Sample records for architectures security standards
-
Security for service oriented architectures
Williams, Walter
2014-01-01
Although integrating security into the design of applications has proven to deliver resilient products, there are few books available that provide guidance on how to incorporate security into the design of an application. Filling this need, Security for Service Oriented Architectures examines both application and security architectures and illustrates the relationship between the two. Supplying authoritative guidance on how to design distributed and resilient applications, the book provides an overview of the various standards that service oriented and distributed applications leverage, includ
-
DEFF Research Database (Denmark)
Hu, Rui; Hu, Weihao; Chen, Zhe
2015-01-01
Security Monitoring is a critical function for smart grid. As a consequence of strongly relying on communication, cyber security must be guaranteed by the specific system. Otherwise, the DR signals and bidding information can be easily forged or intercepted. Customers’ privacy and safety may suffer...... huge losses. Although OpenADR specificationsprovide continuous, secure and reliable two-way communications in application level defined in ISO model, which is also an open architecture for security is adopted by it and no specific or proprietary technologies is restricted to OpenADR itself....... It is significant to develop a security monitoring system. This paper discussed the cyber architecture of smart grid with high adaptability for security monitoring. An adaptable structure with Demilitarized Zone (DMZ) is proposed. Focusing on this network structure, the rational utilization of standards...
-
Information security architecture an integrated approach to security in the organization
Killmeyer, Jan
2000-01-01
An information security architecture is made up of several components. Each component in the architecture focuses on establishing acceptable levels of control. These controls are then applied to the operating environment of an organization. Functionally, information security architecture combines technical, practical, and cost-effective solutions to provide an adequate and appropriate level of security.Information Security Architecture: An Integrated Approach to Security in the Organization details the five key components of an information security architecture. It provides C-level executives
-
Secure Architectures for Mobile Applications
Cristian TOMA
2007-01-01
The paper presents security issues and architectures for mobile applications and GSM infrastructure. The article also introduces the idea of a new secure architecture for an inter-sector electronic wallet used in payments - STP4EW (Secure Transmission Protocol for Electronic Wallet)
-
Secure Architectures for Mobile Applications
Directory of Open Access Journals (Sweden)
2007-01-01
Full Text Available The paper presents security issues and architectures for mobile applications and GSM infrastructure. The article also introduces the idea of a new secure architecture for an inter-sector electronic wallet used in payments - STP4EW (Secure Transmission Protocol for Electronic Wallet
-
Insider Threat Security Reference Architecture
2012-04-01
this challenge. CMU/SEI-2012-TR-007 | 2 2 The Components of the ITSRA Figure 2 shows the four layers of the ITSRA. The Business Security layer......organizations improve their level of preparedness to address the insider threat. Business Security Architecture Data Security Architecture
-
White, J.; Schuller, B.; Qiang, W.; Groep, D.; Koeroo, O.; Salle, M.; Sustr, Z.; Kouril, D.; Millar, P.; Benedyczak, K.; Ceccanti, A.; Leinen, S.; Tschopp, V.; Fuhrmann, P.; Heyman, E.; Konstantinov, A.
2013-01-01
This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project.
-
Information architecture: Profile of adopted standards
Energy Technology Data Exchange (ETDEWEB)
NONE
1997-09-01
The Department of Energy (DOE), like other Federal agencies, is under increasing pressure to use information technology to improve efficiency in mission accomplishment as well as delivery of services to the public. Because users and systems have become interdependent, DOE has enterprise wide needs for common application architectures, communication networks, databases, security, and management capabilities. Users need open systems that provide interoperability of products and portability of people, data, and applications that are distributed throughout heterogeneous computing environments. The level of interoperability necessary requires the adoption of DOE wide standards, protocols, and best practices. The Department has developed an information architecture and a related standards adoption and retirement process to assist users in developing strategies and plans for acquiring information technology products and services based upon open systems standards that support application software interoperability, portability, and scalability. This set of Departmental Information Architecture standards represents guidance for achieving higher degrees of interoperability within the greater DOE community, business partners, and stakeholders. While these standards are not mandatory, particular and due consideration of their applications in contractual matters and use in technology implementations Department wide are goals of the Chief Information Officer.
-
Data distribution architecture based on standard real time protocol
International Nuclear Information System (INIS)
Castro, R.; Vega, J.; Pereira, A.; Portas, A.
2009-01-01
Data distribution architecture (DDAR) has been designed conforming to new requirements, taking into account the type of data that is going to be generated from experiments in International Thermonuclear Experimental Reactor (ITER). The main goal of this architecture is to implement a system that is able to manage on line all data that is being generated by an experiment, supporting its distribution for: processing, storing, analysing or visualizing. The first objective is to have a distribution architecture that supports long pulse experiments (even hours). The described system is able to distribute, using real time protocol (RTP), stored data or live data generated while the experiment is running. It enables researchers to access data on line instead of waiting for the end of the experiment. Other important objective is scalability, so the presented architecture can easily grow based on actual necessities, simplifying estimation and design tasks. A third important objective is security. In this sense, the architecture is based on standards, so complete security mechanisms can be applied, from secure transmission solutions until elaborated access control policies, and it is full compatible with multi-organization federation systems as PAPI or Shibboleth.
-
Data distribution architecture based on standard real time protocol
Energy Technology Data Exchange (ETDEWEB)
Castro, R. [Asociacion EURATOM/CIEMAT para Fusion, Avda. Complutense No. 22, 28040 Madrid (Spain)], E-mail: rodrigo.castro@ciemat.es; Vega, J.; Pereira, A.; Portas, A. [Asociacion EURATOM/CIEMAT para Fusion, Avda. Complutense No. 22, 28040 Madrid (Spain)
2009-06-15
Data distribution architecture (DDAR) has been designed conforming to new requirements, taking into account the type of data that is going to be generated from experiments in International Thermonuclear Experimental Reactor (ITER). The main goal of this architecture is to implement a system that is able to manage on line all data that is being generated by an experiment, supporting its distribution for: processing, storing, analysing or visualizing. The first objective is to have a distribution architecture that supports long pulse experiments (even hours). The described system is able to distribute, using real time protocol (RTP), stored data or live data generated while the experiment is running. It enables researchers to access data on line instead of waiting for the end of the experiment. Other important objective is scalability, so the presented architecture can easily grow based on actual necessities, simplifying estimation and design tasks. A third important objective is security. In this sense, the architecture is based on standards, so complete security mechanisms can be applied, from secure transmission solutions until elaborated access control policies, and it is full compatible with multi-organization federation systems as PAPI or Shibboleth.
-
Energy Technology Data Exchange (ETDEWEB)
Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL
2015-01-01
The purpose of this report is to clarify the challenges associated with storage for secure enclaves. The major focus areas for the report are: - review of relevant parallel filesystem technologies to identify assets and gaps; - review of filesystem isolation/protection mechanisms, to include native filesystem capabilities and auxiliary/layered techniques; - definition of storage architectures that can be used for customizable compute enclaves (i.e., clarification of use-cases that must be supported for shared storage scenarios); - investigate vendor products related to secure storage. This study provides technical details on the storage and filesystem used for HPC with particular attention on elements that contribute to creating secure storage. We outline the pieces for a a shared storage architecture that balances protection and performance by leveraging the isolation capabilities available in filesystems and virtualization technologies to maintain the integrity of the data. Key Points: There are a few existing and in-progress protection features in Lustre related to secure storage, which are discussed in (Chapter 3.1). These include authentication capabilities like GSSAPI/Kerberos and the in-progress work for GSSAPI/Host-keys. The GPFS filesystem provides native support for encryption, which is not directly available in Lustre. Additionally, GPFS includes authentication/authorization mechanisms for inter-cluster sharing of filesystems (Chapter 3.2). The limitations of key importance for secure storage/filesystems are: (i) restricting sub-tree mounts for parallel filesystem (which is not directly supported in Lustre or GPFS), and (ii) segregation of hosts on the storage network and practical complications with dynamic additions to the storage network, e.g., LNET. A challenge for VM based use cases will be to provide efficient IO forwarding of the parallel filessytem from the host to the guest (VM). There are promising options like para-virtualized filesystems to
-
Framework for Grading of Cyber Security Check-List upon I and C Architecture
International Nuclear Information System (INIS)
Shin, Jin Soo; Heo, Gyunyong; Son, Han Seong
2016-01-01
Cyber-attack can threaten research reactors as well as NPPs since the goal of cyber-attack is not only to make a catastrophic accident such as radiation exposure against public health but also to make chaos or anxiety among the public. Moreover, there is more probability to occur in research reactors than NPPs since research reactors has more users than NPPs. The nuclear regulatory agencies such as U.S.NRC and KINAC (Korea Institute of Nuclear Nonproliferation and Control) have published regulatory guides for rules against cyber-attack to maintain cyber security of nuclear facilities. U.S.NRC has published a regulatory guide (U.S.NRC / RG-5.71) and KINAC has developed a regulatory standard (KINAC / RS-015) to establish a cyber security for nuclear facilities. However, these regulatory documents represent check-list for cyber security regardless of reactor type such as NPPs or research reactors. The proposed framework in this paper was grading of cyber security check-lists with BBN by I and C architecture such as NPPs and research reactors. First, the BBN model was developed to apply I and C system architecture of target nuclear facility. The architecture model calculates the cyber security risk with structural architecture, vulnerability, and mitigation measure. Second, cyber security check-lists are defined in cyber security documents. It is, then, used with the consideration of mitigation measures of BBN model in order to apply architectural characteristic. Third, after assuming cyber-attack occurs to I and C system, the model calculates the posterior information using Bayesian update. Finally, the cyber security check-lists for nuclear facilities are graded upon I and C architecture with the posterior information for mitigation measures
-
Framework for Grading of Cyber Security Check-List upon I and C Architecture
Energy Technology Data Exchange (ETDEWEB)
Shin, Jin Soo; Heo, Gyunyong [Kyunghee University, Yongin (Korea, Republic of); Son, Han Seong [Joongbu University, Geumsan (Korea, Republic of)
2016-05-15
Cyber-attack can threaten research reactors as well as NPPs since the goal of cyber-attack is not only to make a catastrophic accident such as radiation exposure against public health but also to make chaos or anxiety among the public. Moreover, there is more probability to occur in research reactors than NPPs since research reactors has more users than NPPs. The nuclear regulatory agencies such as U.S.NRC and KINAC (Korea Institute of Nuclear Nonproliferation and Control) have published regulatory guides for rules against cyber-attack to maintain cyber security of nuclear facilities. U.S.NRC has published a regulatory guide (U.S.NRC / RG-5.71) and KINAC has developed a regulatory standard (KINAC / RS-015) to establish a cyber security for nuclear facilities. However, these regulatory documents represent check-list for cyber security regardless of reactor type such as NPPs or research reactors. The proposed framework in this paper was grading of cyber security check-lists with BBN by I and C architecture such as NPPs and research reactors. First, the BBN model was developed to apply I and C system architecture of target nuclear facility. The architecture model calculates the cyber security risk with structural architecture, vulnerability, and mitigation measure. Second, cyber security check-lists are defined in cyber security documents. It is, then, used with the consideration of mitigation measures of BBN model in order to apply architectural characteristic. Third, after assuming cyber-attack occurs to I and C system, the model calculates the posterior information using Bayesian update. Finally, the cyber security check-lists for nuclear facilities are graded upon I and C architecture with the posterior information for mitigation measures.
-
Hybrid architecture for building secure sensor networks
Owens, Ken R., Jr.; Watkins, Steve E.
2012-04-01
Sensor networks have various communication and security architectural concerns. Three approaches are defined to address these concerns for sensor networks. The first area is the utilization of new computing architectures that leverage embedded virtualization software on the sensor. Deploying a small, embedded virtualization operating system on the sensor nodes that is designed to communicate to low-cost cloud computing infrastructure in the network is the foundation to delivering low-cost, secure sensor networks. The second area focuses on securing the sensor. Sensor security components include developing an identification scheme, and leveraging authentication algorithms and protocols that address security assurance within the physical, communication network, and application layers. This function will primarily be accomplished through encrypting the communication channel and integrating sensor network firewall and intrusion detection/prevention components to the sensor network architecture. Hence, sensor networks will be able to maintain high levels of security. The third area addresses the real-time and high priority nature of the data that sensor networks collect. This function requires that a quality-of-service (QoS) definition and algorithm be developed for delivering the right data at the right time. A hybrid architecture is proposed that combines software and hardware features to handle network traffic with diverse QoS requirements.
-
Iannicca, Dennis C.; McKim, James H.; Stewart, David H.; Thadhani, Suresh K.; Young, Daniel P.
2015-01-01
NASA Glenn Research Center, in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the FAA and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the current GRC prototype CNPC architecture as a demonstration platform. The security controls were integrated into a lab test bed mock-up of the Mobile IPv6 architecture currently being used for NASA flight testing, and a series of network tests were conducted to evaluate the security overhead of the controls compared to the baseline CNPC link without any security. The aim of testing was to evaluate the performance impact of the additional security control overhead when added to the Mobile IPv6 architecture in various modes of operation. The statistics collected included packet captures at points along the path to gauge packet size as the sample data traversed the CNPC network, round trip latency, jitter, and throughput. The effort involved a series of tests of the baseline link, a link with Robust Header Compression (ROHC) and without security controls, a link with security controls and without ROHC, and finally a link with both ROHC and security controls enabled. The effort demonstrated that ROHC is both desirable and necessary to offset the additional expected overhead of applying security controls to the CNPC link.
-
Algorithms, architectures and information systems security
Sur-Kolay, Susmita; Nandy, Subhas C; Bagchi, Aditya
2008-01-01
This volume contains articles written by leading researchers in the fields of algorithms, architectures, and information systems security. The first five chapters address several challenging geometric problems and related algorithms. These topics have major applications in pattern recognition, image analysis, digital geometry, surface reconstruction, computer vision and in robotics. The next five chapters focus on various optimization issues in VLSI design and test architectures, and in wireless networks. The last six chapters comprise scholarly articles on information systems security coverin
-
Security patterns in practice designing secure architectures using software patterns
Fernandez-Buglioni, Eduardo
2013-01-01
Learn to combine security theory and code to produce secure systems Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML. Provides
-
Microgrid cyber security reference architecture.
Energy Technology Data Exchange (ETDEWEB)
Veitch, Cynthia K.; Henry, Jordan M.; Richardson, Bryan T.; Hart, Derek H.
2013-07-01
This document describes a microgrid cyber security reference architecture. First, we present a high-level concept of operations for a microgrid, including operational modes, necessary power actors, and the communication protocols typically employed. We then describe our motivation for designing a secure microgrid; in particular, we provide general network and industrial control system (ICS)-speci c vulnerabilities, a threat model, information assurance compliance concerns, and design criteria for a microgrid control system network. Our design approach addresses these concerns by segmenting the microgrid control system network into enclaves, grouping enclaves into functional domains, and describing actor communication using data exchange attributes. We describe cyber actors that can help mitigate potential vulnerabilities, in addition to performance bene ts and vulnerability mitigation that may be realized using this reference architecture. To illustrate our design approach, we present a notional a microgrid control system network implementation, including types of communica- tion occurring on that network, example data exchange attributes for actors in the network, an example of how the network can be segmented to create enclaves and functional domains, and how cyber actors can be used to enforce network segmentation and provide the neces- sary level of security. Finally, we describe areas of focus for the further development of the reference architecture.
-
Security Policy for a Generic Space Exploration Communication Network Architecture
Ivancic, William D.; Sheehe, Charles J.; Vaden, Karl R.
2016-01-01
This document is one of three. It describes various security mechanisms and a security policy profile for a generic space-based communication architecture. Two other documents accompany this document- an Operations Concept (OpsCon) and a communication architecture document. The OpsCon should be read first followed by the security policy profile described by this document and then the architecture document. The overall goal is to design a generic space exploration communication network architecture that is affordable, deployable, maintainable, securable, evolvable, reliable, and adaptable. The architecture should also require limited reconfiguration throughout system development and deployment. System deployment includes subsystem development in a factory setting, system integration in a laboratory setting, launch preparation, launch, and deployment and operation in space.
-
Energy Technology Data Exchange (ETDEWEB)
Uslar, Mathias; Specht, Michael; Daenekas, Christian; Trefke, Joern; Rohjans, Sebastian; Gonzalez, Jose M.; Rosinger, Christine; Bleiker, Robert [OFFIS - Institut fuer Informatik, Oldenburg (Germany)
2013-03-01
Introduction to Standardization for Smart Grids. Presents a tutorial and best practice of Smart Grid Prototype Projects. Written by leading experts in the field. Besides the regulatory and market aspects, the technical level dealing with the knowledge from multiple disciplines and the aspects of technical system integration to achieve interoperability and integration has been a strong focus in the Smart Grid. This topic is typically covered by the means of using (technical) standards for processes, data models, functions and communication links. Standardization is a key issue for Smart Grids due to the involvement of many different sectors along the value chain from the generation to the appliances. The scope of Smart Grid is broad, therefore, the standards landscape is unfortunately very large and complex. This is why the three European Standards Organizations ETSI, CEN and CENELEC created a so called Joint Working Group (JWG). This was the first harmonized effort in Europe to bring together the needed disciplines and experts delivering the final report in May 2011. After this approach proved useful, the Commission used the Mandate M/490: Standardization Mandate to European Standardization Organizations (ESOs) to support European Smart Grid deployment. The focal point addressing the ESO's response to M/490 will be the CEN, CENELEC and ETSI Smart Grids Coordination Group (SG-CG). Based on this mandate, meaningful standardization of architectures, use cases, communication technologies, data models and security standards takes place in the four existing working groups. This book provides an overview on the various building blocks and standards identified as the most prominent ones by the JWG report as well as by the first set of standards group - IEC 61850 and CIM, IEC PAS 62559 for documenting Smart Grid use cases, security requirements from the SGIS groups and an introduction on how to apply the Smart Grid Architecture Model SGAM for utilities. In addition
-
An Enterprise Security Program and Architecture to Support Business Drivers
Directory of Open Access Journals (Sweden)
Brian Ritchot
2013-08-01
Full Text Available This article presents a business-focused approach to developing and delivering enterprise security architecture that is focused on enabling business objectives while providing a sensible and balanced approach to risk management. A balanced approach to enterprise security architecture can create the important linkages between the goals and objectives of a business, and it provides appropriate measures to protect the most critical assets within an organization while accepting risk where appropriate. Through a discussion of information assurance, this article makes a case for leveraging enterprise security architectures to meet an organizations' need for information assurance. The approach is derived from the Sherwood Applied Business Security Architecture (SABSA methodology, as put into practice by Seccuris Inc., an information assurance integrator. An understanding of Seccuris’ approach will illustrate the importance of aligning security activities with high-level business objectives while creating increased awareness of the duality of risk. This business-driven approach to enterprise security architecture can help organizations change the perception of IT security, positioning it as a tool to enable and assure business success, rather than be perceived as an obstacle to be avoided.
-
Information security architecture an integrated approach to security in the organization
Killmeyer, Jan
2006-01-01
Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available.
-
A New EU Gas Security of Supply Architecture?
Energy Technology Data Exchange (ETDEWEB)
De Jong, J. [Clingendael International Energy Programme CIEP, The Hague (Netherlands); Glachant, J.M.; Ahner, N. [European University Institute EUI, San Domenico di Fiesole (Italy); Hafner, M.; Tagliapietra, S. [Fondazione Eni Enrico Mattei FEEM, Milan (Italy)
2012-07-15
A series of workshops has been organized in order to take stock and discuss a possible new architecture for EU gas security. Discussions and reflections reported from the workshops held under this project have developed into the concluding ideas and recommendations for a new EU gas security of supply architecture, which are reflected in this article.
-
Attacks on Bluetooth Security Architecture and Its Countermeasures
Iqbal, Mian Muhammad Waseem; Kausar, Firdous; Wahla, Muhammad Arif
WPANs compliment the traditional IEEE 802.11 wireless networks by facilitating the clients with flexibility in network topologies, higher mobility and relaxed configuration/hardware requirements. Bluetooth, a WPAN technology, is an open standard for short-range radio frequency (RF) communication. However, it is also susceptible to typical security threats found in wireless LANs. This paper discuses some of the attack scenarios against the bluetooth network such as hostile intrusion, active Man-in-the-Middle (MITM) attack using unit key and various forms of denial of service (DoS) attacks. These threats and attacks compromise the confidentiality and availability of bluetooth data and services. This paper proposes an improved security architecture for bluetooth device which provides protection against the above mentioned attacks.
-
Control system architecture: The standard and non-standard models
International Nuclear Information System (INIS)
Thuot, M.E.; Dalesio, L.R.
1993-01-01
Control system architecture development has followed the advances in computer technology through mainframes to minicomputers to micros and workstations. This technology advance and increasingly challenging accelerator data acquisition and automation requirements have driven control system architecture development. In summarizing the progress of control system architecture at the last International Conference on Accelerator and Large Experimental Physics Control Systems (ICALEPCS) B. Kuiper asserted that the system architecture issue was resolved and presented a ''standard model''. The ''standard model'' consists of a local area network (Ethernet or FDDI) providing communication between front end microcomputers, connected to the accelerator, and workstations, providing the operator interface and computational support. Although this model represents many present designs, there are exceptions including reflected memory and hierarchical architectures driven by requirements for widely dispersed, large channel count or tightly coupled systems. This paper describes the performance characteristics and features of the ''standard model'' to determine if the requirements of ''non-standard'' architectures can be met. Several possible extensions to the ''standard model'' are suggested including software as well as the hardware architectural feature
-
Securing cloud services a pragmatic approach to security architecture in the cloud
Newcombe, Lee
2012-01-01
This book provides an overview of security architecture processes and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the Cloud.
-
Security Issues for Intelligence Information System based on Service-Oriented Architecture
Ackoski, Jugoslav; Trajkovik, Vladimir; Davcev, Danco
2011-01-01
Security is important requirement for service-oriented architecture (SOA), because SOA considers widespread services on different location and diverse operational platforms. Main challenge for SOA Security still drifts around “clouds” and that is insufficient frameworks for security models based on consistent and convenient methods. Contemporary security architectures and security protocols are in the phase of developing. SOA based systems are characterized with differences ...
-
Security Risk Assessment Process for UAS in the NAS CNPC Architecture
Iannicca, Dennis Christopher; Young, Daniel Paul; Suresh, Thadhani; Winter, Gilbert A.
2013-01-01
This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper
-
Secure thin client architecture for DICOM image analysis
Mogatala, Harsha V. R.; Gallet, Jacqueline
2005-04-01
This paper presents a concept of Secure Thin Client (STC) Architecture for Digital Imaging and Communications in Medicine (DICOM) image analysis over Internet. STC Architecture provides in-depth analysis and design of customized reports for DICOM images using drag-and-drop and data warehouse technology. Using a personal computer and a common set of browsing software, STC can be used for analyzing and reporting detailed patient information, type of examinations, date, Computer Tomography (CT) dose index, and other relevant information stored within the images header files as well as in the hospital databases. STC Architecture is three-tier architecture. The First-Tier consists of drag-and-drop web based interface and web server, which provides customized analysis and reporting ability to the users. The Second-Tier consists of an online analytical processing (OLAP) server and database system, which serves fast, real-time, aggregated multi-dimensional data using OLAP technology. The Third-Tier consists of a smart algorithm based software program which extracts DICOM tags from CT images in this particular application, irrespective of CT vendor's, and transfers these tags into a secure database system. This architecture provides Winnipeg Regional Health Authorities (WRHA) with quality indicators for CT examinations in the hospitals. It also provides health care professionals with analytical tool to optimize radiation dose and image quality parameters. The information is provided to the user by way of a secure socket layer (SSL) and role based security criteria over Internet. Although this particular application has been developed for WRHA, this paper also discusses the effort to extend the Architecture to other hospitals in the region. Any DICOM tag from any imaging modality could be tracked with this software.
-
E-Business Security Architectures
Directory of Open Access Journals (Sweden)
2009-01-01
Full Text Available By default the Internet is an open high risk environment and also the main place where the e-business is growing. As result of this fact, the paper aims to highlight the security aspects that relate to distributed applications [3], with reference to the concept of e-business. In this direction will analyze the quality characteristics, considered to be important by the author. Based on these and on existing e-business architectures will be presented a particularly diagram which will reflect a new approach to the concept of future e-business. The development of the new architecture will have its stands based on technologies that are used to build the applications of tomorrow.
-
Control system architecture: The standard and non-standard models
International Nuclear Information System (INIS)
Thuot, M.E.; Dalesio, L.R.
1993-01-01
Control system architecture development has followed the advances in computer technology through mainframes to minicomputers to micros and workstations. This technology advance and increasingly challenging accelerator data acquisition and automation requirements have driven control system architecture development. In summarizing the progress of control system architecture at the last International Conference on Accelerator and Large Experimental Physics Control Systems (ICALEPCS) B. Kuiper asserted that the system architecture issue was resolved and presented a open-quotes standard modelclose quotes. The open-quotes standard modelclose quotes consists of a local area network (Ethernet or FDDI) providing communication between front end microcomputers, connected to the accelerator, and workstations, providing the operator interface and computational support. Although this model represents many present designs, there are exceptions including reflected memory and hierarchical architectures driven by requirements for widely dispersed, large channel count or tightly coupled systems. This paper describes the performance characteristics and features of the open-quotes standard modelclose quotes to determine if the requirements of open-quotes non-standardclose quotes architectures can be met. Several possible extensions to the open-quotes standard modelclose quotes are suggested including software as well as the hardware architectural features
-
Security Aspects of an Enterprise-Wide Network Architecture.
Loew, Robert; Stengel, Ingo; Bleimann, Udo; McDonald, Aidan
1999-01-01
Presents an overview of two projects that concern local area networks and the common point between networks as they relate to network security. Discusses security architectures based on firewall components, packet filters, application gateways, security-management components, an intranet solution, user registration by Web form, and requests for…
-
Security Shift in Future Network Architectures
Hartog, T.; Schotanus, H.A.; Verkoelen, C.A.A.
2010-01-01
In current practice military communication infrastructures are deployed as stand-alone networked information systems. Network-Enabled Capabilities (NEC) and combined military operations lead to new requirements which current communication architectures cannot deliver. This paper informs IT architects, information architects and security specialists about the separation of network and information security, the consequences of this shift and our view on future communication infrastructures in d...
-
Model-based security analysis of the German health card architecture.
Jürjens, J; Rumm, R
2008-01-01
Health-care information systems are particularly security-critical. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such systems. This work presents the experiences and results from the security analysis of the system architecture of the German Health Card, by making use of an approach to model-based security engineering that is based on the UML extension UMLsec. The focus lies on the security mechanisms and security policies of the smart-card-based architecture which were analyzed using the UMLsec method and tools. Main results of the paper include a report on the employment of the UMLsec method in an industrial health information systems context as well as indications of its benefits and limitations. In particular, two potential security weaknesses were detected and countermeasures discussed. The results indicate that it can be feasible to apply a model-based security analysis using UMLsec to an industrial health information system like the German Health Card architecture, and that doing so can have concrete benefits (such as discovering potential weaknesses, and an increased confidence that no further vulnerabilities of the kind that were considered are present).
-
Secure Architectures in the Cloud
De Capitani di Vimercati, Sabrina; Pieters, Wolter; Probst, Christian W.
2011-01-01
This report documents the outcomes of Dagstuhl Seminar 11492 “Secure Architectures in the Cloud‿. In cloud computing, data storage and processing are offered as services, and data are managed by external providers that reside outside the control of the data owner. The use of such services reduces
-
BWS Open System Architecture Security Assessment
Cristian Ionita
2011-01-01
Business process management systems play a central role in supporting the business operations of medium and large organizations. Because of this the security characteristics of these systems are becoming very important. The present paper describes the BWS architecture used to implement the open process aware information system DocuMentor. Using the proposed platform, the article identifies the security characteristics of such systems, shows the correlation between these characteristics and th...
-
Security in the Cache and Forward Architecture for the Next Generation Internet
Hadjichristofi, G. C.; Hadjicostis, C. N.; Raychaudhuri, D.
The future Internet architecture will be comprised predominately of wireless devices. It is evident at this stage that the TCP/IP protocol that was developed decades ago will not properly support the required network functionalities since contemporary communication profiles tend to be data-driven rather than host-based. To address this paradigm shift in data propagation, a next generation architecture has been proposed, the Cache and Forward (CNF) architecture. This research investigates security aspects of this new Internet architecture. More specifically, we discuss content privacy, secure routing, key management and trust management. We identify security weaknesses of this architecture that need to be addressed and we derive security requirements that should guide future research directions. Aspects of the research can be adopted as a step-stone as we build the future Internet.
-
38 CFR 39.22 - Architectural design standards.
2010-07-01
... 38 Pensions, Bonuses, and Veterans' Relief 2 2010-07-01 2010-07-01 false Architectural design...-16-10) Standards and Requirements for Project § 39.22 Architectural design standards. The..., Ontario, CA 91761-2816. (a) Architectural and structural requirements—(1) Life Safety Code. Standards must...
-
A SECURE MESSAGE TRANSMISSION SYSTEM ARCHITECTURE FOR COMPUTER NETWORKS EMPLOYING SMART CARDS
Directory of Open Access Journals (Sweden)
Geylani KARDAŞ
2008-01-01
Full Text Available In this study, we introduce a mobile system architecture which employs smart cards for secure message transmission in computer networks. The use of smart card provides two security services as authentication and confidentiality in our design. The security of the system is provided by asymmetric encryption. Hence, smart cards are used to store personal account information as well as private key of each user for encryption / decryption operations. This offers further security, authentication and mobility to the system architecture. A real implementation of the proposed architecture which utilizes the JavaCard technology is also discussed in this study.
-
SecureCore Software Architecture: Trusted Path Application (TPA) Requirements
National Research Council Canada - National Science Library
Clark, Paul C; Irvine, Cynthia E; Levin, Timothy E; Nguyen, Thuy D; Vidas, Timothy M
2007-01-01
.... The purpose of the SecureCore research project is to investigate fundamental architectural features required for the trusted operation of mobile computing devices so the security is built-in, transparent and flexible...
-
Advanced and secure architectural EHR approaches.
Blobel, Bernd
2006-01-01
Electronic Health Records (EHRs) provided as a lifelong patient record advance towards core applications of distributed and co-operating health information systems and health networks. For meeting the challenge of scalable, flexible, portable, secure EHR systems, the underlying EHR architecture must be based on the component paradigm and model driven, separating platform-independent and platform-specific models. Allowing manageable models, real systems must be decomposed and simplified. The resulting modelling approach has to follow the ISO Reference Model - Open Distributing Processing (RM-ODP). The ISO RM-ODP describes any system component from different perspectives. Platform-independent perspectives contain the enterprise view (business process, policies, scenarios, use cases), the information view (classes and associations) and the computational view (composition and decomposition), whereas platform-specific perspectives concern the engineering view (physical distribution and realisation) and the technology view (implementation details from protocols up to education and training) on system components. Those views have to be established for components reflecting aspects of all domains involved in healthcare environments including administrative, legal, medical, technical, etc. Thus, security-related component models reflecting all view mentioned have to be established for enabling both application and communication security services as integral part of the system's architecture. Beside decomposition and simplification of system regarding the different viewpoint on their components, different levels of systems' granularity can be defined hiding internals or focusing on properties of basic components to form a more complex structure. The resulting models describe both structure and behaviour of component-based systems. The described approach has been deployed in different projects defining EHR systems and their underlying architectural principles. In that context
-
A Layered Trust Information Security Architecture
de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon
2014-01-01
Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490
-
A layered trust information security architecture.
de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon
2014-12-01
Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.
-
A Layered Trust Information Security Architecture
Directory of Open Access Journals (Sweden)
Robson de Oliveira Albuquerque
2014-12-01
Full Text Available Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.
-
Pattern and security requirements engineering-based establishment of security standards
Beckers, Kristian
2015-01-01
Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard
-
Cloud Computing Security in Openstack Architecture: General Overview
Directory of Open Access Journals (Sweden)
Gleb Igorevich Shakulo
2015-10-01
Full Text Available The subject of article is cloud computing security. Article begins with author analyzing cloud computing advantages and disadvantages, factors of growth, both positive and negative. Among latter, security is deemed one of the most prominent. Furthermore, author takes architecture of OpenStack project as an example for study: describes its essential components and their interconnection. As conclusion, author raises series of questions as possible areas of further research to resolve security concerns, thus making cloud computing more secure technology.
