between the two different approaches to providing virtualized execution

  1. Security approaches in using tablet computers for primary data collection in clinical research.

    Science.gov (United States)

    Wilcox, Adam B; Gallagher, Kathleen; Bakken, Suzanne

    2013-01-01

    Next-generation tablets (iPads and Android tablets) may potentially improve the collection and management of clinical research data. The widespread adoption of tablets, coupled with decreased software and hardware costs, has led to increased consideration of tablets for primary research data collection. When using tablets for the Washington Heights/Inwood Infrastructure for Comparative Effectiveness Research (WICER) project, we found that the devices give rise to inherent security issues associated with the potential use of cloud-based data storage approaches. This paper identifies and describes major security considerations for primary data collection with tablets; proposes a set of architectural strategies for implementing data collection forms with tablet computers; and discusses the security, cost, and workflow of each strategy. The paper briefly reviews the strategies with respect to their implementation for three primary data collection activities for the WICER project.

  2. "Glitch Logic" and Applications to Computing and Information Security

    Science.gov (United States)

    Stoica, Adrian; Katkoori, Srinivas

    2009-01-01

    This paper introduces a new method of information processing in digital systems, and discusses its potential benefits to computing and information security. The new method exploits glitches caused by delays in logic circuits for carrying and processing information. Glitch processing is hidden to conventional logic analyses and undetectable by traditional reverse engineering techniques. It enables the creation of new logic design methods that allow for an additional controllable "glitch logic" processing layer embedded into a conventional synchronous digital circuits as a hidden/covert information flow channel. The combination of synchronous logic with specific glitch logic design acting as an additional computing channel reduces the number of equivalent logic designs resulting from synthesis, thus implicitly reducing the possibility of modification and/or tampering with the design. The hidden information channel produced by the glitch logic can be used: 1) for covert computing/communication, 2) to prevent reverse engineering, tampering, and alteration of design, and 3) to act as a channel for information infiltration/exfiltration and propagation of viruses/spyware/Trojan horses.

  3. Researches on Grid Security Authentication Algorithm in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Keshou Wu

    2011-11-01

    Full Text Available Focusing on multi-machine distributed computing security problems in cloud computing, the paper has proposed a grid distributed parallel authentication model based on trusted computing, which can realize simultaneous verification of grid authentication and grid behavior on upper layer of SSL and TLS protocols. Adaptive grid authentication method is established applying adaptive stream cipher framework; an adaptive stream cipher heuristic code generator and k-means heuristic behavior trust query function is proposed and acted as authentication kernel. Through comparison of the test results of TLS and SSL authentication protocol and the new grid authentication method, the effectiveness of the new grid authentication method has been explained.

  4. Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery

    OpenAIRE

    Sasse, M. A.

    2003-01-01

    This paper reviews past and current work on usability of security mechanisms. Given that most users interact with computer security on a daily basis, it is astonishing how little interest the CHI community has taken in the design of security systems. Many usability problems associated with security mechanisms could be avoided through application of basic usability knowledge and methods. At the same time, the design of security systems raises some issues that cannot be met with existing CHI kn...

  5. Cloud Computing Application of Personal Information's Security in Network Sales-channels

    OpenAIRE

    Sun Qiong; Min Liu; Shiming Pang

    2013-01-01

    With the promotion of Internet sales, the security of personal information to network users have become increasingly demanding. The existing network of sales channels has personal information security risks, vulnerable to hacker attacking. Taking full advantage of cloud security management strategy, cloud computing security management model is introduced to the network sale of personal information security applications, which is to solve the problem of information leakage. Then we proposed me...

  6. Cloud Computing Application of Personal Information's Security in Network Sales-channels

    Directory of Open Access Journals (Sweden)

    Sun Qiong

    2013-07-01

    Full Text Available With the promotion of Internet sales, the security of personal information to network users have become increasingly demanding. The existing network of sales channels has personal information security risks, vulnerable to hacker attacking. Taking full advantage of cloud security management strategy, cloud computing security management model is introduced to the network sale of personal information security applications, which is to solve the problem of information leakage. Then we proposed membership-based cloud service provided selection policy. By exploring the prospects of cloud computing in Internet sales, we try to solve the problem of the security of personal information in this channel.

  7. Evaluation of Secure Computation in a Distributed Healthcare Setting.

    Science.gov (United States)

    Kimura, Eizen; Hamada, Koki; Kikuchi, Ryo; Chida, Koji; Okamoto, Kazuya; Manabe, Shirou; Kuroda, Tomohiko; Matsumura, Yasushi; Takeda, Toshihiro; Mihara, Naoki

    2016-01-01

    Issues related to ensuring patient privacy and data ownership in clinical repositories prevent the growth of translational research. Previous studies have used an aggregator agent to obscure clinical repositories from the data user, and to ensure the privacy of output using statistical disclosure control. However, there remain several issues that must be considered. One such issue is that a data breach may occur when multiple nodes conspire. Another is that the agent may eavesdrop on or leak a user's queries and their results. We have implemented a secure computing method so that the data used by each party can be kept confidential even if all of the other parties conspire to crack the data. We deployed our implementation at three geographically distributed nodes connected to a high-speed layer two network. The performance of our method, with respect to processing times, suggests suitability for practical use.

  8. A Study of Implementing an Information Security Management System for Open Source Cloud Computing

    Directory of Open Access Journals (Sweden)

    George Suciu

    2012-09-01

    Full Text Available An Information Security Management System (ISMS contains a coordinated set of activities, processes, controls, and policies with the purpose of protecting and managing the information assets within an organization. In this paper we present the way in which an ISMS as specified in the ISO 27001 can be applied for the cloud and implemented on our test platform based on SlapOS, the first open source provisioning and billing system for distributed cloud computing. The goal of this paper is to demonstrate a new and easier way to manage security for the cloud, with a specific focus on distributed cloud computing. We will present the results measured by applying ISMS controls for ensuring levels of QoS and SLA according to contracts, moreover also optimizing the costs and resources used by the cloud platform.

  9. CERN Computing Colloquium | Computer Security in 2016: Where are we and what to expect | 8 February

    CERN Multimedia

    2016-01-01

    Computer Security in 2016: Where are we and what to expect  by Sebastian Lopienski, CERN-IT Monday 8 February from 11 a.m. to 12 p.m http://cseminar.web.cern.ch/cseminar/ at CERN, Council Chamber (503-1-001)  Description: Attacks against computer systems, belonging both to individuals and organisations, are an everyday reality. How many times have we heard about supposedly well protected companies and online services at the mercy of cyber criminals, or governments accusing other nation states of cyber espionage. Only the most serious breaches and biggest data leaks continue to make the headlines. But really, how secure is our data, computers and networks? What is happening behind the scenes? Is it actually possible to avoid the vulnerabilities, or detect the resulting exploits? This talk will address these questions and provide a high-level overview of security trends in the last year or two. It will include information on emerging typ...

  10. Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

    Science.gov (United States)

    Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

    2016-08-01

    Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

  11. Computer Security: When a person leaves - access rights remain!

    CERN Multimedia

    Computer Security Team

    2014-01-01

    We have been contacted recently by an embarrassed project manager who just figured out that a student who left at the end of 2013 still had access rights to read the whole project folder in February 2014: “How can that be?! In any other company, access rights would be purged at the same time as an employment contract terminates." Not so at CERN.   CERN has always been an open site with an open community. Physical access to the site is lightweight and you just need to have your CERN access card at hand. Further restrictions have only been put in place where safety or security really require them, and CERN does not require you to keep your access card on display. The same holds for the digital world. Once registered at CERN - either by contract, via your experiment or through the Users' office - you own a computing account that provides you with access to a wide variety of computing services. For example, last year 9,730 students/technicians/engineers/researchers/sta...

  12. VCC-SSF: Service-Oriented Security Framework for Vehicular Cloud Computing

    Directory of Open Access Journals (Sweden)

    Won Min Kang

    2015-02-01

    Full Text Available Recently, as vehicle computing technology has advanced, the paradigm of the vehicle has changed from a simple means of transportation to a smart vehicle for safety and convenience. In addition, the previous functions of the Intelligent Transportation System (ITS such as traffic accident prevention and providing traffic volume information have been combined with cloud computing. ITS services provide user-oriented broad services in the Vehicular Cloud Computing (VCC environment through efficient traffic management, traffic accident prevention, and convenience services. However, existing vehicle services focus on providing services using sensing information inside the vehicle and the system to provide the service through an interface with the external infrastructure is insufficient. In addition, because wireless networks are used in VCC environments, there is a risk of important information leakage from sensors inside the vehicle, such as driver personal identification and payment information at the time of goods purchase. We propose the VCC Service-oriented Security Framework (VCC-SSF to address the limitations and security threats of VCC-based services. The proposed framework considers security for convenient and efficient services of VCC and includes new user-oriented payment management and active accident management services. Furthermore, it provides authentication, encryption, access control, confidentiality, integrity, and privacy protection for user personal information and information inside the vehicle.

  13. Review of Enabling Technologies to Facilitate Secure Compute Customization

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pelfrey, Daniel S [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2014-12-01

    High performance computing environments are often used for a wide variety of workloads ranging from simulation, data transformation and analysis, and complex workflows to name just a few. These systems may process data for a variety of users, often requiring strong separation between job allocations. There are many challenges to establishing these secure enclaves within the shared infrastructure of high-performance computing (HPC) environments. The isolation mechanisms in the system software are the basic building blocks for enabling secure compute enclaves. There are a variety of approaches and the focus of this report is to review the different virtualization technologies that facilitate the creation of secure compute enclaves. The report reviews current operating system (OS) protection mechanisms and modern virtualization technologies to better understand the performance/isolation properties. We also examine the feasibility of running ``virtualized'' computing resources as non-privileged users, and providing controlled administrative permissions for standard users running within a virtualized context. Our examination includes technologies such as Linux containers (LXC [32], Docker [15]) and full virtualization (KVM [26], Xen [5]). We categorize these different approaches to virtualization into two broad groups: OS-level virtualization and system-level virtualization. The OS-level virtualization uses containers to allow a single OS kernel to be partitioned to create Virtual Environments (VE), e.g., LXC. The resources within the host's kernel are only virtualized in the sense of separate namespaces. In contrast, system-level virtualization uses hypervisors to manage multiple OS kernels and virtualize the physical resources (hardware) to create Virtual Machines (VM), e.g., Xen, KVM. This terminology of VE and VM, detailed in Section 2, is used throughout the report to distinguish between the two different approaches to providing virtualized execution

  14. Identity based Encryption and Biometric Authentication Scheme for Secure Data Access in Cloud Computing

    DEFF Research Database (Denmark)

    Cheng, Hongbing; Rong, Chunming; Tan, Zheng-Hua;

    2012-01-01

    Cloud computing will be a main information infrastructure in the future; it consists of many large datacenters which are usually geographically distributed and heterogeneous. How to design a secure data access for cloud computing platform is a big challenge. In this paper, we propose a secure data...... access scheme based on identity-based encryption and biometric authentication for cloud computing. Firstly, we describe the security concern of cloud computing and then propose an integrated data access scheme for cloud computing, the procedure of the proposed scheme include parameter setup, key...... distribution, feature template creation, cloud data processing and secure data access control. Finally, we compare the proposed scheme with other schemes through comprehensive analysis and simulation. The results show that the proposed data access scheme is feasible and secure for cloud computing....

  15. A Review on Cloud Computing: Design Challenges in Architecture and Security

    OpenAIRE

    Hu, Fei; Qiu, Meikang; Li, Jiayin; Grant, Travis; Taylor, Drew; McCaleb, Seth; Butler, Lee; Hamner, Richard

    2011-01-01

    Cloud computing is becoming a powerful network architecture to perform large-scale and complex computing.In this paper, we will comprehensively survey the concepts and architecture of cloud computing, as well as its security and privacy issues. We will compare different cloud models, trust/reputation models and privacy-preservation schemes. Their pros and cons are discussed for each cloud computing security and architecture strategy.

  16. Preaching What We Practice: Teaching Ethical Decision-Making to Computer Security Professionals

    Science.gov (United States)

    Fleischmann, Kenneth R.

    The biggest challenge facing computer security researchers and professionals is not learning how to make ethical decisions; rather it is learning how to recognize ethical decisions. All too often, technology development suffers from what Langdon Winner terms technological somnambulism - we sleepwalk through our technology design, following past precedents without a second thought, and fail to consider the perspectives of other stakeholders [1]. Computer security research and practice involves a number of opportunities for ethical decisions. For example, decisions about whether or not to automatically provide security updates involve tradeoffs related to caring versus user autonomy. Decisions about online voting include tradeoffs between convenience and security. Finally, decisions about routinely screening e-mails for spam involve tradeoffs of efficiency and privacy. It is critical that these and other decisions facing computer security researchers and professionals are confronted head on as value-laden design decisions, and that computer security researchers and professionals consider the perspectives of various stakeholders in making these decisions.

  17. Cloud Computing Adoption Framework – a security framework for business clouds

    OpenAIRE

    Chang, Victor; Kuo, Yen-Hung; Ramachandran, Muthu

    2016-01-01

    This paper presents a Cloud Computing Adoption Framework (CCAF) security suitable for business clouds. CCAF multi-layered security is based on the development and integration of three major security technologies: firewall, identity management and encryption based on the development of Enterprise File Sync and Share technologies. This paper presents our motivation, related work and our views on security framework. Core technologies have been explained in details and experiments were designed t...

  18. Application of Trusted Computing to Secure Video Broadcasts to Mobile Receivers

    OpenAIRE

    Gallery, Eimear; Tomlinson, Allan; Delicata, Rob

    2006-01-01

    This paper addresses the problem of configuring mobile devices to receive broadcast services protected by legacy conditional access systems. The protocols apply the concepts of trusted computing to allow a mobile host to demonstrate that it is secure, before any application or associated keys are securely downloaded. Thus the protocols are applicable anywhere a secure download is required. A general analysis of the security of the protocols is presented, followed by the r...

  19. 77 FR 43639 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Science.gov (United States)

    2012-07-25

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA.... ACTION: Notice of a renewal of an existing computer matching program that expired on May 10,...

  20. 77 FR 54943 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

    Science.gov (United States)

    2012-09-06

    ... From the Federal Register Online via the Government Publishing Office SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA.... ACTION: Notice of a renewal of an existing computer matching program that will expire on October 1,...

  1. Case Study: Creation of a Degree Program in Computer Security. White Paper.

    Science.gov (United States)

    Belon, Barbara; Wright, Marie

    This paper reports on research into the field of computer security, and undergraduate degrees offered in that field. Research described in the paper reveals only one computer security program at the associate's degree level in the entire country. That program, at Texas State Technical College in Waco, is a 71-credit-hour program leading to an…

  2. EFFICIENT RANKED AND SECURE FILE RETRIEVAL IN CLOUD COMPUTING

    Directory of Open Access Journals (Sweden)

    J. Jospin Jeya

    2014-01-01

    Full Text Available Cloud computing facilitates extremely scalable services that can be consumed over internet. An important aspect of the cloud services is that user data are stored remotely in unknown machines in which users do not posses or manage. Since the data’s are stored remotely, we have to keep in mind that sensitive cloud data have to be encrypted before they are outsourced to the commercial public cloud, which makes efficient data utilization service. Searchable encryption file retrieval technique allows users to securely search over encrypted data through search word. Ranking the files based on relevance scores greatly enhances system usability by making it possible relevance ranking instead of sending unwanted results and further ensures the file retrieval accuracy. In this study, we are developing an automated system for both named and un-named documents based on the clustering algorithms. We implement the ranking and searching algorithm to retrieve top k files. We also provides the mapping and encryption algorithm to protect the information. The resulting design is able to provide efficient ranking which will reduce the search time drastically and reduce the communication overhead. The mapping and encryption algorithms protect document against an outside attackers and prevent an untrusted cloud data provider from learning data.

  3. Computer Security for Commercial Nuclear Power Plants - Literature Review for Korea Hydro Nuclear Power Central Research Institute

    Energy Technology Data Exchange (ETDEWEB)

    Duran, Felicia Angelica [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States). Security Systems Analysis Dept.; Waymire, Russell L. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States). Security Systems Analysis Dept.

    2013-10-01

    Sandia National Laboratories (SNL) is providing training and consultation activities on security planning and design for the Korea Hydro and Nuclear Power Central Research Institute (KHNPCRI). As part of this effort, SNL performed a literature review on computer security requirements, guidance and best practices that are applicable to an advanced nuclear power plant. This report documents the review of reports generated by SNL and other organizations [U.S. Nuclear Regulatory Commission, Nuclear Energy Institute, and International Atomic Energy Agency] related to protection of information technology resources, primarily digital controls and computer resources and their data networks. Copies of the key documents have also been provided to KHNP-CRI.

  4. A secure communications infrastructure for high-performance distributed computing

    Energy Technology Data Exchange (ETDEWEB)

    Foster, I.; Koenig, G.; Tuecke, S. [and others

    1997-08-01

    Applications that use high-speed networks to connect geographically distributed supercomputers, databases, and scientific instruments may operate over open networks and access valuable resources. Hence, they can require mechanisms for ensuring integrity and confidentially of communications and for authenticating both users and resources. Security solutions developed for traditional client-server applications do not provide direct support for the program structures, programming tools, and performance requirements encountered in these applications. The authors address these requirements via a security-enhanced version of the Nexus communication library; which they use to provide secure versions of parallel libraries and languages, including the Message Passing Interface. These tools permit a fine degree of control over what, where, and when security mechanisms are applied. In particular, a single application can mix secure and nonsecure communication, allowing the programmer to make fine-grained security/performance tradeoffs. The authors present performance results that quantify the performance of their infrastructure.

  5. Measuring Human Performance within Computer Security Incident Response Teams

    Energy Technology Data Exchange (ETDEWEB)

    McClain, Jonathan T. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Silva, Austin Ray [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Avina, Glory Emmanuel [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Forsythe, James C. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2015-09-01

    Human performance has become a pertinen t issue within cyber security. However, this research has been stymied by the limited availability of expert cyber security professionals. This is partly attributable to the ongoing workload faced by cyber security professionals, which is compound ed by the limited number of qualified personnel and turnover of p ersonnel across organizations. Additionally, it is difficult to conduct research, and particularly, openly published research, due to the sensitivity inherent to cyber ope rations at most orga nizations. As an alternative, the current research has focused on data collection during cyb er security training exercises. These events draw individuals with a range of knowledge and experience extending from seasoned professionals to recent college gradu ates to college students. The current paper describes research involving data collection at two separate cyber security exercises. This data collection involved multiple measures which included behavioral performance based on human - machine transactions and questionnaire - based assessments of cyber security experience.

  6. Energy-efficient and security-optimized AES hardware design for ubiquitous computing

    Institute of Scientific and Technical Information of China (English)

    Chen Yicheng; Zou Xuecheng; Liu Zhenglin; Han Yu; Zheng Zhaoxia

    2008-01-01

    Ubiquitous computing must incorporate a certain level of security.For the severely resource con-strained applications,the energy-efficient and small size cryptography algorithm implementation is a critical problem.Hardware implementations of the advanced encryption standard(AES)for authentication and encryption are presented.An energy consumption variable is derived to evaluate low-power design strategies for battery-powered devices.It proves that compact AES architectures fail to optimize the AES hardware energy,whereas reducing invalid switching activities and implementing power-optimized sub-modules are the reasonable methods.Implemen tations of different substitution box(S-Boxes)structures are presented with 0.25 μm 1.8 V CMOS(complementary metal oxide semiconductor)standard cell library.The comparisons and trade-offs among area,security,and power are explored.The experimental results show that Galois field composite S-Boxes have smaller size and higheat security but consume considerably more power,whereas decoder-switch-encoder S-Boxes have the best power characteristics with disadvantages in terms of size and security.The combination of these two type S-Boxes instead of homogeneous S-Boxes in AES circuit will lead to optimal schemes.The technique of latch-dividing data path is analyzed,and the quantitative simulation results demonstrate that this approach diminishes the glitches effectively at a very low hardware cost.