-
An Enterprise Security Program and Architecture to Support Business Drivers
Brian Ritchot
2013-01-01
This article presents a business-focused approach to developing and delivering enterprise security architecture that is focused on enabling business objectives while providing a sensible and balanced approach to risk management. A balanced approach to enterprise security architecture can create the important linkages between the goals and objectives of a business, and it provides appropriate measures to protect the most critical assets within an organization while accepting risk where appropr...
-
Cloud Computing Security in Openstack Architecture: General Overview
Gleb Igorevich Shakulo
2015-01-01
The subject of article is cloud computing security. Article begins with author analyzing cloud computing advantages and disadvantages, factors of growth, both positive and negative. Among latter, security is deemed one of the most prominent. Furthermore, author takes architecture of OpenStack project as an example for study: describes its essential components and their interconnection. As conclusion, author raises series of questions as possible areas of further research to resolve security c...
-
Service oriented architecture governance tools within information security
2012-01-01
M.Tech. Service Oriented Architecture has many advantages. For example, organisations can align business with Information Technology, reuse the developed functionality, reduce development and maintain cost for applications. Organisations adopt Service Oriented Architecture with the aim of automating and integrating business processes. However, it has information security vulnerabilities that should be considered. For example, applications exchange information across the Internet, where it ...
-
Citizen Observatories: A Standards Based Architecture
Simonis, Ingo
2015-04-01
A number of large-scale research projects are currently under way exploring the various components of citizen observatories, e.g. CITI-SENSE (http://www.citi-sense.eu), Citclops (http://citclops.eu), COBWEB (http://cobwebproject.eu), OMNISCIENTIS (http://www.omniscientis.eu), and WeSenseIt (http://www.wesenseit.eu). Common to all projects is the motivation to develop a platform enabling effective participation by citizens in environmental projects, while considering important aspects such as security, privacy, long-term storage and availability, accessibility of raw and processed data and its proper integration into catalogues and international exchange and collaboration systems such as GEOSS or INSPIRE. This paper describes the software architecture implemented for setting up crowdsourcing campaigns using standardized components, interfaces, security features, and distribution capabilities. It illustrates the Citizen Observatory Toolkit, a software suite that allows defining crowdsourcing campaigns, to invite registered and unregistered participants to participate in crowdsourcing campaigns, and to analyze, process, and visualize raw and quality enhanced crowd sourcing data and derived products. The Citizen Observatory Toolkit is not a single software product. Instead, it is a framework of components that are built using internationally adopted standards wherever possible (e.g. OGC standards from Sensor Web Enablement, GeoPackage, and Web Mapping and Processing Services, as well as security and metadata/cataloguing standards), defines profiles of those standards where necessary (e.g. SWE O&M profile, SensorML profile), and implements design decisions based on the motivation to maximize interoperability and reusability of all components. The toolkit contains tools to set up, manage and maintain crowdsourcing campaigns, allows building on-demand apps optimized for the specific sampling focus, supports offline and online sampling modes using modern cell phones with
-
A simple security architecture for smart water management system
CSIR Research Space (South Africa)
Ntuli, N
2016-05-01
Full Text Available . Secure booting prevents installation of malicious code onto the device. By making sure that the booting process is secured, we can establish securely the root of trust for the device. Public key cryptography is utilized at this stage. During... Architecture 1168 Nonhlanhla Ntuli and Adnan Abu-Mahfouz / Procedia Computer Science 83 ( 2016 ) 1164 – 1169 3.2. Secure Communication While public key cryptography can be used in the first step (secure booting), it would be too heavy to use during...
-
A DRM Security Architecture for Home Networks
Popescu, B.C.; Crispo, B.; Kamperman, F.L.A.J.; Tanenbaum, A.S.; Kiayias, A.; Yung, M.
2004-01-01
This paper describes a security architecture allowing digital rights management in home networks consisting of consumer electronic devices. The idea is to allow devices to establish dynamic groups, so called "Authorized Domains", where legally acquired copyrighted content can seamlessly move from
-
A study of authorization architectures for grid security
International Nuclear Information System (INIS)
Pang Yanguang; Sun Gongxing; Pei Erming; Ma Nan
2006-01-01
Grid security is one of key issues in grid computing, while current research focus is put on the grid authorization. There is a brief discussion about the drawback of the common GSI (Grid Security Infrastructure) authorization firstly, then analysis is made on the latest several grid authorization architectures, such as structures, policy descriptions, engines, applications, and finally their features are summarized. (authors)
-
A Windows Phone 7 Oriented Secure Architecture for Business Intelligence Mobile Applications
Directory of Open Access Journals (Sweden)
Silvia TRIF
2011-01-01
Full Text Available This paper present and implement a Windows Phone 7 Oriented Secure Architecture for Business Intelligence Mobile Application. In the developing process is used a Windows Phone 7 application that interact with a WCF Web Service and a database. The types of Business Intelligence Mobile Applications are presented. The Windows mobile devices security and restrictions are presented. The namespaces and security algorithms used in .NET Compact Framework for assuring the application security are presented. The proposed architecture is showed underlying the flows between the application and the web service.
-
Routing architecture and security for airborne networks
Deng, Hongmei; Xie, Peng; Li, Jason; Xu, Roger; Levy, Renato
2009-05-01
Airborne networks are envisioned to provide interconnectivity for terrestial and space networks by interconnecting highly mobile airborne platforms. A number of military applications are expected to be used by the operator, and all these applications require proper routing security support to establish correct route between communicating platforms in a timely manner. As airborne networks somewhat different from traditional wired and wireless networks (e.g., Internet, LAN, WLAN, MANET, etc), security aspects valid in these networks are not fully applicable to airborne networks. Designing an efficient security scheme to protect airborne networks is confronted with new requirements. In this paper, we first identify a candidate routing architecture, which works as an underlying structure for our proposed security scheme. And then we investigate the vulnerabilities and attack models against routing protocols in airborne networks. Based on these studies, we propose an integrated security solution to address routing security issues in airborne networks.
-
2017-03-01
Secure ASIC Architecture for Optimized Utilization of a Trusted Supply Chain for Common Architecture A&D Applications Ezra Hall, Ray Eberhard...use applications. Furthermore, a product roadmap must be comprehended as part of this platform, offering A&D programs a solution to their...existing solutions for adoption to occur. Additionally, a well-developed roadmap to future secure SoCs, leveraging the value add of future advanced
-
电子商务安全体系结构%Security Architecture for Electronic Commerce
Institute of Scientific and Technical Information of China (English)
张峰; 秦志光; 刘锦德; 张险峰
2002-01-01
Electronic commerce operates relying on the open Internet. Security architecture for e-commerce becomes the key point to its use prosperously. A finite automation of typical e-commerce model is presented in this paper. The finite automation simulates typical trade system, describes its states transition and supplies a theory basis for designing security architecture for e-commerce. Then security threats and corresponding solutions to the model are discussed. Finally, the security architecture for e-commerce is given. All of them are used as basis for further e-commerce security research.
-
Android: Analysis of its architecture and security mechanism
Institute of Scientific and Technical Information of China (English)
2012-01-01
As Android operation system platform is widely used in smart phone, one important aspect should not be ignored -its security. As android is an open mobile platform, and also a programmable software framework, is it more safe than his competitor - Iphone, Symbian and so on? This paper will present some security issues on the mobile phones, analyze the security principles and mechanisms based on the architecture and features of Android OS platform, then it will compare Android with some other mobile operation systems like Iphone, Symbian in area of security to make a conclusion that Android is a safe mobile OS to a certain extent.
-
The Flask Security Architecture: System Support for Diverse Security Policies
2006-01-01
Flask microkernel -based operating sys tem, that successfully overcomes these obstacles to pol- icy flexibility. The cleaner separation of mechanism and...other object managers in the system to en- force those access control decisions. Although the pro totype system is microkernel -based, the security...mecha nisms do not depend on a microkernel architecture and will easily generalize beyond it. The resulting system provides policy flexibility. It sup
-
Toward a Regional Security Architecture for the Horn of Africa ...
International Development Research Centre (IDRC) Digital Library (Canada)
Moreover, conflict in one country tends to affect its neighbours, mainly through the flow of refugees and weapons. Building on work carried out during Phase I ... Extrants. Rapports. Towards Developing a Regional Security Architecture for the Horn of Africa: Developing Responses to Human (In) Security-Phase Two ...
-
Proposing C4ISR Architecture Methodology for Homeland Security
National Research Council Canada - National Science Library
Farah-Stapleton, Monica F; Dimarogonas, James; Eaton, Rodney; Deason, Paul J
2004-01-01
This presentation presents how a network architecture methodology developed for the Army's Future Force could be applied to the requirements of Civil Support, Homeland Security/Homeland Defense (CS HLS/HLD...
-
An end-to-end security auditing approach for service oriented architectures
Azarmi, M.; Bhargava, B.; Angin, P.; Ranchal, R.; Ahmed, N.; Sinclair, A.; Linderman, M.; Ben Othmane, L.
2012-01-01
Service-Oriented Architecture (SOA) is becoming a major paradigm for distributed application development in the recent explosion of Internet services and cloud computing. However, SOA introduces new security challenges not present in the single-hop client-server architectures due to the involvement
-
A security architecture for the ALICE grid services
Schreiner, Steffen; Buchmann, Johannes; Betev, Latchezar; Grigoras, Alina
2012-01-01
Globally distributed research cyberinfrastructures, like the ALICE Grid Services, need to provide traceability and accountability of operations and internal interactions. This document presents a new security architecture for the ALICE Grid Services, allowing to establish non-repudiation with respect to creatorship and ownership of Grid files and jobs. It is based on mutually authenticated and encrypted communication using X.509 Public Key Infrastructure and the Transport Layer Security (TLS) protocol. Introducing certified Grid file entries and signed Grid jobs by implementing a model of Mediated Definite Delegation it allows to establish long-term accountability concerning Grid jobs and files. Initial submissions as well as any alteration of Grid jobs are becoming verifiable and can be traced back to the originator. The architecture has been implemented as a prototype along with the development of a new central Grid middleware, called jAliEn.
-
Security solutions: strategy and architecture
Seto, Myron W. L.
2002-04-01
Producers of banknotes, other documents of value and brand name goods are being presented constantly with new challenges due to the ever increasing sophistication of easily-accessible desktop publishing and color copying machines, which can be used for counterfeiting. Large crime syndicates have also shown that they have the means and the willingness to invest large sums of money to mimic security features. To ensure sufficient and appropriate protection, a coherent security strategy has to be put into place. The feature has to be appropriately geared to fight against the different types of attacks and attackers, and to have the right degree of sophistication or ease of authentication depending upon by whom or where a check is made. Furthermore, the degree of protection can be considerably increased by taking a multi-layered approach and using an open platform architecture. Features can be stratified to encompass overt, semi-covert, covert and forensic features.
-
Energy Technology Data Exchange (ETDEWEB)
Seewald, Maik G. [Cisco Systems GmbH, Halbergmoos (Germany). Bereich Forschung und Entwicklung
2012-04-30
Voltage transformation stations and substations are a central component of the electrical power supply. These fulfill key functions at different voltage levels, are highly automated and linked via different communication technologies. Thus they play a central role in the IT security and belong to the critical infrastructure. This is addressed by various standards and guidelines. Therefore, a comprehensive security structure for substations as well as primary and secondary systems are an important criterion for success in the expansion of power supply networks. This is even more important, since the degree of crosslinking will increase as a result of new systems and services. The author of the contribution under consideration depicts the security architecture which was specifically developed for this area by Cisco Systems GmbH (Hallbergmoos, Federal Republic of Germany).
-
A security architecture for interconnecting health information systems.
Gritzalis, Dimitris; Lambrinoudakis, Costas
2004-03-31
Several hereditary and other chronic diseases necessitate continuous and complicated health care procedures, typically offered in different, often distant, health care units. Inevitably, the medical records of patients suffering from such diseases become complex, grow in size very fast and are scattered all over the units involved in the care process, hindering communication of information between health care professionals. Web-based electronic medical records have been recently proposed as the solution to the above problem, facilitating the interconnection of the health care units in the sense that health care professionals can now access the complete medical record of the patient, even if it is distributed in several remote units. However, by allowing users to access information from virtually anywhere, the universe of ineligible people who may attempt to harm the system is dramatically expanded, thus severely complicating the design and implementation of a secure environment. This paper presents a security architecture that has been mainly designed for providing authentication and authorization services in web-based distributed systems. The architecture has been based on a role-based access scheme and on the implementation of an intelligent security agent per site (i.e. health care unit). This intelligent security agent: (a). authenticates the users, local or remote, that can access the local resources; (b). assigns, through temporary certificates, access privileges to the authenticated users in accordance to their role; and (c). communicates to other sites (through the respective security agents) information about the local users that may need to access information stored in other sites, as well as about local resources that can be accessed remotely.
-
A HIPAA-compliant architecture for securing clinical images
Liu, Brent J.; Zhou, Zheng; Huang, H. K.
2005-04-01
The HIPAA (Health Insurance Portability and Accountability Act, Instituted April 2003) Security Standards mandate health institutions to protect health information against unauthorized use or disclosure. One approach to addressing this mandate is by utilizing user access control and generating audit trails of the various authorized as well as unauthorized user access of health data. Although most current clinical image systems (eg, PACS) have components that generate log files as a solution to address the HIPAA mandate, there is a lack of methodology to obtain and synthesize the pertinent data from the large volumes of log file data generated by these multiple components within a PACS. We have designed and developed a HIPAA Compliant Architecture specifically for tracking and auditing the image workflow of clinical imaging systems such as PACS. As an initial first step, a software toolkit was implemented based on the HIPAA Compliant architecture. The toolkit was implemented within a testbed PACS Simulator located in the Image Processing and Informatics (IPI) lab at the University of Southern California. Evaluation scenarios were developed where different user types performed legal and illegal access of PACS image data within each of the different components in the PACS Simulator. Results were based on whether the scenarios of unauthorized access were correctly identified and documented as well as normal operational activity.
-
Lightweight S-Box Architecture for Secure Internet of Things
Directory of Open Access Journals (Sweden)
A. Prathiba
2018-01-01
Full Text Available Lightweight cryptographic solutions are required to guarantee the security of Internet of Things (IoT pervasiveness. Cryptographic primitives mandate a non-linear operation. The design of a lightweight, secure, non-linear 4 × 4 substitution box (S-box suited to Internet of Things (IoT applications is proposed in this work. The structure of the 4 × 4 S-box is devised in the finite fields GF (24 and GF ((222. The finite field S-box is realized by multiplicative inversion followed by an affine transformation. The multiplicative inverse architecture employs Euclidean algorithm for inversion in the composite field GF ((222. The affine transformation is carried out in the field GF (24. The isomorphic mapping between the fields GF (24 and GF ((222 is based on the primitive element in the higher order field GF (24. The recommended finite field S-box architecture is combinational and enables sub-pipelining. The linear and differential cryptanalysis validates that the proposed S-box is within the maximal security bound. It is observed that there is 86.5% lesser gate count for the realization of sub field operations in the composite field GF ((222 compared to the GF (24 field. In the PRESENT lightweight cipher structure with the basic loop architecture, the proposed S-box demonstrates 5% reduction in the gate equivalent area over the look-up-table-based S-box with TSMC 180 nm technology.
-
PCI DSS: Security Standard and Security in Fact
M. V. Kuzin
2011-01-01
The article focuses on Payment Card Industry Data Security Standard (PCI DSS) requirements and practices, especially it’s issues and disadvantages to achieve the main goal — security of payment cards infrastructure.
-
Computer Security Primer: Systems Architecture, Special Ontology and Cloud Virtual Machines
Waguespack, Leslie J.
2014-01-01
With the increasing proliferation of multitasking and Internet-connected devices, security has reemerged as a fundamental design concern in information systems. The shift of IS curricula toward a largely organizational perspective of security leaves little room for focus on its foundation in systems architecture, the computational underpinnings of…
-
Process Models for Security Architectures
Directory of Open Access Journals (Sweden)
Floarea NASTASE
2006-01-01
Full Text Available This paper presents a model for an integrated security system, which can be implemented in any organization. It is based on security-specific standards and taxonomies as ISO 7498-2 and Common Criteria. The functionalities are derived from the classes proposed in the Common Criteria document. In the paper we present the process model for each functionality and also we focus on the specific components.
-
Enterprise Architecture-Based Risk and Security Modelling and Analysis
Jonkers, Henk; Quartel, Dick; Kordy, Barbara; Ekstedt, Mathias; Seong Kim, Deng
2016-01-01
The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects
-
PCI DSS: Security Standard and Security in Fact
Directory of Open Access Journals (Sweden)
M. V. Kuzin
2011-12-01
Full Text Available The article focuses on Payment Card Industry Data Security Standard (PCI DSS requirements and practices, especially it’s issues and disadvantages to achieve the main goal — security of payment cards infrastructure.
-
39 CFR 267.4 - Information security standards.
2010-07-01
... 39 Postal Service 1 2010-07-01 2010-07-01 false Information security standards. 267.4 Section 267... INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of information security standards which address the following functional aspects of information flow and...
-
A secure and efficiently searchable health information architecture.
Yasnoff, William A
2016-06-01
Patient-centric repositories of health records are an important component of health information infrastructure. However, patient information in a single repository is potentially vulnerable to loss of the entire dataset from a single unauthorized intrusion. A new health record storage architecture, the personal grid, eliminates this risk by separately storing and encrypting each person's record. The tradeoff for this improved security is that a personal grid repository must be sequentially searched since each record must be individually accessed and decrypted. To allow reasonable search times for large numbers of records, parallel processing with hundreds (or even thousands) of on-demand virtual servers (now available in cloud computing environments) is used. Estimated search times for a 10 million record personal grid using 500 servers vary from 7 to 33min depending on the complexity of the query. Since extremely rapid searching is not a critical requirement of health information infrastructure, the personal grid may provide a practical and useful alternative architecture that eliminates the large-scale security vulnerabilities of traditional databases by sacrificing unnecessary searching speed. Copyright © 2016 Elsevier Inc. All rights reserved.
-
National Research Council Canada - National Science Library
Mott, Stephen
2007-01-01
.... In doing this, we propose a novel computing architecture, derived from a contemporary shared memory architecture, that facilitates efficient security-related monitoring in real-time, while keeping...
-
Standardizing the information architecture for spacecraft operations
Easton, C. R.
1994-01-01
This paper presents an information architecture developed for the Space Station Freedom as a model from which to derive an information architecture standard for advanced spacecraft. The information architecture provides a way of making information available across a program, and among programs, assuming that the information will be in a variety of local formats, structures and representations. It provides a format that can be expanded to define all of the physical and logical elements that make up a program, add definitions as required, and import definitions from prior programs to a new program. It allows a spacecraft and its control center to work in different representations and formats, with the potential for supporting existing spacecraft from new control centers. It supports a common view of data and control of all spacecraft, regardless of their own internal view of their data and control characteristics, and of their communications standards, protocols and formats. This information architecture is central to standardizing spacecraft operations, in that it provides a basis for information transfer and translation, such that diverse spacecraft can be monitored and controlled in a common way.
-
Nuclear security standard: Argentina approach
International Nuclear Information System (INIS)
Bonet Duran, Stella M.; Rodriguez, Carlos E.; Menossi, Sergio A.; Serdeiro, Nelida H.
2007-01-01
Argentina has a comprehensive regulatory system designed to assure the security and safety of radioactive sources, which has been in place for more than fifty years. In 1989 the Radiation Protection and Nuclear Safety branch of the National Atomic Energy Commission created the 'Council of Physical Protection of Nuclear Materials and Installations' (CAPFMIN). This Council published in 1992 a Physical Protection Standard based on a deep and careful analysis of INFCIRC 225/Rev.2 including topics like 'sabotage scenario'. Since then, the world's scenario has changed, and some concepts like 'design basis threat', 'detection, delay and response', 'performance approach and prescriptive approach', have been applied to the design of physical protection systems in facilities other than nuclear installations. In Argentina, radioactive sources are widely used in medical and industrial applications with more than 1,600 facilities controlled by the Nuclear Regulatory Authority (in spanish ARN). During 2005, measures like 'access control', 'timely detection of intruder', 'background checks', and 'security plan', were required by ARN for implementation in facilities with radioactive sources. To 'close the cycle' the next step is to produce a regulatory standard based on the operational experience acquired during 2005. ARN has developed a set of criteria for including them in a new standard on security of radioactive materials. Besides, a specific Regulatory Guide is being prepared to help licensees of facilities in design a security system and to fulfill the 'Design of Security System Questionnaire'. The present paper describes the proposed Standard on Security of Radioactive Sources and the draft of the Nuclear Security Regulatory Guidance, based on our regulatory experience and the latest international recommendations. (author)
-
Tele-Lab IT-Security: an Architecture for an online virtual IT Security Lab
Directory of Open Access Journals (Sweden)
Christoph Meinel
2008-05-01
Full Text Available Recently, Awareness Creation in terms of IT security has become a big thing – not only for enterprises. Campaigns for pupils try to highlight the importance of IT security even in the user’s early years. Common practices in security education – as seen in computer science courses at universities – mainly consist of literature and lecturing. In the best case, the teaching facility offers practical courses in a dedicated isolated computer lab. Additionally, there are some more or less interactive e-learning applications around. Most existing offers can do nothing more than impart theoretical knowledge or basic information. They all lack of possibilities to provide practical experience with security software or even hacker tools in a realistic environment. The only exceptions are the expensive and hard-to-maintain dedicated computer security labs. Those can only be provided by very few organizations. Tele-Lab IT-Security was designed to offer hands-on experience exercises in IT security without the need of additional hardware or maintenance expenses. The existing implementation of Tele-Lab even provides access to the learning environment over the Internet – and thus can be used anytime and anywhere. The present paper describes the extended architecture on which the current version of the Tele-Lab server is built.
-
Advances in network systems architectures, security, and applications
Awad, Ali; Furtak, Janusz; Legierski, Jarosław
2017-01-01
This book provides the reader with a comprehensive selection of cutting–edge algorithms, technologies, and applications. The volume offers new insights into a range of fundamentally important topics in network architectures, network security, and network applications. It serves as a reference for researchers and practitioners by featuring research contributions exemplifying research done in the field of network systems. In addition, the book highlights several key topics in both theoretical and practical aspects of networking. These include wireless sensor networks, performance of TCP connections in mobile networks, photonic data transport networks, security policies, credentials management, data encryption for network transmission, risk management, live TV services, and multicore energy harvesting in distributed systems. .
-
Control Systems Cyber Security Standards Support Activities
Energy Technology Data Exchange (ETDEWEB)
Robert Evans
2009-01-01
The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.
-
Analysis of MANET Security, Architecture and Assessment
Sweta Kaushik; Manorma Kaushik
2012-01-01
in these days, the Mobile ad hoc network (MANET) technology spreads widely. Architecture and security issue is the most sensitive challenge of MANET. MANET support to nodes for directly communications with all the other nodes within their radio ranges through multiple wireless links, where the nodes are not in the direct communication range using intermediate node(s) to communicate with each other. In a MANET, the users’ mobile devices behave as a network, and they must cooperatively provide ...
-
Study on the standard architecture for geoinformation common services
Zha, Z.; Zhang, L.; Wang, C.; Jiang, J.; Huang, W.
2014-04-01
The construction of platform for geoinformation common services was completed or on going in in most provinces and cities in these years in China, and the platforms plays an important role in the economic and social activities. Geoinfromation and geoinfromation based services are the key issues in the platform. The standards on geoinormation common services play as bridges among the users, systems and designers of the platform. The standard architecture for geoinformation common services is the guideline for designing and using the standard system in which the standards integrated to each other to promote the development, sharing and services of geoinformation resources. To establish the standard architecture for geoinformation common services is one of the tasks of "Study on important standards for geonformation common services and management of public facilities in city". The scope of the standard architecture is defined, such as data or information model, interoperability interface or service, information management. Some Research work on the status of international standards of geoinormation common services in organization and countries, like ISO/TC 211, OGC and other countries or unions like USA, EU, Japan have done. Some principles are set up to evaluate the standard, such as availability, suitability and extensible ability. Then the development requirement and practical situation are analyzed, and a framework of the standard architecture for geoinformation common services are proposed. Finally, a summary and prospects of the geoinformation standards are made.
-
Meiler, P.P.; Schmeing, M.
2009-01-01
Combined scenario ; Data management ; Data processing ; Demonstrator ; Information systems ; Integrated systems ; Interoperability ; Joint scenario ; Network Enabled Capability (NEC) ; Operational effectiveness ; Operations research ; Scenarios ; Secure communication ; Service Oriented Architecture
-
A Secure System Architecture for Measuring Instruments in Legal Metrology
Directory of Open Access Journals (Sweden)
Daniel Peters
2015-03-01
Full Text Available Embedded systems show the tendency of becoming more and more connected. This fact combined with the trend towards the Internet of Things, from which measuring instruments are not immune (e.g., smart meters, lets one assume that security in measuring instruments will inevitably play an important role soon. Additionally, measuring instruments have adopted general-purpose operating systems to offer the user a broader functionality that is not necessarily restricted towards measurement alone. In this paper, a flexible software system architecture is presented that addresses these challenges within the framework of essential requirements laid down in the Measuring Instruments Directive of the European Union. This system architecture tries to eliminate the risks general-purpose operating systems have by wrapping them, together with dedicated applications, in secure sandboxes, while supervising the communication between the essential parts and the outside world.
-
An Agile Enterprise Regulation Architecture for Health Information Security Management
Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie
2010-01-01
Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748
-
An agile enterprise regulation architecture for health information security management.
Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie
2010-09-01
Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.
-
Multiple-Channel Security Architecture and its Implementation over SSL
Directory of Open Access Journals (Sweden)
Song Yong
2006-01-01
Full Text Available This paper presents multiple-channel SSL (MC-SSL, an architecture and protocol for protecting client-server communications. In contrast to SSL, which provides a single end-to-end secure channel, MC-SSL enables applications to employ multiple channels, each with its own cipher suite and data-flow direction. Our approach also allows for several partially trusted application proxies. The main advantages of MC-SSL over SSL are (a support for end-to-end security in the presence of partially trusted proxies, and (b selective data protection for achieving computational efficiency important to resource-constrained clients and heavily loaded servers.
-
Ensuring Data Storage Security in Tree cast Routing Architecture for Sensor Networks
Kumar, K. E. Naresh; Sagar, U. Vidya; Waheed, Mohd. Abdul
2010-10-01
In this paper presents recent advances in technology have made low-cost, low-power wireless sensors with efficient energy consumption. A network of such nodes can coordinate among themselves for distributed sensing and processing of certain data. For which, we propose an architecture to provide a stateless solution in sensor networks for efficient routing in wireless sensor networks. This type of architecture is known as Tree Cast. We propose a unique method of address allocation, building up multiple disjoint trees which are geographically inter-twined and rooted at the data sink. Using these trees, routing messages to and from the sink node without maintaining any routing state in the sensor nodes is possible. In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, this routing architecture moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, however, poses many new security challenges which have not been well understood. In this paper, we focus on data storage security, which has always been an important aspect of quality of service. To ensure the correctness of users' data in this architecture, we propose an effective and flexible distributed scheme with two salient features, opposing to its predecessors. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server(s). Unlike most prior works, the new scheme further supports secure and efficient dynamic operations on data blocks, including: data update, delete and append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server
-
Architecture and Knowledge-Driven Self-Adaptive Security in Smart Space
Directory of Open Access Journals (Sweden)
Antti Evesti
2013-03-01
Full Text Available Dynamic and heterogeneous smart spaces cause challenges for security because it is impossible to anticipate all the possible changes at design-time. Self-adaptive security is an applicable solution for this challenge. This paper presents an architectural approach for security adaptation in smart spaces. The approach combines an adaptation loop, Information Security Measuring Ontology (ISMO and a smart space security-control model. The adaptation loop includes phases to monitor, analyze, plan and execute changes in the smart space. The ISMO offers input knowledge for the adaptation loop and the security-control model enforces dynamic access control policies. The approach is novel because it defines the whole adaptation loop and knowledge required in each phase of the adaptation. The contributions are validated as a part of the smart space pilot implementation. The approach offers reusable and extensible means to achieve adaptive security in smart spaces and up-to-date access control for devices that appear in the space. Hence, the approach supports the work of smart space application developers.
-
2011-07-18
... Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap Participants...-11] RIN 3235-AL10 Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based...'') relating to external business conduct standards for security-based swap dealers (``SBS Dealers'') and major...
-
Casajús Ramo, A
2006-01-01
DIRAC is the LHCb Workload and Data Management System. Based on a service-oriented architecture, it enables generic distributed computing with lightweight Agents and Clients for job execution and data transfers. DIRAC implements a client-server architecture exposing server methods through XML Remote Procedure Call (XML-RPC) protocol. DIRAC is mostly coded in python. DIRAC security infrastructure has been designed to be a completely generic XML-RPC transport over a SSL tunnel. This new security layer is able to handle standard X509 certificates as well as grid-proxies to authenticate both sides of the connection. Serve and client authentication relies over OpenSSL and py-Open SSL, but to be able to handle grid proxies some modifications have been added to those libraries. DIRAC security infrastructure handles authorization and authorization as well as provides extended capabilities like secure connection tunneling and file transfer. Using this new security infrastructure all LHCb users can safely make use o...
-
Illinois Occupational Skill Standards: Architectural Drafting Cluster.
Illinois Occupational Skill Standards and Credentialing Council, Carbondale.
This document, which is intended as a guide for work force preparation program providers, details the Illinois occupational skill standards for programs preparing students for employment in occupations in the architectural drafting cluster. The document begins with a brief overview of the Illinois perspective on occupational skill standards and…
-
A Comparison of Cross-Sector Cyber Security Standards
Energy Technology Data Exchange (ETDEWEB)
Robert P. Evans
2005-09-01
This report presents a review and comparison (commonality and differences) of three cross-sector cyber security standards and an internationally recognized information technology standard. The comparison identifies the security areas covered by each standard and reveals where the standards differ in emphasis. By identifying differences in the standards, the user can evaluate which standard best meets their needs. For this report, only cross-sector standards were reviewed.
-
Security Analysis of Dynamic SDN Architectures Based on Game Theory
Directory of Open Access Journals (Sweden)
Chao Qi
2018-01-01
Full Text Available Security evaluation of SDN architectures is of critical importance to develop robust systems and address attacks. Focused on a novel-proposed dynamic SDN framework, a game-theoretic model is presented to analyze its security performance. This model can represent several kinds of players’ information, simulate approximate attack scenarios, and quantitatively estimate systems’ reliability. And we explore several typical game instances defined by system’s capability, players’ objects, and strategies. Experimental results illustrate that the system’s detection capability is not a decisive element to security enhancement as introduction of dynamism and redundancy into SDN can significantly improve security gain and compensate for its detection weakness. Moreover, we observe a range of common strategic actions across environmental conditions. And analysis reveals diverse defense mechanisms adopted in dynamic systems have different effect on security improvement. Besides, the existence of equilibrium in particular situations further proves the novel structure’s feasibility, flexibility, and its persistent ability against long-term attacks.
-
Novel Approaches to Enhance Mobile WiMAX Security
Directory of Open Access Journals (Sweden)
Taeshik Shon
2010-01-01
Full Text Available The IEEE 802.16 Working Group on Broadband Wireless Access Standards released IEEE 802.16-2004 which is a standardized technology for supporting broadband and wireless communication with fixed and nomadic access. After the IEEE 802.16-2004 standard, a new advanced and revised standard was released as the IEEE 802.16e-2005 amendment which is foundation of Mobile WiMAX network supporting handover and roaming capabilities. In the area of security aspects, compared to IEEE 802.16-2004, IEEE 802.16e, called Mobile WiMAX, adopts improved security architecture—PKMv2 which includes EAP authentication, AES-based authenticated encryption, and CMAC or HMAC message protection. However, there is no guarantee that PKMv2-based Mobile WiMAX network will not have security flaws. In this paper, we investigate the current Mobile WiMAX security architecture focusing mainly on pointing out new security vulnerabilities such as a disclosure of security context in network entry, a lack of secure communication in network domain, and a necessity of efficient handover supporting mutual authentication. Based on the investigation results, we propose a novel Mobile WiMAX security architecture, called RObust and Secure MobilE WiMAX (ROSMEX, to prevent the new security vulnerabilities.
-
Directory of Open Access Journals (Sweden)
Elyes Ben Hamida
2015-07-01
Full Text Available Due to the growing number of vehicles on the roads worldwide, road traffic accidents are currently recognized as a major public safety problem. In this context, connected vehicles are considered as the key enabling technology to improve road safety and to foster the emergence of next generation cooperative intelligent transport systems (ITS. Through the use of wireless communication technologies, the deployment of ITS will enable vehicles to autonomously communicate with other nearby vehicles and roadside infrastructures and will open the door for a wide range of novel road safety and driver assistive applications. However, connecting wireless-enabled vehicles to external entities can make ITS applications vulnerable to various security threats, thus impacting the safety of drivers. This article reviews the current research challenges and opportunities related to the development of secure and safe ITS applications. It first explores the architecture and main characteristics of ITS systems and surveys the key enabling standards and projects. Then, various ITS security threats are analyzed and classified, along with their corresponding cryptographic countermeasures. Finally, a detailed ITS safety application case study is analyzed and evaluated in light of the European ETSI TC ITS standard. An experimental test-bed is presented, and several elliptic curve digital signature algorithms (ECDSA are benchmarked for signing and verifying ITS safety messages. To conclude, lessons learned, open research challenges and opportunities are discussed.
-
Process Control System Cyber Security Standards - An Overview
Energy Technology Data Exchange (ETDEWEB)
Robert P. Evans
2006-05-01
The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.
-
National Research Council Canada - National Science Library
Shifflett, David J; Clark, Paul C; Irvine, Cynthia E; Nguyen, Thuy D; Vidas, Timothy M; Levin, Timothy E
2007-01-01
.... The purpose of the SecureCore research project is to investigate fundamental architectural features required for the trusted operation of mobile computing devices such as smart cards, embedded...
-
National Research Council Canada - National Science Library
Shifflett, David J; Clark, Paul C; Irvine, Cynthia E; Nguyen, Thuy D; Vidas, Timothy M; Levin, Timothy E
2008-01-01
.... The purpose of the SecureCore research project is to investigate fundamental architectural features required for the trusted operation of mobile computing devices such as smart cards, embedded...
-
A resilient and secure software platform and architecture for distributed spacecraft
Otte, William R.; Dubey, Abhishek; Karsai, Gabor
2014-06-01
A distributed spacecraft is a cluster of independent satellite modules flying in formation that communicate via ad-hoc wireless networks. This system in space is a cloud platform that facilitates sharing sensors and other computing and communication resources across multiple applications, potentially developed and maintained by different organizations. Effectively, such architecture can realize the functions of monolithic satellites at a reduced cost and with improved adaptivity and robustness. Openness of these architectures pose special challenges because the distributed software platform has to support applications from different security domains and organizations, and where information flows have to be carefully managed and compartmentalized. If the platform is used as a robust shared resource its management, configuration, and resilience becomes a challenge in itself. We have designed and prototyped a distributed software platform for such architectures. The core element of the platform is a new operating system whose services were designed to restrict access to the network and the file system, and to enforce resource management constraints for all non-privileged processes Mixed-criticality applications operating at different security labels are deployed and controlled by a privileged management process that is also pre-configuring all information flows. This paper describes the design and objective of this layer.
-
Feller, Thomas
2014-01-01
?Thomas Feller sheds some light on trust anchor architectures fortrustworthy reconfigurable systems. He is presenting novel concepts enhancing the security capabilities of reconfigurable hardware.Almost invisible to the user, many computer systems are embedded into everyday artifacts, such as cars, ATMs, and pacemakers. The significant growth of this market segment within the recent years enforced a rethinking with respect to the security properties and the trustworthiness of these systems. The trustworthiness of a system in general equates to the integrity of its system components. Hardware-b
-
The emerging architecture of a regional security complex in the Lake ...
African Journals Online (AJOL)
This article explores the emerging regional security architecture to fight terrorism and insurgency in the Lake Chad Basin (LCB). It diagnoses the evolution of the Lake Chad Basin Commission (LCBC) as a sub-regional organization that unites Chad, Cameroon, Niger and Nigeria. In particular, the article critically investigates ...
-
Motion/imagery secure cloud enterprise architecture analysis
DeLay, John L.
2012-06-01
Cloud computing with storage virtualization and new service-oriented architectures brings a new perspective to the aspect of a distributed motion imagery and persistent surveillance enterprise. Our existing research is focused mainly on content management, distributed analytics, WAN distributed cloud networking performance issues of cloud based technologies. The potential of leveraging cloud based technologies for hosting motion imagery, imagery and analytics workflows for DOD and security applications is relatively unexplored. This paper will examine technologies for managing, storing, processing and disseminating motion imagery and imagery within a distributed network environment. Finally, we propose areas for future research in the area of distributed cloud content management enterprises.
-
7 CFR 160.74 - Loan of standards without security.
2010-01-01
... 7 Agriculture 3 2010-01-01 2010-01-01 false Loan of standards without security. 160.74 Section 160... REGULATIONS AND STANDARDS FOR NAVAL STORES Loan and Care of United States Standards § 160.74 Loan of standards without security. Duplicates of the United States Standards for rosin may be loaned without deposit of...
-
Implementing the Payment Card Industry (PCI Data Security Standard (DSS
Directory of Open Access Journals (Sweden)
John O' Raw
2011-08-01
Full Text Available Underpinned by the rise in online criminality, the payment card industry (PCI data security standards (DSS were introduced which outlines a subset of the core principals and requirements that must be followed, including precautions relating to the software that processes credit card data. The necessity to implement these requirements in existing software applications can present software owners and developers with a range of issues. We present here a generic solution to the sensitive issue of PCI compliance where aspect orientated programming (AOP can be applied to meet the requirement of masking the primary account number (PAN. Our architecture allows a definite amount of code to be added which intercepts all the methods specified in the aspect, regardless of future additions to the system thus reducing the amount of work required to the maintain aspect. We believe that the concepts here will provide an insight into how to approach the PCI requirements to undertake the task. The software artefact should also serve as a guide to developers attempting to implement new applications, where security and design are fundamental elements that should be considered through each phase of the software development lifecycle and not as an afterthought.
-
In-Depth Modeling of the UNIX Operating System for Architectural Cyber Security Analysis
Vernotte, Alexandre; Johnson, Pontus; Ekstedt, Mathias; Lagerström, Robert
2017-01-01
ICT systems have become an integral part of business and life. At the same time, these systems have become extremely complex. In such systems exist numerous vulnerabilities waiting to be exploited by potential threat actors. pwnPr3d is a novel modelling approach that performs automated architectural analysis with the objective of measuring the cyber security of the modeled architecture. Its integrated modelling language allows users to model software and hardware components with great level o...
-
2010-03-29
...] Guidance for Industry on Standards for Securing the Drug Supply Chain--Standardized Numerical... industry entitled ``Standards for Securing the Drug Supply Chain-Standardized Numerical Identification for... the Drug Supply Chain-Standardized Numerical Identification for Prescription Drug Packages.'' In the...
-
Adaptive Security Architecture based on EC-MQV Algorithm in Personal Network (PN)
DEFF Research Database (Denmark)
Mihovska, Albena D.; Prasad, Neeli R.
2007-01-01
Abstract — Personal Networks (PNs) have been focused on in order to support the user’s business and private activities without jeopardizing privacy and security of the users and their data. In such a network, it is necessary to produce a proper key agreement method according to the feature...... of the network. One of the features of the network is that the personal devices have deferent capabilities such as computational ability, memory size, transmission power, processing speed and implementation cost. Therefore an adaptive security mechanism should be contrived for such a network of various device...... combinations based on user’s location and device’s capability. The paper proposes new adaptive security architecture with three levels of asymmetric key agreement scheme by using context-aware security manager (CASM) based on elliptic curve cryptosystem (EC-MQV)....
-
Organizational information assets classification model and security architecture methodology
Directory of Open Access Journals (Sweden)
Mostafa Tamtaji
2015-12-01
Full Text Available Today's, Organizations are exposed with huge and diversity of information and information assets that are produced in different systems shuch as KMS, financial and accounting systems, official and industrial automation sysytems and so on and protection of these information is necessary. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released.several benefits of this model cuses that organization has a great trend to implementing Cloud computing. Maintaining and management of information security is the main challenges in developing and accepting of this model. In this paper, at first, according to "design science research methodology" and compatible with "design process at information systems research", a complete categorization of organizational assets, including 355 different types of information assets in 7 groups and 3 level, is presented to managers be able to plan corresponding security controls according to importance of each groups. Then, for directing of organization to architect it’s information security in cloud computing environment, appropriate methodology is presented. Presented cloud computing security architecture , resulted proposed methodology, and presented classification model according to Delphi method and expers comments discussed and verified.
-
Process Control System Cyber Security Standards - An Overview
Energy Technology Data Exchange (ETDEWEB)
Robert P. Evans; V Stanley Scown; Rolf Carlson; Shabbir Shamsuddin; George Shaw; Jeff Dagle; Paul W Oman; Jeannine Schmidt
2005-10-01
The use of cyber security standards can greatly assist in the protection of critical infrastructure by providing guidelines and requisite imperatives in the implementation of computer-controlled systems. These standards are most effective when the engineers and operators using the standards understand what each of the standards addresses and does not address. This paper provides a review and comparison of ten documents dealing with control system cyber security. It is not meant to be a complete treatment of all applicable standards; rather, this is an exemplary analysis showing the benefits of comparing and contrasting differing documents.
-
Security challenges in integration of a PHR-S into a standards based national EHR.
Mense, Alexander; Hoheiser Pförtner, Franz; Sauermann, Stefan
2014-01-01
Health related data provided by patients themselves is expected to play a major role in future healthcare. Data from personal health devices, vaccination records, health diaries or observations of daily living, for instance, is stored in personal health records (PHR) which are maintained by personal health record systems (PHR-S). Combining this information with medical records provided by healthcare providers in electronic health records (EHR) is one of the next steps towards "personal care". Austria currently sets up a nationwide EHR system that incorporates all healthcare providers and is technically based on international standards (IHE, HL7, OASIS, ...). Looking at the expected potential of merging PHR and EHR data it is worth to analyse integration approaches. Although knowing that an integration requires the coordination of processes, information models and technical architectures, this paper specifically focuses on security issues by evaluating general security requirements for a PHR-S (based on HL7 PHR-S FM), comparing them with the information security specifications for the Austrian's national EHR (based on ISO/IES 27000 series) and identifying the main challenges as well as possible approaches.
-
Help for the Developers of Control System Cyber Security Standards
Energy Technology Data Exchange (ETDEWEB)
Robert P. Evans
2008-05-01
A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.
-
7 CFR 160.75 - Loan of standards under security deposit.
2010-01-01
... 7 Agriculture 3 2010-01-01 2010-01-01 false Loan of standards under security deposit. 160.75... REGULATIONS AND STANDARDS FOR NAVAL STORES Loan and Care of United States Standards § 160.75 Loan of standards under security deposit. Duplicates of the United States Standards for rosin may be loaned to interested...
-
Elgamal Elliptic Curve Based Secure Communication Architecture for Microgrids
Directory of Open Access Journals (Sweden)
Sarmadullah Khan
2018-03-01
Full Text Available Microgrids play an important role in today’s power systems as the distributed generation is becoming increasingly common. They can operate in two possible modes: (i standalone and (ii grid-connected. The transitional state from standalone to grid-connected mode is very critical and requires the microgrid to be synchronized with the main grid. Thus, secure, reliable and trustworthy control and communication is utmost necessary to prevent out-of-sync connection which could severely damage the microgrid and/or the main grid. Existing solutions consume more resources and take long time to establish a secure connection. The objective of the proposed work is to reduce the connection establishment time by using efficient computational algorithms and save the resources. This paper proposes a secure authentication and key establishment mechanism for ensuring safe operation and control of the microgrids. The proposed approach uses the concept of Elgamal with slight modification. Private key of the sender is used instead of a random number. The proposed modification ensures the non repudiation. This paper also presents a system threat model along with security network architecture and evaluates the performance of proposed algorithm in protecting microgrid communication against man in the middle attacks and replay attacks that could delay the packets to damage the system and need to be detected. Mathematical modeling and simulation results show that the proposed algorithm performs better than the existing protocols in terms of connection establishment, resource consumption and security level.
-
Space Telecommunications Radio System (STRS) Architecture Standard. Release 1.02.1
Reinhart, Richard C.; Kacpura, Thomas J.; Handler, Louis M.; Hall, C. Steve; Mortensen, Dale J.; Johnson, Sandra K.; Briones, Janette C.; Nappier, Jennifer M.; Downey, Joseph A.; Lux, James P.
2012-01-01
This document contains the NASA architecture standard for software defined radios used in space- and ground-based platforms to enable commonality among radio developments to enhance capability and services while reducing mission and programmatic risk. Transceivers (or transponders) with functionality primarily defined in software (e.g., firmware) have the ability to change their functional behavior through software alone. This radio architecture standard offers value by employing common waveform software interfaces, method of instantiation, operation, and testing among different compliant hardware and software products. These common interfaces within the architecture abstract application software from the underlying hardware to enable technology insertion independently at either the software or hardware layer.
-
McNeal, McKenzie, III.
2012-01-01
Current networking architectures and communication protocols used for Wireless Sensor Networks (WSNs) have been designed to be energy efficient, low latency, and long network lifetime. One major issue that must be addressed is the security in data communication. Due to the limited capabilities of low cost and small sized sensor nodes, designing…
-
Leveraging Software Architectures through the ISO/IEC 42010 standard: A Feasibility Study
Tamburri, D.A.; Lago, P.; Muccini, H.; Proper, E.; Lankhorst, M.; Schoenherr, M.
2011-01-01
The state of the practice in enterprise and software architecture learnt that relevant architectural aspects should be illustrated in multiple views, targeting the various concerns of different stakeholders. This has been expressed a.o. in the ISO/IEC 42010 Standard on architecture descriptions. In
-
Instrumentation Standard Architectures for Future High Availability Control Systems
International Nuclear Information System (INIS)
Larsen, R.S.
2005-01-01
Architectures for next-generation modular instrumentation standards should aim to meet a requirement of High Availability, or robustness against system failure. This is particularly important for experiments both large and small mounted on production accelerators and light sources. New standards should be based on architectures that (1) are modular in both hardware and software for ease in repair and upgrade; (2) include inherent redundancy at internal module, module assembly and system levels; (3) include modern high speed serial inter-module communications with robust noise-immune protocols; and (4) include highly intelligent diagnostics and board-management subsystems that can predict impending failure and invoke evasive strategies. The simple design principles lead to fail-soft systems that can be applied to any type of electronics system, from modular instruments to large power supplies to pulsed power modulators to entire accelerator systems. The existing standards in use are briefly reviewed and compared against a new commercial standard which suggests a powerful model for future laboratory standard developments. The past successes of undertaking such projects through inter-laboratory engineering-physics collaborations will be briefly summarized
-
Meta-Key: A Secure Data-Sharing Protocol under Blockchain-Based Decentralised Storage Architecture
Fu, Yue
2017-01-01
In this paper a secure data-sharing protocol under blockchain-based decentralised storage architecture is proposed, which fulfils users who need to share their encrypted data on-cloud. It implements a remote data-sharing mechanism that enables data owners to share their encrypted data to other users without revealing the original key. Nor do they have to download on-cloud data with re-encryption and re-uploading. Data security as well as efficiency are ensured by symmetric encryption, whose k...
-
Software architecture standard for simulation virtual machine, version 2.0
Sturtevant, Robert; Wessale, William
1994-01-01
The Simulation Virtual Machine (SBM) is an Ada architecture which eases the effort involved in the real-time software maintenance and sustaining engineering. The Software Architecture Standard defines the infrastructure which all the simulation models are built from. SVM was developed for and used in the Space Station Verification and Training Facility.
-
Information risk and security modeling
Zivic, Predrag
2005-03-01
This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.
-
Frühwirth, Christian
Industry managers have long recognized the vital importance of information security for their businesses, but at the same time they perceived security as a technology-driven rather then a business-driven field. Today, this notion is changing and security management is shifting from technology- to business-oriented approaches. Whereas there is evidence of this shift in the literature, this paper argues that security standards and academic work have not yet taken it fully into account. We examine whether this disconnect has lead to a misalignment of IT security requirements in businesses versus industry standards and academic research. We conducted 13 interviews with practitioners from 9 different firms to investigate this question. The results present evidence for a significant gap between security requirements in industry standards and actually reported security vulnerabilities. We further find mismatches between the prioritization of security factors in businesses, standards and real-world threats. We conclude that security in companies serves the business need of protecting information availability to keep the business running at all times.
-
Aspects regarding the implementation of information security standards in organizations
Directory of Open Access Journals (Sweden)
Mihai Bârsan
2017-03-01
Full Text Available Information security is one of the major challenges of the information and knowledge based society. The preoccupation of organizations to ensure the security of information in the digital environment has led to the emergence of specific standards in the field. Thus, ISO 27000 brings together reference standards in the field. Starting from ISO 27001, which summarizes policies and procedures on physical, legal and technological security risks, this paper looks at the steps the organization must undertake to implement the standards.
-
Machine-to-machine communications architectures, technology, standards, and applications
Misic, Vojislav B
2014-01-01
With the number of machine-to-machine (M2M)-enabled devices projected to reach 20 to 50 billion by 2020, there is a critical need to understand the demands imposed by such systems. Machine-to-Machine Communications: Architectures, Technology, Standards, and Applications offers rigorous treatment of the many facets of M2M communication, including its integration with current technology.Presenting the work of a different group of international experts in each chapter, the book begins by supplying an overview of M2M technology. It considers proposed standards, cutting-edge applications, architectures, and traffic modeling and includes case studies that highlight the differences between traditional and M2M communications technology.Details a practical scheme for the forward error correction code designInvestigates the effectiveness of the IEEE 802.15.4 low data rate wireless personal area network standard for use in M2M communicationsIdentifies algorithms that will ensure functionality, performance, reliability, ...
-
Network Based Intrusion Detection and Prevention Systems in IP-Level Security Protocols
R. Kabila
2008-01-01
IPsec has now become a standard information security technology throughout the Internet society. It provides a well-defined architecture that takes into account confidentiality, authentication, integrity, secure key exchange and protection mechanism against replay attack also. For the connectionless security services on packet basis, IETF IPsec Working Group has standardized two extension headers (AH&ESP), key exchange and authentication protocols. It is also working on l...
-
Architecture of security management unit for safe hosting of multiple agents
Gilmont, Tanguy; Legat, Jean-Didier; Quisquater, Jean-Jacques
1999-04-01
In such growing areas as remote applications in large public networks, electronic commerce, digital signature, intellectual property and copyright protection, and even operating system extensibility, the hardware security level offered by existing processors is insufficient. They lack protection mechanisms that prevent the user from tampering critical data owned by those applications. Some devices make exception, but have not enough processing power nor enough memory to stand up to such applications (e.g. smart cards). This paper proposes an architecture of secure processor, in which the classical memory management unit is extended into a new security management unit. It allows ciphered code execution and ciphered data processing. An internal permanent memory can store cipher keys and critical data for several client agents simultaneously. The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility. The result is a secure processor that has hardware support for extensible multitask operating systems, and can be used for both general applications and critical applications needing strong protection. The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance, and do not require it to be modified.
-
PCI compliance understand and implement effective PCI data security standard compliance
Williams, Branden R
2012-01-01
The credit card industry established the PCI Data Security Standards to provide a minimum standard for how vendors should protect data to ensure it is not stolen by fraudsters. PCI Compliance, 3e, provides the information readers need to understand the current PCI Data Security standards, which have recently been updated to version 2.0, and how to effectively implement security within your company to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. Security breaches continue to occur on a regular basis, affecting millions of
-
International Nuclear Information System (INIS)
Algohary, S.
2007-01-01
The new and emerging threats to buildings and infrastructure which are faced by todays engineering design and facility management community in Egypt demand new approaches and solutions that are innovative and increasingly based on risk management principles. In the wake of the damage of Taba hotel in south Sinai (2004) and Sharm El-Sheik hotels in Egypt (July, 2005), there was a growing awareness of public vulnerability to terrorist attacks. This awareness leads to increase the expectations form and responsibilities of the architects, engineers and construction professionals This study reviews and assesses different types of threats to nuclear and important buildings. It identifies also the architectural design, vulnerability and risk management that can enhance security. It also introduces a new approach for integration of architectural design and security in nuclear and important buildings in Egypt. The results shows that escalating threats and risks to important buildings and infrastructures change the role of planners, architects, engineers and builders by increasing the focus on the importance of applying viable security principles to the building designs. Architects in Egypt can assume an important role in improving the life-safety features of important buildings by increasing and integrating new security principles and approaches to improve the security and performance of the buildings against man made disasters
-
Open Architecture Standards and Information Systems (OASIS II ...
International Development Research Centre (IDRC) Digital Library (Canada)
Open Architecture Standards and Information Systems (OASIS II) - Developing Capacity, Sharing Knowledge and Good Principles Across eHealth in Africa. Health care across much of the African continent is hampered by meager resources and a growing burden of disease, with HIV/AIDS, tuberculosis (TB) and malaria ...
-
Energy Technology Data Exchange (ETDEWEB)
Robert P. Evans
2005-09-01
Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was
-
Security management of next generation telecommunications networks and services
Jacobs, Stuart
2014-01-01
This book will cover network management security issues and currently available security mechanisms by discussing how network architectures have evolved into the contemporary NGNs which support converged services (voice, video, TV, interactive information exchange, and classic data communications). It will also analyze existing security standards and their applicability to securing network management. This book will review 21st century security concepts of authentication, authorization, confidentiality, integrity, nonrepudiation, vulnerabilities, threats, risks, and effective approaches to enc
-
An efficient interpolation filter VLSI architecture for HEVC standard
Zhou, Wei; Zhou, Xin; Lian, Xiaocong; Liu, Zhenyu; Liu, Xiaoxiang
2015-12-01
The next-generation video coding standard of High-Efficiency Video Coding (HEVC) is especially efficient for coding high-resolution video such as 8K-ultra-high-definition (UHD) video. Fractional motion estimation in HEVC presents a significant challenge in clock latency and area cost as it consumes more than 40 % of the total encoding time and thus results in high computational complexity. With aims at supporting 8K-UHD video applications, an efficient interpolation filter VLSI architecture for HEVC is proposed in this paper. Firstly, a new interpolation filter algorithm based on the 8-pixel interpolation unit is proposed in this paper. It can save 19.7 % processing time on average with acceptable coding quality degradation. Based on the proposed algorithm, an efficient interpolation filter VLSI architecture, composed of a reused data path of interpolation, an efficient memory organization, and a reconfigurable pipeline interpolation filter engine, is presented to reduce the implement hardware area and achieve high throughput. The final VLSI implementation only requires 37.2k gates in a standard 90-nm CMOS technology at an operating frequency of 240 MHz. The proposed architecture can be reused for either half-pixel interpolation or quarter-pixel interpolation, which can reduce the area cost for about 131,040 bits RAM. The processing latency of our proposed VLSI architecture can support the real-time processing of 4:2:0 format 7680 × 4320@78fps video sequences.
-
Cyber security. Compliance to the new CSA 290.7 standard
Energy Technology Data Exchange (ETDEWEB)
Daley, M.; Doucet, R.; Echlin, M.; MacDonald, M.; Mihaylov, V.; Sijs, J.; Trask, D. [Canadian Nuclear Laboratories, Chalk River, Ontario (Canada)
2015-12-15
Since 2008, the Canadian Nuclear Safety Commission (CNSC), similar to regulators of other critical industries, has requested their licensees to implement cyber security programs and conduct self- assessments without the benefit of an industry specific cyber security standard that provides common metrics for coverage and effectiveness of their programs. However, for the nuclear industry, a new CSA standard 290.7 entitled 'Cyber security for nuclear power plants and small reactor facilities', released in December 2014, will have the CNSC looking to facility operators to be compliant to the new standard. This paper will discuss initiatives at Canadian Nuclear Laboratories to develop of a suite of tools, techniques, and best practices that can be used by the regulator and industry for assessing compliance and effectiveness of cyber security technology and implementations. (author)
-
Cyber security - compliance to the new CSA 290.7 standard
Energy Technology Data Exchange (ETDEWEB)
Daley, M.; Doucet, R.; Echlin, M.; MacDonald, M.; Mihaylov, V.; Sijs, J.; Trask, D., E-mail: Matthew.Daley@cnl.ca [Canadian Nuclear Laboratories, Chalk River, ON, (Canada)
2015-07-01
Since 2008, the Canadian Nuclear Safety Commission (CNSC), similar to regulators of other critical industries, has requested their licensees to implement cyber security programs and conduct self-assessments without the benefit of an industry specific cyber security standard that provides common metrics for coverage and effectiveness of their programs. However, for the nuclear industry, a new CSA standard 290.7 entitled 'Cyber security for nuclear power plants and small reactor facilities' [1], released in December 2014, will have the CNSC looking to facility operators to be compliant to the new standard. This paper will discuss initiatives at Canadian Nuclear Laboratories to develop of a suite of tools, techniques, and best practices that can be used by the regulator and industry for assessing compliance and effectiveness of cyber security technology and implementations. (author)
-
Cyber security. Compliance to the new CSA 290.7 standard
International Nuclear Information System (INIS)
Daley, M.; Doucet, R.; Echlin, M.; MacDonald, M.; Mihaylov, V.; Sijs, J.; Trask, D.
2015-01-01
Since 2008, the Canadian Nuclear Safety Commission (CNSC), similar to regulators of other critical industries, has requested their licensees to implement cyber security programs and conduct self- assessments without the benefit of an industry specific cyber security standard that provides common metrics for coverage and effectiveness of their programs. However, for the nuclear industry, a new CSA standard 290.7 entitled 'Cyber security for nuclear power plants and small reactor facilities', released in December 2014, will have the CNSC looking to facility operators to be compliant to the new standard. This paper will discuss initiatives at Canadian Nuclear Laboratories to develop of a suite of tools, techniques, and best practices that can be used by the regulator and industry for assessing compliance and effectiveness of cyber security technology and implementations. (author)
-
Cyber security - compliance to the new CSA 290.7 standard
International Nuclear Information System (INIS)
Daley, M.; Doucet, R.; Echlin, M.; MacDonald, M.; Mihaylov, V.; Sijs, J.; Trask, D.
2015-01-01
Since 2008, the Canadian Nuclear Safety Commission (CNSC), similar to regulators of other critical industries, has requested their licensees to implement cyber security programs and conduct self-assessments without the benefit of an industry specific cyber security standard that provides common metrics for coverage and effectiveness of their programs. However, for the nuclear industry, a new CSA standard 290.7 entitled 'Cyber security for nuclear power plants and small reactor facilities' [1], released in December 2014, will have the CNSC looking to facility operators to be compliant to the new standard. This paper will discuss initiatives at Canadian Nuclear Laboratories to develop of a suite of tools, techniques, and best practices that can be used by the regulator and industry for assessing compliance and effectiveness of cyber security technology and implementations. (author)
-
Luhach, Ashish Kr.; Dwivedi, Sanjay K; Jha, C K
2014-01-01
Rapid evolution of information technology has contributed to the evolution of more sophisticated E- commerce system with the better transaction time and protection. The currently used E-commerce models lack in quality properties such as logical security because of their poor designing and to face the highly equipped and trained intruders. This editorial proposed a security framework for small and medium sized E-commerce, based on service oriented architecture and gives an analysis of the emin...
-
Security Analysis of DTN Architecture and Bundle Protocol Specification for Space-Based Networks
Ivancic, William D.
2009-01-01
A Delay-Tolerant Network (DTN) Architecture (Request for Comment, RFC-4838) and Bundle Protocol Specification, RFC-5050, have been proposed for space and terrestrial networks. Additional security specifications have been provided via the Bundle Security Specification (currently a work in progress as an Internet Research Task Force internet-draft) and, for link-layer protocols applicable to Space networks, the Licklider Transport Protocol Security Extensions. This document provides a security analysis of the current DTN RFCs and proposed security related internet drafts with a focus on space-based communication networks, which is a rather restricted subset of DTN networks. Note, the original focus and motivation of DTN work was for the Interplanetary Internet . This document does not address general store-and-forward network overlays, just the current work being done by the Internet Research Task Force (IRTF) and the Consultative Committee for Space Data Systems (CCSDS) Space Internetworking Services Area (SIS) - DTN working group under the DTN and Bundle umbrellas. However, much of the analysis is relevant to general store-and-forward overlays.
-
Albus, James S.; Mccain, Harry G.; Lumia, Ronald
1989-01-01
The document describes the NASA Standard Reference Model (NASREM) Architecture for the Space Station Telerobot Control System. It defines the functional requirements and high level specifications of the control system for the NASA space Station document for the functional specification, and a guideline for the development of the control system architecture, of the 10C Flight Telerobot Servicer. The NASREM telerobot control system architecture defines a set of standard modules and interfaces which facilitates software design, development, validation, and test, and make possible the integration of telerobotics software from a wide variety of sources. Standard interfaces also provide the software hooks necessary to incrementally upgrade future Flight Telerobot Systems as new capabilities develop in computer science, robotics, and autonomous system control.
-
Asokan, N; Dmitrienko, Alexandra
2013-01-01
Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrat
-
Compliance with HIPAA security standards in U.S. Hospitals.
Davis, Diane; Having, Karen
2006-01-01
With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.
-
DEFF Research Database (Denmark)
Armando, Alessandro; Arsac, Wihem; Avanesov, Tigran
2012-01-01
The AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our...
-
National Research Council Canada - National Science Library
Gorodetski, Vladimir
2001-01-01
The contractor will research and further develop the technology supporting an agent-based architecture for an information security system and a formal framework to specify a model of distributed knowledge...
-
Information Systems Security Management: A Review and a Classification of the ISO Standards
Tsohou, Aggeliki; Kokolakis, Spyros; Lambrinoudakis, Costas; Gritzalis, Stefanos
The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the security requirements is not the same for all involved parties and the security mechanisms that will be implemented do not comply with some globally accepted rules and practices, then the system that will be designed will not necessarily achieve the desired security level and it will be very difficult to securely interoperate with other systems. It is therefore clear that the role and contribution of international standards to the design and implementation of security mechanisms is dominant. In this paper we provide a state of the art review on information security management standards published by the International Organization for Standardization and the International Electrotechnical Commission. Such an analysis is meaningful to security practitioners for an efficient management of information security. Moreover, the classification of the standards in the clauses of ISO/IEC 27001:2005 that results from our analysis is expected to provide assistance in dealing with the plethora of security standards.
-
2012-11-12
Harmonization Task Groups 1 and 3 (HTG1 and 3) were established by the EU-US International Standards Harmonization Working Group to attempt to harmonize standards (including ISO, CEN, ETSI, IEEE) on security (HTG1) and communications protocols (HTG3)...
-
Implementing healthcare information security: standards can help.
Orel, Andrej; Bernik, Igor
2013-01-01
Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.
-
EH-GC: An Efficient and Secure Architecture of Energy Harvesting Green Cloud Infrastructure
Directory of Open Access Journals (Sweden)
Saurabh Singh
2017-04-01
Full Text Available Nowadays, the high power consumption of data centers is the biggest challenge to making cloud computing greener. Many researchers are still seeking effective solutions to reduce or harvest the energy produced at data centers. To address this challenge, we propose a green cloud infrastructure which provides security and efficiency based on energy harvesting (EH-GC. The EH-GC is basically focused on harvesting the heat energy produced by data centers in the Infrastructure-as-a-Service (IaaS infrastructure. A pyroelectric material is used to generate the electric current from heat using the Olsen cycle. In order to achieve efficient green cloud computing, the architecture utilizes a genetic algorithm for proper virtual machine allocation, taking into consideration less Service Level Agreement (SLA violations. The architecture utilizes Multivariate Correlation Analysis (MCA correlation analysis based on a triangular map area generation to detect Denial of Service (DoS attacks in the data center layer of the IaaS. Finally, the experimental analysis is explained based on the energy parameter, which proves that our model is efficient and secure, and that it efficiently reuses the energy emitted from the data center.