  7. Defining and Computing a Value Based Cyber-Security Measure

    Energy Technology Data Exchange (ETDEWEB)

    Aissa, Anis Ben [University of Tunis, Belvedere, Tunisia; Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

    2011-01-01

    In past work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities\\; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper we discuss the specification and design of a system that collects, updates and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

  8. Defining and Computing a Valued Based Cyber-Security Measure

    Energy Technology Data Exchange (ETDEWEB)

    Aissa, Anis Ben [University of Tunis, Belvedere, Tunisia; Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

    2012-01-01

    In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

  9. Unconditionally Secure Constant-Rounds Multi-party Computation for Equality, Comparison, Bits and Exponentiation

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Nielsen, Jesper Buus; Toft, Tomas;

    2006-01-01

    We show that if a set of players hold shares of a value aFp for some prime p (where the set of shares is written [a] p ), it is possible to compute, in constant rounds and with unconditional security, sharings of the bits of a, i.e., compute sharings [a 0] p , ..., [a ℓ− − 1] p such that ℓ = ⌈ log2...... p ⌉, a 0,...,a l − 1 ∈ {0,1} and a = ∑ i = 0 ℓ− − 1 a i 2 i . Our protocol is secure against active adversaries and works for any linear secret sharing scheme with a multiplication protocol. The complexity of our protocol is (llogl) invocations of the multiplication protocol for the underlying...... secret sharing scheme, carried out in (1) rounds. This result immediately implies solutions to other long-standing open problems such as constant-rounds and unconditionally secure protocols for deciding whether a shared number is zero, comparing shared numbers, raising a shared number to a shared...

  10. Proposal for a security management in cloud computing for health care.

    Science.gov (United States)

    Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

    2014-01-01

    Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

  11. Secure multi-party computation solution to Yao's millionaires' problem based on set-inclusion

    Institute of Scientific and Technical Information of China (English)

    LI Shundong; DAI Yiqi; YOU Qiyou

    2005-01-01

    Secure multi-party computation is a focus of international cryptography in recent years. Protocols for Yao's millionaires' problem have become an important building block of many secure multi-party computation protocols. Their efficiency are crucial to the efficiency of many secure multi-party computation protocols. Unfortunately, known protocols for Yao's millionaires' problem have high computational complexity or communication complexity. In this study, based on the 1-out-of-m oblivious transfer and set-inclusion problem, we propose a new protocol to solve this problem. This new protocol is very efficient in terms of both computational and communication complexities. Its privacy-preserving property is also proved by simulation paradigm which is generally accepted in the study of secure multi-party computation. We also compare the information leakage of our new protocol and the known protocols.

  12. Cloud Computing and Information Security%云计算与信息安全

    Institute of Scientific and Technical Information of China (English)

    叶加龙; 张公让

    2011-01-01

    This paper surveyed the development of information security. Cloud computing is a new technology, and provided the opportunities and challenges brought by cloud computing to information security. The basic concepts of cloud computing and security problem of cloud computing were explained, and through cloud computing user and service provider to analysis method of information security of cloud computing.%信息安全是当前计算机科学的一个研究热点;云计算是一个新的技术,给信息安全提供了挑战和机遇.介绍了云计算的基本概念、云计算的安全问题,通过云计算用户以及云计算服务提供商两方面分析了云计算中确保信息安全的方法.

  13. Proposal for a Security Management in Cloud Computing for Health Care

    Directory of Open Access Journals (Sweden)

    Knut Haufe

    2014-01-01

    Full Text Available Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

  14. A Comprehensive Study about Cloud Computing Security: Issues, Applications and Challenges

    Directory of Open Access Journals (Sweden)

    Sima Ghoflgary

    2014-11-01

    Full Text Available Cloud computing provides facilities for users to save their data or information in servers which are connected through Internet or Intranet. Further, users can run their applications with the help of software provided by cloud computing servers without installing that software in their own personal computers. Since many users access to cloud computing servers for various goals, therefore one of the main problem in this regard is providing security in access, usage, share or running users’ programs by cloud computing sources or servers. This paper attempts to study security issues, applications and its challenges on cloud computing

  15. Addressing security issues related to virtual institute distributed activities

    Science.gov (United States)

    Stytz, Martin R.; Banks, Sheila B.

    2008-03-01

    One issue confounding the development and experimentation of distributed modeling and simulation environments is the inability of the project team to identify and collaborate with resources, both human and technical, from outside the United States. This limitation is especially significant within the human behavior representation area where areas such as cultural effects research and joint command team behavior modeling require the participation of various cultural and national representatives. To address this limitation, as well as other human behavior representation research issues, NATO Research and Technology Organization initiated a project to develop a NATO virtual institute that enables more effective and more collaborative research into human behavior representation. However, in building and operating a virtual institute one of the chief concerns must be the cyber security of the institute. Because the institute "exists" in cyberspace, all of its activities are susceptible to cyberattacks, subterfuge, denial of service and all of the vulnerabilities that networked computers must face. In our opinion, for the concept of virtual institutes to be successful and useful, their operations and services must be protected from the threats in the cyber environment. A key to developing the required protection is the development and promulgation of standards for cyber security. In this paper, we discuss the types of cyber standards that are required, how new internet technologies can be exploited and can benefit the promulgation, development, maintenance, and robustness of the standards. This paper is organized as follows. Section One introduces the concept of the virtual institutes, the expected benefits, and the motivation for our research and for research in this area. Section Two presents background material and a discussion of topics related to VIs, uman behavior and cultural modeling, and network-centric warfare. Section Three contains a discussion of the

  16. A Survey on Mobile Cloud Computing with Embedded Security Considerations

    OpenAIRE

    Victor Onomza Waziri; Joshua Abah; Olumide Sunday Adewale; Muhammad Bashir Abdullahi

    2014-01-01

    The emergence of cloud computing hold a promise to computing where software is provided as a services (SaaS) via the Internet. Mobile cloud computing integrates cloud computing with mobile devices. By this architecture, certain challenges (e.g., battery life, storage, and bandwidth) of mobile devices are addressed. Cloud computing provides the foundation for mobile cloud computing through the delivery of services, software, storage and computational capacity over the Internet, thereby reducin...

  17. New Approaches to Practical Secure Two-Party Computation

    DEFF Research Database (Denmark)

    Nordholt, Peter Sebastian

    gates) takes 64 seconds, but when repeating the task 27 times it only takes less than 3 seconds per instance. • Second, we revisit the LEGO protocol of Nielsen and Orlandi presented at TCC 2009. Their protocol demonstrated a more efficient technique to get malicious security in secure two...

  18. Vulnerabilities and responsibilities: dealing with monsters in computer security

    NARCIS (Netherlands)

    Pieters, W.; Consoli, L.

    2009-01-01

    Purpose – The purpose of this paper is to analyze information security assessment in terms of cultural categories and virtue ethics, in order to explain the cultural origin of certain types of security vulnerabilities, as well as to enable a proactive attitude towards preventing such vulnerabilities

  19. Security for Service-Oriented On-Demand Grid Computing

    OpenAIRE

    Smith, Matthew

    2009-01-01

    The Grid computing paradigm is becoming a well established method for high performance computing. While the first generation of Grid computing solutions implemented their own proprietary interfaces, the introduction of the service-oriented computing paradigm and the corresponding web service standards into the field of Grid computing through the Open Grid Services Architecture (OGSA) increased the interoperability of the Grid. Thi...

  20. EMRlog method for computer security for electronic medical records with logic and data mining.

    Science.gov (United States)

    Martínez Monterrubio, Sergio Mauricio; Frausto Solis, Juan; Monroy Borja, Raúl

    2015-01-01

    The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

  1. EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

    Directory of Open Access Journals (Sweden)

    Sergio Mauricio Martínez Monterrubio

    2015-01-01

    Full Text Available The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

  2. BI-DIRECTIONAL ANONYMOUS IDENTITY AUTHENTICATION SCHEME FOR CLOUD COMPUTING BASED ON SECURITY ACTIVE BUNDLE%基于安全活跃束S AB的匿名双向云身份认证方案

    Institute of Scientific and Technical Information of China (English)

    张琼文; 吴承荣

    2014-01-01

    Dynamic and transparent cloud brings infinite possibility to people’s life;meanwhile it also imposes greater challenges on theincreasing privacy and security problems of digital identity in virtual world.Digital identity has a close relationship with information services.Before accessing or sharing the resources,the identities of both users and services providers should be authenticated each other.In particular,when the identity theft is rampant,telling authentication on users,partners and cloud services providers is the crucial measurement.Weanalyse the status quo of cloud identity authentication and the challenges encountering,and propose a scheme named “security active bundle(SAB)cloud identity authentication”based on predicate encryption and Active Bundle idea,which realises the bi-directional anonymousauthentication between the end user and the cloud,or among the clouds.This scheme strengthens the privacy protection of personal sensitiveinformation and no longer depends on the trusted third party,etc.%动态透明的云给人们的生活带来了无限的可能,同时也对虚拟世界中与日俱增的数字身份的隐私和安全问题提出了更大的挑战。数字身份和信息服务有着密切关系,在访问或分享资源前,用户和服务双方的身份都有必要先通过认证。特别是当身份窃取猖獗的时候,有力地用户认证、合作伙伴认证、云服务提供商认证等是至关重要的措施。分析云身份认证的现状和面临的挑战,基于谓词加密和Active Bundle思想提出了安全活跃束SAB(Security Active Bundle)云身份认证方案,实现了终端用户与云以及云之间的双向匿名认证,加强了个人敏感信息隐私保护和不再依赖可信第三方等。

  3. Fast and maliciously secure two-party computation using the GPU

    DEFF Research Database (Denmark)

    Frederiksen, Tore Kasper; Nielsen, Jesper Buus

    2013-01-01

    We describe, and implement, a maliciously secure protocol for two-party computation in a parallel computational model. Our protocol is based on Yao’s garbled circuit and an efficient OT extension. The implementation is done using CUDA and yields fast results for maliciously secure two......-party computation in a financially feasible and practical setting by using a consumer grade CPU and GPU. Our protocol further uses some novel constructions in order to combine garbled circuits and an OT extension in a parallel and maliciously secure setting....

  4. The Role of Self-Efficacy in Computer Security Behavior: Developing the Construct of Computer Security Self-Efficacy (CSSE)

    Science.gov (United States)

    Clarke, Marlon

    2011-01-01

    As organizations have become more dependent on networked information systems (IS) to conduct their business operations, their susceptibility to various threats to information security has also increased. Research has consistently identified the inappropriate security behavior of the users as the most significant of these threats. Various factors…

  5. 75 FR 47311 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security...

    Science.gov (United States)

    2010-08-05

    ... security costs and information reasonably necessary to complete an audit. This requirement includes... SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Aviation Security Infrastructure Fee Records Retention AGENCY: Transportation...

  6. 78 FR 4856 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security...

    Science.gov (United States)

    2013-01-23

    ... carrier's calendar year 2000 security costs and information reasonably necessary to complete an audit... SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Aviation Security Infrastructure Fee Records Retention AGENCY: Transportation...

  7. Defining and Computing a Valued Based Cyber Security Measure

    Energy Technology Data Exchange (ETDEWEB)

    Aissa, Anis Ben [University of Tunis, Belvedere, Tunisia; Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

    2011-01-01

    In earlier works (Ben-Aissa et al. 2010; Abercrombie et al. 2008; Sheldon et al. 2009), we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

  8. CTF: Computer security competitions for learning and fun

    CERN Document Server

    CERN. Geneva

    2015-01-01

    CTF hacking competitions condense practical security knowledge in short and measurable challenges, in short: education, fun, prizes and fame! This talk is an introduction to these type of competitions from a player perspective over the years.

  9. Evolution of nuclear security regulatory activities in Brazil

    International Nuclear Information System (INIS)

    The changing of the world scenario in the last 15 years has increased worldwide the concerns about overall security and, as a consequence, about the nuclear and radioactive material as well as their associated facilities. Considering the new situation, in February 2004, the Brazilian National Nuclear Energy Commission (CNEN), decided to create the Nuclear Security Office. This Office is under the Coordination of Nuclear Safeguards and Security, in the Directorate for Safety, Security and Safeguards (Regulatory Directorate). Before that, security regulation issues were dealt in a decentralized manner, within that Directorate, by different licensing groups in specific areas (power reactors, fuel cycle facilities, radioactive facilities, transport of nuclear material, etc.). This decision was made in order to allow a coordinated approach on the subject, to strengthen the regulation in nuclear/radioactive security, and to provide support to management in the definition of institutional security policies. The CNEN Security Office develops its work based in the CNEN Physical Protection Regulation for Nuclear Operational Units - NE-2.01, 1996, the Convention on the Physical Protection of Nuclear Material and the IAEA Nuclear Security Series . This paper aims at presenting the activities developed and the achievements obtained by this new CNEN office, as well as identifying the issues and directions for future efforts. (author)

  10. Evolution of nuclear security regulatory activities in Brazil

    Energy Technology Data Exchange (ETDEWEB)

    Mello, Luiz A. de; Monteiro Filho, Joselio S.; Belem, Lilia M.J.; Torres, Luiz F.B. [Comissao Nacional de Energia Nuclear (CNEN), Rio de Janeiro, RJ (Brazil). Diretoria de Radioprotecao e Segurania Nuclear. Coordenacao de Salvaguardas e Protecao Fisica], e-mail: gpf@cnen.gov.br

    2009-07-01

    The changing of the world scenario in the last 15 years has increased worldwide the concerns about overall security and, as a consequence, about the nuclear and radioactive material as well as their associated facilities. Considering the new situation, in February 2004, the Brazilian National Nuclear Energy Commission (CNEN), decided to create the Nuclear Security Office. This Office is under the Coordination of Nuclear Safeguards and Security, in the Directorate for Safety, Security and Safeguards (Regulatory Directorate). Before that, security regulation issues were dealt in a decentralized manner, within that Directorate, by different licensing groups in specific areas (power reactors, fuel cycle facilities, radioactive facilities, transport of nuclear material, etc.). This decision was made in order to allow a coordinated approach on the subject, to strengthen the regulation in nuclear/radioactive security, and to provide support to management in the definition of institutional security policies. The CNEN Security Office develops its work based in the CNEN Physical Protection Regulation for Nuclear Operational Units - NE-2.01, 1996, the Convention on the Physical Protection of Nuclear Material and the IAEA Nuclear Security Series . This paper aims at presenting the activities developed and the achievements obtained by this new CNEN office, as well as identifying the issues and directions for future efforts. (author)

  11. A Secure Multi-Party Computation Protocol for Malicious Computation Prevention for preserving privacy during Data Mining

    CERN Document Server

    Mishra, Dr Durgesh Kumar; Kapoor, Nikhil; Bahety, Ravish

    2009-01-01

    Secure Multi-Party Computation (SMC) allows parties with similar background to compute results upon their private data, minimizing the threat of disclosure. The exponential increase in sensitive data that needs to be passed upon networked computers and the stupendous growth of internet has precipitated vast opportunities for cooperative computation, where parties come together to facilitate computations and draw out conclusions that are mutually beneficial; at the same time aspiring to keep their private data secure. These computations are generally required to be done between competitors, who are obviously weary of each-others intentions. SMC caters not only to the needs of such parties but also provides plausible solutions to individual organizations for problems like privacy-preserving database query, privacy-preserving scientific computations, privacy-preserving intrusion detection and privacy-preserving data mining. This paper is an extension to a previously proposed protocol Encrytpo_Random, which prese...

  12. PUBLIC LINEAR PROGRAMMING SOLUTION FOR THE DESIGN OF SECURE AND EFFICIENT COMPUTING IN CLOUD

    Directory of Open Access Journals (Sweden)

    Dr.R.V.Krishnaiah

    2013-09-01

    Full Text Available This next generation of computing holds enormous potential to stimulate economic growth and enable governments to reduce costs, increase transparency and expand services to citizens. Cloud computing robust computational power to the society at reduced cost and enables customers with limited computational resources to outsource their large computation workloads to the cloud, and economically enjoy the massive computational power, bandwidth, storage, and even appropriate software that can be shared in a pay-per-use manner. Despite the tremendous benefits, security is the primary obstacle that prevents the wide adoption of this promising computing model, especially for customers when their confidential data are consumed and produced during the computation.

  13. Information Systems Security and Computer Crime in the IS Curriculum: A Detailed Examination

    Science.gov (United States)

    Foltz, C. Bryan; Renwick, Janet S.

    2011-01-01

    The authors examined the extent to which information systems (IS) security and computer crime are covered in information systems programs. Results suggest that IS faculty believe security coverage should be increased in required, elective, and non-IS courses. However, respondent faculty members are concerned that existing curricula leave little…

  14. Computer Security in the Introductory Business Information Systems Course: An Exploratory Study of Textbook Coverage

    Science.gov (United States)

    Sousa, Kenneth J.; MacDonald, Laurie E.; Fougere, Kenneth T.

    2005-01-01

    The authors conducted an evaluation of Management Information Systems (MIS) textbooks and found that computer security receives very little in-depth coverage. The textbooks provide, at best, superficial treatment of security issues. The research results suggest that MIS faculty need to provide material to supplement the textbook to provide…

  15. A Secure Service Provisioning Framework for Cyber Physical Cloud Computing Systems

    Directory of Open Access Journals (Sweden)

    Anees Ara

    2015-01-01

    Full Text Available Cyber physical systems (CPS are mission critical systems engineered by combination of cyber and physical systems respectively. These systems are tightly coupled, resource constrained systems and have dynamic real time applications. Due to the limitation of resources, and in order to improve the efficiency of the CPS systems, they are combined with cloud computing architecture, and are called as Cyber Physical Cloud Computing Systems (CPCCS. These CPCCS have critical care applications where security of the systems is a major concern. Therefore, we propose a Secure Service provisioning architecture for Cyber Physical Cloud Computing Systems (CPCCS, which includes the combination of technologies such as CPS, Cloud Computing and Wireless Sensor Networks. In addition to this, we also highlight various threats/attacks; security requirements and mechanisms that are applicable to CPCCS at different layers and propose two security models that can be adapted in a layered architectural format

  16. Analytical Investigation on Computer Network Security System of Colleges and Universities

    Institute of Scientific and Technical Information of China (English)

    徐悦

    2013-01-01

    With the development of network technology, computer systems of colleges and universities gradually use network management and services, which provides comprehensive and convenient information access and management conditions. How?ever, in the network environment, the security of the system faces security threats like virus, malicious software and human at?tack, which may make the network data of the computer system damaged and tampered, or even lead to network system paraly?sis, breakdown of system concerning management and payment, missing and stealing of confidential documents. Therefore, it is of important application significance to promote the security of computer network systems of colleges and universities. This paper conducts comprehensive analysis on the security system of computer network systems of colleges and universities, elaborates its R&D and application status and puts forward specific schemes of prevention and solutions, which provides suggestions and refer?ence for its construction.

  17. A Newer User Authentication, File encryption and Distributed Server Based Cloud Computing security architecture

    Directory of Open Access Journals (Sweden)

    Kawser Wazed Nafi

    2012-10-01

    Full Text Available The cloud computing platform gives people the opportunity for sharing resources, services and information among the people of the whole world. In private cloud system, information is shared among the persons who are in that cloud. For this, security or personal information hiding process hampers. In this paper we have proposed new security architecture for cloud computing platform. This ensures secure communication system and hiding information from others. AES based file encryption system and asynchronous key system for exchanging information or data is included in this model. This structure can be easily applied with main cloud computing features, e.g. PaaS, SaaS and IaaS. This model also includes onetime password system for user authentication process. Our work mainly deals with the security system of the whole cloud computing platform.

  18. A Novel Scheme for Secured Data Transfer Over Computer Networks

    CERN Document Server

    Vasudevan, Rangarajan Athi; Sanyal, Sugata

    2010-01-01

    This paper presents a novel encryption-less algorithm to enhance security in transmission of data in networks. The algorithm uses an intuitively simple idea of a "jigsaw puzzle" to break the transformed data into multiple parts where these parts form the pieces of the puzzle. Then these parts are packaged into packets and sent to the receiver. A secure and efficient mechanism is provided to convey the information that is necessary for obtaining the original data at the receiver-end from its parts in the packets, that is, for solving the "jigsaw puzzle". The algorithm is designed to provide information-theoretic (that is, unconditional) security by the use of a one-time pad like scheme so that no intermediate or unintended node can obtain the entire data. A parallelizable design has been adopted for the implementation. An authentication code is also used to ensure authenticity of every packet.