-
Functional Security Model: Managers Engineers Working Together
Guillen, Edward Paul; Quintero, Rulfo
2008-05-01
Information security has a wide variety of solutions including security policies, network architectures and technological applications, they are usually designed and implemented by security architects, but in its own complexity this solutions are difficult to understand by company managers and they are who finally fund the security project. The main goal of the functional security model is to achieve a solid security platform reliable and understandable in the whole company without leaving of side the rigor of the recommendations and the laws compliance in a single frame. This paper shows a general scheme of the model with the use of important standards and tries to give an integrated solution.
-
2011-08-03
... SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 [Release No. 34-64766; File No. S7-25-11] RIN 3235-AL10 Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap Participants Correction In proposed rule document number 2011-16758, appearing on pages 42396-42455 in the...
-
Authorization & security aspects in the middleware-based healthcare information system.
Andany, J; Bjorkendal, C; Ferrara, F M; Scherrer, J R; Spahni, S
1999-01-01
The integration and evolution of existing systems represents one of the most urgent priorities of health care information systems in order to allow the whole organisation to meet the increasing clinical organisational and managerial needs. The CEN ENV 12967-1 'Healthcare Information Systems Architecture'(HISA) standard defines an architectural approach based on a middleware of business-specific common services, enabling all parts of the local and geographical system to operate on the common information heritage of the organisation and on exploiting a set of common business-oriented functionality. After an overview on the key aspects of HISA, this paper discusses the positioning of the authorization and security aspects in the overall architecture. A global security framework is finally proposed.
-
2012-03-06
...-02] Announcing Approval of Federal Information Processing Standard (FIPS) Publication 180-4, Secure... approval of Federal Information Processing Standard (FIPS) Publication 180-4, Secure Hash Standard (SHS... Federal Information Processing Standard (FIPS) Publication 180-4, Secure Hash Standard (SHS). FIPS 180-4...
-
An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds
Energy Technology Data Exchange (ETDEWEB)
Simmhan, Yogesh; Kumbhare, Alok; Cao, Baohua; Prasanna, Viktor K.
2011-07-09
Power utilities globally are increasingly upgrading to Smart Grids that use bi-directional communication with the consumer to enable an information-driven approach to distributed energy management. Clouds offer features well suited for Smart Grid software platforms and applications, such as elastic resources and shared services. However, the security and privacy concerns inherent in an information rich Smart Grid environment are further exacerbated by their deployment on Clouds. Here, we present an analysis of security and privacy issues in a Smart Grids software architecture operating on different Cloud environments, in the form of a taxonomy. We use the Los Angeles Smart Grid Project that is underway in the largest U.S. municipal utility to drive this analysis that will benefit both Cloud practitioners targeting Smart Grid applications, and Cloud researchers investigating security and privacy.
-
SECURITY ANALYSIS OF ONE SOLUTION FOR SECURE PRIVATE DATA STORAGE IN A CLOUD
Ludmila Klimentievna Babenko; Alina Viktorovna Trepacheva
2016-01-01
The paper analyzes the security of one recently proposed secure cloud data base architecture. We present an attack on it binding the security of whole solution with the security of particular encryption schemes, used in it. We show this architecture is vulnerable and consequently the solution is unviable.
-
Patient data security in the DICOM standard
International Nuclear Information System (INIS)
Schuetze, B.; Kroll, M.; Geisbe, T.; Filler, T.J.
2004-01-01
The DICOM committee added the section 'Security Profiles' to the DICOM standard, in order to provide the opportunity of safe communication between health care system partners. Data complying with the DICOM standard - e.g. pictures, signals or reports of examinations can be provided with one or more digital signatures. Attention should be paid to the fact that these possibilities of the DICOM standard are available or can be supplied subsequently by new acquisitions of radiological modalities. The required information to check these prerequisites are given
-
Balamurugan, A. M.; Sivasubramanian, A.
2014-06-01
The Optical Burst Switching (OBS) is an emergent result to the technology issue that could achieve a viable network in future. They have the ability to meet the bandwidth requisite of those applications that call for intensive bandwidth. The field of optical transmission has undergone numerous advancements and is still being researched mainly due to the fact that optical data transmission can be done at enormous speeds. The concept of OBS is still far from perfection facing issues in case of security threat. The transfer of optical switching paradigm to optical burst switching faces serious downfall in the fields of burst aggregation, routing, authentication, dispute resolution and quality of service (QoS). This paper proposes a framework based on QKD based secure edge router architecture design to provide burst confidentiality. The QKD protocol offers high level of confidentiality as it is indestructible. The design architecture was implemented in FPGA using diverse models and the results were taken. The results show that the proposed model is suitable for real time secure routing applications of the Optical burst switched networks.
-
SECURITY ANALYSIS OF ONE SOLUTION FOR SECURE PRIVATE DATA STORAGE IN A CLOUD
Directory of Open Access Journals (Sweden)
Ludmila Klimentievna Babenko
2016-03-01
Full Text Available The paper analyzes the security of one recently proposed secure cloud data base architecture. We present an attack on it binding the security of whole solution with the security of particular encryption schemes, used in it. We show this architecture is vulnerable and consequently the solution is unviable.
-
Architecture for Data Management
Vukolic, Marko
2015-01-01
In this document we present the preliminary architecture of the SUPERCLOUD data management and storage. We start by defining the design requirements of the architecture, motivated by use cases and then review the state-of-the-art. We survey security and dependability technologies and discuss designs for the overall unifying architecture for data management that serves as an umbrella for different security and dependability data management features. Specifically the document lays out the archi...
-
Two Stage Secure Dynamic Load Balancing Architecture for SIP Server Clusters
Directory of Open Access Journals (Sweden)
G. Vennila
2014-08-01
Full Text Available Session Initiation Protocol (SIP is a signaling protocol emerged with an aim to enhance the IP network capabilities in terms of complex service provision. SIP server scalability with load balancing has a greater concern due to the dramatic increase in SIP service demand. Load balancing of session method (request/response and security measures optimizes the SIP server to regulate of network traffic in Voice over Internet Protocol (VoIP. Establishing a honeywall prior to the load balancer significantly reduces SIP traffic and drops inbound malicious load. In this paper, we propose Active Least Call in SIP Server (ALC_Server algorithm fulfills objectives like congestion avoidance, improved response times, throughput, resource utilization, reducing server faults, scalability and protection of SIP call from DoS attacks. From the test bed, the proposed two-tier architecture demonstrates that the ALC_Server method dynamically controls the overload and provides robust security, uniform load distribution for SIP servers.
-
webinos project deliverable: Phase 1 Security Framework
webinos consortium
2011-01-01
The webinos project aims to deliver a cross-device web application runtime environment, providing a unified development platform and standardized inter-device communication and interaction. This document contains the first iteration of the technical security and privacy framework designed for the webinos project. It accompanies two other documents - D3.1 System Specification and D3.2 API Specifications - and refers to concepts developed in them. The security and privacy architecture aims to p...
-
Security basics for computer architects
Lee, Ruby B
2013-01-01
Design for security is an essential aspect of the design of future computers. However, security is not well understood by the computer architecture community. Many important security aspects have evolved over the last several decades in the cryptography, operating systems, and networking communities. This book attempts to introduce the computer architecture student, researcher, or practitioner to the basic concepts of security and threat-based design. Past work in different security communities can inform our thinking and provide a rich set of technologies for building architectural support fo
-
Research on a Valuation Standard and the Actual Condition About Security Management in PACS
International Nuclear Information System (INIS)
Jeong, Jae Ho; Son, Gi Gyeong; Kang, Hee Doo; Dong, Kyung Rae; Kweon, Dae Cheol; Kim, Hyun Soo
2008-01-01
This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.
-
Transportable GPU (General Processor Units) chip set technology for standard computer architectures
Fosdick, R. E.; Denison, H. C.
1982-11-01
The USAFR-developed GPU Chip Set has been utilized by Tracor to implement both USAF and Navy Standard 16-Bit Airborne Computer Architectures. Both configurations are currently being delivered into DOD full-scale development programs. Leadless Hermetic Chip Carrier packaging has facilitated implementation of both architectures on single 41/2 x 5 substrates. The CMOS and CMOS/SOS implementations of the GPU Chip Set have allowed both CPU implementations to use less than 3 watts of power each. Recent efforts by Tracor for USAF have included the definition of a next-generation GPU Chip Set that will retain the application-proven architecture of the current chip set while offering the added cost advantages of transportability across ISO-CMOS and CMOS/SOS processes and across numerous semiconductor manufacturers using a newly-defined set of common design rules. The Enhanced GPU Chip Set will increase speed by an approximate factor of 3 while significantly reducing chip counts and costs of standard CPU implementations.
-
A high-throughput two channel discrete wavelet transform architecture for the JPEG2000 standard
Badakhshannoory, Hossein; Hashemi, Mahmoud R.; Aminlou, Alireza; Fatemi, Omid
2005-07-01
The Discrete Wavelet Transform (DWT) is increasingly recognized in image and video compression standards, as indicated by its use in JPEG2000. The lifting scheme algorithm is an alternative DWT implementation that has a lower computational complexity and reduced resource requirement. In the JPEG2000 standard two lifting scheme based filter banks are introduced: the 5/3 and 9/7. In this paper a high throughput, two channel DWT architecture for both of the JPEG2000 DWT filters is presented. The proposed pipelined architecture has two separate input channels that process the incoming samples simultaneously with minimum memory requirement for each channel. The architecture had been implemented in VHDL and synthesized on a Xilinx Virtex2 XCV1000. The proposed architecture applies DWT on a 2K by 1K image at 33 fps with a 75 MHZ clock frequency. This performance is achieved with 70% less resources than two independent single channel modules. The high throughput and reduced resource requirement has made this architecture the proper choice for real time applications such as Digital Cinema.
-
Standard specification for architectural flat glass clad polycarbonate
American Society for Testing and Materials. Philadelphia
2010-01-01
1.1 This specification covers the quality requirements for cut sizes of glass clad polycarbonate (GCP) for use in buildings as security, detention, hurricane/cyclic wind-resistant, and blast and ballistic-resistant glazing applications. 1.2 The values stated in inch-pound units are to be regarded as the standard. The values given in parentheses are for information only. 1.3 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety and health practices and determine the applicability of regulatory limitations prior to use.
-
Secure Certificateless Signature with Revocation in the Standard Model
Directory of Open Access Journals (Sweden)
Tung-Tso Tsai
2014-01-01
previously proposed certificateless signature schemes were insecure under a considerably strong security model in the sense that they suffered from outsiders’ key replacement attacks or the attacks from the key generation center (KGC. In this paper, we propose a certificateless signature scheme without random oracles. Moreover, our scheme is secure under the strong security model and provides a public revocation mechanism, called revocable certificateless signature (RCLS. Under the standard computational Diffie-Hellman assumption, we formally demonstrate that our scheme possesses existential unforgeability against adaptive chosen-message attacks.
-
Planning and Design Soa Architecture Blueprint
Tulenan, Virginia
2013-01-01
Service Oriented Architecture (SOA) is a framework for integrating business processes and supporting IT infrastructure as secure, standardized components-services-that can be reused and combined to address changing business priorities. Services are the building blocks of SOA and new applications can be constructed through consuming these services and orchestrating services within a business process. In SOA, services map to the business functions that are identified during business process ana...
-
DESIGN MODELING OF A UNIVERSITY’S COMPREHENSIVE-INTEGRATED SECURITY SYSTEM
Directory of Open Access Journals (Sweden)
Marina V. Dulyasova
2017-03-01
Full Text Available Introduction: the safety of higher education institutions is considered to be of great importance nowadays. Security challenges need to be addressed through a comprehensive and integrative approach. This approach provides neutralisation of various threats systemically, risk prevention, minimisation of the tangible and moral harm. The project concept of “safe university” is proposed and substantiated for the above-mentioned purposes. Materials and Methods: the authors used a special literature survey on the issue, which is divided into three main groups of publications, where the complex security of educational institutions is considered in the context of the general theory of security, in the educational-methodical plan and within the framework of sociological, psychological and pedagogical approaches. The legislative and regulatory sources also indicated, legislative and regulatory legal acts reviews, “Safe City” concept, National standard “Information security technologies: complex and integrated ones. Standard requirements to architecture and technologies of intellectual systems of monitoring for safety of the companies and the territories” (State standard specification P 56875-2016, documents of higher education institutions, media reports. The analysis and generalisation of information was coupled with project modeling of the new comprehensive system of higher education institution security. Results: the authors introduce the concept, architecture and model of the comprehensive integrated higher education institution security, monitoring based on measures and indicators pertaining to implementation of standard requirements and level of satisfaction with safety, evaluation of the taken measures in terms of efficiency. Discussion and Conclusions: the main contours of the model for comprehensive integrated security system in a higher education institution and algorithm of interaction between the subjects are determined. These
-
Saranummi, Niilo
2005-01-01
The PICNIC architecture aims at supporting inter-enterprise integration and the facilitation of collaboration between healthcare organisations. The concept of a Regional Health Economy (RHE) is introduced to illustrate the varying nature of inter-enterprise collaboration between healthcare organisations collaborating in providing health services to citizens and patients in a regional setting. The PICNIC architecture comprises a number of PICNIC IT Services, the interfaces between them and presents a way to assemble these into a functioning Regional Health Care Network meeting the needs and concerns of its stakeholders. The PICNIC architecture is presented through a number of views relevant to different stakeholder groups. The stakeholders of the first view are national and regional health authorities and policy makers. The view describes how the architecture enables the implementation of national and regional health policies, strategies and organisational structures. The stakeholders of the second view, the service viewpoint, are the care providers, health professionals, patients and citizens. The view describes how the architecture supports and enables regional care delivery and process management including continuity of care (shared care) and citizen-centred health services. The stakeholders of the third view, the engineering view, are those that design, build and implement the RHCN. The view comprises four sub views: software engineering, IT services engineering, security and data. The proposed architecture is founded into the main stream of how distributed computing environments are evolving. The architecture is realised using the web services approach. A number of well established technology platforms and generic standards exist that can be used to implement the software components. The software components that are specified in PICNIC are implemented in Open Source.
-
Energy Technology Data Exchange (ETDEWEB)
Cuellar, Jorge (ed.) [Siemens AG, Muenchen (Germany). Corporate Technology
2013-11-01
The engineering, deployment and security of the future smart grid will be an enormous project requiring the consensus of many stakeholders with different views on the security and privacy requirements, not to mention methods and solutions. The fragmentation of research agendas and proposed approaches or solutions for securing the future smart grid becomes apparent observing the results from different projects, standards, committees, etc, in different countries. The different approaches and views of the papers in this collection also witness this fragmentation. This book contains the following papers: 1. IT Security Architecture Approaches for Smart Metering and Smart Grid. 2. Smart Grid Information Exchange - Securing the Smart Grid from the Ground. 3. A Tool Set for the Evaluation of Security and Reliability in Smart Grids. 4. A Holistic View of Security and Privacy Issues in Smart Grids. 5. Hardware Security for Device Authentication in the Smart Grid. 6. Maintaining Privacy in Data Rich Demand Response Applications. 7. Data Protection in a Cloud-Enabled Smart Grid. 8. Formal Analysis of a Privacy-Preserving Billing Protocol. 9. Privacy in Smart Metering Ecosystems. 10. Energy rate at home Leveraging ZigBee to Enable Smart Grid in Residential Environment.
-
Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert
2015-07-28
Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.
-
Security in a Web 2.0+ World A Standards Based Approach
Solari , Carlos Curtis
2010-01-01
Discover how technology is affecting your business, and why typical security mechanisms are failing to address the issue of risk and trust. Security for a Web 2.0+ World looks at the perplexing issues of cyber security, and will be of interest to those who need to know how to make effective security policy decisions to engineers who design ICT systems - a guide to information security and standards in the Web 2.0+ era. It provides an understanding of IT security in the converged world of communications technology based on the Internet Protocol. Many companies are currently applying security mo
-
Payment card industry data security standard : readiness project
Βεργέτης, Μιχαήλ
2015-01-01
This paper is my thesis as part of my studies at the Department of Informatics, at University of Piraeus for the Postgraduate Programme in “Techno-economic Management & Security of Digital Systems”. Scope of this paper is to introduce to the reader with the basics of PCI DSS and to guide and provide any sort of assistance to organizations willing to achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS). As for its practical section, a PCI DSS readiness project has...
-
Montes Portela, C.; Rooden, H.; Kohlmann, J.; Leersum, van D.; Geldtmeijer, D.A.M.; Slootweg, J.G.; van Eekelen, Marko
2013-01-01
This paper presents the ICT architecture for a Smart Grid project with consumer interaction in the city of Zwolle, the Netherlands. It describes the privacy and security enhancing measures applied to ensure a positive sum of necessary functionality and respect for consumer’s privacy and secure
-
Power system data communication architecture at BC Hydro
Energy Technology Data Exchange (ETDEWEB)
Struyk, E.
2001-07-01
Development of a power system data communication architecture (PSDCA) at British Columbia Hydro that enables authorized corporate users to access station-intelligent electronic devices (IEDs) for power system data in non real-time, without compromising the reliability and availability of the real-time SCADA systems, is described. Also discussed is the development of major upgrade initiatives for expanding the use of intelligent electronic devices and remote terminal units (RTUs) which report to the main System Control Centre at Burnaby, BC, and to the four Area Control Centres located throughout the province. The network architecture that incorporates industry standards for PSDCA also provides an opportunity to existing network security systems against electronic threats such as hackers and saboteurs, beyond the simple methods of single or two-level passwords of existing protection control and monitoring equipment systems. The virtual private network (VPN) technology built into the PSDCA will allow secure access to station IED data by corporate users to access their own power data in a secure and reliable fashion. 4 figs.
-
45 CFR Appendix A to Subpart C of... - Security Standards: Matrix
2010-10-01
... 45 Public Welfare 1 2010-10-01 2010-10-01 false Security Standards: Matrix A Appendix A to Subpart C of Part 164 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS... Standards: Matrix Standards Sections Implementation Specifications (R)=Required, (A)=Addressable...
-
Security infrastructures: towards the INDECT system security
Stoianov, Nikolai; Urueña, Manuel; Niemiec, Marcin; Machník, Petr; Maestro, Gema
2012-01-01
This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI...
-
Audit Techniques for Service Oriented Architecture Applications
Directory of Open Access Journals (Sweden)
Liviu Adrian COTFAS
2010-01-01
Full Text Available The Service Oriented Architecture (SOA approach enables the development of flexible distributed applications. Auditing such applications implies several specific challenges related to interoperability, performance and security. The service oriented architecture model is described and the advantages of this approach are analyzed. We also highlight several quality attributes and potential risks in SOA applications that an architect should be aware when designing a distributed system. Key risk factors are identified and a model for risk evaluation is introduced. The top reasons for auditing SOA applications are presented as well as the most important standards. The steps for a successful audit process are given and discussed.
-
FS-OpenSecurity: A Taxonomic Modeling of Security Threats in SDN for Future Sustainable Computing
Directory of Open Access Journals (Sweden)
Yunsick Sung
2016-09-01
Full Text Available Software Defined Networking (SDN has brought many changes in terms of the interaction processes between systems and humans. It has become the key enabler of software defined architecture, which allows enterprises to build a highly agile Information Technology (IT infrastructure. For Future Sustainability Computing (FSC, SDN needs to deliver on many information technology commitments—more automation, simplified design, increased agility, policy-based management, and network management bond to more liberal IT workflow systems. To address the sustainability problems, SDN needs to provide greater collaboration and tighter integration with networks, servers, and security teams that will have an impact on how enterprises design, plan, deploy and manage networks. In this paper, we propose FS-OpenSecurity, which is a new and pragmatic security architecture model. It consists of two novel methodologies, Software Defined Orchestrator (SDO and SQUEAK, which offer a robust and secure architecture. The secure architecture is required for protection from diverse threats. Usually, security administrators need to handle each threat individually. However, handling threats automatically by adapting to the threat landscape is a critical demand. Therefore, the architecture must handle defensive processes automatically that are collaboratively based on intelligent external and internal information.
-
Development of Cyber Security Scheme for Nuclear Power Plant
Energy Technology Data Exchange (ETDEWEB)
Hong, S. B.; Choi, Y. S.; Cho, J. W. (and others)
2009-12-15
Nuclear I and C system is considered to be safe on the cyber threat because of the use of exclusive communication network and operating system. But the trend of open architecture and standardization on the equipment of I and C system, it is not safe on the cyber threat such as hacking and cyber terror. It is needed to protect nuclear I and C systems by the cyber attack, Countermeasures of the cyber security is required a lot of time and endeavors because there are many factors on the environment of cyber security and cyber attack. For the nuclear cyber security, we should make structural framework and eliminate cyber vulnerabilities by the analysis of cyber environment. The framework for the cyber security includes planning, embodiment of security technologies, security audit, security management and security maintenance. In this report, we examined IT security technology and the trend of standard in the industrial I and C system, and proposed a method to construct cyber security for the nuclear power plant. We analysed the threat of cyber security, vulnerability and cyber risk, then we present a method for the cyber security structure and the countermeasures.
-
Development of Cyber Security Scheme for Nuclear Power Plant
International Nuclear Information System (INIS)
Hong, S. B.; Choi, Y. S.; Cho, J. W.
2009-12-01
Nuclear I and C system is considered to be safe on the cyber threat because of the use of exclusive communication network and operating system. But the trend of open architecture and standardization on the equipment of I and C system, it is not safe on the cyber threat such as hacking and cyber terror. It is needed to protect nuclear I and C systems by the cyber attack, Countermeasures of the cyber security is required a lot of time and endeavors because there are many factors on the environment of cyber security and cyber attack. For the nuclear cyber security, we should make structural framework and eliminate cyber vulnerabilities by the analysis of cyber environment. The framework for the cyber security includes planning, embodiment of security technologies, security audit, security management and security maintenance. In this report, we examined IT security technology and the trend of standard in the industrial I and C system, and proposed a method to construct cyber security for the nuclear power plant. We analysed the threat of cyber security, vulnerability and cyber risk, then we present a method for the cyber security structure and the countermeasures
-
Analysis of Specific Features of International Standards of Personnel Security of an Enterprise
Directory of Open Access Journals (Sweden)
Otenko Iryna P.
2014-03-01
Full Text Available The article marks out components of personnel security of an enterprise, outlines processes of personnel management, which correspond with conditions of security of life and labour, competent, socially protected professional activity, availability of the acting system of motivation and stimulation, and possibilities for corporate conflicts resolution. The article presents basic standards, rules and legislative acts that regulate ensuring personnel security. It analyses specific features of application of standards with respect to: life security and labour protection culture at an enterprise, including managerial systems and practice, behaviour of personnel at working places and also intellectual component of personnel security, which envisages that personnel has knowledge and competences that assist in achievement of strategic goals of an enterprise.
-
System architecture of communication infrastructures for PPDR organisations
Müller, Wilmuth
2017-04-01
The growing number of events affecting public safety and security (PS and S) on a regional scale with potential to grow up to large scale cross border disasters puts an increased pressure on organizations responsible for PS and S. In order to respond timely and in an adequate manner to such events Public Protection and Disaster Relief (PPDR) organizations need to cooperate, align their procedures and activities, share the needed information and be interoperable. Existing PPDR/PMR technologies do not provide broadband capability, which is a major limitation in supporting new services hence new information flows and currently they have no successor. There is also no known standard that addresses interoperability of these technologies. The paper at hands provides an approach to tackle the above mentioned aspects by defining an Enterprise Architecture (EA) of PPDR organizations and a System Architecture of next generation PPDR communication networks for a variety of applications and services on broadband networks, including the ability of inter-system, inter-agency and cross-border operations. The Open Safety and Security Architecture Framework (OSSAF) provides a framework and approach to coordinate the perspectives of different types of stakeholders within a PS and S organization. It aims at bridging the silos in the chain of commands and on leveraging interoperability between PPDR organizations. The framework incorporates concepts of several mature enterprise architecture frameworks including the NATO Architecture Framework (NAF). However, OSSAF is not providing details on how NAF should be used for describing the OSSAF perspectives and views. In this contribution a mapping of the NAF elements to the OSSAF views is provided. Based on this mapping, an EA of PPDR organizations with a focus on communication infrastructure related capabilities is presented. Following the capability modeling, a system architecture for secure and interoperable communication infrastructures
-
Green Secure Processors: Towards Power-Efficient Secure Processor Design
Chhabra, Siddhartha; Solihin, Yan
With the increasing wealth of digital information stored on computer systems today, security issues have become increasingly important. In addition to attacks targeting the software stack of a system, hardware attacks have become equally likely. Researchers have proposed Secure Processor Architectures which utilize hardware mechanisms for memory encryption and integrity verification to protect the confidentiality and integrity of data and computation, even from sophisticated hardware attacks. While there have been many works addressing performance and other system level issues in secure processor design, power issues have largely been ignored. In this paper, we first analyze the sources of power (energy) increase in different secure processor architectures. We then present a power analysis of various secure processor architectures in terms of their increase in power consumption over a base system with no protection and then provide recommendations for designs that offer the best balance between performance and power without compromising security. We extend our study to the embedded domain as well. We also outline the design of a novel hybrid cryptographic engine that can be used to minimize the power consumption for a secure processor. We believe that if secure processors are to be adopted in future systems (general purpose or embedded), it is critically important that power issues are considered in addition to performance and other system level issues. To the best of our knowledge, this is the first work to examine the power implications of providing hardware mechanisms for security.
-
Information security management handbook
Tipton, Harold F
2006-01-01
Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.
-
Kiriakou, Charles M.
2012-01-01
Adoption of a comprehensive information security governance model and security controls is the best option organizations may have to protect their information assets and comply with regulatory requirements. Understanding acceptance factors of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) comprehensive…
-
Wang, Chun; Zheng, Yi; Chang, Hua-Hua
2014-01-01
With the advent of web-based technology, online testing is becoming a mainstream mode in large-scale educational assessments. Most online tests are administered continuously in a testing window, which may post test security problems because examinees who take the test earlier may share information with those who take the test later. Researchers have proposed various statistical indices to assess the test security, and one most often used index is the average test-overlap rate, which was further generalized to the item pooling index (Chang & Zhang, 2002, 2003). These indices, however, are all defined as the means (that is, the expected proportion of common items among examinees) and they were originally proposed for computerized adaptive testing (CAT). Recently, multistage testing (MST) has become a popular alternative to CAT. The unique features of MST make it important to report not only the mean, but also the standard deviation (SD) of test overlap rate, as we advocate in this paper. The standard deviation of test overlap rate adds important information to the test security profile, because for the same mean, a large SD reflects that certain groups of examinees share more common items than other groups. In this study, we analytically derived the lower bounds of the SD under MST, with the results under CAT as a benchmark. It is shown that when the mean overlap rate is the same between MST and CAT, the SD of test overlap tends to be larger in MST. A simulation study was conducted to provide empirical evidence. We also compared the security of MST under the single-pool versus the multiple-pool designs; both analytical and simulation studies show that the non-overlapping multiple-pool design will slightly increase the security risk.
-
Re-thinking Grid Security Architecture
Demchenko, Y.; de Laat, C.; Koeroo, O.; Groep, D.; van Engelen, R.; Govindaraju, M.; Cafaro, M.
2008-01-01
The security models used in Grid systems today strongly bear the marks of their diverse origin. Historically retrofitted to the distributed systems they are designed to protect and control, the security model is usually limited in scope and applicability, and its implementation tailored towards a
-
2011-02-11
...-02] Announcing Draft Federal Information Processing Standard 180-4, Secure Hash Standard, and Request... and request for comments. SUMMARY: This notice announces the Draft Federal Information Processing..., Information Technology Laboratory, Attention: Comments on Draft FIPS 180-4, 100 Bureau Drive--Stop 8930...
-
A Secure and Robust Connectivity Architecture for Smart Devices and Applications
Directory of Open Access Journals (Sweden)
Lee YangSun
2011-01-01
Full Text Available Convergence environments and technologies are urgently coming close to our life with various wireless communications and smart devices in order to provide many benefits such as connectivity, usability, mobility, portability, and flexibility as well as lower installation and maintenance costs. Convergence has brought important change not only in the way we live but also in the way we think. It is the progress towards the attempt to create and to evolve new valuable services through the device convergence and fusion of in-home, office, and various environments around the personal mobile apparatus. Based on the dynamic trends of convergence, it is widely argued that the increased requirements on secure and robust connectivity between a variety of mobile devices and their applications provide us the era of real pervasive computing environment. Thus, in this paper, we present a novel connectivity architecture using RF4CE-(Radio Frequency for Consumer Electronics- based wireless zero-configuration and enhanced key agreement approach. We analyze the security and performance of our proposed approach by the development of the prototype H/W and the construction of a testbed with CE and mobile devices.
-
36 CFR 1281.4 - What are the architectural and design standards for Presidential libraries?
2010-07-01
... and design standards for Presidential libraries? 1281.4 Section 1281.4 Parks, Forests, and Public Property NATIONAL ARCHIVES AND RECORDS ADMINISTRATION NARA FACILITIES PRESIDENTIAL LIBRARY FACILITIES § 1281.4 What are the architectural and design standards for Presidential libraries? The Archivist is...
-
Suciu, George; Suciu, Victor; Martian, Alexandru; Craciunescu, Razvan; Vulpe, Alexandru; Marcu, Ioana; Halunga, Simona; Fratu, Octavian
2015-11-01
Big data storage and processing are considered as one of the main applications for cloud computing systems. Furthermore, the development of the Internet of Things (IoT) paradigm has advanced the research on Machine to Machine (M2M) communications and enabled novel tele-monitoring architectures for E-Health applications. However, there is a need for converging current decentralized cloud systems, general software for processing big data and IoT systems. The purpose of this paper is to analyze existing components and methods of securely integrating big data processing with cloud M2M systems based on Remote Telemetry Units (RTUs) and to propose a converged E-Health architecture built on Exalead CloudView, a search based application. Finally, we discuss the main findings of the proposed implementation and future directions.
-
A Critical Examination of IT-21: Thinking Beyond Vendor-Based Standards
National Research Council Canada - National Science Library
Trupp, Travis
1999-01-01
.... This thesis takes a critical look at the IT-21 policy from an economic, security, availability, procurement, and practical level, and explores the role of vendor-based standards in the Navy computing architecture...
-
Efficient Security Mechanisms for the Border Gateway Routing Protocol
1997-08-22
Finding Algorithm for Loop- Free Routing. IEEE/ACM Transactions on Networking, 5(1):148{160, Feb. 1997. [7] International Standards Organization. ISO/IEC...Jersey 07974, Feb. 1985. ftp://netlib.att.com/netlib/att/cs/ cstr /117.ps.Z. [16] S. L. Murphy. Presentation in Panel on \\Security Architecture for the
-
Flexible software architecture for user-interface and machine control in laboratory automation.
Arutunian, E B; Meldrum, D R; Friedman, N A; Moody, S E
1998-10-01
We describe a modular, layered software architecture for automated laboratory instruments. The design consists of a sophisticated user interface, a machine controller and multiple individual hardware subsystems, each interacting through a client-server architecture built entirely on top of open Internet standards. In our implementation, the user-interface components are built as Java applets that are downloaded from a server integrated into the machine controller. The user-interface client can thereby provide laboratory personnel with a familiar environment for experiment design through a standard World Wide Web browser. Data management and security are seamlessly integrated at the machine-controller layer using QNX, a real-time operating system. This layer also controls hardware subsystems through a second client-server interface. This architecture has proven flexible and relatively easy to implement and allows users to operate laboratory automation instruments remotely through an Internet connection. The software architecture was implemented and demonstrated on the Acapella, an automated fluid-sample-processing system that is under development at the University of Washington.
-
WiMAX security and quality of service an end-to-end perspective
Tang, Seok-Yee; Sharif, Hamid
2010-01-01
WiMAX is the first standard technology to deliver true broadband mobility at speeds that enable powerful multimedia applications such as Voice over Internet Protocol (VoIP), online gaming, mobile TV, and personalized infotainment. WiMAX Security and Quality of Service, focuses on the interdisciplinary subject of advanced Security and Quality of Service (QoS) in WiMAX wireless telecommunication systems including its models, standards, implementations, and applications. Split into 4 parts, Part A of the book is an end-to-end overview of the WiMAX architecture, protocol, and system requirements.
-
2014-01-01
After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance. PMID:25276797
-
Park, Chang-Seop
2014-01-01
After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.
-
Data Security in Smart Cities: Challenges and Solutions
Directory of Open Access Journals (Sweden)
Daniela POPESCUL
2016-01-01
Full Text Available The purpose of this paper is to provide an extensive overview of security-related problems in the context of smart cities, seen as huge data consumers and producers. Trends as hyper connectivity, messy complexity, loss of boundary and industrialized hacking transform smart cities in complex environments in which the already-existing security analysis are not useful anymore. Specific data-security requirements and solutions are approached in a four-layer framework, with elements considered to be critical to the operation of a smart city: smart things, smart spaces, smart systems and smart citizens. As urban management should pay close attention to security and privacy protection, network protocols, identity management, standardization, trusted architecture etc., the paper will serve them as a start point for better decisions in security design and management.
-
Evolution of System Architectures: Where Do We Need to Fail Next?
Bermudez, Luis; Alameh, Nadine; Percivall, George
2013-04-01
Innovation requires testing and failing. Thomas Edison was right when he said "I have not failed. I've just found 10,000 ways that won't work". For innovation and improvement of standards to happen, service Architectures have to be tested and tested. Within the Open Geospatial Consortium (OGC), testing of service architectures has occurred for the last 15 years. This talk will present an evolution of these service architectures and a possible future path. OGC is a global forum for the collaboration of developers and users of spatial data products and services, and for the advancement and development of international standards for geospatial interoperability. The OGC Interoperability Program is a series of hands-on, fast paced, engineering initiatives to accelerate the development and acceptance of OGC standards. Each initiative is organized in threads that provide focus under a particular theme. The first testbed, OGC Web Services phase 1, completed in 2003 had four threads: Common Architecture, Web Mapping, Sensor Web and Web Imagery Enablement. The Common Architecture was a cross-thread theme, to ensure that the Web Mapping and Sensor Web experiments built on a base common architecture. The architecture was based on the three main SOA components: Broker, Requestor and Provider. It proposed a general service model defining service interactions and dependencies; categorization of service types; registries to allow discovery and access of services; data models and encodings; and common services (WMS, WFS, WCS). For the latter, there was a clear distinction on the different services: Data Services (e.g. WMS), Application services (e.g. Coordinate transformation) and server-side client applications (e.g. image exploitation). The latest testbed, OGC Web Service phase 9, completed in 2012 had 5 threads: Aviation, Cross-Community Interoperability (CCI), Security and Services Interoperability (SSI), OWS Innovations and Compliance & Interoperability Testing & Evaluation
-
Object oriented business architecture on online-exam and assignment system
Haji-Zada, Teymur
2013-01-01
ABSTRACT: Business object architecture is a technology that was designed and developed during recent period. This architecture has a lot of benefits like scalability, flexibility and security. It helps create and develop maintainable, secure and reusable applications for further development. In business object architecture the logical architecture is separated into layers that give more scalability and reusability. Also using business object architecture developers must not write different pr...
-
Generic System for Remote Testing and Calibration of Measuring Instruments: Security Architecture
Jurčević, M.; Hegeduš, H.; Golub, M.
2010-01-01
Testing and calibration of laboratory instruments and reference standards is a routine activity and is a resource and time consuming process. Since many of the modern instruments include some communication interfaces, it is possible to create a remote calibration system. This approach addresses a wide range of possible applications and permits to drive a number of different devices. On the other hand, remote calibration process involves a number of security issues due to recommendations specified in standard ISO/IEC 17025, since it is not under total control of the calibration laboratory personnel who will sign the calibration certificate. This approach implies that the traceability and integrity of the calibration process directly depends on the collected measurement data. The reliable and secure remote control and monitoring of instruments is a crucial aspect of internet-enabled calibration procedure.
-
A New Cloud Architecture of Virtual Trusted Platform Modules
Liu, Dongxi; Lee, Jack; Jang, Julian; Nepal, Surya; Zic, John
We propose and implement a cloud architecture of virtual Trusted Platform Modules (TPMs) to improve the usability of TPMs. In this architecture, virtual TPMs can be obtained from the TPM cloud on demand. Hence, the TPM functionality is available for applications that do not have physical TPMs in their local platforms. Moreover, the TPM cloud allows users to access their keys and data in the same virtual TPM even if they move to untrusted platforms. The TPM cloud is easy to access for applications in different languages since cloud computing delivers services in standard protocols. The functionality of the TPM cloud is demonstrated by applying it to implement the Needham-Schroeder public-key protocol for web authentications, such that the strong security provided by TPMs is integrated into high level applications. The chain of trust based on the TPM cloud is discussed and the security properties of the virtual TPMs in the cloud is analyzed.
-
Directory of Open Access Journals (Sweden)
Chang-Seop Park
2014-01-01
Full Text Available After two recent security attacks against implantable medical devices (IMDs have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient’s life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician’s treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.
-
Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice
Javed, Muhammad Awais; Ben Hamida, Elyes; Znaidi, Wassim
2016-01-01
Connecting vehicles securely and reliably is pivotal to the implementation of next generation ITS applications of smart cities. With continuously growing security threats, vehicles could be exposed to a number of service attacks that could put their safety at stake. To address this concern, both US and European ITS standards have selected Elliptic Curve Cryptography (ECC) algorithms to secure vehicular communications. However, there is still a lack of benchmarking studies on existing security standards in real-world settings. In this paper, we first analyze the security architecture of the ETSI ITS standard. We then implement the ECC based digital signature and encryption procedures using an experimental test-bed and conduct an extensive benchmark study to assess their performance which depends on factors such as payload size, processor speed and security levels. Using network simulation models, we further evaluate the impact of standard compliant security procedures in dense and realistic smart cities scenarios. Obtained results suggest that existing security solutions directly impact the achieved quality of service (QoS) and safety awareness of vehicular applications, in terms of increased packet inter-arrival delays, packet and cryptographic losses, and reduced safety awareness in safety applications. Finally, we summarize the insights gained from the simulation results and discuss open research challenges for efficient working of security in ITS applications of smart cities. PMID:27314358
-
Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice
Directory of Open Access Journals (Sweden)
Muhammad Awais Javed
2016-06-01
Full Text Available Connecting vehicles securely and reliably is pivotal to the implementation of next generation ITS applications of smart cities. With continuously growing security threats, vehicles could be exposed to a number of service attacks that could put their safety at stake. To address this concern, both US and European ITS standards have selected Elliptic Curve Cryptography (ECC algorithms to secure vehicular communications. However, there is still a lack of benchmarking studies on existing security standards in real-world settings. In this paper, we first analyze the security architecture of the ETSI ITS standard. We then implement the ECC based digital signature and encryption procedures using an experimental test-bed and conduct an extensive benchmark study to assess their performance which depends on factors such as payload size, processor speed and security levels. Using network simulation models, we further evaluate the impact of standard compliant security procedures in dense and realistic smart cities scenarios. Obtained results suggest that existing security solutions directly impact the achieved quality of service (QoS and safety awareness of vehicular applications, in terms of increased packet inter-arrival delays, packet and cryptographic losses, and reduced safety awareness in safety applications. Finally, we summarize the insights gained from the simulation results and discuss open research challenges for efficient working of security in ITS applications of smart cities.
-
Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice.
Javed, Muhammad Awais; Ben Hamida, Elyes; Znaidi, Wassim
2016-06-15
Connecting vehicles securely and reliably is pivotal to the implementation of next generation ITS applications of smart cities. With continuously growing security threats, vehicles could be exposed to a number of service attacks that could put their safety at stake. To address this concern, both US and European ITS standards have selected Elliptic Curve Cryptography (ECC) algorithms to secure vehicular communications. However, there is still a lack of benchmarking studies on existing security standards in real-world settings. In this paper, we first analyze the security architecture of the ETSI ITS standard. We then implement the ECC based digital signature and encryption procedures using an experimental test-bed and conduct an extensive benchmark study to assess their performance which depends on factors such as payload size, processor speed and security levels. Using network simulation models, we further evaluate the impact of standard compliant security procedures in dense and realistic smart cities scenarios. Obtained results suggest that existing security solutions directly impact the achieved quality of service (QoS) and safety awareness of vehicular applications, in terms of increased packet inter-arrival delays, packet and cryptographic losses, and reduced safety awareness in safety applications. Finally, we summarize the insights gained from the simulation results and discuss open research challenges for efficient working of security in ITS applications of smart cities.
-
Evolution of the Ethane Architecture
National Research Council Canada - National Science Library
Casado, Martin; Shenker, Scott
2009-01-01
The Ethane architecture, developed at Stanford University, demonstrated that a novel approach to building secure networks could support superior low-level security and flexible policy-based control over individual flows...
-
Securing the Global Airspace System Via Identity-Based Security
Ivancic, William D.
2015-01-01
Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.
-
Iannicca, Dennis C.; Ishac, Joseph A.; Shalkhauser, Kurt A.
2015-01-01
NASA Glenn Research Center (GRC), in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the Federal Aviation Administration (FAA) and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the GRC prototype CNPC architecture as a demonstration platform. The proposed security controls were integrated into the GRC flight test system aboard our S-3B Viking surrogate aircraft and several network tests were conducted during a flight on November 15th, 2014 to determine whether the controls were working properly within the flight environment. The flight test was also the first to integrate Robust Header Compression (ROHC) as a means of reducing the additional overhead introduced by the security controls and Mobile IPv6. The effort demonstrated the complete end-to-end secure CNPC link in a relevant flight environment.
-
Secure Service Discovery in Home Networks
Scholten, Johan; van Dijk, H.W.; De Cock, Danny; Preneel, Bart; Kung, Antonio; d'Hooge, Michel
2006-01-01
This paper presents an architecture for secure service discovery for use in home networks. We give an overview and rationale of a cluster-based home network architecture that bridges different, often vendor specific, network technologies. We show how it integrates security, communication, and
-
Embedded Java security security for mobile devices
Debbabi, Mourad; Talhi, Chamseddine
2007-01-01
Java brings more functionality and versatility to the world of mobile devices, but it also introduces new security threats. This book contains a presentation of embedded Java security and presents the main components of embedded Java. It gives an idea of the platform architecture and is useful for researchers and practitioners.
-
IT security standards for the digitalization of the energy transition
International Nuclear Information System (INIS)
Laupichler, Dennis
2016-01-01
Intelligent measuring systems are important components in the intelligent net and require security and privacy by design in this critical infrastructure. The smart meter gateway as secure communication platform makes the digital sector coupling possible and becomes the driver for innovations of the digitalization. The protection profiles and the technical rules of the BSI as essential part of the law for the digitalization of the energy transition guarantee a great amount of data protection and data security and provide a unique security standard in the future energy supply system. The data -protection concept of the intelligent measuring system regards a calibration-law conformal data processing and star-shaped data dispatch of the gateway. By this both a traceability and a transparency for the final user is guaranteed and the handling of the data in the sense of the data sovereignty is also technically enforced. For the evidences of compliance of the protection profiles and the technical rules correponding tests in approved test centers with final certification by the BSI are performed. The law for the digitalization of the energy transition makes the first important step to an innovative, digital infrastructure of the intelligent net. By the legal framework additionally a base is created, in order to perform a progressive development of the security targets of the BSI both for intelligent measuring systems as for further important system components of the intelligent energy net via a roadmap for the digitalization. In connection with the technical standards of the BSI the law creates the necessary legal certainty and realizes the aim pursued in the coalition treaty to regulate binding framework conditions for the secure and data-protection conformal application of intelligent measuring systems for diversified application cases in the intelligent net.
-
48 CFR 352.239-70 - Standard for security configurations.
2010-10-01
... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false Standard for security... operating system patch level and anti-virus software level. Note: FDCC is applicable to all computing... applications operated on behalf of HHS are fully functional and operate correctly on systems configured in...
-
The National Security Strategy of the United Kingdom: Security in an Interdependent World
2008-03-01
security architecture has yet to adapt satisfactorily to the new landscape. The UN Security Council has failed to adapt to the rise of new powers. Across...including cinemas , theatres, pubs, nightclubs, restaurants, hotels and commercial centres, hospitals, schools and places of worship); work with architects...and export control regimes, and improving the international monitoring architecture . Countering the threat of nuclear weapons and other weapons of
-
New secure communication-layer standard for medical image management (ISCL)
Kita, Kouichi; Nohara, Takashi; Hosoba, Minoru; Yachida, Masuyoshi; Yamaguchi, Masahiro; Ohyama, Nagaaki
1999-07-01
This paper introduces a summary of the standard draft of ISCL 1.00 which will be published by MEDIS-DC officially. ISCL is abbreviation of Integrated Secure Communication Layer Protocols for Secure Medical Image Management Systems. ISCL is a security layer which manages security function between presentation layer and TCP/IP layer. ISCL mechanism depends on basic function of a smart IC card and symmetric secret key mechanism. A symmetry key for each session is made by internal authentication function of a smart IC card with a random number. ISCL has three functions which assure authentication, confidently and integrity. Entity authentication process is done through 3 path 4 way method using functions of internal authentication and external authentication of a smart iC card. Confidentially algorithm and MAC algorithm for integrity are able to be selected. ISCL protocols are communicating through Message Block which consists of Message Header and Message Data. ISCL protocols are evaluating by applying to regional collaboration system for image diagnosis, and On-line Secure Electronic Storage system for medical images. These projects are supported by Medical Information System Development Center. These project shows ISCL is useful to keep security.
-
IT Security Standards and Legal Metrology - Transfer and Validation
Thiel, F.; Hartmann, V.; Grottker, U.; Richter, D.
2014-08-01
Legal Metrology's requirements can be transferred into the IT security domain applying a generic set of standardized rules provided by the Common Criteria (ISO/IEC 15408). We will outline the transfer and cross validation of such an approach. As an example serves the integration of Legal Metrology's requirements into a recently developed Common Criteria based Protection Profile for a Smart Meter Gateway designed under the leadership of the Germany's Federal Office for Information Security. The requirements on utility meters laid down in the Measuring Instruments Directive (MID) are incorporated. A verification approach to check for meeting Legal Metrology's requirements by their interpretation through Common Criteria's generic requirements is also presented.
-
Visible light communication: Applications, architecture, standardization and research challenges
Directory of Open Access Journals (Sweden)
Latif Ullah Khan
2017-05-01
Full Text Available The Radio Frequency (RF communication suffers from interference and high latency issues. Along with this, RF communication requires a separate setup for transmission and reception of RF waves. Overcoming the above limitations, Visible Light Communication (VLC is a preferred communication technique because of its high bandwidth and immunity to interference from electromagnetic sources. The revolution in the field of solid state lighting leads to the replacement of florescent lamps by Light Emitting Diodes (LEDs which further motivates the usage of VLC. This paper presents a survey of the potential applications, architecture, modulation techniques, standardization and research challenges in VLC.
-
The Double-System Architecture for Trusted OS
Zhao, Yong; Li, Yu; Zhan, Jing
With the development of computer science and technology, current secure operating systems failed to respond to many new security challenges. Trusted operating system (TOS) is proposed to try to solve these problems. However, there are no mature, unified architectures for the TOS yet, since most of them cannot make clear of the relationship between security mechanism and the trusted mechanism. Therefore, this paper proposes a double-system architecture (DSA) for the TOS to solve the problem. The DSA is composed of the Trusted System (TS) and the Security System (SS). We constructed the TS by establishing a trusted environment and realized related SS. Furthermore, we proposed the Trusted Information Channel (TIC) to protect the information flow between TS and SS. In a word, the double system architecture we proposed can provide reliable protection for the OS through the SS with the supports provided by the TS.
-
12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards
2010-01-01
... Processing, Feb. 9, 2000; OCC Bulletin 2001-47, “Third-Party Relationships Risk Management Principles,” Nov... Existing Authority C. Definitions II. Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program...
-
An open, interoperable, and scalable prehospital information technology network architecture.
Landman, Adam B; Rokos, Ivan C; Burns, Kevin; Van Gelder, Carin M; Fisher, Roger M; Dunford, James V; Cone, David C; Bogucki, Sandy
2011-01-01
Some of the most intractable challenges in prehospital medicine include response time optimization, inefficiencies at the emergency medical services (EMS)-emergency department (ED) interface, and the ability to correlate field interventions with patient outcomes. Information technology (IT) can address these and other concerns by ensuring that system and patient information is received when and where it is needed, is fully integrated with prior and subsequent patient information, and is securely archived. Some EMS agencies have begun adopting information technologies, such as wireless transmission of 12-lead electrocardiograms, but few agencies have developed a comprehensive plan for management of their prehospital information and integration with other electronic medical records. This perspective article highlights the challenges and limitations of integrating IT elements without a strategic plan, and proposes an open, interoperable, and scalable prehospital information technology (PHIT) architecture. The two core components of this PHIT architecture are 1) routers with broadband network connectivity to share data between ambulance devices and EMS system information services and 2) an electronic patient care report to organize and archive all electronic prehospital data. To successfully implement this comprehensive PHIT architecture, data and technology requirements must be based on best available evidence, and the system must adhere to health data standards as well as privacy and security regulations. Recent federal legislation prioritizing health information technology may position federal agencies to help design and fund PHIT architectures.
-
12 CFR Appendix F to Part 225 - Interagency Guidelines Establishing Information Security Standards
2010-01-01
... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B...
-
42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.
2010-10-01
... 42 Public Health 2 2010-10-01 2010-10-01 false HIPAA privacy, security, administrative data... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security, administrative data standards, and national identifiers. (a) HIPAA covered entities. An endorsed sponsor is a...
-
Xu, Wei; Guan, Zhiyu; Cao, Hongxin; Zhang, Haiyan; Lu, Min; Li, Tiejun
2011-08-01
To analyze and evaluate the newly issued Electronic Health Record (EHR) Architecture and Data Standard of China (Chinese EHR Standard) and identify areas of improvement for future revisions. We compared the Chinese EHR Standard with the standard of the American Society for Testing and Materials Standard Practice for Content and Structure of Electronic Health Records in the United States (ASTM E 1384 Standard). The comparison comprised two steps: (1) comparing the conformance of the two standards to the international standard: Health Informatics-Requirements for an Electronic Health Record Architecture (ISO/TS 18308), and showing how the architectures of the two standards satisfy or deviate from the ISO requirements and (2) comparing the detailed data structures between the two standards. Of the 124 requirement items in ISO/TS 18308, the Chinese EHR Standard and the ASTM E 1384 Standard conformed to 77 (62.1%) and 111 (89.5%), respectively. The Chinese EHR Standard conformed to 34 of 50 Structure requirements (68.0%), 22 of 24 Process requirements (91.7%), and 21 of 50 Other requirements (42.0%). The ASTM E 1384 Standard conformed to 49 of 50 Structure requirements (98.0%), 23 of 24 Process requirements (95.8%), and 39 of 40 Other requirements (78.0%). Further development of the Chinese EHR Standard should focus on supporting privacy and security mechanism, diverse data types, more generic and extensible lower level data structures, and relational attributes for data elements. Copyright © 2011 Elsevier Ireland Ltd. All rights reserved.
-
An Unequal Secure Encryption Scheme for H.264/AVC Video Compression Standard
Fan, Yibo; Wang, Jidong; Ikenaga, Takeshi; Tsunoo, Yukiyasu; Goto, Satoshi
H.264/AVC is the newest video coding standard. There are many new features in it which can be easily used for video encryption. In this paper, we propose a new scheme to do video encryption for H.264/AVC video compression standard. We define Unequal Secure Encryption (USE) as an approach that applies different encryption schemes (with different security strength) to different parts of compressed video data. This USE scheme includes two parts: video data classification and unequal secure video data encryption. Firstly, we classify the video data into two partitions: Important data partition and unimportant data partition. Important data partition has small size with high secure protection, while unimportant data partition has large size with low secure protection. Secondly, we use AES as a block cipher to encrypt the important data partition and use LEX as a stream cipher to encrypt the unimportant data partition. AES is the most widely used symmetric cryptography which can ensure high security. LEX is a new stream cipher which is based on AES and its computational cost is much lower than AES. In this way, our scheme can achieve both high security and low computational cost. Besides the USE scheme, we propose a low cost design of hybrid AES/LEX encryption module. Our experimental results show that the computational cost of the USE scheme is low (about 25% of naive encryption at Level 0 with VEA used). The hardware cost for hybrid AES/LEX module is 4678 Gates and the AES encryption throughput is about 50Mbps.
-
Requirements for e-Navigation Architectures
Directory of Open Access Journals (Sweden)
Axel Hahn
2016-12-01
Full Text Available Technology is changing the way of navigation. New technologies for communication and navigation can be found on virtually every vessel. System architectures define structure and cooperation of components and subsystems. IMO, IALA, costal authorities, technology provider and many more actually propose new architectures for e-Navigation. This paper looks at other transportation domains and technical as normative requirements for e-Navigation architectures. With the aim of identifying possible synergies in the research, development, certification and standardization, this paper sets out to compare requirements and approaches of these two domains with respect to safety and security aspects. Since from an autonomy perspective, the automotive domain has started earlier and therefore has achieved a higher degree of technical progress, we will start with an overview of the developments in this domain. After that, the paper discusses the requirements on automation and assistance systems in the maritime domain and gives an overview of the developments into this direction within the maritime domain. This then allows us to compare developments in both domains and to derive recommendations for further developments in the maritime domain at the end of this paper.
-
A different paradigm for security planning
International Nuclear Information System (INIS)
Hagengruber, R.
2002-01-01
Full text: Security costs at nuclear facilities have been relatively high for many years. Since the 1970s, these expenditures in the United States have grown much faster than inflation. After the tragedy of September 11, the rate of increase appears to be exponential. Within the National Nuclear Security Administration, the cost of security now is about 10 % of the entire budget. Research and Development (R and D) has played a role in modern security, but the rate of advancement of security technology has not been sufficient to moderate the increasing costs and performance demands. Part of this problem is associated with both an inadequate investment level and the lack of a visionary roadmap for security technology. The other element of the problem is the lack of a strategic framework or architecture that would allow security technology to be effectively placed in an overall context of functionality. A new concept for an architecture for security will be presented. Within this architecture, a different approach to design, use of technology, and evaluation of effectiveness will be offered. Promising areas of technology and design will be illustrated by specific examples and suggestions for advanced R and D will be made. (author)
-
A COMPARATIVE STUDY OF SYSTEM NETWORK ARCHITECTURE Vs DIGITAL NETWORK ARCHITECTURE
Seema; Mukesh Arya
2011-01-01
The efficient managing system of sources is mandatory for the successful running of any network. Here this paper describes the most popular network architectures one of developed by IBM, System Network Architecture (SNA) and other is Digital Network Architecture (DNA). As we know that the network standards and protocols are needed for the network developers as well as users. Some standards are The IEEE 802.3 standards (The Institute of Electrical and Electronics Engineers 1980) (LAN), IBM Sta...
-
Service Oriented Architecture in Network Security - a novel Organisation in Security Systems
Hilker, Michael; Schommer, Christoph
2008-01-01
Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is disting...
-
Marceglia, S; Fontelo, P; Rossi, E; Ackerman, M J
2015-01-01
Mobile health Applications (mHealth Apps) are opening the way to patients' responsible and active involvement with their own healthcare management. However, apart from Apps allowing patient's access to their electronic health records (EHRs), mHealth Apps are currently developed as dedicated "island systems". Although much work has been done on patient's access to EHRs, transfer of information from mHealth Apps to EHR systems is still low. This study proposes a standards-based architecture that can be adopted by mHealth Apps to exchange information with EHRs to support better quality of care. Following the definition of requirements for the EHR/mHealth App information exchange recently proposed, and after reviewing current standards, we designed the architecture for EHR/mHealth App integration. Then, as a case study, we modeled a system based on the proposed architecture aimed to support home monitoring for congestive heart failure patients. We simulated such process using, on the EHR side, OpenMRS, an open source longitudinal EHR and, on the mHealth App side, the iOS platform. The integration architecture was based on the bi-directional exchange of standard documents (clinical document architecture rel2 - CDA2). In the process, the clinician "prescribes" the home monitoring procedures by creating a CDA2 prescription in the EHR that is sent, encrypted and de-identified, to the mHealth App to create the monitoring calendar. At the scheduled time, the App alerts the patient to start the monitoring. After the measurements are done, the App generates a structured CDA2-compliant monitoring report and sends it to the EHR, thus avoiding local storage. The proposed architecture, even if validated only in a simulation environment, represents a step forward in the integration of personal mHealth Apps into the larger health-IT ecosystem, allowing the bi-directional data exchange between patients and healthcare professionals, supporting the patient's engagement in self
-
Web Based System Architecture for Long Pulse Remote Experimentation
Energy Technology Data Exchange (ETDEWEB)
De Las Heras, E.; Lastra, D. [INDRA Sistemas, S.A., Unidad de Sistemas de Control, Madrid (Spain); Vega, J.; Castro, R. [Association Euratom CIEMAT for Fusion, Madrid (Spain); Ruiz, M.; Barrera, E. [Universidad Politecnica de Madrid (Spain)
2009-07-01
INDRA is the first Information Technology company in Spain and it presents here, through a series of transparencies, its own approach for the remote experimentation architecture for long pulses (REAL). All the architecture is based on Java-2 platform standards and REAL is a totally open architecture. By itself REAL offers significant advantages: -) access authentication and authorization under multiple security implementations, -) local or remote network access: LAN, WAN, VPN..., -) on-line access to acquisition systems for monitoring and configuration, -) scalability, flexibility, robustness, platform independence,.... The BeansNet implementation of REAL gives additional good things such as: -) easy implementation, -) graphical tool for service composition and configuration, -) availability and hot-swap (no need of stopping or restarting services after update or remodeling, and -) INDRA support. The implementation of BeansNet at the TJ-2 stellarator at Ciemat is presented. This document is made of the presentation transparencies. (A.C.)
-
Security analysis of standards-driven communication protocols for healthcare scenarios.
Masi, Massimiliano; Pugliese, Rosario; Tiezzi, Francesco
2012-12-01
The importance of the Electronic Health Record (EHR), that stores all healthcare-related data belonging to a patient, has been recognised in recent years by governments, institutions and industry. Initiatives like the Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interoperable EHR exchanges among clinics and hospitals. Using the requisites specified by these initiatives, many large scale projects have been set up for enabling healthcare professionals to handle patients' EHRs. The success of applications developed in these contexts crucially depends on ensuring such security properties as confidentiality, authentication, and authorization. In this paper, we first propose a communication protocol, based on the IHE specifications, for authenticating healthcare professionals and assuring patients' safety. By means of a formal analysis carried out by using the specification language COWS and the model checker CMC, we reveal a security flaw in the protocol thus demonstrating that to simply adopt the international standards does not guarantee the absence of such type of flaws. We then propose how to emend the IHE specifications and modify the protocol accordingly. Finally, we show how to tailor our protocol for application to more critical scenarios with no assumptions on the communication channels. To demonstrate feasibility and effectiveness of our protocols we have fully implemented them.
-
Standardi za upravljanje sigurnošću podataka / Standards for management data security
Directory of Open Access Journals (Sweden)
Dejan Vuletić
2006-10-01
Full Text Available U radu su analizirani osnovni pojmovi vezani za upravljanje sigurnošću podataka. Ukazano je na potrebu i značaj standardizacije u oblasti informaciono-komunikacionih tehnologija, naročito prema standardima Međunarodne organizacije za standardizaciju (International Standardization Organization - ISO. U završnom delu rada prikazane su proaktivne i reaktivne aktivnosti u upravljanju sigurnošću podataka. / In this article basic notions of management data security are analyzed. We indicated demand and importance of standardization in information-communication technology domain, especially according to International Standardization Organization. In the final part of the article we illustrated both proactive and reactive activities in management data security.
-
An Architecture, System Engineering, and Acquisition Approach for Space System Software Resiliency
Phillips, Dewanne Marie
Software intensive space systems can harbor defects and vulnerabilities that may enable external adversaries or malicious insiders to disrupt or disable system functions, risking mission compromise or loss. Mitigating this risk demands a sustained focus on the security and resiliency of the system architecture including software, hardware, and other components. Robust software engineering practices contribute to the foundation of a resilient system so that the system "can take a hit to a critical component and recover in a known, bounded, and generally acceptable period of time". Software resiliency must be a priority and addressed early in the life cycle development to contribute a secure and dependable space system. Those who develop, implement, and operate software intensive space systems must determine the factors and systems engineering practices to address when investing in software resiliency. This dissertation offers methodical approaches for improving space system resiliency through software architecture design, system engineering, increased software security, thereby reducing the risk of latent software defects and vulnerabilities. By providing greater attention to the early life cycle phases of development, we can alter the engineering process to help detect, eliminate, and avoid vulnerabilities before space systems are delivered. To achieve this objective, this dissertation will identify knowledge, techniques, and tools that engineers and managers can utilize to help them recognize how vulnerabilities are produced and discovered so that they can learn to circumvent them in future efforts. We conducted a systematic review of existing architectural practices, standards, security and coding practices, various threats, defects, and vulnerabilities that impact space systems from hundreds of relevant publications and interviews of subject matter experts. We expanded on the system-level body of knowledge for resiliency and identified a new software
-
Kirwin, John P.
1999-01-01
A complex networking technology called Asynchronous Transfer Mode (ATM) and a networking protocol called Local Area Network Emulation (LANE) are being integrated into many naval networks without any security-driven naval configuration guidelines. No single publication is available that describes security issues of data delivery and signaling relating to the transition of Ethernet to LANE and ATM. The thesis' focus is to provide: (1) an overview and security analysis of standardized protocols ...
-
Information Security Maturity Model
Information Security Maturity Model
2011-01-01
To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...
-
2010-07-01
... Federal agencies meet in providing architectural and interior design services? 102-76.25 Section 102-76.25...) FEDERAL MANAGEMENT REGULATION REAL PROPERTY 76-DESIGN AND CONSTRUCTION Design and Construction § 102-76.25 What standards must Federal agencies meet in providing architectural and interior design services...
-
Towards a Modernization Process for Secure Data Warehouses
Blanco, Carlos; Pérez-Castillo, Ricardo; Hernández, Arnulfo; Fernández-Medina, Eduardo; Trujillo, Juan
Data Warehouses (DW) manage crucial enterprise information used for the decision making process which has to be protected from unauthorized accesses. However, security constraints are not properly integrated in the complete DWs’ development process, being traditionally considered in the last stages. Furthermore, legacy systems need a reverse engineering process in order to accomplish re-documentation for detecting new security requirements as well as system’s design recovery to enable migration and reuse. Thus, we have proposed a model driven architecture (MDA) for secure DWs which takes into account security issues from the early stages of development and provides automatic transformations between models. This paper fulfills this architecture providing an architecture-driven modernization (ADM) process focused on obtaining conceptual security models from legacy OLAP systems.
-
Draft secure medical database standard.
Pangalos, George
2002-01-01
Medical database security is a particularly important issue for all Healthcare establishments. Medical information systems are intended to support a wide range of pertinent health issues today, for example: assure the quality of care, support effective management of the health services institutions, monitor and contain the cost of care, implement technology into care without violating social values, ensure the equity and availability of care, preserve humanity despite the proliferation of technology etc.. In this context, medical database security aims primarily to support: high availability, accuracy and consistency of the stored data, the medical professional secrecy and confidentiality, and the protection of the privacy of the patient. These properties, though of technical nature, basically require that the system is actually helpful for medical care and not harmful to patients. These later properties require in turn not only that fundamental ethical principles are not violated by employing database systems, but instead, are effectively enforced by technical means. This document reviews the existing and emerging work on the security of medical database systems. It presents in detail the related problems and requirements related to medical database security. It addresses the problems of medical database security policies, secure design methodologies and implementation techniques. It also describes the current legal framework and regulatory requirements for medical database security. The issue of medical database security guidelines is also examined in detailed. The current national and international efforts in the area are studied. It also gives an overview of the research work in the area. The document also presents in detail the most complete to our knowledge set of security guidelines for the development and operation of medical database systems.
-
Security Shift in Future Network Architectures
Hartog, T.; Schotanus, H.A.; Verkoelen, C.A.A.