  19. Security, Privacy and Trust Challenges in Cloud Computing and Solutions

    OpenAIRE

    Seyyed Yasser hashemi; Parisa Sheykhi Hesarlo

    2014-01-01

    Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing recently emerged as a promising solution to information technology (IT) management. IT managers look to cloud computing as a means to maintain a flexible and scalable IT infrastructure that enables business agility. As much as the technologic...

  20. E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Challenges

    Directory of Open Access Journals (Sweden)

    Maha Attia

    2016-07-01

    Full Text Available In this paper, SMCSaaS is proposed to secure email system based on Web Service and Cloud Computing Model. The model offers end-to-end security, privacy, and non-repudiation of PKI without the associated infrastructure complexity. The Proposed Model control risks in Cloud Computing like Insecure Application Programming Interfaces, Malicious Insiders, Data Loss Shared Technology Vulnerabilities, or Leakage, Account, Service, Traffic Hijacking and Unknown Risk Profile

  1. Integrated Safety Mechanisms Based on Security Risks Minimization for the Distributed Computer Systems

    OpenAIRE

    Vadym Mukhin; Artem Volokyta

    2013-01-01

    Today, there are known the basic principles of decision-making on the safety control of distributed computer systems in the face of uncertainty and risk. However, in this area there are no practical methods for the quantitative risk analysis and assessment, taking into account the dynamic changes of security threats, which is typical for distributed computer systems.In this paper is suggested an approach to assesment and minimization of the security risks, which allows to reduce the potentia...

  2. E-Commerce Applications Security Aspects in Cloud Computing

    OpenAIRE

    Sridhar, D.; V.Ganapriya2

    2014-01-01

    Cloud computing has attracted the IT enterprise attention especially the e-commerce enterprise. Cloud computing is a new Internet-based computer technology. The paper analyzed the current actuality of the application for enterprise E-commerce, and pointed the main issue of that application

  3. Towards a Game Theoretic View of Secure Computation

    DEFF Research Database (Denmark)

    Asharov, Gilad; Canetti, Ran; Hazay, Carmit

    2011-01-01

    We demonstrate how Game Theoretic concepts and formalism can be used to capture cryptographic notions of security. In the restricted but indicative case of two-party protocols in the face of malicious fail-stop faults, we first show how the traditional notions of secrecy and correctness of protoc......We demonstrate how Game Theoretic concepts and formalism can be used to capture cryptographic notions of security. In the restricted but indicative case of two-party protocols in the face of malicious fail-stop faults, we first show how the traditional notions of secrecy and correctness...

  4. A computer science approach to managing security in health care.

    Science.gov (United States)

    Asirelli, P; Braccini, G; Caramella, D; Coco, A; Fabbrini, F

    2002-09-01

    The security of electronic medical information is very important for health care organisations, which have to ensure confidentiality, integrity and availability of the information provided. This paper will briefly outline the legal measures adopted by the European Community, Italy and the United States to regulate the use and disclosure of medical records. It will then go on to highlight how information technology can help to address these issues with special reference to the management of organisation policies. To this end, we will present a modelling example for the security policy of a radiological department.

  5. 云计算安全性研究%Research on Cloud Computing Security

    Institute of Scientific and Technical Information of China (English)

    班增辉

    2016-01-01

    虽然就目前来看,对云计算尚未有明确的界定,但是在社会的各个领域都对云计算有广泛的应用。在用户选择云计算时,需要考虑云计算的安全性,保证云计算的安全性也是实现其稳定、健康发展的重--素。文章以云计算的概念与特征为切入点,分析云计算在其应用中存在的安全问题,探讨云计算的安全性问题与云计算的安全策略与建议。%Although the cloud computing has not yet have a clear deifnition, but in every ifeld of society have wide application on cloud computing. When the user select the cloud, it is necessary to consider the security of cloud computing, ensure the security of cloud computing and achieve the stable and healthy development of the important factors. Based on the concept and characteristics of cloud computing as the breakthrough point, analysis of the application of cloud computing in its security problems, probing into the security issues of cloud computing and cloud computing security strategies and Suggestions.

  6. Review of Cloud Computing Security%云计算安全研究综述

    Institute of Scientific and Technical Information of China (English)

    房晶; 吴昊; 白松林

    2011-01-01

    With the development of cloud computing, the security issues of cloud computing are being more and more focused.In this paper, some types of security-related problems and their solutions of cloud computing are being comprehensively analyzed. Firstly, this paper describes the architecture of cloud computing and then compares the difference of cloud computing socurity and the traditional security, focusing on the technology of cloud computing security, and finally elaborate the key research areas and results of current cloud computing security from the perspective of cloud computing standard organizations and products.%随着云计算的发展,云计算的安全问题越来越受到关注.本文将全面分析云计算中与安全有关的各类问题及其解决方案.文中首先介绍了云计算的体系架构,接着比较了云计算安全和传统安全的区别,重点介绍了云计算的安全技术,最后从云计算的标准组织和产品的角度阐述了现阶段云计算安全的重点研究领域和成果.

  7. Peer-to-Peer Secure Multi-Party Numerical Computation Facing Malicious Adversaries

    CERN Document Server

    Bickson, Danny; Dolev, Danny; Pinkas, Benny

    2009-01-01

    We propose an efficient framework for enabling secure multi-party numerical computations in a Peer-to-Peer network. This problem arises in a range of applications such as collaborative filtering, distributed computation of trust and reputation, monitoring and other tasks, where the computing nodes is expected to preserve the privacy of their inputs while performing a joint computation of a certain function. Although there is a rich literature in the field of distributed systems security concerning secure multi-party computation, in practice it is hard to deploy those methods in very large scale Peer-to-Peer networks. In this work, we try to bridge the gap between theoretical algorithms in the security domain, and a practical Peer-to-Peer deployment. We consider two security models. The first is the semi-honest model where peers correctly follow the protocol, but try to reveal private information. We provide three possible schemes for secure multi-party numerical computation for this model and identify a singl...

  8. Perspective on Secure Development Activities and Features of Safety I and C Systems

    International Nuclear Information System (INIS)

    The Enforcement Decree of the Act on Physical Protection and Radiological Emergency (ED-APPRE) was revised December 2013 to include security requirements on computer systems at nuclear facilities to protect those systems against malicious cyber-attacks. It means Cyber-Security-related measures, controls and activities of safety I and C systems against cyber-attacks shall meet the requirements of ED-APPRE. Still regulation upon inadvertent access or non-malicious modifications to the safety I and C systems is covered under the Nuclear Safety Act. The objective of this paper is to propose KINS' regulatory perspective on secure development and features against non-malicious access or modification of safety I and C systems. Secure development activities and features aim to prevent inadvertent and non-malicious access, and to prevent unwanted action from personnel or connected systems for ensuring reliable operation of safety I and C systems. Secure development activities of safety I and C systems are life cycle activities to ensure unwanted, unneeded and undocumented code is not incorporated into the systems. Secure features shall be developed, verified and qualified throughout the development life cycle

  9. Perspective on Secure Development Activities and Features of Safety I and C Systems

    Energy Technology Data Exchange (ETDEWEB)

    Kang, Youngdoo; Yu, Yeong Jin; Kim, Hyungtae; Kwon, Yong il; Park, Yeunsoo; Choo, Jaeyul; Son, Jun Young; Jeong, Choong Heui [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of)

    2015-05-15

    The Enforcement Decree of the Act on Physical Protection and Radiological Emergency (ED-APPRE) was revised December 2013 to include security requirements on computer systems at nuclear facilities to protect those systems against malicious cyber-attacks. It means Cyber-Security-related measures, controls and activities of safety I and C systems against cyber-attacks shall meet the requirements of ED-APPRE. Still regulation upon inadvertent access or non-malicious modifications to the safety I and C systems is covered under the Nuclear Safety Act. The objective of this paper is to propose KINS' regulatory perspective on secure development and features against non-malicious access or modification of safety I and C systems. Secure development activities and features aim to prevent inadvertent and non-malicious access, and to prevent unwanted action from personnel or connected systems for ensuring reliable operation of safety I and C systems. Secure development activities of safety I and C systems are life cycle activities to ensure unwanted, unneeded and undocumented code is not incorporated into the systems. Secure features shall be developed, verified and qualified throughout the development life cycle.

  10. Activity Modelling and Comparative Evaluation of WSN MAC Security Attacks

    DEFF Research Database (Denmark)

    Pawar, Pranav M.; Nielsen, Rasmus Hjorth; Prasad, Neeli R.;

    2012-01-01

    and initiate security attacks that disturb the normal functioning of the network in a severe manner. Such attacks affect the performance of the network by increasing the energy consumption, by reducing throughput and by inducing long delays. Of all existing WSN attacks, MAC layer attacks are considered...... the most harmful as they directly affect the available resources and thus the nodes’ energy consumption. The first endeavour of this paper is to model the activities of MAC layer security attacks to understand the flow of activities taking place when mounting the attack and when actually executing it....... The second aim of the paper is to simulate these attacks on hybrid MAC mechanisms, which shows the performance degradation of aWSN under the considered attacks. The modelling and implementation of the security attacks give an actual view of the network which can be useful in further investigating secure...

  11. Computer Security: “Heartbleed” - a disaster for privacy

    CERN Multimedia

    Computer Security Team

    2014-01-01

    "On a scale of 1 to 10, this is an 11,” claimed the famous security expert Bruce Schneier (see here). Indeed, the serious vulnerability dubbed “Heartbleed” affects everyone who relies on secure and private Internet communication. You cannot avoid it, so let’s see how it affects you.   “Heartbleed” is the name that's been given to a vulnerability for OpenSSL (CVE-2014-0160). This software implements “the Secure Socket Layer (SSL v2/v3) and Transport Layer Security (TLS) protocols as well as a full-strength general purpose cryptography library”. SSL and TLS protocols are used to encrypt any communication between a client and a server, and to ensure that your communication is safe from eavesdropping or spying - that is, until 2012, when this bug was introduced. It allows the extraction of the first 64 kB from the memory of a server or client using OpenSSL (not necessarily web servers), and can potent...

  12. An Analysis of Security Challenges in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Ms. Disha H. Parekh

    2013-02-01

    Full Text Available Vendors offer a pool of shared resources to their users through the cloud network. Nowadays, shifting to cloud is a very optimal decision as it provides pay-as-you-go services to users. Cloud has boomed high in business and other industries for its advantages like multi-tenancy, resource pooling, storage capacity etc. In spite of its vitality, it exhibits various security flaws including loss of sensitive data, data leakage and few others related to cloning, resource pooling and so on. As far as security issues are concerned, a very wide study has been reviewed which signifies threats with service and deployment models of cloud. In order to comprehend these threats, this study is presented so as to effectively refine the crude security issues under various areas of cloud. This study also aims at revealing different security threats under the cloud models as well as network concerns to stagnate the threats within cloud, facilitating researchers, cloud providers and end users for noteworthy analysis of threats.

  13. Teaching Hands-On Linux Host Computer Security

    Science.gov (United States)

    Shumba, Rose

    2006-01-01

    In the summer of 2003, a project to augment and improve the teaching of information assurance courses was started at IUP. Thus far, ten hands-on exercises have been developed. The exercises described in this article, and presented in the appendix, are based on actions required to secure a Linux host. Publicly available resources were used to…

  14. Drop-in Security for Distributed and Portable Computing Elements.

    Science.gov (United States)

    Prevelakis, Vassilis; Keromytis, Angelos

    2003-01-01

    Proposes the use of a special purpose drop-in firewall/VPN gateway called Sieve, that can be inserted between the mobile workstation and the network to provide individualized security services for that particular station. Discusses features and advantages of the system and demonstrates how Sieve was used in various application areas such as at…

  15. Improving Control System Security through the Evaluation of Current Trends in Computer Security Research

    Energy Technology Data Exchange (ETDEWEB)

    Rolston

    2005-03-01

    At present, control system security efforts are primarily technical and reactive in nature. What has been overlooked is the need for proactive efforts, focused on the IT security research community from which new threats might emerge. Evaluating cutting edge IT security research and how it is evolving can provide defenders with valuable information regarding what new threats and tools they can anticipate in the future. Only known attack methodologies can be blocked, and there is a gap between what is known to the general security community and what is being done by cutting edge researchers --both those trying to protect systems and those trying to compromise them. The best security researchers communicate with others in their field; they know what cutting edge research is being done; what software can be penetrated via this research; and what new attack techniques and methodologies are being circulated in the black hat community. Standardization of control system applications, operating systems, and networking protocols is occurring at a rapid rate, following a path similar to the standardization of modern IT networks. Many attack methodologies used on IT systems can be ported over to the control system environment with little difficulty. It is extremely important to take advantage of the lag time between new research, its use on traditional IT networks, and the time it takes to port the research over for use on a control system network. Analyzing nascent trends in IT security and determining their applicability to control system networks provides significant information regarding defense mechanisms needed to secure critical infrastructure more effectively. This work provides the critical infrastructure community with a better understanding of how new attacks might be launched, what layers of defense will be needed to deter them, how the attacks could be detected, and how their impact could be limited.

  16. An Australian Perspective On The Challenges For Computer And Network Security For Novice End-Users

    Directory of Open Access Journals (Sweden)

    Patryk Szewczyk

    2012-12-01

    Full Text Available It is common for end-users to have difficulty in using computer or network security appropriately and thus have often been ridiculed when misinterpreting instructions or procedures. This discussion paper details the outcomes of research undertaken over the past six years on why security is overly complex for end-users. The results indicate that multiple issues may render end-users vulnerable to security threats and that there is no single solution to address these problems. Studies on a small group of senior citizens has shown that educational seminars can be beneficial in ensuring that simple security aspects are understood and used appropriately.

  17. High-performance secure multi-party computation for data mining applications

    DEFF Research Database (Denmark)

    Bogdanov, Dan; Niitsoo, Margus; Toft, Tomas;

    2012-01-01

    Secure multi-party computation (MPC) is a technique well suited for privacy-preserving data mining. Even with the recent progress in two-party computation techniques such as fully homomorphic encryption, general MPC remains relevant as it has shown promising performance metrics in real...... operations such as multiplication and comparison. Secondly, the confidential processing of financial data requires the use of more complex primitives, including a secure division operation. This paper describes new protocols in the Sharemind model for secure multiplication, share conversion, equality, bit...

  18. Noise-driven informatics: secure classical communications via wire and noise-based computing

    CERN Document Server

    Kish, Laszlo B

    2008-01-01

    In this paper, we show recent results indicating that using electrical noise as information carrier offers outstanding potentials reminding of quantum informatics. One example is noise-based computing and logic that shows certain similarities to quantum logic. However, due to the lack of the collapse of wavefunction and due to the immediate accessibility of superposition components, the use of noise-based and quantum computers will probably be different. Another example is secure communications where, out of the unconditional security at idealistic situations, a practical security beyond known quantum solutions can be achieved and has been demonstrated. Here the keys to security are the robustness of classical information, and the second law of thermodynamics. These offer the avoidance of making error statistics and single bit security. It has the potential to restrict the practical applications of quantum communicators to the situations where no wire can be used but optical communication via fiber or via spa...

  19. Computer Security: “Hello World” - Welcome to CERN

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Welcome to the open, liberal and free academic computing environment at CERN. Thanks to your new (or long-established!) affiliation with CERN, you are eligible for a CERN computing account, which enables you to register your devices: computers, laptops, smartphones, tablets, etc. It provides you with plenty of disk space and an e-mail address. It allows you to create websites, virtual machines and databases on demand.   You can now access most of the computing services provided by the GS and IT departments: Indico, for organising meetings and conferences; EDMS, for the approval of your engineering specifications; TWiki, for collaboration with others; and the WLCG computing grid. “Open, liberal, and free”, however, does not mean that you can do whatever you like. While we try to make your access to CERN's computing facilities as convenient and easy as possible, there are a few limits and boundaries to respect. These boundaries protect both the Organization'...

  20. Securing and Managing the Data with efficient Architecture in Cloud Computing Environment

    Directory of Open Access Journals (Sweden)

    kartheesan log

    2012-11-01

    Full Text Available Cloud computing technology and services has become an important issue in the recent years. Cloud Computing needs lot of attention, time and innovative concepts for the technology to mature over a period of time. Many organizations show interest in adopting cloud computing technology and services because of its socio economic and time factor. Cloud computing is nothing but virtual centralization of different computers where the software and memory space is provided by the vendor and the data is managed by them. This leaves the client/customer unaware of where the process is running or where the data is stored. Security of the data is highly dependent on the vendor who has to provide an assurance to the customer on security issues by making service level agreements. This paper focus on security issues, requirements for providing a secured data in cloud computing environment by giving a standard service oriented cloud computing Architecture and management tools that can be used by the organizations for authentication, confidentiality and integrity. Thus providing secured data access and transfer. 

  1. Hybrid-secure MPC 

    DEFF Research Database (Denmark)

    Lucas, Christoph; Raub, Dominik; Maurer, Ueli

    2010-01-01

    Most protocols for distributed, fault-tolerant computation, or multi-party computation (MPC), provide security guarantees in an all-or-nothing fashion. In contrast, a hybrid-secure protocol provides different security guarantees depending on the set of corrupted parties and the computational power...... of the adversary, without being aware of the actual adversarial setting. Thus, hybrid-secure MPC protocols allow for graceful degradation of security. We present a hybrid-secure MPC protocol that provides an optimal trade-off between IT robustness and computational privacy: For any robustness parameter ρ ... obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t secure with agreement on abort (privacy and correctness only) for up to t secure...

  2. 云计算安全需求综述%Overview of Cloud Computing Security

    Institute of Scientific and Technical Information of China (English)

    肖红跃; 张文科; 刘桂芬

    2012-01-01

    云计算已成为全球未来信息产业发展的战略方向和推动经济增长的重要引擎,而云计算的安全问题是影响其发展的主要障碍。文中结合云计算的服务模型和技术特点,分析了云计算的技术特性和安全目标,并重点从基础设施服务安全、平台服务安全、应用软件服务安全、终端安全防护、安全管理以及法规监管等方面的安全需求,系统性地分析了通用云计算架构下云计算存在的安全风险与安全需求,最后给出了建设云安全系统的建议。%Cloud computing now becomes the strategic development orientation of global information industry. The security problem of cloud computing is the primary obstacle hindering its further growth. This article analyzes the security object of cloud computing according to its service model and technical characteristics. With focus on security of infrastructure services,security of platform services,security of application software services,terminal security protection,security management and legal regulations,this article systematically discusses the existing security risks and security requirements of general cloud computing architecture. Finally this article gives suggestions on how to build cloud security system.

  3. Main control computer security model of closed network systems protection against cyber attacks

    Science.gov (United States)

    Seymen, Bilal

    2014-06-01

    The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

  4. On the Boundaries of Trust and Security in Computing and Communications Systems

    CERN Document Server

    Pathan, Al-Sakib Khan

    2012-01-01

    This article analyzes trust and security in computing and communications systems. While in human-life, trust usually has some kind of commonly understood meaning, in the realm of computing and communications systems, it could be interpreted differently in different environments and settings. On the other hand, security is about making sure that the participating entities are legitimate in a communication event or incident so that the core requirements of privacy, integrity, and authenticity are maintained. This notion is also true for our human life, even for example entering a house needs legitimacy of a person. Some boundary lines preserve the security; otherwise an unwanted access is called a 'security breach'. The intent of this article is to compare and discuss these two terms with our societal behavior and understanding amongst entities. To illustrate these issues especially in computing and communications world, some of the innovating and recent technologies are discussed which demand trust and securit...

  5. A User-Centric Data Secure Creation Scheme in Cloud Computing

    Institute of Scientific and Technical Information of China (English)

    SU Mang; LI Fenghua; SHI Guozhen; GENG Kui; XIONG Jinbo

    2016-01-01

    Due to the use of the cloud computing technology, the ownership is separated from the adminis-tration of the data in cloud and the shared data might be migrated between different clouds, which would bring new challenges to data secure creation, especially for the data privacy protection. We propose a User-centric data secure creation scheme (UCDSC) for the security requirements of resource owners in cloud. In this scheme, a data owner first divides the users into different domains. The data owner encrypts data and defines different secure managing poli-cies for the data according to domains. To encrypt the data in UCDSC, we present an algorithm based on Access con-trol conditions proxy re-encryption (ACC-PRE), which is proved to be master secret secure and Chosen-ciphertext attack (CCA) secure in random oracle model. We give the application protocols and make the comparisons between some existing approaches and UCDSC.