2010-01-01
In current practice military communication infrastructures are deployed as stand-alone networked information systems. Network-Enabled Capabilities (NEC) and combined military operations lead to new requirements which current communication architectures cannot deliver. This paper informs IT
-
A preliminary study on the design in architecture of nuclear and radiation safety standard system
International Nuclear Information System (INIS)
Song Dahu; Zhang Chi; Yang Lili; Li Bin; Liu Yingwei; An Hongzhen; Gao Siyi; Liu Ting; Meng De
2014-01-01
The connotation and function of nuclear and radiation safety standards are analyzed, and their relationships with the relevant laws and regulations are discussed in the paper. Some suggestions and blue print of overall architecture to build nuclear and radiation safety standard system are proposed, on the basis of researching the application status quo, existing problems and needs for nuclear and radiation safety standards in China. This work is a beneficial exploration and attempt to establish China's nuclear and radiation safety standards. (authors)
-
MAC layer security issues in wireless mesh networks
Reddy, K. Ganesh; Thilagam, P. Santhi
2016-03-01
Wireless Mesh Networks (WMNs) have emerged as a promising technology for a broad range of applications due to their self-organizing, self-configuring and self-healing capability, in addition to their low cost and easy maintenance. Securing WMNs is more challenging and complex issue due to their inherent characteristics such as shared wireless medium, multi-hop and inter-network communication, highly dynamic network topology and decentralized architecture. These vulnerable features expose the WMNs to several types of attacks in MAC layer. The existing MAC layer standards and implementations are inadequate to secure these features and fail to provide comprehensive security solutions to protect both backbone and client mesh. Hence, there is a need for developing efficient, scalable and integrated security solutions for WMNs. In this paper, we classify the MAC layer attacks and analyze the existing countermeasures. Based on attacks classification and countermeasures analysis, we derive the research directions to enhance the MAC layer security for WMNs.
-
New Energy Architecture. Myanmar
Energy Technology Data Exchange (ETDEWEB)
NONE
2013-06-15
A global transition towards a new energy architecture is under way, driven by countries' need to respond to the changing dynamics of economic growth, environmental sustainability and energy security. The World Economic Forum, in collaboration with Accenture, has created the New Energy Architecture Initiative to address and accelerate this transition. The Initiative supports the development of national strategies and policy frameworks as countries seek to achieve the combined goals of energy security and access, sustainability, and economic growth and development. The World Economic Forum has formed a partnership with the Ministry of Energy of Myanmar to help apply the Initiative's approach to this developing and resource-rich nation. The Asian Development Bank and the World Economic Forum's Project Adviser, Accenture, have collaborated with the Forum on this consultation process, and have been supported by relevant government, industry and civil society stakeholders. The consultation process aims to understand the nation's current energy architecture challenges and provide an overview of a path to a New Energy Architecture through a series of insights. These insights could form the basis for a long-term multistakeholder roadmap to build Myanmar's energy sector in a way that is secure and sustainable, and promotes economic growth as the country makes its democratic transition. While not all recommendations can be implemented in the near term, they do provide options for creating a prioritized roadmap for Myanmar's energy transition. This report is the culmination of a nine-month multistakeholder process investigating Myanmar's energy architecture. Over the course of many visits to the country, the team has conducted numerous interviews, multistakeholder workshops, and learning and data-gathering exercises to ensure a comprehensive range of information and views. The team has also engaged with a variety of stakeholders to better inform their findings, which have come
-
New Energy Architecture. Myanmar
Energy Technology Data Exchange (ETDEWEB)
NONE
2013-06-15
A global transition towards a new energy architecture is under way, driven by countries' need to respond to the changing dynamics of economic growth, environmental sustainability and energy security. The World Economic Forum, in collaboration with Accenture, has created the New Energy Architecture Initiative to address and accelerate this transition. The Initiative supports the development of national strategies and policy frameworks as countries seek to achieve the combined goals of energy security and access, sustainability, and economic growth and development. The World Economic Forum has formed a partnership with the Ministry of Energy of Myanmar to help apply the Initiative's approach to this developing and resource-rich nation. The Asian Development Bank and the World Economic Forum's Project Adviser, Accenture, have collaborated with the Forum on this consultation process, and have been supported by relevant government, industry and civil society stakeholders. The consultation process aims to understand the nation's current energy architecture challenges and provide an overview of a path to a New Energy Architecture through a series of insights. These insights could form the basis for a long-term multistakeholder roadmap to build Myanmar's energy sector in a way that is secure and sustainable, and promotes economic growth as the country makes its democratic transition. While not all recommendations can be implemented in the near term, they do provide options for creating a prioritized roadmap for Myanmar's energy transition. This report is the culmination of a nine-month multistakeholder process investigating Myanmar's energy architecture. Over the course of many visits to the country, the team has conducted numerous interviews, multistakeholder workshops, and learning and data-gathering exercises to ensure a comprehensive range of information and views. The team has also engaged with a variety of stakeholders to better
-
Managing business compliance using model-driven security management
Lang, Ulrich; Schreiner, Rudolf
Compliance with regulatory and governance standards is rapidly becoming one of the hot topics of information security today. This is because, especially with regulatory compliance, both business and government have to expect large financial and reputational losses if compliance cannot be ensured and demonstrated. One major difficulty of implementing such regulations is caused the fact that they are captured at a high level of abstraction that is business-centric and not IT centric. This means that the abstract intent needs to be translated in a trustworthy, traceable way into compliance and security policies that the IT security infrastructure can enforce. Carrying out this mapping process manually is time consuming, maintenance-intensive, costly, and error-prone. Compliance monitoring is also critical in order to be able to demonstrate compliance at any given point in time. The problem is further complicated because of the need for business-driven IT agility, where IT policies and enforcement can change frequently, e.g. Business Process Modelling (BPM) driven Service Oriented Architecture (SOA). Model Driven Security (MDS) is an innovative technology approach that can solve these problems as an extension of identity and access management (IAM) and authorization management (also called entitlement management). In this paper we will illustrate the theory behind Model Driven Security for compliance, provide an improved and extended architecture, as well as a case study in the healthcare industry using our OpenPMF 2.0 technology.
-
Deep Space Network information system architecture study
Beswick, C. A.; Markley, R. W. (Editor); Atkinson, D. J.; Cooper, L. P.; Tausworthe, R. C.; Masline, R. C.; Jenkins, J. S.; Crowe, R. A.; Thomas, J. L.; Stoloff, M. J.
1992-01-01
The purpose of this article is to describe an architecture for the DSN information system in the years 2000-2010 and to provide guidelines for its evolution during the 1990's. The study scope is defined to be from the front-end areas at the antennas to the end users (spacecraft teams, principal investigators, archival storage systems, and non-NASA partners). The architectural vision provides guidance for major DSN implementation efforts during the next decade. A strong motivation for the study is an expected dramatic improvement in information-systems technologies--i.e., computer processing, automation technology (including knowledge-based systems), networking and data transport, software and hardware engineering, and human-interface technology. The proposed Ground Information System has the following major features: unified architecture from the front-end area to the end user; open-systems standards to achieve interoperability; DSN production of level 0 data; delivery of level 0 data from the Deep Space Communications Complex, if desired; dedicated telemetry processors for each receiver; security against unauthorized access and errors; and highly automated monitor and control.
-
A Survey on Next-generation Power Grid Data Architecture
Energy Technology Data Exchange (ETDEWEB)
You, Shutang [University of Tennessee, Knoxville (UTK); Zhu, Dr. Lin [University of Tennessee (UT); Liu, Yong [ORNL; Liu, Yilu [ORNL; Shankar, Mallikarjun (Arjun) [ORNL; Robertson, Russell [Grid Protection Alliance; King Jr, Thomas J [ORNL
2015-01-01
The operation and control of power grids will increasingly rely on data. A high-speed, reliable, flexible and secure data architecture is the prerequisite of the next-generation power grid. This paper summarizes the challenges in collecting and utilizing power grid data, and then provides reference data architecture for future power grids. Based on the data architecture deployment, related research on data architecture is reviewed and summarized in several categories including data measurement/actuation, data transmission, data service layer, data utilization, as well as two cross-cutting issues, interoperability and cyber security. Research gaps and future work are also presented.
-
Analyzing Security-Enhanced Linux Policy Specifications
National Research Council Canada - National Science Library
Archer, Myla
2003-01-01
NSA's Security-Enhanced (SE) Linux enhances Linux by providing a specification language for security policies and a Flask-like architecture with a security server for enforcing policies defined in the language...
-
Competence Requirements of ISO/IEC Standards for Information Security Professionals
Directory of Open Access Journals (Sweden)
Natalia G. Miloslavskaya
2017-11-01
Full Text Available The rapid progress in the filed of information security (IS puts one in a need of periodic revision of professional competencies (formulated in the federal state educational standards –FSESs and working functions (formulated in the professional standards – PSs. Under these conditions, a timely reaction to everything new that emerges or will appear in modern regulatory documents (primarily in standards is extremely important. We make a forecast for the content of the ISO/IEC 27021 and ISO/IEC 19896 standards drafted by the International Organization for Standardization (ISO, which should contain the requirements for the competencies of IS management system professionals and the competence of IS testers and evaluators. Our forecast takes into account the requirements of the ISO/IEC 27000 standard group and the recommendations of the European e-Competence Framework e-CF 3.0.
-
The NASA Integrated Information Technology Architecture
Baldridge, Tim
1997-01-01
This document defines an Information Technology Architecture for the National Aeronautics and Space Administration (NASA), where Information Technology (IT) refers to the hardware, software, standards, protocols and processes that enable the creation, manipulation, storage, organization and sharing of information. An architecture provides an itemization and definition of these IT structures, a view of the relationship of the structures to each other and, most importantly, an accessible view of the whole. It is a fundamental assumption of this document that a useful, interoperable and affordable IT environment is key to the execution of the core NASA scientific and project competencies and business practices. This Architecture represents the highest level system design and guideline for NASA IT related activities and has been created on the authority of the NASA Chief Information Officer (CIO) and will be maintained under the auspices of that office. It addresses all aspects of general purpose, research, administrative and scientific computing and networking throughout the NASA Agency and is applicable to all NASA administrative offices, projects, field centers and remote sites. Through the establishment of five Objectives and six Principles this Architecture provides a blueprint for all NASA IT service providers: civil service, contractor and outsourcer. The most significant of the Objectives and Principles are the commitment to customer-driven IT implementations and the commitment to a simpler, cost-efficient, standards-based, modular IT infrastructure. In order to ensure that the Architecture is presented and defined in the context of the mission, project and business goals of NASA, this Architecture consists of four layers in which each subsequent layer builds on the previous layer. They are: 1) the Business Architecture: the operational functions of the business, or Enterprise, 2) the Systems Architecture: the specific Enterprise activities within the context
-
Image-based electronic patient records for secured collaborative medical applications.
Zhang, Jianguo; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen; Yao, Yihong; Cai, Weihua; Jin, Jin; Zhang, Guozhen; Sun, Kun
2005-01-01
We developed a Web-based system to interactively display image-based electronic patient records (EPR) for secured intranet and Internet collaborative medical applications. The system consists of four major components: EPR DICOM gateway (EPR-GW), Image-based EPR repository server (EPR-Server), Web Server and EPR DICOM viewer (EPR-Viewer). In the EPR-GW and EPR-Viewer, the security modules of Digital Signature and Authentication are integrated to perform the security processing on the EPR data with integrity and authenticity. The privacy of EPR in data communication and exchanging is provided by SSL/TLS-based secure communication. This presentation gave a new approach to create and manage image-based EPR from actual patient records, and also presented a way to use Web technology and DICOM standard to build an open architecture for collaborative medical applications.
-
OS Friendly Microprocessor Architecture
2017-04-01
NOTES Patrick La Fratta is now affiliated with Micron Technology, Inc., Boise, Idaho. 14. ABSTRACT We present an introduction to the patented ...Operating System Friendly Microprocessor Architecture (OSFA). The software framework to support the hardware-level security features is currently patent ...Army is assignee. OS Friendly Microprocessor Architecture. United States Patent 9122610. 2015 Sep. 2. Jungwirth P, inventor; US Army is assignee
-
A Hierarchical Security Architecture for Cyber-Physical Systems
Energy Technology Data Exchange (ETDEWEB)
Quanyan Zhu; Tamer Basar
2011-08-01
Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.
-
2012-08-30
...-03] NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements....'' Authority: Federal Information Processing Standards (FIPS) are issued by the National Institute of Standards... Standards and Technology (NIST) seeks additional comments on specific sections of Federal Information...
-
12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards
2010-01-01
... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Definitions II. Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of...
-
Lightweight enterprise architectures
Theuerkorn, Fenix
2004-01-01
STATE OF ARCHITECTUREArchitectural ChaosRelation of Technology and Architecture The Many Faces of Architecture The Scope of Enterprise Architecture The Need for Enterprise ArchitectureThe History of Architecture The Current Environment Standardization Barriers The Need for Lightweight Architecture in the EnterpriseThe Cost of TechnologyThe Benefits of Enterprise Architecture The Domains of Architecture The Gap between Business and ITWhere Does LEA Fit? LEA's FrameworkFrameworks, Methodologies, and Approaches The Framework of LEATypes of Methodologies Types of ApproachesActual System Environmen
-
Architectural model for crowdsourcing for human security threats ...
African Journals Online (AJOL)
Journal of Computer Science and Its Application ... Crowdsourcing for Human Security Threats Situation Information and Response System (CHSTSIRS) is proposed in this paper to report Human Security (HS) ... Keywords: Human security, Crowdsourcing, Threats, Situation Information, Agency, Google, Cloud Messaging ...
-
Point DCT VLSI Architecture for Emerging HEVC Standard
Directory of Open Access Journals (Sweden)
Ashfaq Ahmed
2012-01-01
Full Text Available This work presents a flexible VLSI architecture to compute the -point DCT. Since HEVC supports different block sizes for the computation of the DCT, that is, 4×4 up to 32×32, the design of a flexible architecture to support them helps reducing the area overhead of hardware implementations. The hardware proposed in this work is partially folded to save area and to get speed for large video sequences sizes. The proposed architecture relies on the decomposition of the DCT matrices into sparse submatrices in order to reduce the multiplications. Finally, multiplications are completely eliminated using the lifting scheme. The proposed architecture sustains real-time processing of 1080P HD video codec running at 150 MHz.
-
An annunciator architecture for the year 2000
International Nuclear Information System (INIS)
Adams, D.G.; Fitzgerald, D.S.; Ortiz, S.
1996-01-01
Exciting new safeguards and security technologies are on the horizon, and some are even on the shelves today. Self-testing sensors, smart sensors, and intelligent alarm analyzers are all designed to provide useful information to the operator. However, today''s current annunciator systems were not designed to accommodate these new technologies. New display technologies are also changing the look and feel of the annunciator of the future. Annunciator technology needs to catch up to these other security technologies. This paper presents the concept for a new, object-oriented approach to annunciator architecture design. The new architecture could accommodate simple, switch-closure devices as well as information-rich sensors and intelligent analyzers. In addition the architecture could allow other leading-edge interfaces to be easily integrated into the annunciator system. These technologies will reduce operator workload and aid the operator in making informed security decisions
-
Gunasekera, Sheran
2012-01-01
Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible. Overview of Android OS versions, features, architecture and security. Detailed examination of areas where attacks on applications can take place and what controls should b
-
A Standard-Based and Context-Aware Architecture for Personal Healthcare Smart Gateways.
Santos, Danilo F S; Gorgônio, Kyller C; Perkusich, Angelo; Almeida, Hyggo O
2016-10-01
The rising availability of Personal Health Devices (PHDs) capable of Personal Network Area (PAN) communication and the desire of keeping a high quality of life are the ingredients of the Connected Health vision. In parallel, a growing number of personal and portable devices, like smartphones and tablet computers, are becoming capable of taking the role of health gateway, that is, a data collector for the sensor PHDs. However, as the number of PHDs increase, the number of other peripherals connected in PAN also increases. Therefore, PHDs are now competing for medium access with other devices, decreasing the Quality of Service (QoS) of health applications in the PAN. In this article we present a reference architecture to prioritize PHD connections based on their state and requirements, creating a healthcare Smart Gateway. Healthcare context information is extracted by observing the traffic through the gateway. A standard-based approach was used to identify health traffic based on ISO/IEEE 11073 family of standards. A reference implementation was developed showing the relevance of the problem and how the proposed architecture can assist in the prioritization. The reference Smart Gateway solution was integrated with a Connected Health System for the Internet of Things, validating its use in a real case scenario.
-
Point DCT VLSI Architecture for Emerging HEVC Standard
Ahmed, Ashfaq; Shahid, Muhammad Usman; Rehman, Ata ur
2012-01-01
This work presents a flexible VLSI architecture to compute the -point DCT. Since HEVC supports different block sizes for the computation of the DCT, that is, 4 × 4 up to 3 2 × 3 2 , the design of a flexible architecture to support them helps reducing the area overhead of hardware implementations. The hardware proposed in this work is partially folded to save area and to get speed for large video sequences sizes. The proposed architecture relies on the decomposition of the DCT matrices into ...
-
A Proposed Information Architecture for Telehealth System Interoperability
Energy Technology Data Exchange (ETDEWEB)
Craft, R.L.; Funkhouser, D.R.; Gallagher, L.K.; Garica, R.J.; Parks, R.C.; Warren, S.
1999-04-20
We propose an object-oriented information architecture for telemedicine systems that promotes secure `plug-and-play' interaction between system components through standardized interfaces, communication protocols, messaging formats, and data definitions. In this architecture, each component functions as a black box, and components plug together in a ''lego-like'' fashion to achieve the desired device or system functionality. Introduction Telemedicine systems today rely increasingly on distributed, collaborative information technology during the care delivery process. While these leading-edge systems are bellwethers for highly advanced telemedicine, most are custom-designed and do not interoperate with other commercial offerings. Users are limited to a set of functionality that a single vendor provides and must often pay high prices to obtain this functionality, since vendors in this marketplace must deliver en- tire systems in order to compete. Besides increasing corporate research and development costs, this inhibits the ability of the user to make intelligent purchasing decisions regarding best-of-breed technologies. This paper proposes a reference architecture for plug-and-play telemedicine systems that addresses these issues.
-
IT Security Standards and Legal Metrology – Transfer and Validation
Directory of Open Access Journals (Sweden)
Thiel F.
2014-01-01
Full Text Available Legal Metrology’s requirements can be transferred into the IT security domain applying a generic set of standardized rules provided by the Common Criteria (ISO/IEC 15408. We will outline the transfer and cross validation of such an approach. As an example serves the integration of Legal Metrology’s requirements into a recently developed Common Criteria based Protection Profile for a Smart Meter Gateway designed under the leadership of the Germany’s Federal Office for Information Security. The requirements on utility meters laid down in the Measuring Instruments Directive (MID are incorporated. A verification approach to check for meeting Legal Metrology’s requirements by their interpretation through Common Criteria’s generic requirements is also presented.
-
Security Technologies for Open Networking Environments (STONE)
Energy Technology Data Exchange (ETDEWEB)
Muftic, Sead
2005-03-31
-domain scenarios is supported by a set of security engines that represent the core of the Federated Identities Management Server, which is also an extension of the Domain Security Server. The Federated Identity Management server allows users to federate their identities or terminate the federation between the service provider and the identity provider. At the service provider web site, the users are offered a list of identity providers to which they can choose to federate their identities. After users federate their identity, they can perform Single Sign-On protocol in an environment of federated domains. The group security system consists of a number of security technologies under a unified architecture, which supports creation of secure groups and execution of secure group transactions and applications in an open networking environment. The system is based on extensions of the GSAKMP standard for group key distribution and management. The Top layer is the Security Infrastructure with the Security Management and Administration System components and protocols that provide security functions common to all secure network applications The Middle layer is the Secure Group Protocols and Applications layer, consisting of the Policy and Group Key Distribution Server and Web-based (thin) Client. The Bottom layer is the supporting Middleware Security Platform, the cryptographic platform already described above. The group security system is designed to perform the functions necessary to create secure groups and enable secure group applications. Specifically, the system can manage group roles, create and disseminate a group security policy, perform authentication and authorization of users using PKI certificates and Web services security, generate group keys, and recover from compromises. In accordance with the GSAKMP standard, the group security system must perform all the required group life-cycle functions: group definition, group establishment, group maintenance, and group removal. The
-
Urban Sustainability through Public Architecture
Directory of Open Access Journals (Sweden)
Soomi Kim
2018-04-01
Full Text Available As the sustainability of contemporary cities has gained emphasis, interest in architecture has increased, due to its social and public responsibility. Since sustainability is linked to public values, research on sustainable public spaces is an important way to secure sustainability in cities. Based on this, we analyzed the sustainability of European cities by examining the design methods of public architecture according to the region. The aim of the study is to derive architectural methodology corresponding to local characteristics, and to suggest issues to consider in public architecture design to promote urban sustainability based on this. First, regarding the environmental aspect, it can be observed that there is an effort to secure sustainability. Second, in terms of social sustainability, historical value remains as a trace of architectural place, so that it continues in people’s memory. In addition, public architecture provides public places where citizens can gather and enjoy programs, while the architectural methods showed differences influenced by cultural conditions. Third, in economic sustainability, it was shown that energy saving was achieved through cost reduction through recycling of materials, facilities, or environmental factors. In conclusion, the issues to be considered in public architectural design are the voiding of urban space through architectural devices in the construction method. In other words, the intention is to form “ground” that attempts to be part of the city, and thereby create better places. Since skin and material have a deep relationship with the environment, they should have the durability and an outer skin that are suitable for the regional environment. Finally, sustainability is to be utilized through the influx of programs that meet local and environmental characteristics. Design research into public architecture that is oriented towards urban sustainability will be a task to be carried out by the
-
A Proposed Information Architecture for Telehealth System Interoperability
Energy Technology Data Exchange (ETDEWEB)
Warren, S.; Craft, R.L.; Parks, R.C.; Gallagher, L.K.; Garcia, R.J.; Funkhouser, D.R.
1999-04-07
Telemedicine technology is rapidly evolving. Whereas early telemedicine consultations relied primarily on video conferencing, consultations today may utilize video conferencing, medical peripherals, store-and-forward capabilities, electronic patient record management software, and/or a host of other emerging technologies. These remote care systems rely increasingly on distributed, collaborative information technology during the care delivery process, in its many forms. While these leading-edge systems are bellwethers for highly advanced telemedicine, the remote care market today is still immature. Most telemedicine systems are custom-designed and do not interoperate with other commercial offerings. Users are limited to a set of functionality that a single vendor provides and must often pay high prices to obtain this functionality, since vendors in this marketplace must deliver entire systems in order to compete. Besides increasing corporate research and development costs, this inhibits the ability of the user to make intelligent purchasing decisions regarding best-of-breed technologies. We propose a secure, object-oriented information architecture for telemedicine systems that promotes plug-and-play interaction between system components through standardized interfaces, communication protocols, messaging formats, and data definitions. In this architecture, each component functions as a black box, and components plug together in a lego-like fashion to achieve the desired device or system functionality. The architecture will support various ongoing standards work in the medical device arena.
-
TOWARD HIGHLY SECURE AND AUTONOMIC COMPUTING SYSTEMS: A HIERARCHICAL APPROACH
Energy Technology Data Exchange (ETDEWEB)
Lee, Hsien-Hsin S
2010-05-11
The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniques and system software for achieving a robust, secure, and reliable computing system toward our goal.
-
Engineering safe and secure cyber-physical systems the specification PEARL approach
Gumzej, Roman
2016-01-01
This book introduces the concept of holistic design and development of cyber physical systems to achieve their safe and secure operation. It shows that by following the standards for embedded system’s safety and using appropriate hardware and software components inherently safe system’s architectures can be devised and certified. While the standards already enable testing and certification of inherently safe and sound hardware, this is still not the case with software. The book demonstrates that Specification PEARL(SPEARL) addresses this issue and proposes appropriate solutions from the viewpoints of software engineering as well as concrete program components. By doing so it reduces the complexity of cyber physical systems design in an innovative way. Three ultimate goals are being followed in the course of defining this new PEARL standard, namely: 1. simplicity over complexity, 2. inherent real-time ability, and 3. conformity to safety integrity and security capability levels.
-
International Nuclear Information System (INIS)
Eichelberg, M.; Riesmeier, J.; Thiel, A.; Jensch, P.; Emmel, D.; Haderer, A.; Ricke, J.; Stohlmann, L.; Bernarding, J.
2002-01-01
The use of telemedicine is becoming indispensable for a continuous and economical delivery of a high quality of care. However, data protection requirements have to be considered. For the selection of solutions, vendor-independent components based on standards are a prerequisite for a seamless integration into the existing, often heterogeneous, IT infrastructure. The ''Internet protocol'' TCP/IP and the DICOM standard with it's new security extensions form the basis for an internationally standardized and accepted procedure for a secure interchange of radiological images beyond platform boundaries. (orig.) [de
-
SecureCore Software Architecture: Trusted Path Application (TPA) Requirements
National Research Council Canada - National Science Library
Clark, Paul C; Irvine, Cynthia E; Levin, Timothy E; Nguyen, Thuy D; Vidas, Timothy M
2007-01-01
.... A high-level architecture is described to provide such features. In addition, a usage scenario is described for a potential use of the architecture, with emphasis on the trusted path, a non-spoofable user interface to the trusted components of the system. Detailed requirements for the trusted path are provided.
-
Milinković, Milorad
2017-01-01
This paper presents the International Standard ISO 24745 as a potential security tool for biometric information protection, more precisely as a tool for privacy protection in biometric systems. This is one of the latest internationally accepted standards that address the security issues of biometric systems.
-
Kolar, Mike; Estefan, Jeff; Giovannoni, Brian; Barkley, Erik
2011-01-01
Topics covered (1) Why Governance and Why Now? (2) Characteristics of Architecture Governance (3) Strategic Elements (3a) Architectural Principles (3b) Architecture Board (3c) Architecture Compliance (4) Architecture Governance Infusion Process. Governance is concerned with decision making (i.e., setting directions, establishing standards and principles, and prioritizing investments). Architecture governance is the practice and orientation by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level
-
7 CFR 1753.16 - Architectural services.
2010-01-01
... made to the contract form. (B) The contract will not accomplish loan purposes. (C) The architectural service fees are unreasonable. (D) The contract presents unacceptable loan security risk to RUS. (ii) If...) Loan funds will not be available to pay for the preliminary architectural services if a loan is not...
-
Web-Services Development in Secure Way for Highload Systems
Directory of Open Access Journals (Sweden)
V. M. Nichiporchouk
2011-12-01
Full Text Available This paper describes approach to design of web-services in secure, high load and fault tolerant implementation for mass message processing. The multicomponent architecture of web-service with possibility for high security zone is provided as well as scalability evaluation of the architecture.
-
Query Health: standards-based, cross-platform population health surveillance.
Klann, Jeffrey G; Buck, Michael D; Brown, Jeffrey; Hadley, Marc; Elmore, Richard; Weber, Griffin M; Murphy, Shawn N
2014-01-01
Understanding population-level health trends is essential to effectively monitor and improve public health. The Office of the National Coordinator for Health Information Technology (ONC) Query Health initiative is a collaboration to develop a national architecture for distributed, population-level health queries across diverse clinical systems with disparate data models. Here we review Query Health activities, including a standards-based methodology, an open-source reference implementation, and three pilot projects. Query Health defined a standards-based approach for distributed population health queries, using an ontology based on the Quality Data Model and Consolidated Clinical Document Architecture, Health Quality Measures Format (HQMF) as the query language, the Query Envelope as the secure transport layer, and the Quality Reporting Document Architecture as the result language. We implemented this approach using Informatics for Integrating Biology and the Bedside (i2b2) and hQuery for data analytics and PopMedNet for access control, secure query distribution, and response. We deployed the reference implementation at three pilot sites: two public health departments (New York City and Massachusetts) and one pilot designed to support Food and Drug Administration post-market safety surveillance activities. The pilots were successful, although improved cross-platform data normalization is needed. This initiative resulted in a standards-based methodology for population health queries, a reference implementation, and revision of the HQMF standard. It also informed future directions regarding interoperability and data access for ONC's Data Access Framework initiative. Query Health was a test of the learning health system that supplied a functional methodology and reference implementation for distributed population health queries that has been validated at three sites. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under
-
Governing for Enterprise Security (Briefing Charts)
2005-01-01
governance/stakeholder.html © 2005 by Carnegie Mellon University page 16 Adequate Security and Operational Risk “Appropriate business security is that which...Sherwood 03] Sherwood, John; Clark; Andrew; Lynas, David. “Systems and Business Security Architecture.” SABSA Limited, 17 September 2003. Available at
-
Improved E-Banking System With Advanced Encryption Standards And Security Models
Directory of Open Access Journals (Sweden)
Sharaaf N. A.
2015-08-01
Full Text Available Emerging new Technologies and large scale businesses have made this world a global village. Many business organizations provide online services targeting global consumer bases. Transaction in international scale has been enabled by banks all around the world through E-banking in order to supply the needs of above business organizations. E-banking serves lots of benefits to both customers of banks and banks itself. It adds value to customers satisfaction with better service quality and enables banks to gain a competitive advantage over other competitors. Online banking need to possess high level security in order to provide safe consistent and robust online environment which guarantees secure data transmission and identity of both bank and customer. Lack of security may lead to less trust or hard to trust attitude towards online banking. Although customers are attracted by online banking convenience they seem largely in concern about identity theft and phishing. Analysis of many research papers on e-banking security models and their respective advantages and disadvantages have been discussed in literature review. Username password E-banking dongles fractal images biometric scans and advanced encryption standards are some of the suggested solutions for E-banking security. This study focuses on the security beyond above mechanisms. This paper ensures security of online banking at three levels. At client side using internet dongle integrated with finger print scanning technology at banking sever side and data transmission level. This model also includes username password and advanced encryption for further security. Complete description on the model has been discussed in methodology section. Future works on this topic and Conclusion are covered in separate sections.
-
Information architecture. Volume 3: Guidance
Energy Technology Data Exchange (ETDEWEB)
NONE
1997-04-01
The purpose of this document, as presented in Volume 1, The Foundations, is to assist the Department of Energy (DOE) in developing and promulgating information architecture guidance. This guidance is aimed at increasing the development of information architecture as a Departmentwide management best practice. This document describes departmental information architecture principles and minimum design characteristics for systems and infrastructures within the DOE Information Architecture Conceptual Model, and establishes a Departmentwide standards-based architecture program. The publication of this document fulfills the commitment to address guiding principles, promote standard architectural practices, and provide technical guidance. This document guides the transition from the baseline or defacto Departmental architecture through approved information management program plans and budgets to the future vision architecture. This document also represents another major step toward establishing a well-organized, logical foundation for the DOE information architecture.
-
Cost and performance analysis of physical security systems
International Nuclear Information System (INIS)
Hicks, M.J.; Yates, D.; Jago, W.H.; Phillips, A.W.
1998-04-01
Analysis of cost and performance of physical security systems can be a complex, multi-dimensional problem. There are a number of point tools that address various aspects of cost and performance analysis. Increased interest in cost tradeoffs of physical security alternatives has motivated development of an architecture called Cost and Performance Analysis (CPA), which takes a top-down approach to aligning cost and performance metrics. CPA incorporates results generated by existing physical security system performance analysis tools, and utilizes an existing cost analysis tool. The objective of this architecture is to offer comprehensive visualization of complex data to security analysts and decision-makers
-
Implementation of a 4-tier Cloud-Based Architecture for Collaborative Health Care Delivery
Directory of Open Access Journals (Sweden)
N. A. Azeez
2016-06-01
Full Text Available Cloud services permit healthcare providers to ensure information handling and allow different service resources such as Software as a Service (SaaS, Platform as a Service (PaaS and Infrastructure as a Service (IaaS on the Internet, given that security and information proprietorship concerns are attended to. Health Care Providers (HCPs in Nigeria however, have been confronted with various issues because of their method of operations. Amongst the issues are ill-advised methods of data storage and unreliable nature of patient medical records. Apart from these challenges, trouble in accessing quality healthcare services, high cost of medical services, and wrong analysis and treatment methodology are not left out. Cloud Computing has relatively possessed the capacity to give proficient and reliable method for securing medical information and the need for data mining tools in this form of distributed system will go a long way in achieving the objective set out for this project. The aim of this research therefore is to implement a cloud-based architecture that is suitable to integrate Healthcare Delivery into the cloud to provide a productive mode of operation. The proposed architecture consists of four phases (4-Tier; a User Authentication and Access Control Engine (UAACE which prevents unauthorized access to patient medical records and also utilizes standard encryption/decoding techniques to ensure privacy of such records. The architecture likewise contains a Data Analysis and Pattern Prediction Unit (DAPPU which gives valuable data that guides decision making through standard Data mining procedures as well as Cloud Service Provider (CSP and Health Care Providers (HCPs. The architecture which has been implemented on CloudSim has proved to be efficient and reliable base on the results obtained when compared with previous work.
-
Development of a cyber security risk model using Bayesian networks
International Nuclear Information System (INIS)
Shin, Jinsoo; Son, Hanseong; Khalil ur, Rahman; Heo, Gyunyoung
2015-01-01
Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I and C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility. - Highlights: • We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network. • One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide. • Other is the architecture model represents the probability of cyber-attack on RPS architecture. • The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor
-
Product Architecture Modularity Strategies
DEFF Research Database (Denmark)
Mikkola, Juliana Hsuan
2003-01-01
The focus of this paper is to integrate various perspectives on product architecture modularity into a general framework, and also to propose a way to measure the degree of modularization embedded in product architectures. Various trade-offs between modular and integral product architectures...... and how components and interfaces influence the degree of modularization are considered. In order to gain a better understanding of product architecture modularity as a strategy, a theoretical framework and propositions are drawn from various academic literature sources. Based on the literature review......, the following key elements of product architecture are identified: components (standard and new-to-the-firm), interfaces (standardization and specification), degree of coupling, and substitutability. A mathematical function, termed modularization function, is introduced to measure the degree of modularization...
-
A Lightweight Protocol for Secure Video Streaming.
Venčkauskas, Algimantas; Morkevicius, Nerijus; Bagdonas, Kazimieras; Damaševičius, Robertas; Maskeliūnas, Rytis
2018-05-14
The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing "Fog Node-End Device" layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard.
-
Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy
Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.
-
Shabiev, S. G.
2017-11-01
The article deals with the vital problem of the implementation of the Program to enhance the competitiveness of the South Ural State University (SUSU) among other scientific and educational centers, which defines the main objective - to form a world-class university. According to the set objective, the most important task is to build a landscaped campus, which can be efficiently solved by the architectural means. The solution of this task is based on the scientific methods of the territorial and architectural improvement of the main university building complex development in the northern academic area and the architectural and aesthetic improvement of the space structural arrangement of the buildings. The author analyzes the global practice of modern campuses in Russia and abroad based on the Internet resources. The author carried out some additional on-site surveys of foreign campuses in Australia, Canada and China. The essence of the architectural concept of the first university campus development stage lies in the science-based achievement of a harmonious architectural and space unity of solid and plane elements of the site development, landscape arrangement of the main building’s courtyard and the adjacent territories with an efficient use of the relief, water areas and planting, allotment of additional spaces for landscaped areas due to a split-level arrangement, including a landscaped platform, increase of the underground space utilization share with the arrangement of an underground car parking and an underground walkway considering the environmental requirements. Further, it is planned to use the author’s methodological approach for the southern academic and the northern residential university areas, which will allow to create a duly completed landscaped SUSU campus with a developed infrastructure according to the international standards.
-
The Navigation Metaphor in Security Economics
DEFF Research Database (Denmark)
Pieters, Wolter; Barendse, Jeroen; Ford, Margaret
2016-01-01
The navigation metaphor for cybersecurity merges security architecture models and security economics. By identifying the most efficient routes for gaining access to assets from an attacker's viewpoint, an organization can optimize its defenses along these routes. The well-understood concept of na...... of navigation makes it easier to motivate and explain security investment to a wide audience, encouraging strategic security decisions....
-
THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY
Directory of Open Access Journals (Sweden)
V. S. Oladko
2016-12-01
Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.
-
An SOA-based architecture framework
Aalst, van der W.M.P.; Beisiegel, M.; Hee, van K.M.; König, D.; Stahl, C.
2007-01-01
We present an Service-Oriented Architecture (SOA)– based architecture framework. The architecture framework is designed to be close to industry standards, especially to the Service Component Architecture (SCA). The framework is language independent and the building blocks of each system, activities
-
Directory of Open Access Journals (Sweden)
Paul POCATILU
2011-01-01
Full Text Available The use of smartphones worldwide is growing very fast and also the malicious attacks have increased. The mobile security applications development keeps the pace with this trend. The paper presents the vulnerabilities of mobile applications. The Android applications and devices are analyzed through the security perspective. The usage of restricted API is also presented. The paper also focuses on how users can prevent these malicious attacks and propose some prevention measures, including the architecture of a mobile security system for Android devices.
-
Intercorporate Security Event Correlation
Directory of Open Access Journals (Sweden)
D. O. Kovalev
2010-03-01
Full Text Available Security controls are prone to false positives and false negatives which can lead to unwanted reputation losses for the bank. The reputational database within the security operations center (SOC and intercorporate correlation of security events are offered as a solution to increase attack detection fidelity. The theses introduce the definition and structure of the reputation, architectures of reputational exchange and the place of intercorporate correlation in overall SOC correlation analysis.
-
Ranjit Panigrahi; Kalpana Sharma; M.K. Ghose
2013-01-01
Wireless Sensor Network (WSN) has a huge range of applications such as battlefield, surveillance, emergency rescue operation and smart home technology etc. Apart from its inherent constraints such as limited memory and energy resources, when deployed in hostile environmental conditions, the sensor nodes are vulnerable to physical capture and other security constraints. These constraints put security as a major challenge for the researchers in the field of computer networking. T...
-
Multilevel architectures for electronic document retrieval
International Nuclear Information System (INIS)
Rome, J.A.; Tolliver, J.S.
1997-01-01
Traditionally, most classified computer systems run at the highest level of any of the data on the system, and all users must be cleared to this security level. This architecture precludes the use of low-level (pay and clearance) personnel for such tasks as data entry, and makes sharing data with other entities difficult. The government is trying to solve this problem by the introduction of multilevel-secure (MLS) computer systems. In addition, wherever possible, there is pressure to use commercial off-the-shelf software (COTS) to improve reliability, and to reduce purchase and maintenance costs. This paper presents two architectures for an MLS electronic document retrieval system using COTS products. Although the authors believe that the resulting systems represent a real advance in usability, scaleability, and scope, the disconnect between existing security rules and regulations and the rapidly-changing state of technology will make accreditation of such systems a challenge
-
Design and Implementation of Wiki Services in a Multilevel Secure Environment
National Research Council Canada - National Science Library
Ong, Kar L
2007-01-01
The Monterey Security Architecture (MYSEA) provides a distributed multilevel secure networking environment where authenticated users can securely access data and services at different security classification levels...
-
Leleika, Paulius
2017-01-01
This paper provides an overview of HTTP, CoAP, AMQP, DDS, MQTT, XMPP communication protocols. The main IoT problem is that IoT devices uses many different communication protocols and devices cannot communicate with each other directly. IoT gateway helps to solve that problem. This paper also identifies requirements for IoT gateway software. Provides solution for communication between devices which are using different messaging architectures. Presents security aspects and ways to secure IoT ga...
-
Security Architecture of Cloud Computing
V.KRISHNA REDDY; Dr. L.S.S.REDDY
2011-01-01
The Cloud Computing offers service over internet with dynamically scalable resources. Cloud Computing services provides benefits to the users in terms of cost and ease of use. Cloud Computing services need to address the security during the transmission of sensitive data and critical applications to shared and public cloud environments. The cloud environments are scaling large for data processing and storage needs. Cloud computing environment have various advantages as well as disadvantages o...
-
Integrating security in a group oriented distributed system
Reiter, Michael; Birman, Kenneth; Gong, LI
1992-01-01
A distributed security architecture is proposed for incorporation into group oriented distributed systems, and in particular, into the Isis distributed programming toolkit. The primary goal of the architecture is to make common group oriented abstractions robust in hostile settings, in order to facilitate the construction of high performance distributed applications that can tolerate both component failures and malicious attacks. These abstractions include process groups and causal group multicast. Moreover, a delegation and access control scheme is proposed for use in group oriented systems. The focus is the security architecture; particular cryptosystems and key exchange protocols are not emphasized.
-
The navigation metaphor in security economics
Pieters, Wolter; Barendse, Jeroen; Ford, Margaret; Heath, Claude P.R.; Probst, Christian W.; Verbij, Ruud
2016-01-01
The navigation metaphor for cybersecurity merges security architecture models and security economics. By identifying the most efficient routes for gaining access to assets from an attacker's viewpoint, an organization can optimize its defenses along these routes. The well-understood concept of
-
A Game-Theoretical Approach to Multimedia Social Networks Security
Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong
2014-01-01
The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders. PMID:24977226
-
SecureCPS: Defending a nanosatellite cyber-physical system
Forbes, Lance; Vu, Huy; Udrea, Bogdan; Hagar, Hamilton; Koutsoukos, Xenofon D.; Yampolskiy, Mark
2014-06-01
Recent inexpensive nanosatellite designs employ maneuvering thrusters, much as large satellites have done for decades. However, because a maneuvering nanosatellite can threaten HVAs on-orbit, it must provide a level of security typically reserved for HVAs. Securing nanosatellites with maneuvering capability is challenging due to extreme cost, size, and power constraints. While still in the design process, our low-cost SecureCPS architecture promises to dramatically improve security, to include preempting unknown binaries and detecting abnormal behavior. SecureCPS also applies to a broad class of cyber-physical systems (CPS), such as aircraft, cars, and trains. This paper focuses on Embry-Riddle's ARAPAIMA nanosatellite architecture, where we assume any off-the-shelf component could be compromised by a supply chain attack.1 Based on these assumptions, we have used Vanderbilt's Cyber Physical - Attack Description Language (CP-ADL) to represent realistic attacks, analyze how these attacks propagate in the ARAPAIMA architecture, and how to defeat them using the combination of a low-cost Root of Trust (RoT) Module, Global InfoTek's Advanced Malware Analysis System (GAMAS), and Anomaly Detection by Machine Learning (ADML).2 Our most recent efforts focus on refining and validating the design of SecureCPS.
-
Modeling Security-Enhanced Linux Policy Specifications for Analysis (Preprint)
National Research Council Canada - National Science Library
Archer, Myla; Leonard, Elizabeth; Pradella, Matteo
2003-01-01
Security-Enhanced (SE) Linux is a modification of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server...
-
Fortress America: The Aesthetics of Homeland Security in the Public Realm
2017-09-01
matured and evolved as a profession and is now an integral part of all urban design. UK citizens benefit from aesthetical public spaces where security...only can homeland security architecture restrict access to public spaces, it might not actually make the public safer. The indirect costs of poorly...change. Until public agencies hold homeland security architecture projects to the same public benefit requirements as other projects, the hostile
-
Modular, Cost-Effective, Extensible Avionics Architecture for Secure, Mobile Communications
Ivancic, William D.
2007-01-01
Current onboard communication architectures are based upon an all-in-one communications management unit. This unit and associated radio systems has regularly been designed as a one-off, proprietary system. As such, it lacks flexibility and cannot adapt easily to new technology, new communication protocols, and new communication links. This paper describes the current avionics communication architecture and provides a historical perspective of the evolution of this system. A new onboard architecture is proposed that allows full use of commercial-off-the-shelf technologies to be integrated in a modular approach thereby enabling a flexible, cost-effective and fully deployable design that can take advantage of ongoing advances in the computer, cryptography, and telecommunications industries.
-
A Security Architecture for Fault-Tolerant Systems
1993-06-03
aspect of our effort to achieve better performance is integrating the system into microkernel -based operating systems. 4 Summary and discussion In...135-171, June 1983. [vRBC+92] R. van Renesse, K. Birman, R. Cooper, B. Glade, and P. Stephenson. Reliable multicast between microkernels . In...Proceedings of the USENIX Microkernels and Other Kernel Architectures Workshop, April 1992. 29
-
The Navigation Metaphor in Security Economics
Pieters, W.; Barendse, Jeroen; Ford, Margaret; Heath, Claude P R; Probst, Christian W.; Verbij, Ruud
2016-01-01
The navigation metaphor for cybersecurity merges security architecture models and security economics. By identifying the most efficient routes for gaining access to assets from an attacker's viewpoint, an organization can optimize its defenses along these routes. The well-understood concept of
-
International Nuclear Information System (INIS)
Shin, Jinsoo; Heo, Gyunyoung; Son, Han Seong
2016-01-01
The Stuxnet has shown that nuclear facilities are no more safe from cyber-attack. Due to practical experiences and concerns on increasing of digital system application, cyber security has become the important issue in nuclear industry. Korea Institute of Nuclear Nonproliferation and control (KINAC) published a regulatory standard (KINAC/RS-015) to establish cyber security framework for nuclear facilities. However, it is difficult to research about cyber security. It is hard to quantify cyber-attack which has malicious activity which is different from existing design basis accidents (DBAs). We previously proposed a methodology on development of a cyber security risk model with BBN. However, the methodology had a limitation in which the input data as prior information was solely on expert opinions. In this study, we propose a cyber security risk model for instrumentation and control (I and C) system of nuclear facilities with some equation for quantification by using Bayesian Belief Network (BBN) in order to overcome the limitation of previous research. The proposed model has been used for comparative study on cyber securities between large-sized nuclear power plants (NPPs) and small-sized Research Reactors (RR). In this study, we proposed the cyber security risk evaluation model with BBN. It includes I and C architecture, which is a target system of cyber-attack, malicious activity, which causes cyber-attack from attacker, and mitigation measure, which mitigates the cyber-attack risk. Likelihood and consequence as prior information are evaluated by considering characteristics of I and C architecture and malicious activity. The BBN model provides posterior information with Bayesian update by adding any of assumed cyber-attack scenarios as evidence. Cyber security risk for nuclear facilities is analyzed by comparing between prior information and posterior information of each node. In this study, we conducted comparative study on cyber securities between power reactor
-
Energy Technology Data Exchange (ETDEWEB)
Shin, Jinsoo; Heo, Gyunyoung [Kyung Hee University, Yongin (Korea, Republic of); Son, Han Seong [Joongbu Univiersity, Geumsan (Korea, Republic of)
2016-10-15
The Stuxnet has shown that nuclear facilities are no more safe from cyber-attack. Due to practical experiences and concerns on increasing of digital system application, cyber security has become the important issue in nuclear industry. Korea Institute of Nuclear Nonproliferation and control (KINAC) published a regulatory standard (KINAC/RS-015) to establish cyber security framework for nuclear facilities. However, it is difficult to research about cyber security. It is hard to quantify cyber-attack which has malicious activity which is different from existing design basis accidents (DBAs). We previously proposed a methodology on development of a cyber security risk model with BBN. However, the methodology had a limitation in which the input data as prior information was solely on expert opinions. In this study, we propose a cyber security risk model for instrumentation and control (I and C) system of nuclear facilities with some equation for quantification by using Bayesian Belief Network (BBN) in order to overcome the limitation of previous research. The proposed model has been used for comparative study on cyber securities between large-sized nuclear power plants (NPPs) and small-sized Research Reactors (RR). In this study, we proposed the cyber security risk evaluation model with BBN. It includes I and C architecture, which is a target system of cyber-attack, malicious activity, which causes cyber-attack from attacker, and mitigation measure, which mitigates the cyber-attack risk. Likelihood and consequence as prior information are evaluated by considering characteristics of I and C architecture and malicious activity. The BBN model provides posterior information with Bayesian update by adding any of assumed cyber-attack scenarios as evidence. Cyber security risk for nuclear facilities is analyzed by comparing between prior information and posterior information of each node. In this study, we conducted comparative study on cyber securities between power reactor
-
Architecture and Assessment: Privacy Preserving Biometrically Secured Electronic Documents
2015-01-01
very large public and private fingerprint databases comprehensive risk analysis and system security contribution to developing international ...Safety and Security Program which is led by Defence Research and Development Canada’s Centre for Security Science, in partnership with Public Safety...201 © Sa Majesté la Reine (en droit du Canada), telle que représentée par le ministre de la Défense nationale, 201 Science and Engineering
-
MLS-Net and SecureParser®: A New Method for Securing and Segregating Network Data
Directory of Open Access Journals (Sweden)
Robert A. Johnson
2008-10-01
Full Text Available A new method of network security and virtualization is presented which allows the consolidation of multiple network infrastructures dedicated to single security levels or communities of interest onto a single, virtualized network. An overview of the state of the art of network security protocols is presented, including the use of SSL, IPSec, and HAIPE IS, followed by a discussion of the SecureParser® technology and MLS-Net architecture, which in combination allow the virtualization of local network enclaves.
-
Modern architecture in a life cycle perspective
DEFF Research Database (Denmark)
Vestergaard, Inge
2017-01-01
By confronting the mistakes from the Modern Movement, the ideas of modernistic architecture are under pressure. This paper will summarize the primary architectural mistakes of the mono-functional thinking in planning and building and the non-appropriate environmental dispositions of the big plans...... architectural transformations on city level and on housing level. The transformation goals are to secure the economy and the social and the environmental aspects in the transformation´s life-cycle perspective in order to make the buildings and the districts interact with and adapt to society. The conclusion...... points out the architectural consequences of prioritizing in the transformation process the social parameters higher than the original rigid architectural theories....
-
Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun
2018-01-01
To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.
-
Complementing network security to the ISO/IEC 27000 standard
Alila, Patrick
2007-01-01
I syfte att öppna upp nya affärsmöjligheter för informationssäkerhetsföretaget Secure State AB, har detta arbete bedrivits för att komplettera företagets nuvarande standard för informationssäkerhetsarbete med ytterligare nätverkssäkerhet. Krav på slutresultatet var att dokumentet eller standarden skulle kunna komplettera ISO 27000, samt vara kostnadseffektivt. Efter en undersökning av den nämnda standarden konstaterades att enbart ISO 27000 i sig inte är ett fullgott verktyg för nätverkssäker...
-
Virtual-optical information security system based on public key infrastructure
Peng, Xiang; Zhang, Peng; Cai, Lilong; Niu, Hanben
2005-01-01
A virtual-optical based encryption model with the aid of public key infrastructure (PKI) is presented in this paper. The proposed model employs a hybrid architecture in which our previously published encryption method based on virtual-optics scheme (VOS) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). The whole information security model is run under the framework of international standard ITU-T X.509 PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOS security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network. Numerical experiments prove the effectiveness of the method. The security of proposed model is briefly analyzed by examining some possible attacks from the viewpoint of a cryptanalysis.
-
The development and significance of the DOE Safeguards and Security standards and criteria
International Nuclear Information System (INIS)
Toman, J.
1987-01-01
In October 1985, the DOE Assistant Secretary for Defense Programs created a task force to develop inspection standards and criteria for Safeguards and Security. These standards and criteria (S/C) would provide the DOE Inspection and Evaluation (I and E) teams with the guidance needed to assess the security posture of DOE's nuclear and other important facilities. The Lawrence Livermore National Laboratory was designated the lead management organization for the structuring, administration, and execution of the overall task force effort and appointed the Executive Secretary. The Office of Security Evaluations (OSE) became the responsible DOE organization, and its Director assumed the role of Chairman of the Task Force Executive Committee. At its peak, the Task Force consisted of approximately 200 people who were considered to be experts in eight major topical areas. The composition of the experts was almost evenly divided between DOE and contractor employees. The collective wisdom of these experts was used in a consensus process to develop the S/C that are now published in draft form. These S/C have been used in more than ten inspections since May 1986 with much success. This paper discusses the process used to achieve the desired end result and the significance of the Task Force's accomplishments
-
Security Analysis of Parlay/OSA Framework
Corin, R.J.; Di Caprio, G.; Etalle, Sandro; Gnesi, S.; Lenzini, Gabriele; Moiso, C.; Villain, B.
2004-01-01
This paper analyzes the security of the Trust and Security Management (TSM) protocol, an authentication protocol which is part of the Parlay/OSA Application Program Interfaces (APIs). Architectures based on Parlay/OSA APIs allow third party service providers to develop new services that can access,
-
East Africa’s Fragmented Security Cooperation
DEFF Research Database (Denmark)
Nordby, Johannes Riber; Jacobsen, Katja
2013-01-01
Since the 1990s, East Africa has developed what appears to be an impressive security architecture. Katja Lindskov Jacobsen and Johannes Riber Nordby warn, however, that appearances can be deceptive. The region’s security institutions remain too nationalistic and self-interested for their own good....
-
Security Analysis of Parlay/OSA Framework
Corin, R.J.; Di Caprio, G.; Etalle, Sandro; Gnesi, S.; Lenzini, Gabriele; Moiso, C.
This paper analyzes the security of the Trust and Security Management (TSM) protocol, an authentication protocol which is part of the Parlay/OSA Application Program Interfaces (APIs). Architectures based on Parlay/OSA APIs allow third party service providers to develop new services that can access,
-
An Introduction to Architectural Surety(SM) Education
Energy Technology Data Exchange (ETDEWEB)
Matalucci, R.V.; Miyoshi, D.S.
1998-09-01
This report describes the Sandia activities in the developing field management approach to enhancing National Laboratories (Sandia) educational outreach of architectural and infrastructure surety, a risk the safety, security, and reliability of facilities, systems, and structures. It begins with a description of the field of architectural and infrastmcture surety, including Sandia's historical expertise and experience in nuclear weapons surety. An overview of the 1996 Sandia Workshop on Architectural SuretysM is then provided to reference the initiation of the various activities. This workshop established the need for a surety education program at the University level and recommended that Sandia develop the course material as soon as possible. Technical material was assembled and the course was offered at the University of New Mexico (UNM) during the 1997 spring semester. The bulk of this report accordingly summarizes the lecture material presented in this pioneering graduate-level course on Infrastructure Surety in the Civil Engineering Department at UNM. This groundbreaking class presented subject matter developed by experts from Sandia, and included additional information from guest lecturers from academia, government, and industry. Also included in this report are summaries of the term projects developed by the graduate students, an overview of the 1997 International Conference on Architectural Suretp: Assuring the Performance of Buildings and Injiastruchwes (co-sponsored by Sandia, the American Institute of Architects, and the American Society of Civil Engineers), and recommendations for further course work development. The U.S. Department of Energy provides support to this emerging field of architectural and infrastructure surety and recognizes its broad application to developing government, industry, and professional standards in the national interest.
-
Lu, Xiaoqi; Wang, Lei; Zhao, Jianfeng
2012-02-01
With the development of medical information, Picture Archiving and Communications System (PACS), Hospital Information System/Radiology Information System(HIS/RIS) and other medical information management system become popular and developed, and interoperability between these systems becomes more frequent. So, these enclosed systems will be open and regionalized by means of network, and this is inevitable. If the trend becomes true, the security of information transmission may be the first problem to be solved. Based on the need for network security, we investigated the Digital Imaging and Communications in Medicine (DICOM) Standard and Transport Layer Security (TLS) Protocol, and implemented the TLS transmission of the DICOM medical information with OpenSSL toolkit and DCMTK toolkit.
-
Avionics Architecture for Exploration
National Aeronautics and Space Administration — The goal of the AES Avionics Architectures for Exploration (AAE) project is to develop a reference architecture that is based on standards and that can be scaled and...
-
Voskresenskaya, Elena; Vorona-Slivinskaya, Lubov
2018-03-01
The article considers the issues of developing national standards for high-rise construction. The system of standards should provide industrial, operational, economic and terrorist safety of high-rise buildings and facilities. Modern standards of high-rise construction should set the rules for designing engineering systems of high-rise buildings, which will ensure the integrated security of buildings, increase their energy efficiency and reduce the consumption of resources in construction and operation.
-
Securing Real-Time Sessions in an IMS-Based Architecture
Cennamo, Paolo; Fresa, Antonio; Longo, Maurizio; Postiglione, Fabio; Robustelli, Anton Luca; Toro, Francesco
The emerging all-IP mobile network infrastructures based on 3rd Generation IP Multimedia Subsystem philosophy are characterised by radio access technology independence and ubiquitous connectivity for mobile users. Currently, great focus is being devoted to security issues since most of the security threats presently affecting the public Internet domain, and the upcoming ones as well, are going to be suffered by mobile users in the years to come. While a great deal of research activity, together with standardisation efforts and experimentations, is carried out on mechanisms for signalling protection, very few integrated frameworks for real-time multimedia data protection have been proposed in a context of IP Multimedia Subsystem, and even fewer experimental results based on testbeds are available. In this paper, after a general overview of the security issues arising in an advanced IP Multimedia Subsystem scenario, a comprehensive infrastructure for real-time multimedia data protection, based on the adoption of the Secure Real-Time Protocol, is proposed; then, the development of a testbed incorporating such functionalities, including mechanisms for key management and cryptographic context transfer, and allowing the setup of Secure Real-Time Protocol sessions is presented; finally, experimental results are provided together with quantitative assessments and comparisons of system performances for audio sessions with and without the adoption of the Secure Real-Time Protocol framework.
-
Cognitive Computing for Security.
Energy Technology Data Exchange (ETDEWEB)
Debenedictis, Erik [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rothganger, Fredrick [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Aimone, James Bradley [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Marinella, Matthew [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Evans, Brian Robert [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Warrender, Christina E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Mickel, Patrick [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
2015-12-01
Final report for Cognitive Computing for Security LDRD 165613. It reports on the development of hybrid of general purpose/ne uromorphic computer architecture, with an emphasis on potential implementation with memristors.
-
Secure Border Gateway Protocol and the External Routing Intrusion Detection System
National Research Council Canada - National Science Library
Kent, Stephen
2000-01-01
.... The Secure BGP projects designed a secure, scalable, deployable architecture (S-BGP) for an authorization and authentication system that addresses most of the security problems associated with BGP...
-
Ashish Ukidve; Ds S SMantha; Milind Tadvalkar
2017-01-01
The Payment Card Industry Data Security Standard (PCI DSS) aims to enhance the security of cardholder data and is required when cardholder data or authentication data are stored, processed or transmitted. The implementation of enabling processes from COBIT 5 can complement compliance to PCI DSS. COBIT 5 assists enterprises in governance and management of enterprise IT and, at the same time, supports the need to meet security requirements with supporting processes and management activities. Th...
-
UNDER WHOSE UMBRELLA? THE EUROPEAN SECURITY ARCHITECTURE
Directory of Open Access Journals (Sweden)
Teodor Lucian Moga
2010-12-01
Full Text Available The tragic events which occurred during the ‘90s in the Balkans have reiterated the need for the European Union (EU to assume a much more assertive role in managing security concerns in Europe, including the development of European defence capabilities. In 1998, at Saint Malo, Tony Blair and Jacques Chirac launched the European Security and Defence Policy (ESDP. This project has been generated due to the EU’s need to adopt a strategic framework within which to develop a global defence and security component, as well as due to a growing necessity for the EU to contribute effectively to North Atlantic Treaty Organization (NATO and United Nations (UN efforts of conducting defence, international crisis management and peacekeeping operations at an international level in conflict-prone areas. In recent years, ESDP has undergone a spectacular evolution, being now among the major issues discussed in Brussels. However, the creation of the ESDP has been greeted with caution by some NATO members being perceived primarily as a threat to the integrity of the North Atlantic Treaty Organization. The purpose of this paper is to examine the difficulties the ESDP has encountered since its inception and also to what extent it has affected the EU-NATO and the EU-US nexus.
-
Security issues in mobile NFC devices
Roland, Michael
2015-01-01
This work provides an assessment of the current state of near field communication (NFC) security, it reports on new attack scenarios, and offers concepts and solutions to overcome any unresolved issues. The work describes application-specific security aspects of NFC based on exemplary use-case scenarios and uses these to focus on the interaction with NFC tags and on card emulation. The current security architectures of NFC-enabled cellular phones are evaluated with regard to the identified security aspects.
-
Revisiting the soft security debate: From European progress to ...
African Journals Online (AJOL)
Given the extended scope of security sectors falling within the ambit of soft security regional co-operation is indispensable – a phenomenon most visible in European security architecture and that of Northern Europe in particular. Not only European decision-makers, however, pursue the soft security option. As Africa entered ...
-
Directory of Open Access Journals (Sweden)
Voskresenskaya Elena
2018-01-01
Full Text Available The article considers the issues of developing national standards for high-rise construction. The system of standards should provide industrial, operational, economic and terrorist safety of high-rise buildings and facilities. Modern standards of high-rise construction should set the rules for designing engineering systems of high-rise buildings, which will ensure the integrated security of buildings, increase their energy efficiency and reduce the consumption of resources in construction and operation.
-
Directory of Open Access Journals (Sweden)
Samaher Al-Janabi
2017-07-01
Full Text Available Wireless Body Area Network (WBAN is a new trend in the technology that provides remote mechanism to monitor and collect patient’s health record data using wearable sensors. It is widely recognized that a high level of system security and privacy play a key role in protecting these data when being used by the healthcare professionals and during storage to ensure that patient’s records are kept safe from intruder’s danger. It is therefore of great interest to discuss security and privacy issues in WBANs. In this paper, we reviewed WBAN communication architecture, security and privacy requirements and security threats and the primary challenges in WBANs to these systems based on the latest standards and publications. This paper also covers the state-of-art security measures and research in WBAN. Finally, open areas for future research and enhancements are explored.
-
Secure Protocol and IP Core for Configuration of Networking Hardware IPs in the Smart Grid
Directory of Open Access Journals (Sweden)
Marcelo Urbina
2018-02-01
Full Text Available Nowadays, the incorporation and constant evolution of communication networks in the electricity sector have given rise to the so-called Smart Grid, which is why it is necessary to have devices that are capable of managing new communication protocols, guaranteeing the strict requirements of processing required by the electricity sector. In this context, intelligent electronic devices (IEDs with network architectures are currently available to meet the communication, real-time processing and interoperability requirements of the Smart Grid. The new generation IEDs include an Field Programmable Gate Array (FPGA, to support specialized networking switching architectures for the electric sector, as the IEEE 1588-aware High-availability Seamless Redundancy/Parallel Redundancy Protocol (HSR/PRP. Another advantage to using an FPGA is the ability to update or reconfigure the design to support new requirements that are being raised to the standards (IEC 61850. The update of the architecture implemented in the FPGA can be done remotely, but it is necessary to establish a cyber security mechanism since the communication link generates vulnerability in the case the attacker gains physical access to the network. The research presented in this paper proposes a secure protocol and Intellectual Property (IP core for configuring and monitoring the networking IPs implemented in a Field Programmable Gate Array (FPGA. The FPGA based implementation proposed overcomes this issue using a light Layer-2 protocol fully implemented on hardware and protected by strong cryptographic algorithms (AES-GCM, defined in the IEC 61850-90-5 standard. The proposed secure protocol and IP core are applicable in any field where remote configuration over Ethernet is required for IP cores in FPGAs. In this paper, the proposal is validated in communications hardware for Smart Grids.
-
Security Management Model in Cloud Computing Environment
Ahmadpanah, Seyed Hossein
2016-01-01
In the cloud computing environment, cloud virtual machine (VM) will be more and more the number of virtual machine security and management faced giant Challenge. In order to address security issues cloud computing virtualization environment, this paper presents a virtual machine based on efficient and dynamic deployment VM security management model state migration and scheduling, study of which virtual machine security architecture, based on AHP (Analytic Hierarchy Process) virtual machine de...
-
Trust-Management, Intrusion-Tolerance, Accountability, and Reconstitution Architecture (TIARA)
2009-12-01
Tainting, tagged, metadata, architecture, hardware, processor, microkernel , zero-kernel, co-design 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF... microkernels (e.g., [27]) embraced the idea that it was beneficial to reduce the ker- nel, separating out services as separate processes isolated from...limited adoption. More recently Tanenbaum [72] notes the security virtues of microkernels and suggests the modern importance of security makes it
-
Integrating hospital information systems in healthcare institutions: a mediation architecture.
El Azami, Ikram; Cherkaoui Malki, Mohammed Ouçamah; Tahon, Christian
2012-10-01
Many studies have examined the integration of information systems into healthcare institutions, leading to several standards in the healthcare domain (CORBAmed: Common Object Request Broker Architecture in Medicine; HL7: Health Level Seven International; DICOM: Digital Imaging and Communications in Medicine; and IHE: Integrating the Healthcare Enterprise). Due to the existence of a wide diversity of heterogeneous systems, three essential factors are necessary to fully integrate a system: data, functions and workflow. However, most of the previous studies have dealt with only one or two of these factors and this makes the system integration unsatisfactory. In this paper, we propose a flexible, scalable architecture for Hospital Information Systems (HIS). Our main purpose is to provide a practical solution to insure HIS interoperability so that healthcare institutions can communicate without being obliged to change their local information systems and without altering the tasks of the healthcare professionals. Our architecture is a mediation architecture with 3 levels: 1) a database level, 2) a middleware level and 3) a user interface level. The mediation is based on two central components: the Mediator and the Adapter. Using the XML format allows us to establish a structured, secured exchange of healthcare data. The notion of medical ontology is introduced to solve semantic conflicts and to unify the language used for the exchange. Our mediation architecture provides an effective, promising model that promotes the integration of hospital information systems that are autonomous, heterogeneous, semantically interoperable and platform-independent.