  6. Integrated Safety Mechanisms Based on Security Risks Minimization for the Distributed Computer Systems

    Directory of Open Access Journals (Sweden)

    Vadym Mukhin

    2013-02-01

    Full Text Available Today, there are known the basic principles of decision-making on the safety control of distributed computer systems in the face of uncertainty and risk. However, in this area there are no practical methods for the quantitative risk analysis and assessment, taking into account the dynamic changes of security threats, which is typical for distributed computer systems.In this paper is suggested an approach to assesment and minimization of the security risks, which allows to reduce the potential losses due to the realization of threats, to analyze the dynamics of intrusions into computer systems and to select the effective security tools.As a result, there is designed the structure of the tools for risk minimization in the distributed computer systems and are formalized the main functions of this structure. Also, in the paper is suggested the assessment of risk factors of the security threats and the probability of the threats realization, which are based on their division into appropriate groups. The proposed tools for security risk minimization allow effectively identify, classify and analyze threats to the security of the distributed computing systems.

  7. Activity-Driven Computing Infrastructure - Pervasive Computing in Healthcare

    DEFF Research Database (Denmark)

    Bardram, Jakob Eyvind; Christensen, Henrik Bærbak; Olesen, Anders Konring

    In many work settings, and especially in healthcare, work is distributed among many cooperating actors, who are constantly moving around and are frequently interrupted. In line with other researchers, we use the term pervasive computing to describe a computing infrastructure that supports work...... where users access a dynamic range of computing and software devices, where users can shift between devices, and where users move around while preserving their working environment. This paper describes our design of a pervasive activity-driven computing infrastructure. The main tenet in this approach...... is to preserve a user’s computational working context enabling him to shift between different devices while on the move and enabling him to interrupt and return to work-activities fluently. Furthermore, the infrastructure contains agents that propose new activities based on the user’s current context...

  8. Dynamic Threat Assessment for Prioritising Computer Network Security

    OpenAIRE

    Hayat, MZ; Reeve, JS; Boutle, C

    2006-01-01

    Large corporations today consist of heterogeneous IT networks with many thousands of devices, which may use numerous physical and logical interfaces to communicate. Much effort has been applied in automating laborious, time-consuming and sometimes-repetitive security services such as patch management and event loggers for these networks. However such tasks can still take many hours and even days to successfully complete. Currently it is left to the systems administrators’ discretion to choose...

  9. An Empirical Measure of Computer Security Strength for Vulnerability Remediation

    Science.gov (United States)

    Villegas, Rafael

    2010-01-01

    Remediating all vulnerabilities on computer systems in a timely and cost effective manner is difficult given that the window of time between the announcement of a new vulnerability and an automated attack has decreased. Hence, organizations need to prioritize the vulnerability remediation process on their computer systems. The goal of this…

  10. Computer science security research and human subjects: emerging considerations for research ethics boards.

    Science.gov (United States)

    Buchanan, Elizabeth; Aycock, John; Dexter, Scott; Dittrich, David; Hvizdak, Erin

    2011-06-01

    This paper explores the growing concerns with computer science research, and in particular, computer security research and its relationship with the committees that review human subjects research. It offers cases that review boards are likely to confront, and provides a context for appropriate consideration of such research, as issues of bots, clouds, and worms enter the discourse of human subjects review.

  11. Cryptography for security and privacy in cloud computing

    CERN Document Server

    Rass, Stefan

    2013-01-01

    As is common practice in research, many new cryptographic techniques have been developed to tackle either a theoretical question or foreseeing a soon to become reality application. Cloud computing is one of these new areas, where cryptography is expected to unveil its power by bringing striking new features to the cloud. Cloud computing is an evolving paradigm, whose basic attempt is to shift computing and storage capabilities to external service providers.This resource offers an overview of the possibilities of cryptography for protecting data and identity information, much beyond well-known

  12. Advances in computers dependable and secure systems engineering

    CERN Document Server

    Hurson, Ali

    2012-01-01

    Since its first volume in 1960, Advances in Computers has presented detailed coverage of innovations in computer hardware, software, theory, design, and applications. It has also provided contributors with a medium in which they can explore their subjects in greater depth and breadth than journal articles usually allow. As a result, many articles have become standard references that continue to be of sugnificant, lasting value in this rapidly expanding field. In-depth surveys and tutorials on new computer technologyWell-known authors and researchers in the fieldExtensive bibliographies with m

  13. Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

    Science.gov (United States)

    Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

    2015-01-01

    This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

  14. DEVELOPING A SECURITY PROTOCOL FOR A WIRELESS COMPUTER VIRTUAL LABORATORY (WCVLAB

    Directory of Open Access Journals (Sweden)

    EDWARD N. UDO

    2011-12-01

    Full Text Available For a Virtual Computer Laboratory (VCLAB to operate effectively within a Wireless intranet setup, a lot of protocols are employed to function. This write-up is aimed at developing a protocol to secure a Wireless Computer Virtual Laboratory (WCVLAB of any institution. The protocol developed secures a Wireless Computer Virtual Laboratory through an authentication server by supplying authentication parameters at registration, which will be stored to be used at login for comparison. Fingerprint is used to ensure that a user iswho he or she claims to be. Duration for access is allotted for a user, after which initial parameters will be supplied for re-authentication. While a user is still logged-on, security questions will be posed intermittently to avoid spoofing. The methodology used for this research is Structured System Analysis and Design. Java Programming Language is used for coding the program and MySQL is the database tool. The result of the implemented system is a secured protocol that guarantees secured access. This is different from the security of other Computer Virtual Laboratory which uses only users name, pin or registration number.

  15. Computer Security: IT or not IT, that is the question

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Following on from our recent Bulletin article on “How to succeed in software deployment” (see here), we repeatedly face the problem that “standard” IT services are replicated within CERN or even outsourced to external companies.   Past experience has shown that such non-centrally managed systems are more prone to security risks and, in the long run, are less well managed – that is, if they’re not eventually orphaned completely. If hosted outside CERN, there is also the risk that sensitive data from the Organization could be leaked and that CERN would not be able to intervene in the event of a security problem. Imagine, for example, a slide show created by an external consultant and hosted in the cloud… While this might have been convenient for the consultant, a regular user of that cloud service, the content was lost once the consultant’s job was done and nobody at CERN took responsibility for the slide show. Or...

  16. Fair Secure Computation with Reputation Assumptions in the Mobile Social Networks

    Directory of Open Access Journals (Sweden)

    Yilei Wang

    2015-01-01

    Full Text Available With the rapid development of mobile devices and wireless technologies, mobile social networks become increasingly available. People can implement many applications on the basis of mobile social networks. Secure computation, like exchanging information and file sharing, is one of such applications. Fairness in secure computation, which means that either all parties implement the application or none of them does, is deemed as an impossible task in traditional secure computation without mobile social networks. Here we regard the applications in mobile social networks as specific functions and stress on the achievement of fairness on these functions within mobile social networks in the presence of two rational parties. Rational parties value their utilities when they participate in secure computation protocol in mobile social networks. Therefore, we introduce reputation derived from mobile social networks into the utility definition such that rational parties have incentives to implement the applications for a higher utility. To the best of our knowledge, the protocol is the first fair secure computation in mobile social networks. Furthermore, it finishes within constant rounds and allows both parties to know the terminal round.

  17. A PROFICIENT MODEL FOR HIGH END SECURITY IN CLOUD COMPUTING

    Directory of Open Access Journals (Sweden)

    R. Bala Chandar

    2014-01-01

    Full Text Available Cloud computing is an inspiring technology due to its abilities like ensuring scalable services, reducing the anxiety of local hardware and software management associated with computing while increasing flexibility and scalability. A key trait of the cloud services is remotely processing of data. Even though this technology had offered a lot of services, there are a few concerns such as misbehavior of server side stored data , out of control of data owner's data and cloud computing does not control the access of outsourced data desired by the data owner. To handle these issues, we propose a new model to ensure the data correctness for assurance of stored data, distributed accountability for authentication and efficient access control of outsourced data for authorization. This model strengthens the correctness of data and helps to achieve the cloud data integrity, supports data owner to have control on their own data through tracking and improves the access control of outsourced data.

  18. Computing on Masked Data to improve the Security of Big Data

    OpenAIRE

    Gadepally, Vijay; Hancock, Braden; Kaiser, Benjamin; Kepner, Jeremy; Michaleas, Pete; Varia, Mayank; Yerukhimovich, Arkady

    2015-01-01

    Organizations that make use of large quantities of information require the ability to store and process data from central locations so that the product can be shared or distributed across a heterogeneous group of users. However, recent events underscore the need for improving the security of data stored in such untrusted servers or databases. Advances in cryptographic techniques and database technologies provide the necessary security functionality but rely on a computational model in which t...

  19. Secure Computation of Top-K Eigenvectors for Shared Matrices in the Cloud

    OpenAIRE

    Powers, James; Chen, Keke

    2012-01-01

    With the development of sensor network, mobile computing, and web applications, data are now collected from many distributed sources to form big datasets. Such datasets can be hosted in the cloud to achieve economical processing. However, these data might be highly sensitive requiring secure storage and processing. We envision a cloud-based data storage and processing framework that enables users to economically and securely share and handle big datasets. Under this framework, we study the ma...

  20. A Multi-Agent Immunology Model for Security Computer

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    This paper presents a computer immunology model for computersecurity , whose main components are defined as idea of Multi-Agent. It introduces the n at ural immune system on the principle, discusses the idea and characteristics of Mu lti-Agent. It gives a system model, and describes the structure and function of each agent. Also, the communication method between agents is described.

  1. Client-server framework for securely outsourcing computations

    NARCIS (Netherlands)

    Veugen, P.J.M.

    2016-01-01

    In the current age of information, with growing internet connectivity, people are looking for service providers to store their data, and compute with it. On the other hand, sensitive personal data is easily misused for unintended purposes. Wouldn’t it be great to have a scalable framework, where mul

  2. Secure data structures based on multi-party computation

    DEFF Research Database (Denmark)

    Toft, Tomas

    2011-01-01

    This work considers data structures based on multi-party computation (MPC) primitives: structuring secret (e.g. secret shared and potentially unknown) data such that it can both be queried and updated efficiently. Implementing an oblivious RAM (ORAM) using MPC allows any existing data structure...

  3. Unconditionally secure computers, algorithms and hardware, such as memories, processors, keyboards, flash and hard drives

    OpenAIRE

    Kish, Laszlo B.; Saidi, Olivier

    2008-01-01

    In the case of the need of extraordinary security, Kirchhoff-loop-Johnson-(like)-noise ciphers can easily be integrated on existing types of digital chips in order to provide secure data communication between hardware processors, memory chips, hard disks and other units within a computer or other data processor system. The secure key exchange can take place at the very first run and the system can renew the key later at random times with an authenticated fashion to prohibit man-in-the-middle ...

  4. IMPLEMENTATION OF PERVASIVE COMPUTING BASED HIGH-SECURE SMART HOME SYSTEM

    Directory of Open Access Journals (Sweden)

    Ventylees Raj.S

    2012-11-01

    Full Text Available In recent year, the home environment has seen a rapid introduction of wireless communication network enabled advance computing technologies. In this paper I mainly focus on the monitoring of smart home remotely and providing security when user is away from the home. The proposed security algorithm is combining of Biometrics, public key encryption and SMS based security alarm system. In the proposed security algorithm offered only Authenticate person monitoring home appliances via wireless networks. In the proposed pervasive monitoring system it provides security against intrusion as well as it automates various home appliances using SMS. Zigbee IEEE 802.15.4 based Sensor Network, GSM and Wi-Fi wireless networks are embedded through a standard Home gateway. This home gateway controls the overall wireless communication of smart home systems. The pervasive computing environment created by the smart Sensors, wireless networksand context-aware routing protocol for wireless sensor networks. Each smart Sensor node should have multipath routing protocol to automatically establish the wireless networks between Smart Nodes. To develop a new ondemand context-aware routing protocol for the smart home system, here this paper introduces the pervasive computing based smart home monitoring system’s design that provides secure smart services to users, and demonstrates its implementation using a real time environment.

  5. (Unconditional) Secure Multiparty Computation with Man-in-the-middle Attacks

    CERN Document Server

    Vaya, Shailesh

    2010-01-01

    In secure multi-party computation $n$ parties jointly evaluate an $n$-variate function $f$ in the presence of an adversary which can corrupt up till $t$ parties. Almost all the works that have appeared in the literature so far assume the presence of authenticated channels between the parties. This assumption is far from realistic. Two directions of research have been borne from relaxing this (strong) assumption: (a) The adversary is virtually omnipotent and can control all the communication channels in the network, (b) Only a partially connected topology of authenticated channels is guaranteed and adversary controls a subset of the communication channels in the network. This work introduces a new setting for (unconditional) secure multiparty computation problem which is an interesting intermediate model with respect to the above well studied models from the literature (by sharing a salient feature from both the above models). We consider the problem of (unconditional) secure multi-party computation when 'some...

  6. Applying Encryption Algorithm for Data Security and Privacy in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Mohit Marwaha

    2013-01-01

    Full Text Available Cloud computing is the next big thing after internet in the field of information technology; some say its a metaphor for internet. It is an Internet-based computing technology, in which software, shared recourses and information, are provided to consumers and devices on-demand, and as per users requirement on a pay per use model. Even though the cloud continues to grow in popularity, Usability and respectability, Problems with data protection and data privacy and other Security issues play a major setback in the field of Cloud Computing. Privacy and security are the key issue for cloud storage. Encryption is a well known technology for protecting sensitive data. Use of the combination of Public and Private key encryption to hide the sensitive data of users, and cipher text retrieval. The paper analyzes the feasibility of the applying encryption algorithm for data security and privacy in cloud Storage.

  7. 17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

    Science.gov (United States)

    2010-04-01

    ... selling security holders during a distribution. 242.102 Section 242.102 Commodity and Securities Exchanges... REQUIREMENTS FOR SECURITY FUTURES Regulation M § 242.102 Activities by issuers and selling security holders... or on behalf of an issuer or selling security holder, it shall be unlawful for such person, or...

  8. Operation, Management, Security and Sustainability for Cloud Computing

    Directory of Open Access Journals (Sweden)

    WESTPHAL, C. B.

    2014-06-01

    Full Text Available This paper presents some scope, context, proposals and solutions related with the following topics: Decision-Theoretic Planning for Cloud Computing; An Architecture for Risk Analysis in Cloud; Risk-based Dynamic Access Control for a Highly Scalable Cloud Federation; Challenges of Operationalizing PACS on Cloud Over Wireless Networks; Environment, Services and Network Management for Green Clouds; Provisioning and Resource Allocation for Green Clouds; and Optimizing Green Clouds through Legacy Network Infrastructure Management.

  9. Assessing the Risk Situation of Network Security for Active Defense

    Institute of Scientific and Technical Information of China (English)

    ZHANG Xiang; YAO Shuping; TANG Chenghua

    2006-01-01

    The risk situation assessment and forecast technique of network security is a basic method of active defense techniques. In order to assess the risk of network security two methods were used to define the index of risk and forecast index in time series, they were analytical hierarchy process (AHP) and support vector regression (SVR). The module framework applied the methods above was also discussed. Experiment results showed the forecast values were so close to actual values and so it proved the approach is correct.

  10. Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

    Science.gov (United States)

    1985-01-01

    The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

  11. 2nd International Doctoral Symposium on Applied Computation and Security Systems

    CERN Document Server

    Cortesi, Agostino; Saeed, Khalid; Chaki, Nabendu

    2016-01-01

    The book contains the extended version of the works that have been presented and discussed in the Second International Doctoral Symposium on Applied Computation and Security Systems (ACSS 2015) held during May 23-25, 2015 in Kolkata, India. The symposium has been jointly organized by the AGH University of Science & Technology, Cracow, Poland; Ca’ Foscari University, Venice, Italy and University of Calcutta, India. The book is divided into volumes and presents dissertation works in the areas of Image Processing, Biometrics-based Authentication, Soft Computing, Data Mining, Next Generation Networking and Network Security, Remote Healthcare, Communications, Embedded Systems, Software Engineering and Service Engineering.

  12. Towards securing pervasive computing systems by design: a language approach

    OpenAIRE

    Jakob, Henner

    2011-01-01

    A growing number of environments is being populated with a range of networked devices. Applications leverage these devices to support everyday activities in a variety of areas (e.g., home automation and patient monitoring). As these devices and applications get woven into our everyday activities, they become critical: their failure can put people and assets at risk. Failures can be caused by malicious attacks and misbehaving applications. Although the impact of such situations can be major, s...

  13. A secure multi-party computation solution to intersection problems of sets and rectangles

    Institute of Scientific and Technical Information of China (English)

    LI Shundong; DAI Yiqi; WANG Daoshun; LUO Ping

    2006-01-01

    Secure multi-party computation (SMC) is a research focus in international cryptographic community. At present, there is no SMC solution to the intersection problem of sets. In this paper, we first propose a SMC solution to this problem. Applying Cantor encoding method to computational geometry problems, and based on the solution to set-intersection problem, we further propose solutions to points inclusion problem and intersection problem of rectangles and further prove their privacy-preserving property with widely accepted simulation paradigm. Compared with the known solutions, these new solutions are of less computational complexity and less communication complexity, and have obvious superiority in computational and communication complexity.

  14. Using Virtualization Technique to Increase Security and Reduce Energy Consumption in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Hamid Banirostam

    2014-03-01

    Full Text Available An approach has been presented in this paper in order to generate a secure environment on internet Based Virtual Computing platform and also to reduce energy consumption in green cloud computing. The proposed approach constantly checks the accuracy of stored data by means of a central control service inside the network environment and also checks system security through isolating single virtual machines using a common virtual environment. This approach has been simulated on two types of Virtual Machine Manager (VMM Quick EMUlator (Qemu, HVM (Hardware Virtual Machine Xen and outputs of the simulation in VMInsight show that when service is getting singly used, the overhead of its performance will be increased. As a secure system, the proposed approach is able to recognize malicious behaviors and assure service security by means of operational integrity measurement. Moreover, the rate of system efficiency has been evaluated according to the amount of energy consumption on five applications (Defragmentation, Compression, Linux Boot Decompression and Kernel Boot. Therefore, this has been resulted that to secure multi-tenant environment, managers and supervisors should independently install a security monitoring system for each Virtual Machines (VMs which will come up to have the management heavy workload of. While the proposed approach, can respond to all VM’s with just one virtual machine as a supervisor.

  15. Computer Security: Social Media - Dos and Don’ts

    CERN Document Server

    Computer Security Team

    2014-01-01

    Do you blog frequently? Send tweets about what you've done? Keep a lively Facebook profile? Comment regularly on interactive forums? Many of us do.    "Social media", i.e. Twitter, Facebook, public blogs, interactive forums and public commenting functions on websites, are widely used for sharing information, outreach and contact with the world. While you can make use of social media for many different purposes, the lines between private and public, personal and professional are often blurred. Consequently, it is often difficult to get the balance right. As a social animal, you want to be frank, open and communicative and share your knowledge, experiences, opinions, feelings and life with your peers. On the other hand, while working at or for CERN, you cannot act in the void but have to respect CERN’s Code of Conduct, CERN’s Computing Rules and, for CERN personnel, the Staff Rules and Regulations. Therefore, if your posts include mention ...

  16. Computer Security: Join the CERN WhiteHat Challenge!

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Over the past couple of months, several CERN users have reported vulnerabilities they have found in computing services and servers running at CERN. All were relevant, many were interesting and a few even surprising. Spotting weaknesses and areas for improvement before malicious people can exploit them is paramount. It helps protect the operation of our accelerators and experiments as well as the reputation of the Organization. Therefore, we would like to express our gratitude to those people for having reported these weaknesses! Great job and well done!   Seizing the opportunity, we would like to reopen the hunt for bugs, vulnerabilities and insecure configurations of CERN applications, websites and devices. You might recall we ran a similar initiative (“Hide & Seek”) in 2012 where we asked you to sift through CERN’s webpages and send us those that hold sensitive and confidential information. Quite a number of juicy documents were found and subsequently remov...

  17. SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT DEVELOPMENTS

    Directory of Open Access Journals (Sweden)

    Ali Gholami

    2015-12-01

    Full Text Available Cloud computing is revolutionizing many ecosystems by providing organizations with computing resources featuring easy deployment, connectivity, configuration, automation and scalability. This paradigm shift raises a broad range of security and privacy issues that must be taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud computing environments. This paper reviews the existing technologies and a wide array of both earlier and state-of-the-art projects on cloud security and privacy. We categorize the existing research according to the cloud reference architecture orchestration, resource control, physical resource, and cloud service management layers, in addition to reviewing the existing developments in privacy-preserving sensitive data approaches in cloud computing such as privacy threat modeling and privacy enhancing protocols and solutions.

  18. EABDS:Attribute-Based Secure Data Sharing with Efficient Revo cation in Cloud Computing

    Institute of Scientific and Technical Information of China (English)

    HUANG Qinlong; MA Zhaofeng; YANG Yixian; FU Jingyi; NIU Xinxin

    2015-01-01

    Ciphertext-policy attribute-based encryp-tion (CP-ABE) is becoming a promising solution to guar-antee data security in cloud computing. In this paper, we present an attribute-based secure data sharing scheme with Efficient revocation (EABDS) in cloud computing. Our scheme first encrypts data with Data encryption key (DEK) using symmetric encryption and then encrypts DEK based on CP-ABE, which guarantees the data con-fidentiality and achieves fine-grained access control. In or-der to solve the key escrow problem in current attribute based data sharing schemes, our scheme adopts additively homomorphic encryption to generate attribute secret keys of users by attribute authority in cooperation with key server, which prevents attribute authority from access-ing the data by generating attribute secret keys alone. Our scheme presents an immediate attribute revocation method that achieves both forward and backward security. The computation overhead of user is also reduced by dele-gating most of the decryption operations to the key server. The security and performance analysis results show that our scheme is more secure and efficient.

  19. Applying Encryption Algorithm for Data Security and Privacy in Cloud Computing

    OpenAIRE

    Mohit Marwaha; Rajeev Bedi

    2013-01-01

    Cloud computing is the next big thing after internet in the field of information technology; some say its a metaphor for internet. It is an Internet-based computing technology, in which software, shared recourses and information, are provided to consumers and devices on-demand, and as per users requirement on a pay per use model. Even though the cloud continues to grow in popularity, Usability and respectability, Problems with data protection and data privacy and other Security issues play a ...

  20. Metal artifact removal (MAR) analysis for the security inspections using the X-ray computed tomography

    Science.gov (United States)

    Cho, Hyo Sung; Woo, Tae Ho; Park, Chul Kyu

    2016-10-01

    Using the metal artifact property, it is analyzed for the X-ray computed tomography (CT) in the aspect of the security on the examined places like airport and surveillance areas. Since the importance of terror prevention strategy has been increased, the security application of X-ray CT has the significant remark. One shot X-ray image has the limitation to find out the exact shape to property in the closed box, which could be solved by the CT scanning without the tearing off the box in this work. Cleaner images can be obtained by the advanced technology if the CT scanning is utilized in the security purposes on the secured areas. A metal sample is treated by the metal artifact removal (MAR) method for the enhanced image. The mimicked explosive is experimented for the imaging processing application where the cleaner one is obtained. The procedure is explained and the further study is discussed.

  1. A Theory of Secure Mobile Computation with Confined Movement and Communication

    Institute of Scientific and Technical Information of China (English)

    2007-01-01

    An extended πcalculus was introduced to deal with secure movement and intercommunication between agents.The system extends Nomadic-πwith objective migration primitive and confined region which serves as annotation labels of agents and channels.the confined region labels were used to uniquely identify the constraints on the migration and communication of agents,with the labels,the agents could be confined in a secure subsystem the migration and communication of agents,with the labels,the agents could be confined in a secure subsystem and the inter-agent communication could be confined between agents located on trusted sites during computation.The operational semantics for the calculus was given out ,and a type system which enforces security properties called confined migration and confined communication was developed.

  2. A review of automated image understanding within 3D baggage computed tomography security screening.

    Science.gov (United States)

    Mouton, Andre; Breckon, Toby P

    2015-01-01

    Baggage inspection is the principal safeguard against the transportation of prohibited and potentially dangerous materials at airport security checkpoints. Although traditionally performed by 2D X-ray based scanning, increasingly stringent security regulations have led to a growing demand for more advanced imaging technologies. The role of X-ray Computed Tomography is thus rapidly expanding beyond the traditional materials-based detection of explosives. The development of computer vision and image processing techniques for the automated understanding of 3D baggage-CT imagery is however, complicated by poor image resolutions, image clutter and high levels of noise and artefacts. We discuss the recent and most pertinent advancements and identify topics for future research within the challenging domain of automated image understanding for baggage security screening CT.

  3. Computer Security: ransomware - when it is too late...

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2016-01-01

    “Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction.    Some forms of ransomware systematically encrypt files on the system's hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying...” (Source: https://en.wikipedia.org/wiki/Ransomware) It is not unusual to see devices falling prey to ransomware. PCs and laptops, in particular those running the Windows operating system, can easily be infected with ransomware if the user is inattentive. For example, if they open an attachment to an unsolicited mail (see some hints to detect bad emails here), or click on the link to a malicious website (see our articles on our clicking campaign). So what can you do if you have already ...

  4. An Empirical Study and some Improvements of the MiniMac Protocol for Secure Computation

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Lauritsen, Rasmus; Toft, Tomas

    2014-01-01

    suggest a modification of MiniMac that achieves increased parallelism at no extra communication cost. This gives an asymptotic improvement of the original protocol as well as an 8-fold speed-up of our implementation. We compare the resulting protocol to TinyOT for the case of secure computation in parallel...

  5. 77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

    Science.gov (United States)

    2012-06-01

    ... From the Federal Register Online via the Government Publishing Office ] SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal...

  6. Activity-based computing: computational management of activities reflecting human intention

    DEFF Research Database (Denmark)

    Bardram, Jakob E; Jeuris, Steven; Houben, Steven

    2015-01-01

    An important research topic in artificial intelligence is automatic sensing and inferencing of contextual information, which is used to build computer models of the user’s activity. One approach to build such activity-aware systems is the notion of activity-based computing (ABC). ABC is a computing...... paradigm that has been applied in personal information management applications as well as in ubiquitous, multidevice, and interactive surface computing. ABC has emerged as a response to the traditional application- and file-centered computing paradigm, which is oblivious to a notion of a user’s activity...

  7. Dynamic Auditing Protocol for Efficient and Secure Data Storage in Cloud Computing

    Directory of Open Access Journals (Sweden)

    J. Noorul Ameen

    2014-06-01

    Full Text Available Cloud computing, where the data has been stored on cloud servers and retrieved by users (data consumers the data from cloud servers. However, there are some security challenges which are in need of independent auditing services to verify the data integrity and safety in the cloud. Until now a numerous methods has been developed for remote integrity checking whichever only serve for static archive data and cannot be implemented to the auditing service if the data in the cloud is being dynamically updated. Therefore, it is expected to design an efficient and secure dynamic auditing protocol to convince the data owners for t he security and integrity of their data. In this paper, we intent to construct an auditing framework for cloud storage systems for efficient privacy-preserving auditing service. Then, our auditing protocol is extended to support the data dynamic operations for secure auditing in the random oracle model. In addition, our auditing protocol is improved to support batch auditing for both multiple owners and multiple clouds without any trusted organizer. Our proposed auditing protocols will be proved for their secure and efficient computation with reduced cost for the auditing.

  8. Data mining technique for a secure electronic payment transaction using MJk-RSA in mobile computing

    Science.gov (United States)

    G. V., Ramesh Babu; Narayana, G.; Sulaiman, A.; Padmavathamma, M.

    2012-04-01

    Due to the evolution of the Electronic Learning (E-Learning), one can easily get desired information on computer or mobile system connected through Internet. Currently E-Learning materials are easily accessible on the desktop computer system, but in future, most of the information shall also be available on small digital devices like Mobile, PDA, etc. Most of the E-Learning materials are paid and customer has to pay entire amount through credit/debit card system. Therefore, it is very important to study about the security of the credit/debit card numbers. The present paper is an attempt in this direction and a security technique is presented to secure the credit/debit card numbers supplied over the Internet to access the E-Learning materials or any kind of purchase through Internet. A well known method i.e. Data Cube Technique is used to design the security model of the credit/debit card system. The major objective of this paper is to design a practical electronic payment protocol which is the safest and most secured mode of transaction. This technique may reduce fake transactions which are above 20% at the global level.

  9. Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

    Science.gov (United States)

    Buckman, Joel; Gold, Stephanie

    2012-01-01

    This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

  10. Computer Security: Getting a better image from the Organization

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Do you make regular presentations about CERN or CERN's activities to the public? Do you manage public webpages hosted by CERN? Do you edit or contribute to CERN publications? Besides plenty of text, every good presentation, webpage or publication is usually spruced up with visual content: graphics, photos or even videos. But have you ever thought about whether you actually have the proper rights to use such imagery?   Just recently, a stock photo agency contacted CERN regarding an image published on a web page currently under CERN's responsibility. According to them, this image had been used without the proper rights and thus violated their copyright. As the web page is from 2007 and as is part of an EU funded project which has since ended, it is hard to check the facts. The image has since been removed to comply with the photo agency's conditions. We should take all the possible steps to avoid receiving similar letters, and to uphold the good image of the Organization...

  11. Security Analysis and Improvement of User Authentication Framework for Cloud Computing

    Directory of Open Access Journals (Sweden)

    Nan Chen

    2014-01-01

    Full Text Available Cloud Computing, as an emerging, virtual, large-scale distributed computing model, has gained increasing attention these years. Meanwhile it also faces many secure challenges, one of which is authentication. In this paper, we firstly analyze a user authentication framework for cloud computing proposed by Amlan Jyoti Choudhury et al and point out the security attacks existing in the protocol. Then we propose an improved user authentication scheme. Our improved protocol ensures user legitimacy before entering into the cloud. The confidentiality and the mutual authentication of our protocol are formally proved by the strand space model theory and the authentication test method. The simulation illustrates that the communication performance of our scheme is efficient

  12. A Theoretical Aspect of Cloud Computing Service Models and Its Security Issues: A Paradigm

    Directory of Open Access Journals (Sweden)

    S. B. Dash

    2014-06-01

    Full Text Available Cloud computing is a distributed computing environment that provides on demand services to the users for deploying their computational needs in a virtualized environment without the knowledge of technical infrastructure. Due to reliability, scalability, high performance and low band width most of the organizations are running their applications in cloud. The cloud service providers provide the services to the registered cloud users on payment basic across the glove. The cloud services are basically categorized as SaaS, PaaS, and IaaS. The services are available to the users depending on cloud deployment and the SLA (service level agreements between the service providers and the users. Providing security to the users and trust into cloud environment is the responsibility of the cloud service providers. The main objective of this paper is to provide a clear idea about the cloud service models and outline the security issues in the service models.

  13. Security Risks of Cloud Computing and Its Emergence as 5th Utility Service

    Science.gov (United States)

    Ahmad, Mushtaq

    Cloud Computing is being projected by the major cloud services provider IT companies such as IBM, Google, Yahoo, Amazon and others as fifth utility where clients will have access for processing those applications and or software projects which need very high processing speed for compute intensive and huge data capacity for scientific, engineering research problems and also e- business and data content network applications. These services for different types of clients are provided under DASM-Direct Access Service Management based on virtualization of hardware, software and very high bandwidth Internet (Web 2.0) communication. The paper reviews these developments for Cloud Computing and Hardware/Software configuration of the cloud paradigm. The paper also examines the vital aspects of security risks projected by IT Industry experts, cloud clients. The paper also highlights the cloud provider's response to cloud security risks.

  14. An Efficient and Secure m-IPS Scheme of Mobile Devices for Human-Centric Computing

    Directory of Open Access Journals (Sweden)

    Young-Sik Jeong

    2014-01-01

    Full Text Available Recent rapid developments in wireless and mobile IT technologies have led to their application in many real-life areas, such as disasters, home networks, mobile social networks, medical services, industry, schools, and the military. Business/work environments have become wire/wireless, integrated with wireless networks. Although the increase in the use of mobile devices that can use wireless networks increases work efficiency and provides greater convenience, wireless access to networks represents a security threat. Currently, wireless intrusion prevention systems (IPSs are used to prevent wireless security threats. However, these are not an ideal security measure for businesses that utilize mobile devices because they do not take account of temporal-spatial and role information factors. Therefore, in this paper, an efficient and secure mobile-IPS (m-IPS is proposed for businesses utilizing mobile devices in mobile environments for human-centric computing. The m-IPS system incorporates temporal-spatial awareness in human-centric computing with various mobile devices and checks users’ temporal spatial information, profiles, and role information to provide precise access control. And it also can extend application of m-IPS to the Internet of things (IoT, which is one of the important advanced technologies for supporting human-centric computing environment completely, for real ubiquitous field with mobile devices.

  15. Security in Cloud Computing For Service Delivery Models: Challenges and Solutions

    Directory of Open Access Journals (Sweden)

    Preeti Barrow

    2016-04-01

    Full Text Available Cloud computing, undoubtedly, is a path to expand the limits or add powerful capabilities on-demand with almost no investment in new framework, training new staff, or authorizing new software. Though today everyone is talking about cloud but, organizations are still in dilemma whether it’s safe to deploy their business on cloud. The reason behind it; is nothing but Security. No cloud service provider provides 100% security assurance to its customers and therefore, businesses are hesitant to accept cloud and the vast benefits that come along with it. The absence of proper security controls delimits the benefits of cloud. In this paper, a review on different cloud service models and a survey of the different security challenges and issues while providing services in cloud is presented .The paper focuses on the security issues specific to service delivery model (SaaS, IaaS and PaaS of cloud environment. This paper also explores the various security solutions currently being applied to protect cloud from various kinds of intruders

  16. Experimental realization of an entanglement access network and secure multi-party computation.

    Science.gov (United States)

    Chang, X-Y; Deng, D-L; Yuan, X-X; Hou, P-Y; Huang, Y-Y; Duan, L-M

    2016-01-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography. PMID:27404561

  17. Experimental realization of secure multi-party computation in an entanglement access to network

    CERN Document Server

    Chang, X Y; Yuan, X X; Hou, P Y; Huang, Y Y; Duan, L M

    2015-01-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

  18. Experimental realization of an entanglement access network and secure multi-party computation

    Science.gov (United States)

    Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

    2016-07-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

  19. Experimental realization of an entanglement access network and secure multi-party computation

    Science.gov (United States)

    Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

    2016-01-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography. PMID:27404561

  20. Simple steps to data encryption a practical guide to secure computing

    CERN Document Server

    Loshin, Peter

    2013-01-01

    Everyone wants privacy and security online, something that most computer users have more or less given up on as far as their personal data is concerned. There is no shortage of good encryption software, and no shortage of books, articles and essays that purport to be about how to use it. Yet there is precious little for ordinary users who want just enough information about encryption to use it safely and securely and appropriately--WITHOUT having to become experts in cryptography. Data encryption is a powerful tool, if used properly. Encryption turns ordinary, readable data into what

  1. Towards Realising Secure and Efficient Image and Video Processing Applications on Quantum Computers

    Directory of Open Access Journals (Sweden)

    Abdullah M. Iliyasu

    2013-07-01

    Full Text Available Exploiting the promise of security and efficiency that quantum computing offers, the basic foundations leading to commercial applications for quantum image processing are proposed. Two mathematical frameworks and algorithms to accomplish the watermarking of quantum images, authentication of ownership of already watermarked images and recovery of their unmarked versions on quantum computers are proposed. Encoding the images as 2n-sized normalised Flexible Representation of Quantum Images (FRQI states, with n-qubits and 1-qubit dedicated to capturing the respective information about the colour and position of every pixel in the image respectively, the proposed algorithms utilise the flexibility inherent to the FRQI representation, in order to confine the transformations on an image to any predetermined chromatic or spatial (or a combination of both content of the image as dictated by the watermark embedding, authentication or recovery circuits. Furthermore, by adopting an apt generalisation of the criteria required to realise physical quantum computing hardware, three standalone components that make up the framework to prepare, manipulate and recover the various contents required to represent and produce movies on quantum computers are also proposed. Each of the algorithms and the mathematical foundations for their execution were simulated using classical (i.e., conventional or non-quantum computing resources, and their results were analysed alongside other longstanding classical computing equivalents. The work presented here, combined together with the extensions suggested, provide the basic foundations towards effectuating secure and efficient classical-like image and video processing applications on the quantum-computing framework.

  2. Review of Cloud Computing Security%云安全研究进展综述

    Institute of Scientific and Technical Information of China (English)

    俞能海; 郝卓; 徐甲甲; 张卫明; 张驰

    2013-01-01

    随着云计算在学术界和工业界的兴起,云计算也不可避免的带来了一些安全问题.本文对云计算的安全需求进行了总结,指出云计算不仅在机密性、数据完整性、访问控制和身份认证等传统安全性上存在需求,而且在可信性、配置安全性、虚拟机安全性等方面具有新的安全需求.我们对云计算的两个典型产品Amazon Web Services和Windows Azure的安全状况进行了总结,并阐述了针对云计算的拒绝服务攻击和旁通道攻击.基于云计算的安全需求和面临的攻击,对现有安全机制进行了优缺点分析,系统的总结了现有的安全机制.%With the development of cloud computing in the academia and industry, it is inevitable that many security problems arise.This paper summarizes the security requirements of cloud computing, which not only cover the traditional security requirements like confidentiality,data integrity,access control and identity authentication,but also introduce new security requirements in the credibility,configuration and virtual machinery.We make conclusions about the security situations on two typical cloud computing products: Amazon Web Services and Windows Azure and elaborate two attack mechanisms against cloud computing:Denial of service attack and Side channel attack.Based on the security requirements and attacks against cloud computing, we systematically summarize the current security protection mechanisms and further make a comparison among them.

  3. Enhanced Survey and Proposal to secure the data in Cloud Computing Environment

    Directory of Open Access Journals (Sweden)

    MR.S.SUBBIAH

    2013-01-01

    Full Text Available Cloud computing have the power to eliminate the cost of setting high end computing infrastructure. It is a promising area or design to give very flexible architecture, accessible through the internet. In the cloud computing environment the data will be reside at any of the data centers. Due to that, some data center may leak the data stored on there, beyond the reach and control of the users. For this kind of misbehaving data centers, the service providers should take care of the security and privacy of the data stored in the data centers through the cloud computing environment. This survey paper try to elaborate and analyze the various unresolved issues in the cloud computing environment and try to propose an alternate method which can be useful to the various kind of users who are willing to get into the new era of cloud computing. Moreover this paper try to give some suggestions in the area of Securing the data while storing the data in the cloud server, implement new Data displacement strategies, Service Level Agreement between the user and the Cloud Service Provider and finally how to improve the Quality of Service.

  4. Energy Efficient Security Preserving VM Live Migration In Data Centers For Cloud Computing

    Directory of Open Access Journals (Sweden)

    Korir Sammy

    2012-03-01

    Full Text Available Virtualization is an innovation that has widely been utilized in modern data centers for cloud computing to realize energy-efficient operations of servers. Virtual machine (VM migration brings multiple benefits such as resource distribution and energy aware consolidation. Server consolidation achieves energy efficiency by enabling multiple instances of operating systems to run simultaneously on a single machine. With virtualization, it is possible to consolidate severs through VM live migration. However, migration of virtual machines brings extra energy consumption and serious security concerns that derail full adoption of this technology. In this paper, we propose a secure energy-aware provisioning of cloud computing resources on consolidated and virtualized platforms. Energy efficiency is achieved through just-right dynamic Round-Robin provisioning mechanism and the ability to power down sub-systems of a host system that are not required by VMs mapped to it. We further propose solutions to security challenges faced during VM live migration. We validate our approach by conducting a set of rigorous performance evaluation study using CloudSim toolkit. The experimental results show that our approach achieves reduced energy consumption in data centers while not compromising on security.

  5. Computational Security Analysis of the UMTS and LTE Authentication and Key Agreement Protocols

    CERN Document Server

    Mjølsnes, Stig

    2012-01-01

    One of the forerunners and main candidates for the fourth generation (4G) generation mobile communication system is commonly known under the name Long-Term Evolution (LTE) and its standard is produced and maintained by the international 3rd Generation Partnership Program (3GPP) consortium. The LTE Authentication and Key Agreement (AKA) protocol design is based on the Universal Mobile Telecommunications System (UMTS) AKA protocol, which is widely used today for third generation (3G) wireless networks. The authentication protocols for these mobile network systems will arguably become the most widely used security protocols in the near future. We present a computational security analysis of both the LTE AKA and the UMTS AKA. This work constitutes the first security analysis of LTE AKA to date. Our analysis is based on a computational security model. Moreover, we report on a deficiency in the protocol specifications, and show how this may enable attacks on both LTE AKA and UMTS AKA. The vulnerability can be explo...

  6. Service task partition and distribution in star topology computer grid subject to data security constraints

    Energy Technology Data Exchange (ETDEWEB)

    Xiang Yanping [Collaborative Autonomic Computing Laboratory, School of Computer Science, University of Electronic Science and Technology of China (China); Levitin, Gregory, E-mail: levitin@iec.co.il [Collaborative Autonomic Computing Laboratory, School of Computer Science, University of Electronic Science and Technology of China (China); Israel electric corporation, P. O. Box 10, Haifa 31000 (Israel)

    2011-11-15

    The paper considers grid computing systems in which the resource management systems (RMS) can divide service tasks into execution blocks (EBs) and send these blocks to different resources. In order to provide a desired level of service reliability the RMS can assign the same blocks to several independent resources for parallel execution. The data security is a crucial issue in distributed computing that affects the execution policy. By the optimal service task partition into the EBs and their distribution among resources, one can achieve the greatest possible service reliability and/or expected performance subject to data security constraints. The paper suggests an algorithm for solving this optimization problem. The algorithm is based on the universal generating function technique and on the evolutionary optimization approach. Illustrative examples are presented. - Highlights: > Grid service with star topology is considered. > An algorithm for evaluating service reliability and data security is presented. > A tradeoff between the service reliability and data security is analyzed. > A procedure for optimal service task partition and distribution is suggested.

  7. Students and Taxes: a Privacy-Preserving Study Using Secure Computation

    Directory of Open Access Journals (Sweden)

    Bogdanov Dan

    2016-07-01

    Full Text Available We describe the use of secure multi-party computation for performing a large-scale privacy-preserving statistical study on real government data. In 2015, statisticians from the Estonian Center of Applied Research (CentAR conducted a big data study to look for correlations between working during university studies and failing to graduate in time. The study was conducted by linking the database of individual tax payments from the Estonian Tax and Customs Board and the database of higher education events from the Ministry of Education and Research. Data collection, preparation and analysis were conducted using the Share-mind secure multi-party computation system that provided end-to-end cryptographic protection to the analysis. Using ten million tax records and half a million education records in the analysis, this is the largest cryptographically private statistical study ever conducted on real data.

  8. Special Issue on Entropy-Based Applied Cryptography and Enhanced Security for Ubiquitous Computing

    Directory of Open Access Journals (Sweden)

    James (Jong Hyuk Park

    2016-09-01

    Full Text Available Entropy is a basic and important concept in information theory. It is also often used as a measure of the unpredictability of a cryptographic key in cryptography research areas. Ubiquitous computing (Ubi-comp has emerged rapidly as an exciting new paradigm. In this special issue, we mainly selected and discussed papers related with ore theories based on the graph theory to solve computational problems on cryptography and security, practical technologies; applications and services for Ubi-comp including secure encryption techniques, identity and authentication; credential cloning attacks and countermeasures; switching generator with resistance against the algebraic and side channel attacks; entropy-based network anomaly detection; applied cryptography using chaos function, information hiding and watermark, secret sharing, message authentication, detection and modeling of cyber attacks with Petri Nets, and quantum flows for secret key distribution, etc.

  9. Computational Models for Analysis of Illicit Activities

    DEFF Research Database (Denmark)

    Nizamani, Sarwat

    Numerous illicit activities happen in our society, which, from time to time affect the population by harming individuals directly or indirectly. Researchers from different disciplines have contributed to developing strategies to analyze such activities, in order to help law enforcement agents dev...... population globally sensitive to specific world issues. The models discuss the dynamics of population in response to such issues. All the models presented in the thesis can be combined for a systematic analysis of illicit activities.......Numerous illicit activities happen in our society, which, from time to time affect the population by harming individuals directly or indirectly. Researchers from different disciplines have contributed to developing strategies to analyze such activities, in order to help law enforcement agents...... devise policies to minimize them. These activities include cybercrimes, terrorist attacks or violent actions in response to certain world issues. Beside such activities, there are several other related activities worth analyzing, for which computational models have been presented in this thesis...

  10. AN ACTIVE MIDDLEWARE FOR SECURE AUTOMATIC RECONFIGURATION OF APPLICATIONS FOR ANDROID DEVICES

    Directory of Open Access Journals (Sweden)

    S. Kami Makki

    2014-09-01

    Full Text Available With the prevalence of smart phones and the role they play in the lives of consumers, the demand for high performing mobile computing is apparent. Although smartphones today are feature-rich, they are still resource-scarce; they are limited by their memory, energy, and processing power. These limitations constrain the ability of these devices to perform intensive computational tasks without compromising the consistency of mobile device performance. As such, the development of a dynamic and intelligent mobile middleware solution can ameliorate these constraints through the utilization of surrogate computing methodologies. In this paper, we present an intelligent and active middleware solution for secure automatic reconfiguration of applications for android devices. This middleware offers efficiency and enhances the conservation of resources for these devices.

  11. Information Technology Convergence, Secure and Trust Computing, and Data Management ITCS 2012 & STA 2012

    CERN Document Server

    Kim, Jongsung; Zou, Deqing; Lee, Yang

    2012-01-01

    ITCS 2012 and STA 2012 address the various theories and practical applications of information technology convergence, secure and trust computing, and data management in future environments. It will present important results of significant value to solve the application services and various problems within the scope of ITCS 2012 & STA 2012. In addition, we expect it will trigger further related research and technology developments which will improve our lives in the future.

  12. FendOff encryption software to secure personal information on computers and mobile devices

    OpenAIRE

    Solovyev, Victor; Umarov, Ramzan

    2015-01-01

    The paper describes several original cryptographic cipher modules (VSEM) that are based on using one time pseudorandom pad and pseudorandom transpositions. The VSEM includes 4 modules of encryption that can be applied in combinations. We studied ability of these modules to secure the private data against attacks and their speed of encryption. The VSEM encryption was implemented in Fendoff applications for mobile devices on iOS and Android platforms as well as in computer application running W...

  13. High-speed secure key distribution over an optical network based on computational correlation imaging.

    Science.gov (United States)

    Li, Shen; Yao, Xu-Ri; Yu, Wen-Kai; Wu, Ling-An; Zhai, Guang-Jie

    2013-06-15

    We present a protocol for an optical key distribution network based on computational correlation imaging, which can simultaneously realize privacy amplification and multiparty distribution. With current technology, the key distribution rate could reach hundreds of Mbit/s with suitable choice of parameters. The setup is simple and inexpensive, and may be employed in real networks where high-speed long-distance secure communication is required. PMID:23939004

  14. Enhancing Information Security in Cloud Computing Services using SLA based metrics

    OpenAIRE

    , Nia; Mganga, Ramadianti Putri;; Charles, Medard

    2011-01-01

    Context: Cloud computing is a prospering technology that most organizations are considering for adoption as a cost effective strategy for managing IT. However, organizations also still consider the technology to be associated with many business risks that are not yet resolved. Such issues include security, privacy as well as legal and regulatory risks. As an initiative to address such risks, organizations can develop and implement SLA to establish common expectations and goals between the clo...

  15. Batch Secret Sharing for Secure Multi-party Computation in Asynchronous Network

    Institute of Scientific and Technical Information of China (English)

    HUANG Zheng; GONG Zheng; LI Qiang

    2009-01-01

    This paper proposes an efficient batch secret sharing protocol among n players resilient to t < n/4 players in asynchronous network. The construction of our protocol is along the line of Hirt's protocol which works in synchronous model. Compared with the method of using secret share protocol m times to share m secrets, our protocol is quite efficient. The protocol can be used to improve the efficiency of secure multi-party computation (MPC) greatly in asynchronous network.

  16. 分析计算机安全问题%Analysis of Computer Security

    Institute of Scientific and Technical Information of China (English)

    李振美

    2014-01-01

    随着社会经济的不断发展,信息技术也在飞速发展过程中,从计算机的诞生之初到当今的网络信息时代,计算机的应用已渗入到社会的各个行业中,计算机促使了互联网的发展,同时网络给人们的生活、工作和学习等带来了很多乐趣。信息网络在给人们带来便捷的同时也引发了一系列安全问题,如计算机硬件设施安全、软件信息安全、网络黑客、病毒的侵袭等等,计算机可能给我们带来自各个方面的威胁,所以熟知计算机安全所面临的问题,积极探索影响计算机安全运行的防范措施,保护个人的计算机免受威胁,已经成为人们关注重点问题,显得尤为重要。%With the continuous development of social economy, information technology is also in the process of rapid development, from the beginning of the birth of the computer to network information age in nowdey,the application of computer has penetrated into every industry of the society, the computer prompted the development of the Internet, the network to people's life, work and study at the same time, brought a lot of fun. Information network brings convenient also triggered a series of security problems, such as computer hardware security, software, information security, network hacker, virus attacks and so on.The computer may bring us from the threat of various aspects, so learning computer security problems, exploring measures to prevent affecting the safe operation of the computer, protect personal computer from threat, has become the key problem, especially important.

  17. Ensuring Data Security And Privacy In Cloud Computing Through Transparency as Service Model

    Directory of Open Access Journals (Sweden)

    Afzaal Ahmad

    2014-09-01

    Full Text Available Cloud Computing is hot technology in computer world today. Its getting popular because its inexpensive, provides on demand access when and where needed. It also removes technical staff requirements for maintaining the infrastructure because that is done on the provider side thus significantly reducing organizational costs. It also provides opportunity for scientists to use powerful computing resources for research purposes which are very expensive on rent bases which they normally would not have been able to use due to cost factors.But with these features it has certain problems that discredit the service one of major problems is Data Security and Privacy.Since the only party that has physical access to data storage is provider and to keep track of where data is stored for certain users the providers keep meta-data in their own databases it creates a security and data privacy issue.If meta-data is compromised than unauthorized access to user data is possible.This paper proposes a Transparency Service Model to insure security and privacy of the user data.

  18. A Secure Mathematical Computation Protocol%安全网络数学计算协议

    Institute of Scientific and Technical Information of China (English)

    林东岱; 宋志敏; 等

    2002-01-01

    The Internet Accessible Mathematical Computation (IAMC) framework makes supplying/accessing mathematical computation easy on the Internet/Web.In this paper ,the vulnerabilities of the current IAMC framework is discussed.A scheme for incorporating SSL/TLS protocol into the current Mathematical Computation Protocol is presented. The resulting secure Mathematical Computation Protocol can then provide crypto-graphic authentications,data privacy and integrity.%讨论了网络数学计算框架IAMC的安全性问题,给出了一个用安全协议SSL/TLS提高数学计算协议MCP安全性的实现方案.改进后的网络数学计算框架可有效地提供计算数据的机密性、完整性和用户认证等安全功能.

  19. Autonomous Micro-Modular Mobile Data Center Cloud Computing Study for Modeling, Simulation, Information Processing and Cyber-Security Viability Project

    Data.gov (United States)

    National Aeronautics and Space Administration — Cloud computing security penetration testing and anomaly detection defense studies were conducted to assess the adequacy of cloud computing security.  Since...

  20. Local encoding of computationally designed enzyme activity

    OpenAIRE

    Allert, Malin; Dwyer, Mary A.; Hellinga, Homme W.

    2006-01-01

    One aim of computational protein design is to introduce novel enzyme activity into proteins of known structure by predicting mutations that stabilize transition states. Previously we have shown that it is possible to introduce triose phosphate isomerase activity into the ribose-binding protein of Escherichia coli by constructing 17 mutations in the first two layers of residues that surround the wild-type ligand-binding site. Here we report that these mutations can be “transplanted” into a hom...

  1. Embedding Computer Activities into the Context of Preschools

    OpenAIRE

    Morgado, Leonel; Cristóvão-Morgado, Rosa; Bulas Cruz, Maria Gabriel; Kahn, Ken

    2005-01-01

    Computer activities are all too often employed in preschool (and kindergarten) activity rooms with little regard for what is going on beyond the computer. Consequently, in those circumstances computer time is lacking appropriate context that could help link computer activities with the educational themes surrounding non-computer activities. Providing technical computer training to preschool and kindergarten teachers is often not sufficient to originate activities that embed that context beyon...

  2. Discussion on Relevant Standards of Cloud-Computing Security%云计算安全相关标准研究现状初探

    Institute of Scientific and Technical Information of China (English)

    颜斌

    2012-01-01

    云计算带来了广阔的应用前景,但也对传统的信息安全技术在云计算模式下的应用提出了新的挑战,安全和标准化是云计算所面临的众多问题中的关键所在。目前,各国政府机构和研究组织正在积极着手研究相关问题,文中围绕云计算安全标准研究展开,介绍当前主要的云安全标准组织情况,并就各自在云计算安全领域的标准研究情况进行概述,对其主要研究成果进行扼要分析,希望为国内云计算安全标准的研究提供部分借鉴。%Cloud computing brings a broad application prospects while also new challenges to the application of traditional information security technology under cloud computing mode,and its security and standardization is the key to many problems faced by cloud computing. Currently,various government agencies and research organizations are actively engaged in the study of related issues. This paper,with focus on the study of cloud computing security standards,describes the principal cloud security standards organizations,and briefs their the respective standards researches of cloud computing security,analyzes their major research achievements,hoping that this could provide certain reference for domestic research of cloud computing security standards.

  3. Secure Selection of Multiple Resources Based on Virtual Private Network for Computational Grids

    Directory of Open Access Journals (Sweden)

    G. Kavitha

    2011-01-01

    Full Text Available Problem statement: Grid computing provides a virtual framework for controlled sharing of resources across institutional boundaries. In computational grids, a client application is executed on the available set of resources that satisfy the user QoS requirements. Some applications require exhaustive computation power for execution of its tasks. In general, these tasks are assigned to a single available resource on the grid that has the required computation power. Therefore, the client application waits indefinitely until a suitable resource is found. Approach: In this study a novel multiple resource selection strategy is presented, which selects multiple resources based on trust and QoS parameters and the tasks are mapped to the appropriate resources for parallel execution. Selection of resources is based on the trust value of the resource, the available computation power at the time of job submission, the speed of the connectivity link, the time deadline and the budget constraints. The proposed method performs task grouping and selects the optimum number of resources for task execution. The tasks are executed in parallel among the multiple resources and the results are aggregated and transferred to the client within the specified time deadline. Security for the user tasks is strengthened by creating a Virtual Private Network (VPN to the selected resources and tasks are further mapped to the resources through the secured VPN channel. Results: Simulations results show that there is a significant improvement in the overall resource utilization of the grid with a high success rate of jobs and reduction in the total execution time of submitted jobs. Conclusion: The tasks are scheduled to available multiple resources with VPN security. As optimum number of resources is selected for parallel execution, the resources are utilized to a maximum and there is a reduction in the percentage of pending jobs on the grid.

  4. Proceedings from the conference on high speed computing: High speed computing and national security

    Energy Technology Data Exchange (ETDEWEB)

    Hirons, K.P.; Vigil, M.; Carlson, R. [comps.

    1997-07-01

    This meeting covered the following topics: technologies/national needs/policies: past, present and future; information warfare; crisis management/massive data systems; risk assessment/vulnerabilities; Internet law/privacy and rights of society; challenges to effective ASCI programmatic use of 100 TFLOPs systems; and new computing technologies.

  5. Security

    Science.gov (United States)

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  6. 浅析计算机网络安全建设及安全技术策略%Computer Network Security Construction and Security Technology Strategies Analysis

    Institute of Scientific and Technical Information of China (English)

    岳慧平; 刘广; 刘建平

    2011-01-01

    With the computer technology and communication technology in all aspects of social life, the extensive application of computer network security issues and more and more prominent.This definition of network security from the start,details the threat to computer network security considerations,and proposed technical and management aspects of the corresponding preventive measures.%随着计算机技术和通信技术在社会生活各方面的广泛应用,计算机网络安全防护问题也愈来愈突出。本文从网络全定义入手,详细阐述了威胁计算机网络安全的因素,并在技术及管理方面提出了相应的防范对策。

  7. Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques

    CERN Document Server

    Bhadauria, Rohit

    2012-01-01

    Cloud Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet for lightweight portable devices. This would allow multi-fold increase in the capacity or capabilities of the existing and new software. In a cloud computing environment, the entire data reside over a set of networked resources, enabling the data to be accessed through virtual machines. Since these data-centers may lie in any corner of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and taken care of. Also, one can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario. This extensive survey paper aims to...

  8. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  9. Unconditionally secure computers and hardware, such as memories, processors, and hard drives

    CERN Document Server

    Kish, Laszlo B

    2008-01-01

    In the case of the need of extraordinary security, Kirchhoff-loop-Johnson-(like)-noise ciphers can easily be integrated on existing types of digital chips in order to provide secure data communication between hardware processors, memory chips, hard disks and other units within a computer or other data processor system. The secure key exchange can take place at the very first run and the system can renew the key later at random times with an authenticated fashion to prohibit man-in-the-middle attack. The key can be stored in flash memories within the communicating chip units at hidden random addresses among other random bits that are continuously generated by the secure line but are never actually used. Thus, even if the system is disassembled, and the eavesdropper can have direct access to the communication lines between the units, or even if she is trying to use a man-in-the-middle attack, no information can be extracted. The only way to break the code is to learn the chip structure, to understand the machin...

  10. Securely Data Forwarding and Maintaining Reliability of Data in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Sonali A.Wanjari

    2015-02-01

    Full Text Available Cloud works as an online storage servers and provides long term storage services over the internet. It is like a third party in whom we can store a data so they need data confidentiality, robustness and functionality. Encryption and encoding methods are used to solve such problems. After that divide proxy re-encryption scheme and integrating it with a decentralized erasure code such that a secure distributed storage system is formulated. The distributed storage system not only supports secure, robust data storage and retrieval but also lets the user forward his data to another user without retrieving the data. A concept of backup in same server allows users to retrieve failure data successfully in the storage server and also forward to another user without retrieving the data back. This is an attempt to provide light-weight approach which protects data access in distributed storage servers. User can implement all important concept i.e. Confidentiality for security, Robustness for healthy data, Reliability for flexible data, Availability for compulsory data will be achieved to another user which is store in cloud and easily overcome problem of “Securely data forwarding and maintaining, reliability of data in cloud computing “using different type of Methodology and Technology.

  11. Security and Integrity of Data in Cloud Computing Based on Feature Extraction of Handwriting Signature

    Directory of Open Access Journals (Sweden)

    Ali A. Yassin

    2015-05-01

    Full Text Available Cloud Computing gains users to store their data into the cloud as the remotest manner so that they can be comforted from the trouble of local data save and maintenance. The user loses the control of his remotely located data. This feature has many security challenges such as the authority and integrity of data. One of the significant concerns that require to be addressed is to assure the user of the integrity i.e. rightness of his data in the cloud. Continuously, the user cannot access to cloud’s data directly. So, the cloud must provide a technique for the user to ensure if the integrity of his data is protected or is compromised. In this paper, we propose the use of encrypted data integrity by presenting the feature extraction of handwriting signature in a modern encryption scheme that preserves the integrity of data in cloud server. Any prohibited data modification, removal, or addition can be detected by cloud user. Additionally, our proposed scheme presents a proof of data integrity in the cloud which the user can know the truth of his data in the cloud server. We employ user’s handwritten signature to secure and integrate his data in cloud server. Extensive security and performance analyses view that our proposed scheme has highly efficient and provably secure. In addition, the performance time decreases and the compensation ratio of data integrity is increases.

  12. Basic legal provisions concerning the activities of industrial security personnel

    International Nuclear Information System (INIS)

    The author confines himself to sabotage and espionage. Necessary counter-measures are determined by the respective type of activities. Sect. 618 of the German Civil Code and Sect. 120 a of the Industrial Code give basic legal provisions for the protection of industrial personnel. The legal position held by owner or occupant forms the legal basis for 'vulnerable point protection'. The owner's rights are assigned to the industrial police and are exercised in correspondence with the service or employment contract set up according to Sect. 611 and the following sections of the German Civil Code. Outside guards work according to the performance contract given int the Sections 675, 611, 631 of the German Civil Code. The security personnel has the common right of self-help: self-defence, civil rights concerning the state of national emergency and self-defence under criminal law, rights derived from ownership and property. The author critically argues views held by Mr. Hoffmann-Riem who thinks that police powers have been assigned to private persons. He definitely answers in the negative to the execution of, or encroachment on, sovereign (police) powers by industrial security personnel. A special legal regulation is not necessary, since private protection in form of professional selfdefence is admissible under the law in force. (HSCH)

  13. Cryptanalysis and security enhancement of optical cryptography based on computational ghost imaging

    Science.gov (United States)

    Yuan, Sheng; Yao, Jianbin; Liu, Xuemei; Zhou, Xin; Li, Zhongyang

    2016-04-01

    Optical cryptography based on computational ghost imaging (CGI) has attracted much attention of researchers because it encrypts plaintext into a random intensity vector rather than complexed-valued function. This promising feature of the CGI-based cryptography reduces the amount of data to be transmitted and stored and therefore brings convenience in practice. However, we find that this cryptography is vulnerable to chosen-plaintext attack because of the linear relationship between the input and output of the encryption system, and three feasible strategies are proposed to break it in this paper. Even though a large number of plaintexts need to be chosen in these attack methods, it means that this cryptography still exists security risks. To avoid these attacks, a security enhancement method utilizing an invertible matrix modulation is further discussed and the feasibility is verified by numerical simulations.

  14. InfoSec-MobCop - Framework for Theft Detection and Data Security on Mobile Computing Devices

    Science.gov (United States)

    Gupta, Anand; Gupta, Deepank; Gupta, Nidhi

    People steal mobile devices with the intention of making money either by selling the mobile or by taking the sensitive information stored inside it. Mobile thefts are rising even with existing deterrents in place. This is because; they are ineffective, as they generate unnecessary alerts and might require expensive hardware equipments. In this paper a novel framework termed as InfoSec-MobCop is proposed which secures a mobile user’s data and discovers theft by detecting any anomaly in the user behavior. The anomaly of the user is computed by extracting and monitoring user specific details (typing pattern and usage history). The result of any intrusion attempt by a masquerader is intimated to the service provider through an SMS. Effectiveness of the used approach is discussed using FAR and FRR graphs. The experimental system uses both real users and simulated studies to quantify the effectiveness of the InfoSec-MobCop (Information Security Mobile Cop).

  15. Darwin inside the machines: Malware evolution and the consequences for computer security

    CERN Document Server

    Iliopoulos, D; Szor, P

    2011-01-01

    Recent advances in anti-malware technologies have steered the security industry away from maintaining vast signature databases and into newer defence technologies such as behaviour blocking, application whitelisting and others. Most would agree that the reasoning behind this is to keep up with the arms race established between malware writers and the security community almost three decades ago. Still, malware writers have not as yet created new paradigms. Indeed, malicious code development is still largely limited to code pattern changes utilizing polymorphic and metamorphic engines, as well as executable packer and wrapper technologies. Each new malware instance retains the exact same core functionality as its ancestor and only alters the way it looks. What if, instead, malware were able to change its function or behaviour autonomously? What if, in the absence of human intervention, computer viruses resembled biological viruses in their ability to adapt to new defence technologies as soon as they came into e...

  16. Secure Scientific Applications Scheduling Technique for Cloud Computing Environment Using Global League Championship Algorithm.

    Science.gov (United States)

    Abdulhamid, Shafi'i Muhammad; Abd Latiff, Muhammad Shafie; Abdul-Salaam, Gaddafi; Hussain Madni, Syed Hamid

    2016-01-01

    Cloud computing system is a huge cluster of interconnected servers residing in a datacenter and dynamically provisioned to clients on-demand via a front-end interface. Scientific applications scheduling in the cloud computing environment is identified as NP-hard problem due to the dynamic nature of heterogeneous resources. Recently, a number of metaheuristics optimization schemes have been applied to address the challenges of applications scheduling in the cloud system, without much emphasis on the issue of secure global scheduling. In this paper, scientific applications scheduling techniques using the Global League Championship Algorithm (GBLCA) optimization technique is first presented for global task scheduling in the cloud environment. The experiment is carried out using CloudSim simulator. The experimental results show that, the proposed GBLCA technique produced remarkable performance improvement rate on the makespan that ranges between 14.44% to 46.41%. It also shows significant reduction in the time taken to securely schedule applications as parametrically measured in terms of the response time. In view of the experimental results, the proposed technique provides better-quality scheduling solution that is suitable for scientific applications task execution in the Cloud Computing environment than the MinMin, MaxMin, Genetic Algorithm (GA) and Ant Colony Optimization (ACO) scheduling techniques.

  17. Secure Scientific Applications Scheduling Technique for Cloud Computing Environment Using Global League Championship Algorithm

    Science.gov (United States)

    Abdulhamid, Shafi’i Muhammad; Abd Latiff, Muhammad Shafie; Abdul-Salaam, Gaddafi; Hussain Madni, Syed Hamid

    2016-01-01

    Cloud computing system is a huge cluster of interconnected servers residing in a datacenter and dynamically provisioned to clients on-demand via a front-end interface. Scientific applications scheduling in the cloud computing environment is identified as NP-hard problem due to the dynamic nature of heterogeneous resources. Recently, a number of metaheuristics optimization schemes have been applied to address the challenges of applications scheduling in the cloud system, without much emphasis on the issue of secure global scheduling. In this paper, scientific applications scheduling techniques using the Global League Championship Algorithm (GBLCA) optimization technique is first presented for global task scheduling in the cloud environment. The experiment is carried out using CloudSim simulator. The experimental results show that, the proposed GBLCA technique produced remarkable performance improvement rate on the makespan that ranges between 14.44% to 46.41%. It also shows significant reduction in the time taken to securely schedule applications as parametrically measured in terms of the response time. In view of the experimental results, the proposed technique provides better-quality scheduling solution that is suitable for scientific applications task execution in the Cloud Computing environment than the MinMin, MaxMin, Genetic Algorithm (GA) and Ant Colony Optimization (ACO) scheduling techniques. PMID:27384239

  18. Secure Scientific Applications Scheduling Technique for Cloud Computing Environment Using Global League Championship Algorithm.

    Science.gov (United States)

    Abdulhamid, Shafi'i Muhammad; Abd Latiff, Muhammad Shafie; Abdul-Salaam, Gaddafi; Hussain Madni, Syed Hamid

    2016-01-01

    Cloud computing system is a huge cluster of interconnected servers residing in a datacenter and dynamically provisioned to clients on-demand via a front-end interface. Scientific applications scheduling in the cloud computing environment is identified as NP-hard problem due to the dynamic nature of heterogeneous resources. Recently, a number of metaheuristics optimization schemes have been applied to address the challenges of applications scheduling in the cloud system, without much emphasis on the issue of secure global scheduling. In this paper, scientific applications scheduling techniques using the Global League Championship Algorithm (GBLCA) optimization technique is first presented for global task scheduling in the cloud environment. The experiment is carried out using CloudSim simulator. The experimental results show that, the proposed GBLCA technique produced remarkable performance improvement rate on the makespan that ranges between 14.44% to 46.41%. It also shows significant reduction in the time taken to securely schedule applications as parametrically measured in terms of the response time. In view of the experimental results, the proposed technique provides better-quality scheduling solution that is suitable for scientific applications task execution in the Cloud Computing environment than the MinMin, MaxMin, Genetic Algorithm (GA) and Ant Colony Optimization (ACO) scheduling techniques. PMID:27384239

  19. Human factors in Coast Guard Computer Security - an analysis of current awareness and potential techniques to improve security program viability

    OpenAIRE

    Whalen, Timothy J.

    2001-01-01

    The Coast Guard is becoming increasingly reliant upon our nation's information infrastructure. As such, our ability to ensure the security of those systems is also increasing in import. Traditional information security measures tend to be system-oriented and often fail to address the human element that is critical to system success. In order to ensure information system security, both system and human factors requirements must be addressed. This thesis attempts to identify both the suscep...

  20. 个人计算机网络安全防护策略%Personal Computer Network Security Strategy

    Institute of Scientific and Technical Information of China (English)

    付曙光

    2011-01-01

    This article mainly elaborated on the definition of network security and network security against the content of.Discusses the threat of network security factors and how to protect personal computer network security and need to do prevention measures.%本文主要阐述了网络安全的定义及危害网络安全所表现的内容。论述了威胁网络安全的因素及怎样保障个人计算机的网络安全及煎要做的防范措施。

  1. Breaking the O(nm) Bit Barrier: Secure Multiparty Computation with a Static Adversary

    CERN Document Server

    Dani, Varsha; Movahedi, Mahnush; Saia, Jared

    2012-01-01

    We describe scalable algorithms for secure multiparty computation (SMPC). We assume a synchronous message passing communication model, but unlike most related work, we do not assume the existence of a broadcast channel. Our main result holds for the case where there are n players, of which a (1/3-\\epsilon)-fraction are controlled by an adversary, for \\epsilon, any positive constant. We describe a SMPC algorithm for this model that requires each player to send O((n+m)/n + \\sqrt{n}) (where the O notation hides polylogarithmic factors) messages and perform O((n+m)/n + \\sqrt{n}) computations to compute any function f, where m is the size of a circuit to compute f. We also consider a model where all players are selfish but rational. In this model, we describe a Nash equilibrium protocol that solve SMPC and requires each player to send O((n+m)/n) messages and perform O((n+m)/n) computations. These results significantly improve over past results for SMPC which require each player to send a number of bits and perform...

  2. A SPIC-AND-SPAN GATEWAY FOR SECURE DATA STORAGE IN CLOUD COMPUTING ENVIRONMENT

    Directory of Open Access Journals (Sweden)

    R.STEFFY CROWN

    2013-06-01

    Full Text Available Cloud computing is a light weight methodology. The cloud based applications are accessed by the end user through the use of web browser or a light weight desktop. In recent year, cloud computing is a one of the great powerful luminous star in the universal IT industry. Spotlight of this paper is constructing a cloud storage system for robustness, confidentiality, and functionality. A cloud storage system is otherwise called tremendous distributed storage system, it is a collection of numerous storage systems. Now a days the most important issue of cloud computing is surety and confidentiality. Then the cloud computing domain is an open source domain in which several resources are shared. So the sharing of data and the storing of data to be tricky. To overcome this problem in this paper, we proposed a new technique called Trusted Platform Module this conscious grand design to establish a data confidentiality and security prosperity including authentication, and integrity to the cloud computing environment.

  3. Information Security Analysis in Cloud Computing Environment%云计算环境下信息安全分析

    Institute of Scientific and Technical Information of China (English)

    张慧; 邢培振

    2011-01-01

    基于互联网的云计算被认为是当今互联网发展的方向,近年来引起人们的广泛关注,如何构建安全的云计算环境成为当前计算机学科研究的热点问题之一.文中从云计算的发展现状人手,介绍了NIST推出的云计算规范、五个本质特征和云计算服务模型,分析了CSA云计算安全参考模型和Jericho Forum的云立方体模型,并从安全边界、数据安全、应用安全三个方面讨论了当前云计算环境下存在的信息安全问题,最后给出了云计算环境下保证信息安全的解决方案.%Internet-based cloud computing is considered to be the direction of development of the Internet today, has attracted much attention, how to build secure computer cloud computing environments become one of hot research subjects. In this paper,from the status quo of the development of cloud computing, first introduced the launch of the cloud NIST standard, the five essential characteristics and cloud computing services model, and then analyzed the CSA cloud computing model and the Jericho Forum security reference cube model of the cloud, and from the security boundary , data security, application security discussed the information security problem of the current cloud computing environment, given the security solutions in cloud computing environment to ensure information.

  4. 图书馆计算机网络的安全管理%Security management of library computer network

    Institute of Scientific and Technical Information of China (English)

    柳胜国

    2001-01-01

    Security management of library computer network is an important part of library management.The not secure factor in computer network,including the system factor,management factor,environment factor,computer viris is described.The way of solving not secure factor from security system,manipulate technology,equipment management is raised.%图书馆计算机网络系统的安全管理是图书馆管理中的重要组成部分。 论述了在计算机网络管理中的不安全因素,包括系统因素、管理因素、环境因素、计算机病毒;提出了从安全制度、操作技术、设备管理方面解决不安全因素的办法。

  5. CIPSS [computer-integrated process and safeguards system]: The integration of computer-integrated manufacturing and robotics with safeguards, security, and process operations

    International Nuclear Information System (INIS)

    This poster session describes the computer-integrated process and safeguards system (CIPSS). The CIPSS combines systems developed for factory automation and automated mechanical functions (robots) with varying degrees of intelligence (expert systems) to create an integrated system that would satisfy current and emerging security and safeguards requirements. Specifically, CIPSS is an extension of the automated physical security functions concepts. The CIPSS also incorporates the concepts of computer-integrated manufacturing (CIM) with integrated safeguards concepts, and draws upon the Defense Advance Research Project Agency's (DARPA's) strategic computing program

  6. Understanding the Value of a Computer Emergency Response Capability for Nuclear Security

    Energy Technology Data Exchange (ETDEWEB)

    Gasper, Peter Donald [Idaho National Laboratory; Rodriguez, Julio Gallardo [Idaho National Laboratory

    2015-06-01

    The international nuclear community has a great understanding of the physical security needs relating to the prevention, detection, and response of malicious acts associated with nuclear facilities and radioactive material. International Atomic Energy Agency (IAEA) Nuclear Security Recommendations (INFCIRC_225_Rev 5) outlines specific guidelines and recommendations for implementing and maintaining an organization’s nuclear security posture. An important element for inclusion into supporting revision 5 is the establishment of a “Cyber Emergency Response Team (CERT)” focused on the international communities cybersecurity needs to maintain a comprehensive nuclear security posture. Cybersecurity and the importance of nuclear cybersecurity require that there be a specific focus on developing an International Nuclear CERT (NS-CERT). States establishing contingency plans should have an understanding of the cyber threat landscape and the potential impacts to systems in place to protect and mitigate malicious activities. This paper will outline the necessary components, discuss the relationships needed within the international community, and outline a process by which the NS-CERT identifies, collects, processes, and reports critical information in order to establish situational awareness (SA) and support decision-making

  7. The use of information technology security assessment criteria to protect specialized computer systems

    International Nuclear Information System (INIS)

    The purpose of this paper is to discuss the information security assessment criteria used in Russia and compare it with that used in the United States. The computer system security assessment criteria utilized by the State Technical Commission of Russia and similar criteria utilized by the US Department of Defense (TCSEC) are intended for the development and implementation of proven methods for achieving a required level of information security. These criteria are utilized, first and foremost, when conducting certification assessments of general purpose systems. The Russian Federation is creating specialized systems for nuclear material control and accountancy (MC and A) within the framework of the international laboratory-to-laboratory collaboration. Depending on the conditions in which the MC and A system is intended to operate, some of the criteria and the attendant certification requirements may exceed those established or may overlap the requirements established for attestation of such systems. In this regard it is possible to modify the certification and attestation requirements depending on the conditions in which a system will operate in order to achieve the ultimate goal--implementation of the systems in the industry

  8. TeleMed: Wide-area, secure, collaborative object computing with Java and CORBA for healthcare

    Energy Technology Data Exchange (ETDEWEB)

    Forslund, D.W.; George, J.E.; Gavrilov, E.M.

    1998-12-31

    Distributed computing is becoming commonplace in a variety of industries with healthcare being a particularly important one for society. The authors describe the development and deployment of TeleMed in a few healthcare domains. TeleMed is a 100% Java distributed application build on CORBA and OMG standards enabling the collaboration on the treatment of chronically ill patients in a secure manner over the Internet. These standards enable other systems to work interoperably with TeleMed and provide transparent access to high performance distributed computing to the healthcare domain. The goal of wide scale integration of electronic medical records is a grand-challenge scale problem of global proportions with far-reaching social benefits.

  9. 基于云计算的网络安全评估%Network security evaluation based on cloud computing

    Institute of Scientific and Technical Information of China (English)

    黄海军

    2016-01-01

    The network security assessment is the use of the network security perception technology for the security of network data contains information of multi-source heterogeneous analysis, in order to realize the escort for the safe operation of the network. In big data and cloud computing application in the aspect of network security evaluation, the use of big data structured or semi-structured data mining and the characteristics of the advantages of cloud computing is a distributed and parallel computing, solve the problem of network security evaluation ability, has certain feasibility. Therefore, in this paper, the study of network security evaluation based on cloud computing, based on the definition, characteristics, classification of cloud computing and cloud security the core technology and cloud computing network security risk analysis, from the perspective of different levels of design model of network security evaluation based on cloud computing, for network security involves all aspects of the evaluation, in order to give the right cloud computing network security solution.%网络安全评估是利用网络安全感知技术对网络数据中蕴含的安全性信息进行多源异构分析,以实现为网络安全运行保驾护航。在大数据、云计算应用在网络安全评估方面,利用大数据结构化或半结构化数据挖掘的特点和云计算分布式、并行式计算的优势,解决网络安全评估能力弱的问题,具有一定的可行性。因此,本文对基于云计算的网络安全评估进行研究,通过对云计算的定义、特点、分类及云安全核心技术和云计算网络安全风险进行分析,从不同层次的角度设计基于云计算的网络安全评估模型,对网络安全所涉及到的各个方面进行评估,以便于给出正确的云计算网络安全问题解决办法。

  10. Supporting Human Activities - Exploring Activity-Centered Computing

    DEFF Research Database (Denmark)

    Christensen, Henrik Bærbak; Bardram, Jakob

    2002-01-01

    In this paper we explore an activity-centered computing paradigm that is aimed at supporting work processes that are radically different from the ones known from office work. Our main inspiration is healthcare work that is characterized by an extreme degree of mobility, many interruptions, ad......-hoc collaboration based on shared material, and organized in terms of well-defined, recurring, work activities. We propose that this kind of work can be supported by a pervasive computing infrastructure together with domain-specific services, both designed from a perspective where work activities are first class...... objects. We also present an exploratory prototype design and first implementation and present some initial results from evaluations in a healthcare environment....

  11. Peer—to—Peer Computing for secure High Performance Data Copying

    Institute of Scientific and Technical Information of China (English)

    AndrewHanushevsky; ArtemTrunov; 等

    2001-01-01

    The BaBar Copy Program(bbcp) is an excellent representative of peer-to-peer(P2P) computing.It is also a pioneering application of its type in the p2p arena.Built upon the foundation of its predecessor,Secure Fast Copy(sfctp),bbcp incorporates significant improvements performance and usability,As with sfcp,bbcp usec ssh for authentication;providing an elegant and simple working model-if you can ssh to a location, you can copy files to or from that location.To fully support this notion,bbcp transparently supports 3rd party copy operations.The program also incorporates several mechanism to deal with firewall security;the bane of P2P computing,To achieve high performance in a wide area network,bbcp allows a user to independently specily,the number of parallel network streams,tcp window size,and the file I/O blocking factor.Using these parameters data is pipelined from source to target to provide a uniform traffic pattern that maximizes router efficiency.For improved recoveralbiltiy,bbcp also keeps track of copy operations so that an operation can be restarted from the point of failure at a later time;minimizing the amount of network traffic in the event of a copy failure,Here,we preset the bbcp architecture,it's various features,and the reasons for their inclusion.

  12. Computer Security: you’re a summer student? Some tips to get you started

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2016-01-01

    Welcome to CERN. For the next couple of weeks, you will be able to breathe in the free academic world of CERN. You will have the chance to learn thanks to in-depth lectures, enjoy the freedom of exploring your preferred or assigned research topic, and form your own network of peers during your evening hours. However, “academic freedom” does not imply that there are no boundaries. At CERN, academic freedom also comes with responsibility. Below are some hints on how best to assume that responsibility securely.   You are the primary person responsible for the security of your laptop, smartphone and computer; for your account and your password; for your data; and for the programs, computing systems and services you are developing, so stop and think before acting. If you are working on a project developing code, get the appropriate training first so that your software is “free” of bugs and vulnerabilities that may spoil the functionality of your code and your p...

  13. [Computer Science and Telecommunications Board activities

    Energy Technology Data Exchange (ETDEWEB)

    Blumenthal, M.S.

    1993-02-23

    The board considers technical and policy issues pertaining to computer science, telecommunications, and associated technologies. Functions include providing a base of expertise for these fields in NRC, monitoring and promoting health of these fields, initiating studies of these fields as critical resources and sources of national economic strength, responding to requests for advice, and fostering interaction among the technologies and the other pure and applied science and technology. This document describes its major accomplishments, current programs, other sponsored activities, cooperative ventures, and plans and prospects.

  14. Computer Security: Your iPhone as a key-logger

    CERN Multimedia

    Computer Security Team

    2014-01-01

    In the past, we have repeatedly elaborated on the computer security risk of using smartphones. Today, something new for the paranoid: did you know your smart phone can be used to spy on your PC’s keyboard?!    In fact, the tiny accelerometer, gyroscope and orientation sensors that your smartphone uses to determine its tilt and movements can also determine the letters you type on your computer. Thus, it acts as a hardware “key-logger”! It only requires your smartphone to be put close to your computer keyboard and to run a corresponding, malicious app. The rest is done by the highly precise sensors which can record keyboard vibrations and subsequently the letters you type. In a dedicated study, students of the Georgia Tech College of Computing were able to decipher complete sentences with up to 80 percent accuracy using an iPhone*. In a nice twist, the same feature can also be used to “to infer the occurrence of tap events on the touchscreen as w...

  15. Injecting Computational Thinking into Computing Activities for Middle School Girls

    Science.gov (United States)

    Webb, Heidi Cornelia

    2013-01-01

    Advances in technology have caused high schools to update their computer science curricula; however there has been little analogous attention to technology-related education in middle schools. With respect to computer-related knowledge and skills, middle school students are at a critical phase in life, exploring individualized education options…

  16. CAAD as Computer-Activated Architectural Design

    DEFF Research Database (Denmark)

    Galle, Per

    1998-01-01

    In a brief sketch, drawing on a general philosophical conception of human interaction with the world, the architectural design process is analysed in terms of two kinds of human action: interpretation and production. Both of these are seen as establishing a link between mental and material entiti...... serve at least two purposes: to provide a conceptual machinery for research and reflection on CAAD, and to clarify the notion of ‘artificial intelligence’ in the light of architectural design.......In a brief sketch, drawing on a general philosophical conception of human interaction with the world, the architectural design process is analysed in terms of two kinds of human action: interpretation and production. Both of these are seen as establishing a link between mental and material entities....... On this background two alternative roles of computers in computer-aided architectural design (CAAD) are distinguished: a passive and a more active role, where in the latter case, the computer’s capacity for symbol manipulation is utilized to influence design thinking actively. The analysis offered in this paper may...

  17. Secure key storage and distribution

    Science.gov (United States)

    Agrawal, Punit

    2015-06-02

    This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

  18. Enhancing Security in Cloud Computing for Third Party Auditor by Self-destruction Mechanism

    Directory of Open Access Journals (Sweden)

    Muzammil H. Mohammed

    2014-07-01

    Full Text Available The main aim study in cloud computing system, large amount of data can be maintained in the cloud storage system and it can be used for application based services for client. The bulk amount of data privacy will not be properly maintained by the cloud service provider. Without knowledge of authorized client, data can be viewed by another user with the permission of Cloud Service Provider (CSP. Many cryptography technique can be used for data privacy in the TPA (Third Party Auditor which is the trusted authority to audit and verify the integrity in cloud. The cloud loaded data can be viewed by authorized user and copy of data can be in tag based data placed in TPA and data privacy can be affected in TPA system. In the proposed system, data privacy can be maintained in the TPA view by using self destruction mechanism to destroy the data after the view point of data for particular time and then the viewed data copy can be destruction in TPA. The cloud service provider can be securely loading the data in cloud via TPA Server. The main advantage of the self destruction mechanism security for the data in cloud via TPA server without the permission of the particular authenticated client other user cannot viewed the individual client data. Then data privacy can be perfectly maintained in the cloud service.

  19. A Secure Trust Model for P2P Systems Based on Trusted Computing

    Institute of Scientific and Technical Information of China (English)

    HAO Li-ming; YANG Shu-tang; LU Song-nian; CHEN Gong-liang

    2008-01-01

    Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflictwith trustworthiness that is based on the knowledge related to the peer's identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%, the service selection failure rate is less than 0.15.

  20. Parking Query in Vehicular Delay-Tolerant Networks with Privacy Protection Based on Secure Multiparty Computation

    Directory of Open Access Journals (Sweden)

    Haiping Huang

    2015-01-01

    Full Text Available Within vehicular delay-tolerant network, conflict exists in the scenario of which two vehicles happen to choose the same parking space. To solve this problem, two protocols are proposed, respectively, which are called privacy protection protocol based on secure multiparty computation and routing protocol based on angle and density. The proposed methods prevent the leaking of privacy information of the vehicles involved during the parking space seeking process and improve the performance of the transmission ratio and reduce the transmission delay by unifying the directions of messages and choosing the vehicle of the highest distribution density as the next hop. The results of the simulation show the efficiency of our method.

  1. Assessment of computer science knowledge, achieved with »Computer Science Unplugged« activities

    OpenAIRE

    Zaviršek, Manca

    2015-01-01

    The master thesis discusses assessment of computer science knowledge, which students achieved with »Computer Science Unplugged« activities. First off we define what exactly computer science knowledge is and what the computer science concepts are. Then we get over to the modern approaches of teaching computer science, where the emphasis is problem solving. These approaches can be realized with »CS Unplugged« activities and Bebras tasks. The aim of the empirical part is to research whether asse...

  2. Computer Network Security Protection Technology Analysis%计算机网络安全防护技术探析

    Institute of Scientific and Technical Information of China (English)

    宋朋鸽

    2015-01-01

    本文以计算机网络安全隐患以及网络安全特点作为出发点,分析了影响计算机网络安全的主要因素,并从加密技术、入侵检测技术、病毒防范技术等方面探讨了优化计算机网络安全保护途径,以期为构建计算机网络安全防护体系提供参考。%This article to computer network security risks and characteristics of network security as the starting point, analyzes the main factors that affect computer network security, and explore optimization of computer network security protection by encryp-tion technology, intrusion detection technology, virus protection technology. This paper hopes to provide reference for construction of computer network security protection system.

  3. Basic Grounds of Formation of the Concept of Social Security of Economically Active Population

    Directory of Open Access Journals (Sweden)

    Poliak Natalia O.

    2014-02-01

    Full Text Available The goal of the article is justification of a necessity of development of the national concept of social security in Ukraine and revelation of basic grounds of formation of such a concept for economically active population on the basis of specification of its goals, tasks and identification of main directions and measures of realisation. The author offers the following main directions of realisation of the concept of social security of economically active population: expansion of the sphere of coverage of social security of economically active population, creation of a efficient system of state social standards and guarantees, introduction of financial and economic justification of social laws into practice, realisation of social responsibility and use of modern social technologies. Development of the concept of social security of economically active population in Ukraine would facilitate, in general, improvement of the existing system of social security, improvement of the living standards and socio-economic development of the state.

  4. The Handicap Principle for Trust in Computer Security, the Semantic Web and Social Networking

    Science.gov (United States)

    Ma, Zhanshan (Sam); Krings, Axel W.; Hung, Chih-Cheng

    computer science, especially secure and resilient computing, the semantic web, and social networking. One important thread unifying the three aspects is the evolutionary game theory modeling or its extensions with survival analysis and agreement algorithms [19][20], which offer powerful game models for describing time-, space-, and covariate-dependent frailty (uncertainty and vulnerability) and deception (honesty).

  5. Research on Cloud Computing, SDN and Security Technology%云计算及SDN与安全技术研究

    Institute of Scientific and Technical Information of China (English)

    胡章丰; 郭春梅; 毕学尧

    2013-01-01

    文章重点围绕云计算、SDN及安全这3方面的内容展开讨论,深入分析和研究了3者之间的相互关系,并提出了一种基于SDN的云计算安全架构。%This paper investigates the internal relationships between cloud computing, SDN and security technology, and then proposes a SDN-based security architecture for cloud computing.

  6. The Innovative Activity of Enterprises in the Context of Providing Information Security

    Directory of Open Access Journals (Sweden)

    Sazonets Olga M.

    2015-03-01

    Full Text Available The aim of the article is to study the peculiarities of the innovative activity in the context of providing the enterprise information security. By analyzing, systematizing and summarizing the scientific works of many scientists the essence of the concept of «information security» has been considered and components of the innovation development process from the standpoint of providing information security have been identified. The article discusses issues of providing information security on the basis of introducing innovations, which will allow achieving a state in which there would be realized a sustainable, protected from threats, development of the enterprise. It has been proved that the formation of the innovative enterprise policy should include measures to ensure information security. As a result of the study the types of threats to the enterprise information security have been identified. It has been determined that the innovation process in the field of information security is provided by means of research, administrative, industrial, technological and commercial activities leading to the emergence and commercialization of innovations. The prospect for further research in this area is determining a system of indicators for forecasting the integral innovation indicator of economic information security. The system of indicators for diagnostics of the enterprise information security level enables monitoring the indicators of the state of the enterprise innovation and information activity in order to prevent the emergence of threats.

  7. Analysis of activities for learning computer science unplugged

    OpenAIRE

    Zaviršek, Manca

    2013-01-01

    In following thesis I delve into activities for learning computer science unplugged available at Vidra website. Some activities are analyzed on the basis of learning objectives of Slovenian primary school curriculum for computer science and ACM K-12 Computer Science Curriculum. The main objective of this thesis is to estimate how much the activities match both curriculums. Within the thesis I analyze the goals of those activities in correlation to revised Bloom's taxonomy. By means...

  8. A Secure Behavior Modification Sensor System for Physical Activity Improvement

    Science.gov (United States)

    Price, Alan

    2011-01-01

    Today, advances in wireless sensor networks are making it possible to capture large amounts of information about a person and their interaction within their home environment. However, what is missing is how to ensure the security of the collected data and its use to alter human behavior for positive benefit. In this research, exploration was…

  9. Thermal noise informatics: Totally secure communication via a wire; Zero-power communication; and Thermal noise driven computing

    CERN Document Server

    Kish, Laszlo B; gingl, Zoltan

    2007-01-01

    Very recently, it has been shown that Gaussian thermal noise and its artificial versions (Johnson-like noises) can be utilized as an information carrier with peculiar properties therefore it may be proper to call this topic Thermal Noise Informatics. Zero Power (Stealth) Communication, Thermal Noise Driven Computing, and Totally Secure Classical Communication are relevant examples. In this paper, while we will briefly describe the first and the second subjects, we shall focus on the third subject, the secure classical communication via wire. This way of secure telecommunication utilizes the properties of Johnson(-like) noise and those of a simple Kirchhoff's loop. The communicator is unconditionally secure at the conceptual (circuit theoretical) level and this property is (so far) unique in communication systems based on classical physics. The communicator is superior to quantum alternatives in all known aspects, except the need of using a wire.

  10. Security strategy of computer virus%计算机病毒的安全防御策略

    Institute of Scientific and Technical Information of China (English)

    邢娜

    2015-01-01

    随着网络信息时代的到来,计算机技术已经应用到了社会生活的方方面面,在各个领域因为计算机互联网技术而获得方便、高效、进步的同时,计算机网络的安全问题也成为了当前计算机领域的一个重要问题。计算机病毒,成为了威胁计算机网络安全的一个重要隐患,我们在享受计算机所给我们带来的便利同时,也要面对计算机病毒所带给我们的困难和挑战;由于计算机病毒具有寄生性、传染性、潜伏性、隐蔽性等特征,使得计算机病毒无法完全根治,又由于计算机病毒也随会随着计算机的发展而不断更新发展,这使得计算机病毒安全防御工作难题不断,本文便试图讨论计算机病毒的安全防御策略。%With the coming of the information age,computer technology has been applied to all aspects of social life,in all fields and obtain convenient,efficient,progress at the same time because the computer Internet technology,computer network security problem also becomes an important problem in the field of computer.Computer virus,has become an important hidden danger threatening the security of computer network,we enjoy in the computer give us convenience brings at the same time,also to face the computer virus to our difficulties and challenges;due to parasitic,infectious,latent,hidden features such as computer virus,the computer virus can not completely cure because of the computer virus,and also with the development of computer development and renewal,this makes the virus defense security computer constant problems,this paper attempts to discuss the security strategy of computer virus.

  11. Training Students to Steal: A Practical Assignment in Computer Security Education

    NARCIS (Netherlands)

    Dimkov, Trajce; Pieters, Wolter; Hartel, Pieter

    2010-01-01

    Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the ph

  12. Will the Butterfly Cipher keep your Network Data secure? Developments in Computer Encryption

    OpenAIRE

    Hinze-Hoare, Vita

    2006-01-01

    This paper explains the recent developments in security and encryption. The Butterfly cipher and quantum cryptography are reviewed and compared. Examples of their relative uses are discussed and suggestions for future developments considered. In addition application to network security together with a substantial review of classification of encryption systems and a summary of security weaknesses are considered.

  13. Computer and Network Security in Small Libraries: A Guide for Planning.

    Science.gov (United States)

    Williams, Robert L.

    This manual is intended to provide a free resource on essential network security concepts for non-technical managers of small libraries. Managers of other small nonprofit or community organizations will also benefit from it. An introduction defines network security; outlines three goals of network security; discusses why a library should be…

  14. 浅议计算机网络安全防范措施%On Computer Network Security Measures

    Institute of Scientific and Technical Information of China (English)

    张荣强

    2015-01-01

    随着全球经济的发展和科技的进步,人类已经进入到信息化的发展阶段。计算机以及互联网成为人们日常工作和生活中不可缺少的工具,网络在为人们的生活带来极大便利的同时,人类也面临着计算机网络的安全威胁。当今社会,计算机网络的安全成为人们关注的焦点,黑客、个人信息泄露等网络安全问题层出不穷。文章主要就计算机网络的基本情况、影响网络安全存在的因素及如何防范计算机网络的安全展开论述。%With the development of global economy and the progress of science and technology, mankind has entered the stage of development of information technology. Computers and the Internet has become an indispensable tool in people's daily work and life. The Internet has brought great convenience to people's life. Meanwhile, human beings are also facing the threat of computer network security. In today's society, the security of computer network has become the focus of people's attention, the network security problems such as hackers, personal information leakage, etc.. This article mainly discusses the basic situation of computer network, the factors that affect the network security and how to prevent computer network security.

  15. 云计算安全防范及对策研究%Protection and Countermeasure on the Security of Cloud Computing

    Institute of Scientific and Technical Information of China (English)

    李亚方; 俞国红

    2013-01-01

    This paper describes the concept and characteristics of cloud computing, analyzes the security situation of cloud com-puting platform.From two aspects of security vulnerabilities and security,analyzes the cloud data security problem of cloud com-puting.Facing the cloud computing security risks , The article puts forward to solve the security of cloud computing based scheme.%该文描述了云计算的概念及特征,分析了云计算的安全现状,着重从云计算平台安全漏洞和云数据安全两个方面分析了云计算的安全问题,针对云计算面临的安全隐患,提出了基于云计算的安全解决方案。

  16. An Approach to Keep Credentials Secured in Grid Computing Environment for the Safety of Vital Computing Resources

    Directory of Open Access Journals (Sweden)

    Avijit Bhowmick

    2012-10-01

    Full Text Available Presently security attacks have aimed to vulnerabilities in repetitive-use authentication secrets like static passwords. The passwords are used by user in clients side are vulnerable, as the attackers can gain access to a user's password using different types of viruses as it is being typed. These attacks are directing many Grid sites to explore one-time password solutions for authentication in Grid deployment. We present here a novel mechanism called N-LSB where Grid security will be integrated with modified LSB based steganographic technique in order to meet the higher security demands for Grid credentials.

  17. 云计算时代安全问题浅析%Security Analysis of The Cloud Computing Era

    Institute of Scientific and Technical Information of China (English)

    洪亮

    2011-01-01

    Cloud computing is one of the direction of IT development. This article describes the concepts of cloud computing, analyzes security problem in the cloud computing era, and proposes the solution countermeasure.%云计算技术是当前IT发展的方向之一。本文介绍了云计算的相关概念,分析云计算时代所面,临的安全问题,并提出了相应的解决对策。

  18. A Security-Awareness Virtual Machine Management Scheme Based on Chinese Wall Policy in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Si Yu

    2014-01-01

    Full Text Available Cloud computing gets increasing attention for its capacity to leverage developers from infrastructure management tasks. However, recent works reveal that side channel attacks can lead to privacy leakage in the cloud. Enhancing isolation between users is an effective solution to eliminate the attack. In this paper, to eliminate side channel attacks, we investigate the isolation enhancement scheme from the aspect of virtual machine (VM management. The security-awareness VMs management scheme (SVMS, a VMs isolation enhancement scheme to defend against side channel attacks, is proposed. First, we use the aggressive conflict of interest relation (ACIR and aggressive in ally with relation (AIAR to describe user constraint relations. Second, based on the Chinese wall policy, we put forward four isolation rules. Third, the VMs placement and migration algorithms are designed to enforce VMs isolation between the conflict users. Finally, based on the normal distribution, we conduct a series of experiments to evaluate SVMS. The experimental results show that SVMS is efficient in guaranteeing isolation between VMs owned by conflict users, while the resource utilization rate decreases but not by much.

  19. A preliminary analysis of quantifying computer security vulnerability data in "the wild"

    Science.gov (United States)

    Farris, Katheryn A.; McNamara, Sean R.; Goldstein, Adam; Cybenko, George

    2016-05-01

    A system of computers, networks and software has some level of vulnerability exposure that puts it at risk to criminal hackers. Presently, most vulnerability research uses data from software vendors, and the National Vulnerability Database (NVD). We propose an alternative path forward through grounding our analysis in data from the operational information security community, i.e. vulnerability data from "the wild". In this paper, we propose a vulnerability data parsing algorithm and an in-depth univariate and multivariate analysis of the vulnerability arrival and deletion process (also referred to as the vulnerability birth-death process). We find that vulnerability arrivals are best characterized by the log-normal distribution and vulnerability deletions are best characterized by the exponential distribution. These distributions can serve as prior probabilities for future Bayesian analysis. We also find that over 22% of the deleted vulnerability data have a rate of zero, and that the arrival vulnerability data is always greater than zero. Finally, we quantify and visualize the dependencies between vulnerability arrivals and deletions through a bivariate scatterplot and statistical observations.

  20. Final report and documentation for the security enabled programmable switch for protection of distributed internetworked computers LDRD.

    Energy Technology Data Exchange (ETDEWEB)

    Van Randwyk, Jamie A.; Robertson, Perry J.; Durgin, Nancy Ann; Toole, Timothy J.; Kucera, Brent D.; Campbell, Philip LaRoche; Pierson, Lyndon George

    2010-02-01

    An increasing number of corporate security policies make it desirable to push security closer to the desktop. It is not practical or feasible to place security and monitoring software on all computing devices (e.g. printers, personal digital assistants, copy machines, legacy hardware). We have begun to prototype a hardware and software architecture that will enforce security policies by pushing security functions closer to the end user, whether in the office or home, without interfering with users' desktop environments. We are developing a specialized programmable Ethernet network switch to achieve this. Embodied in this device is the ability to detect and mitigate network attacks that would otherwise disable or compromise the end user's computing nodes. We call this device a 'Secure Programmable Switch' (SPS). The SPS is designed with the ability to be securely reprogrammed in real time to counter rapidly evolving threats such as fast moving worms, etc. This ability to remotely update the functionality of the SPS protection device is cryptographically protected from subversion. With this concept, the user cannot turn off or fail to update virus scanning and personal firewall filtering in the SPS device as he/she could if implemented on the end host. The SPS concept also provides protection to simple/dumb devices such as printers, scanners, legacy hardware, etc. This report also describes the development of a cryptographically protected processor and its internal architecture in which the SPS device is implemented. This processor executes code correctly even if an adversary holds the processor. The processor guarantees both the integrity and the confidentiality of the code: the adversary cannot determine the sequence of instructions, nor can the adversary change the instruction sequence in a goal-oriented way.