-
Security Issues in the Android Cross-Layer Architecture
Armando, Alessandro; Merlo, Alessio; Verderame, Luca
2012-01-01
The security of Android has been recently challenged by the discovery of a number of vulnerabilities involving different layers of the Android stack. We argue that such vulnerabilities are largely related to the interplay among layers composing the Android stack. Thus, we also argue that such interplay has been underestimated from a security point-of-view and a systematic analysis of the Android interplay has not been carried out yet. To this aim, in this paper we provide a simple model of th...
-
Efficient Security Mechanisms for mHealth Applications Using Wireless Body Sensor Networks
Directory of Open Access Journals (Sweden)
Prasan Kumar Sahoo
2012-09-01
Full Text Available Recent technological advances in wireless communications and physiological sensing allow miniature, lightweight, ultra-low power, intelligent monitoring devices, which can be integrated into a Wireless Body Sensor Network (WBSN for health monitoring. Physiological signals of humans such as heartbeats, temperature and pulse can be monitored from a distant location using tiny biomedical wireless sensors. Hence, it is highly essential to combine the ubiquitous computing with mobile health technology using wireless sensors and smart phones to monitor the well-being of chronic patients such as cardiac, Parkinson and epilepsy patients. Since physiological data of a patient are highly sensitive, maintaining its confidentiality is highly essential. Hence, security is a vital research issue in mobile health (mHealth applications, especially if a patient has an embarrassing disease. In this paper a three tier security architecture for the mHealth application is proposed, in which light weight data confidentiality and authentication protocols are proposed to maintain the privacy of a patient. Moreover, considering the energy and hardware constraints of the wireless body sensors, low complexity data confidential and authentication schemes are designed. Performance evaluation of the proposed architecture shows that they can satisfy the energy and hardware limitations of the sensors and still can maintain the secure fabrics of the wireless body sensor networks. Besides, the proposed schemes can outperform in terms of energy consumption, memory usage and computation time over standard key establishment security scheme.
-
Efficient Security Mechanisms for mHealth Applications Using Wireless Body Sensor Networks
Sahoo, Prasan Kumar
2012-01-01
Recent technological advances in wireless communications and physiological sensing allow miniature, lightweight, ultra-low power, intelligent monitoring devices, which can be integrated into a Wireless Body Sensor Network (WBSN) for health monitoring. Physiological signals of humans such as heartbeats, temperature and pulse can be monitored from a distant location using tiny biomedical wireless sensors. Hence, it is highly essential to combine the ubiquitous computing with mobile health technology using wireless sensors and smart phones to monitor the well-being of chronic patients such as cardiac, Parkinson and epilepsy patients. Since physiological data of a patient are highly sensitive, maintaining its confidentiality is highly essential. Hence, security is a vital research issue in mobile health (mHealth) applications, especially if a patient has an embarrassing disease. In this paper a three tier security architecture for the mHealth application is proposed, in which light weight data confidentiality and authentication protocols are proposed to maintain the privacy of a patient. Moreover, considering the energy and hardware constraints of the wireless body sensors, low complexity data confidential and authentication schemes are designed. Performance evaluation of the proposed architecture shows that they can satisfy the energy and hardware limitations of the sensors and still can maintain the secure fabrics of the wireless body sensor networks. Besides, the proposed schemes can outperform in terms of energy consumption, memory usage and computation time over standard key establishment security scheme. PMID:23112734
-
Efficient security mechanisms for mHealth applications using wireless body sensor networks.
Sahoo, Prasan Kumar
2012-01-01
Recent technological advances in wireless communications and physiological sensing allow miniature, lightweight, ultra-low power, intelligent monitoring devices, which can be integrated into a Wireless Body Sensor Network (WBSN) for health monitoring. Physiological signals of humans such as heartbeats, temperature and pulse can be monitored from a distant location using tiny biomedical wireless sensors. Hence, it is highly essential to combine the ubiquitous computing with mobile health technology using wireless sensors and smart phones to monitor the well-being of chronic patients such as cardiac, Parkinson and epilepsy patients. Since physiological data of a patient are highly sensitive, maintaining its confidentiality is highly essential. Hence, security is a vital research issue in mobile health (mHealth) applications, especially if a patient has an embarrassing disease. In this paper a three tier security architecture for the mHealth application is proposed, in which light weight data confidentiality and authentication protocols are proposed to maintain the privacy of a patient. Moreover, considering the energy and hardware constraints of the wireless body sensors, low complexity data confidential and authentication schemes are designed. Performance evaluation of the proposed architecture shows that they can satisfy the energy and hardware limitations of the sensors and still can maintain the secure fabrics of the wireless body sensor networks. Besides, the proposed schemes can outperform in terms of energy consumption, memory usage and computation time over standard key establishment security scheme.
-
ASLan++ — A Formal Security Specification Language for Distributed Systems
DEFF Research Database (Denmark)
Von Oheimb, David; Mödersheim, Sebastian Alexander
2010-01-01
This paper introduces ASLan++, the AVANTSSAR Specification Language. ASLan++ has been designed for formally specifying dynamically composed security-sensitive web services and service-oriented architectures, their associated security policies, as well as their security properties, at both communi...
-
Directory of Open Access Journals (Sweden)
Fabricia Dias da Cunha de Moraes Fernandes
2016-10-01
Full Text Available This paper aims to describe the transformation that took place in the physical space of elementary schools in Brazil, within the initial period of expanding access to basic education, which occurred between the years 1930 to 1940. Through the historical - descriptive approach, it was sought to demonstrate that the school's architectural projects have materialized constituent aspects of current educational policies in the indicated periods. Based on a bibliographic research of historical framework, it was approached the emergence of new planning guidelines in state bodies and, the configuration of the Brazilian school architecture in accordance with the modernizing discourse of the period. Were sought the transformations of architectural models and the orientation change of planning bodies, which have used functionalist concepts from the architecture of modern movement for the construction of school buildings, following modular construction principles, prefabrication and despoliation of all ornamentation. Having as reference the modifications in planning guidelines and, how the school physical network has been configured, it was identified that the expansion of the physical network followed the parameter of public spending rationalization. This factor corroborated with the massive access, occasioning the adoption of standardized architectural solutions, impoverishment and precariousness of physical structure of Brazilian public schools.
-
Multilevel security for relational databases
Faragallah, Osama S; El-Samie, Fathi E Abd
2014-01-01
Concepts of Database Security Database Concepts Relational Database Security Concepts Access Control in Relational Databases Discretionary Access Control Mandatory Access Control Role-Based Access Control Work Objectives Book Organization Basic Concept of Multilevel Database Security IntroductionMultilevel Database Relations Polyinstantiation Invisible Polyinstantiation Visible Polyinstantiation Types of Polyinstantiation Architectural Consideration
-
Fundamentals of IP and SoC security design, verification, and debug
Ray, Sandip; Sur-Kolay, Susmita
2017-01-01
This book is about security in embedded systems and it provides an authoritative reference to all aspects of security in system-on-chip (SoC) designs. The authors discuss issues ranging from security requirements in SoC designs, definition of architectures and design choices to enforce and validate security policies, and trade-offs and conflicts involving security, functionality, and debug requirements. Coverage also includes case studies from the “trenches” of current industrial practice in design, implementation, and validation of security-critical embedded systems. Provides an authoritative reference and summary of the current state-of-the-art in security for embedded systems, hardware IPs and SoC designs; Takes a "cross-cutting" view of security that interacts with different design and validation components such as architecture, implementation, verification, and debug, each enforcing unique trade-offs; Includes high-level overview, detailed analysis on implementation, and relevant case studies on desi...
-
Communications Architecture Recommendations to Enable Joint Vision 2020
National Research Council Canada - National Science Library
Armstrong, R. B
2003-01-01
The Mission Information Management (MIM) Communications Architecture provides a framework to develop an integrated space, air, and terrestrial communications network that supports all national security users...
-
Architecture, landscape architecture and interior- Hons B 2009
CSIR Research Space (South Africa)
Osman, A
2010-03-01
Full Text Available will be as follows: 1. History of Urban Form 2. Urban Renewal and Reactions 3. Urban Order, Security and Power 4. Colonial Impact on Urban From 5. Memory and Conservation 6. Considering the Public and Private Realm 7. Housing and Urban Form ? Type, Poetics 8....e. ?interior design? / ?inte- rior architecture?). Interior design is the reaction to ?found? space and follows three modes of produc- tion: installation, insertion and intervention. Archi- tectural theory pertinent to the discipline?s ontology...
-
Gangadari, Bhoopal Rao; Ahamed, Shaik Rafi
2016-12-01
In this paper, we presented a novel approach of low energy consumption architecture of S-Box used in Advanced Encryption Standard (AES) algorithm using programmable second order reversible cellular automata (RCA 2 ). The architecture entails a low power implementation with minimal delay overhead and the performance of proposed RCA 2 based S-Box in terms of security is evaluated using the cryptographic properties such as nonlinearity, correlation immunity bias, strict avalanche criteria, entropy and also found that the proposed architecture is secure enough for cryptographic applications. Moreover, the proposed AES algorithm architecture simulation studies show that energy consumption of 68.726 nJ, power dissipation of 3.856 mW for 0.18- μm at 13.69 MHz and energy consumption of 29.408 nJ, power dissipation of 1.65 mW for 0.13- μm at 13.69 MHz. The proposed AES algorithm with RCA 2 based S-Box shows a reduction power consumption by 50 % and energy consumption by 5 % compared to best classical S-Box and composite field arithmetic based AES algorithm. Apart from that, it is also shown that RCA 2 based S-Boxes are dynamic in nature, invertible, low power dissipation compared to that of LUT based S-Box and hence suitable for Wireless Body Area Network (WBAN) applications.
-
Proposing C4ISR Architecture Methodology for Homeland Security
National Research Council Canada - National Science Library
Farah-Stapleton, Monica F; Dimarogonas, James; Eaton, Rodney; Deason, Paul J
2004-01-01
.... The architecture definitions and specifications of the inter- and intra-agency links would be usable in real-world operations as well as enabling the representation of CS HLS/HLD scenarios within...
-
Directory of Open Access Journals (Sweden)
Zhang Zhaoxi
2016-12-01
Full Text Available The U.S alliance in the Asia-Pacific region has exerted significant influence on Asia-Pacific security architecture for a long time. While with the deepening of interdependence among Asia-Pacific countries, the development of regional international relations has outdated the existing security architecture in this region. It is imperative to improve the architecture in that there are plenty of structural hurdles, such as the obsolescence of security concepts, the fragmentation of security mechanism and the dearth of public goods on security affairs. OBOR, which is exemplary as a new multilateral cooperative initiative and has interacted profoundly with the regional security of the Asia-Pacific, holds endogenous relations with the Asia-Pacific security architecture. OBOR could improve the Asia-Pacific security architecture in the following ways: to create a new model of security maintenance in light of the advanced ideas given by OBOR; to design new institutional frameworks which are more normative and effective with mechanical innovations stemming from OBOR; to enrich the security public goods in the Asia-Pacific region under the reference of co-construction and sharing the idea of OBOR. However, the practice of improvement will face tremendous challenges both internally and externally. These challenges should be prudently analyzed and treated in order to better fulfill the co-evolution in the process of the construction of OBOR and the improvement of the Asia-Pacific security architecture, for the promotion of long-termed prosperity and stability in this region.
-
Analysis and improvement of security of energy smart grids
International Nuclear Information System (INIS)
Halimi, Halim
2014-01-01
The Smart grid is the next generation power grid, which is a new self-healing, self-activating form of electricity network, and integrates power-flow control, increased quality of electricity, and energy reliability, energy efficiency and energy security using information and communication technologies. Communication networks play a critical role in smart grid, as the intelligence of smart grid is built based on information exchange across the power grid. Its two-way communication and electricity flow enable to monitor, predict and manage the energy usage. To upgrade an existing power grid into a smart grid, it requires an intelligent and secure communication infrastructure. Because of that, the main goal of this dissertation is to propose new architecture and implementation of algorithms for analysis and improvement of the security and reliability in smart grid. In power transmission segments of smart grid, wired communications are usually adopted to ensure robustness of the backbone power network. In contrast, for a power distribution grid, wireless communications provide many benefits such as low cost high speed links, easy setup of connections among different devices/appliances, and so on. Wireless communications are usually more vulnerable to security attacks than wired ones. Developing appropriate wireless communication architecture and its security measures is extremely important for a smart grid system. This research addresses physical layer security in a Wireless Smart Grid. Hence a defense Quorum- based algorithm is proposed to ensure physical security in wireless communication. The new security architecture for smart grid that supports privacy-preserving, data aggregation and access control is defined. This architecture consists of two parts. In the first part we propose to use an efficient and privacy-preserving aggregation scheme (EPPA), which aggregates real-time data of consumers by Local Gateway. During aggregation the privacy of consumers is
-
Usable Authentication with an Offline Trusted Device Proxy Architecture (long version)
Johansen, Christian; Jøsang, Audun; Migdal, Denis
2016-01-01
Client platform infection poses a significant threat to secure user authentication. Com- bining vulnerable client platforms with special security devices, as often the case in e- banking, can increase significantly the security. This paper describes a new architecture where a security proxy on the client platform communicates with both a trusted security device and the server application. The proxy switches between two TLS channels, one from the client and another from the trusted device. The...
-
A Formally Verified Decentralized Key Management Architecture for Wireless Sensor Networks
Law, Y.W.; Corin, R.J.; Etalle, Sandro; Hartel, Pieter H.
We present a decentralized key management architecture for wireless sensor networks, covering the aspects of key deployment, key refreshment and key establishment. Our architecture is based on a clear set of assumptions and guidelines. Balance between security and energy consumption is achieved by
-
Space Telecommunications Radio System (STRS) Architecture. Part 1; Tutorial - Overview
Handler, Louis M.; Briones, Janette C.; Mortensen, Dale J.; Reinhart, Richard C.
2012-01-01
Space Telecommunications Radio System (STRS) Architecture Standard provides a NASA standard for software-defined radio. STRS is being demonstrated in the Space Communications and Navigation (SCaN) Testbed formerly known as Communications, Navigation and Networking Configurable Testbed (CoNNeCT). Ground station radios communicating the SCaN testbed are also being written to comply with the STRS architecture. The STRS Architecture Tutorial Overview presents a general introduction to the STRS architecture standard developed at the NASA Glenn Research Center (GRC), addresses frequently asked questions, and clarifies methods of implementing the standard. The STRS architecture should be used as a base for many of NASA s future telecommunications technologies. The presentation will provide a basic understanding of STRS.
-
Software engineering architecture-driven software development
Schmidt, Richard F
2013-01-01
Software Engineering: Architecture-driven Software Development is the first comprehensive guide to the underlying skills embodied in the IEEE's Software Engineering Body of Knowledge (SWEBOK) standard. Standards expert Richard Schmidt explains the traditional software engineering practices recognized for developing projects for government or corporate systems. Software engineering education often lacks standardization, with many institutions focusing on implementation rather than design as it impacts product architecture. Many graduates join the workforce with incomplete skil
-
Architecting security with Paradigm
Andova, S.; Groenewegen, L.P.J.; Verschuren, J.H.S.; Vink, de E.P.; Lemos, de R.; Fabre, J.C.; Gacek, C.; Gadducci, F.; Beek, ter M.
2009-01-01
For large security systems a clear separation of concerns is achieved through architecting. Particularly the dynamic consistency between the architectural components should be addressed, in addition to individual component behaviour. In this paper, relevant dynamic consistency is specified through
-
A New Perspective On Architectural Sustainability
DEFF Research Database (Denmark)
Hermund, Anders; Klint, Lars; Schipull Kauschen, Jan
2013-01-01
The research presented in this paper intends to establish a new perspective on architectural sustainability as an effect of good architectural quality. The intention is to show the importance of an actual architectural mindset in the design phase, and whether the conscious architectural material...... selection based on a balanced cost and aesthetics decision making will prove more sustainable and ensure better maintenance, as a result of architectural appeal, than cheaper standard houses....
-
Zhang Zhaoxi
2016-01-01
The U.S alliance in the Asia-Pacific region has exerted significant influence on Asia-Pacific security architecture for a long time. While with the deepening of interdependence among Asia-Pacific countries, the development of regional international relations has outdated the existing security architecture in this region. It is imperative to improve the architecture in that there are plenty of structural hurdles, such as the obsolescence of security concepts, the fragmentation of security mech...
-
A Secure and Scalable Data Communication Scheme in Smart Grids
Directory of Open Access Journals (Sweden)
Chunqiang Hu
2018-01-01
Full Text Available The concept of smart grid gained tremendous attention among researchers and utility providers in recent years. How to establish a secure communication among smart meters, utility companies, and the service providers is a challenging issue. In this paper, we present a communication architecture for smart grids and propose a scheme to guarantee the security and privacy of data communications among smart meters, utility companies, and data repositories by employing decentralized attribute based encryption. The architecture is highly scalable, which employs an access control Linear Secret Sharing Scheme (LSSS matrix to achieve a role-based access control. The security analysis demonstrated that the scheme ensures security and privacy. The performance analysis shows that the scheme is efficient in terms of computational cost.
-
A Multi-homed VPN Architecture Based on Extended SOCKS+TLS Protocols
Institute of Scientific and Technical Information of China (English)
无
2005-01-01
A multi-homed VPN architecture based on extended SOCKSv5 and TLS was proposed. The architecture employs a dynamic connection mechanism for multiple proxies in the end system,in which the security-demanded transmission connections can switch smoothly among the multiple proxies by maintaining a coherent connection context. The mechanism is transparent to application programs and can support the building of VPN. With the cooperation of some other security components,the mechanism guarantees the resource availability and reliability of the end system against some attacks to the specific ports or hosts.
-
An Analysis Of Wireless Security
Salendra Prasad
2017-01-01
The WLAN security includes Wired Equivalent Primary WEP and WI-FI protected Access WPA. Today WEP is regarded as very poor security standard. WEP was regarded as very old security standard and has many security issues which users need to be addressed. In this Paper we will discuss Wireless Security and ways to improve on wireless security.
-
23 CFR 940.9 - Regional ITS architecture.
2010-04-01
... 23 Highways 1 2010-04-01 2010-04-01 false Regional ITS architecture. 940.9 Section 940.9 Highways... INTELLIGENT TRANSPORTATION SYSTEM ARCHITECTURE AND STANDARDS § 940.9 Regional ITS architecture. (a) A regional ITS architecture shall be developed to guide the development of ITS projects and programs and be...
-
The Arctic Region: A Requirement for New Security Architecture?
2013-03-01
cooperation and mutually beneficial partnerships . Denmark’s security policy states that existing international law and established forums of cooperation...increase leadership in multinational forum and, develop comprehensive partnerships without the need to create a new security organization. Figure 3...Arctic region. Endnotes 1 Government of Canada, “Canada’s Arctic foreign policy” (Ottawa, Canada, 2007), 2. 2 WWF Global, “Arctic oil and gas”, http
-
A Generalized DRM Architectural Framework
Directory of Open Access Journals (Sweden)
PATRICIU, V. V.
2011-02-01
Full Text Available Online digital goods distribution environment lead to the need for a system to protect digital intellectual property. Digital Rights Management (DRM is the system born to protect and control distribution and use of those digital assets. The present paper is a review of the current state of DRM, focusing on architectural design, security technologies, and important DRM deployments. The paper primarily synthesizes DRM architectures within a general framework. We also present DRM ecosystem as providing a better understanding of what is currently happening to content rights management from a technological point of view. This paper includes conclusions of several DRM initiative studies, related to rights management systems with the purpose of identifying and describing the most significant DRM architectural models. The basic functions and processes of the DRM solutions are identified.
-
Anticipating a possible future Architecture
DEFF Research Database (Denmark)
Christiansen, Karl
2004-01-01
The most radical new feature in the architectural language of form of the future will be the yielding inclination to -yes, perhaps even absent argument for - the use of standards and thereby implementation of mass-produced repetition......The most radical new feature in the architectural language of form of the future will be the yielding inclination to -yes, perhaps even absent argument for - the use of standards and thereby implementation of mass-produced repetition...
-
Cyber Security Policy. A methodology for Determining a National Cyber-Security Alert Level
Dan Constantin TOFAN; Maria Lavinia ANDREI; Lavinia Mihaela DINCÄ‚
2012-01-01
Nowadays, assuring the security of the national cyber-space has become a big issue that can only be tackled through collaborative approaches. Threats cannot be confined to a single computer system just as much as computer systems are rendered useless without being con-nected to a supporting network. The authors of this article propose an innovative architecture of a system designated to help governments collect and analyze data about cyber-security in-cidents, from different organizations, di...
-
Metric-Aware Secure Service Orchestration
Directory of Open Access Journals (Sweden)
Gabriele Costa
2012-12-01
Full Text Available Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process. In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.
-
Architectural Refinement for the Design of Survivable Systems
National Research Council Canada - National Science Library
Ellison, Robert
2001-01-01
...; that is, have no central administration and no unified security policy. The survivable architecture refinement is an iterative risk-driven process which adopts the structure of Boehm's Spiral Model Boehm 88...
-
Basri, M.; Mawengkang, H.; Zamzami, E. M.
2018-03-01
Limitations of storage sources is one option to switch to cloud storage. Confidentiality and security of data stored on the cloud is very important. To keep up the confidentiality and security of such data can be done one of them by using cryptography techniques. Data Encryption Standard (DES) is one of the block cipher algorithms used as standard symmetric encryption algorithm. This DES will produce 8 blocks of ciphers combined into one ciphertext, but the ciphertext are weak against brute force attacks. Therefore, the last 8 block cipher will be converted into 8 random images using Least Significant Bit (LSB) algorithm which later draws the result of cipher of DES algorithm to be merged into one.
-
Authentication and Authorization of End User in Microservice Architecture
He, Xiuyu; Yang, Xudong
2017-10-01
As the market and business continues to expand; the traditional single monolithic architecture is facing more and more challenges. The development of cloud computing and container technology promote microservice architecture became more popular. While the low coupling, fine granularity, scalability, flexibility and independence of the microservice architecture bring convenience, the inherent complexity of the distributed system make the security of microservice architecture important and difficult. This paper aims to study the authentication and authorization of the end user under the microservice architecture. By comparing with the traditional measures and researching on existing technology, this paper put forward a set of authentication and authorization strategies suitable for microservice architecture, such as distributed session, SSO solutions, client-side JSON web token and JWT + API Gateway, and summarize the advantages and disadvantages of each method.
-
Space Telecommunications Radio System (STRS) Architecture, Tutorial Part 2 - Detailed
Handler, Louis
2014-01-01
The STRS architecture detail presentation presents each requirement in the STRS Architecture Standard with some examples and supporting information. The purpose is to give a platform provider, application provider, or application integrator a better, more detailed understanding of the STRS Architecture Standard and its use.
-
Trends in Microfabrication Capabilities & Device Architectures.
Energy Technology Data Exchange (ETDEWEB)
Bauer, Todd [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Jones, Adam [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Lentine, Tony [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Mudrick, John [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Okandan, Murat [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rodrigues, Arun [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
2015-06-01
The last two decades have seen an explosion in worldwide R&D, enabling fundamentally new capabilities while at the same time changing the international technology landscape. The advent of technologies for continued miniaturization and electronics feature size reduction, and for architectural innovations, will have many technical, economic, and national security implications. It is important to anticipate possible microelectronics development directions and their implications on US national interests. This report forecasts and assesses trends and directions for several potentially disruptive microfabrication capabilities and device architectures that may emerge in the next 5-10 years.
-
Secure Service Invocation in a Peer-to-Peer Environment Using JXTA-SOAP
Laghi, Maria Chiara; Amoretti, Michele; Conte, Gianni
The effective convergence of service-oriented architectures (SOA) and peer-to-peer (P2P) is an urgent task, with many important applications ranging from e-business to ambient intelligence. A considerable standardization effort is being carried out from both SOA and P2P communities, but a complete platform for the development of secure, distributed applications is still missing. In this context, the result of our research and development activity is JXTA-SOAP, an official extension for JXTA enabling Web Service sharing in peer-to-peer networks. Recently we focused on security aspects, providing JXTA-SOAP with a general security management system, and specialized policies that target both J2SE and J2ME versions of the component. Among others, we implemented a policy based on Multimedia Internet KEYing (MIKEY), which can be used to create a key pair and all the required parameters for encryption and decryption of service messages in consumer and provider peers running on resource-constrained devices.
-
Firewall Architectures for High-Speed Networks: Final Report
Energy Technology Data Exchange (ETDEWEB)
Errin W. Fulp
2007-08-20
Firewalls are a key component for securing networks that are vital to government agencies and private industry. They enforce a security policy by inspecting and filtering traffic arriving or departing from a secure network. While performing these critical security operations, firewalls must act transparent to legitimate users, with little or no effect on the perceived network performance (QoS). Packets must be inspected and compared against increasingly complex rule sets and tables, which is a time-consuming process. As a result, current firewall systems can introduce significant delays and are unable to maintain QoS guarantees. Furthermore, firewalls are susceptible to Denial of Service (DoS) attacks that merely overload/saturate the firewall with illegitimate traffic. Current firewall technology only offers a short-term solution that is not scalable; therefore, the \\textbf{objective of this DOE project was to develop new firewall optimization techniques and architectures} that meet these important challenges. Firewall optimization concerns decreasing the number of comparisons required per packet, which reduces processing time and delay. This is done by reorganizing policy rules via special sorting techniques that maintain the original policy integrity. This research is important since it applies to current and future firewall systems. Another method for increasing firewall performance is with new firewall designs. The architectures under investigation consist of multiple firewalls that collectively enforce a security policy. Our innovative distributed systems quickly divide traffic across different levels based on perceived threat, allowing traffic to be processed in parallel (beyond current firewall sandwich technology). Traffic deemed safe is transmitted to the secure network, while remaining traffic is forwarded to lower levels for further examination. The result of this divide-and-conquer strategy is lower delays for legitimate traffic, higher throughput
-
Energy Technology Data Exchange (ETDEWEB)
Aderholdt, Ferrol [Tennessee Technological Univ., Cookeville, TN (United States); Caldwell, Blake A. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Hicks, Susan Elaine [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Koch, Scott M. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Naughton, III, Thomas J. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Pelfrey, Daniel S. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Pogge, James R [Tennessee Technological Univ., Cookeville, TN (United States); Scott, Stephen L [Tennessee Technological Univ., Cookeville, TN (United States); Shipman, Galen M. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Sorrillo, Lawrence [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
2017-01-01
High performance computing environments are often used for a wide variety of workloads ranging from simulation, data transformation and analysis, and complex workflows to name just a few. These systems may process data at various security levels but in so doing are often enclaved at the highest security posture. This approach places significant restrictions on the users of the system even when processing data at a lower security level and exposes data at higher levels of confidentiality to a much broader population than otherwise necessary. The traditional approach of isolation, while effective in establishing security enclaves poses significant challenges for the use of shared infrastructure in HPC environments. This report details current state-of-the-art in virtualization, reconfigurable network enclaving via Software Defined Networking (SDN), and storage architectures and bridging techniques for creating secure enclaves in HPC environments.
-
Compact FPGA hardware architecture for public key encryption in embedded devices.
Rodríguez-Flores, Luis; Morales-Sandoval, Miguel; Cumplido, René; Feregrino-Uribe, Claudia; Algredo-Badillo, Ignacio
2018-01-01
Security is a crucial requirement in the envisioned applications of the Internet of Things (IoT), where most of the underlying computing platforms are embedded systems with reduced computing capabilities and energy constraints. In this paper we present the design and evaluation of a scalable low-area FPGA hardware architecture that serves as a building block to accelerate the costly operations of exponentiation and multiplication in [Formula: see text], commonly required in security protocols relying on public key encryption, such as in key agreement, authentication and digital signature. The proposed design can process operands of different size using the same datapath, which exhibits a significant reduction in area without loss of efficiency if compared to representative state of the art designs. For example, our design uses 96% less standard logic than a similar design optimized for performance, and 46% less resources than other design optimized for area. Even using fewer area resources, our design still performs better than its embedded software counterparts (190x and 697x).
-
International Monetary Fund
2004-01-01
This paper evaluates the Observance of Standards and Codes on the International Organization of Securities Commission (IOSCO) Objectives and Principles of Securities Regulation for New Zealand. New Zealand equity markets are comparatively small with market capitalization of about 44 percent of GDP. Reflecting a preference for property investment, ownership of New Zealand-listed equities remains mostly in the hands of offshore investors and domestic institutional investors, with only about one...
-
Architecture for the Secret-Key BC3 Cryptography Algorithm
Directory of Open Access Journals (Sweden)
Arif Sasongko
2011-08-01
Full Text Available Cryptography is a very important aspect in data security. The focus of research in this field is shifting from merely security aspect to consider as well the implementation aspect. This paper aims to introduce BC3 algorithm with focus on its hardware implementation. It proposes architecture for the hardware implementation for this algorithm. BC3 algorithm is a secret-key cryptography algorithm developed with two considerations: robustness and implementation efficiency. This algorithm has been implemented on software and has good performance compared to AES algorithm. BC3 is improvement of BC2 and AE cryptographic algorithm and it is expected to have the same level of robustness and to gain competitive advantages in the implementation aspect. The development of the architecture gives much attention on (1 resource sharing and (2 having single clock for each round. It exploits regularity of the algorithm. This architecture is then implemented on an FPGA. This implementation is three times smaller area than AES, but about five times faster. Furthermore, this BC3 hardware implementation has better performance compared to BC3 software both in key expansion stage and randomizing stage. For the future, the security of this implementation must be reviewed especially against side channel attack.
-
An efficient architecture to support digital pathology in standard medical imaging repositories.
Marques Godinho, Tiago; Lebre, Rui; Silva, Luís Bastião; Costa, Carlos
2017-07-01
In the past decade, digital pathology and whole-slide imaging (WSI) have been gaining momentum with the proliferation of digital scanners from different manufacturers. The literature reports significant advantages associated with the adoption of digital images in pathology, namely, improvements in diagnostic accuracy and better support for telepathology. Moreover, it also offers new clinical and research applications. However, numerous barriers have been slowing the adoption of WSI, among which the most important are performance issues associated with storage and distribution of huge volumes of data, and lack of interoperability with other hospital information systems, most notably Picture Archive and Communications Systems (PACS) based on the DICOM standard. This article proposes an architecture of a Web Pathology PACS fully compliant with DICOM standard communications and data formats. The solution includes a PACS Archive responsible for storing whole-slide imaging data in DICOM WSI format and offers a communication interface based on the most recent DICOM Web services. The second component is a zero-footprint viewer that runs in any web-browser. It consumes data using the PACS archive standard web services. Moreover, it features a tiling engine especially suited to deal with the WSI image pyramids. These components were designed with special focus on efficiency and usability. The performance of our system was assessed through a comparative analysis of the state-of-the-art solutions. The results demonstrate that it is possible to have a very competitive solution based on standard workflows. Copyright © 2017 Elsevier Inc. All rights reserved.
-
Securing Cloud - The Quantum Way
Pandya, Marmik
2015-01-01
Confidentiality, Integrity, and Availability are basic goals of security architecture. To ensure CIA, many authentication scheme has been introduced in several years. Currently deployment of Public Key Infrastructure (PKI) is a most significant solution. PKI involving exchange key using certificates via a public channel to a authenticate users in the cloud infrastructure. It is exposed to widespread security threats such as eavesdropping, the man in the middle attack, masquerade et al. Quantu...
-
Energy Technology Data Exchange (ETDEWEB)
NONE
2000-03-01
For standardization under information security evaluation criteria, an evaluating technique CEM (Common Methodology for Information Technology Security Evaluation) was constructed as ISI/IEC15408. The method, however, is abstract in content and the evaluation work thereunder requires much time and accompanies economic difficulties. In dealing with the situation, investigations were conducted into security evaluation related techniques and manufacturing/quality control techniques in use at information processing product developing sites, and a CEM technique is materialized. Using the proposed technique, developers themselves can evaluate security in the development process and workloads imposed on evaluating organizations may be reduced because evidential items necessary for 3rd party evaluation may be gathered. Since the developed technique is verified by an official evaluating organization, it is expected to be an effective techniques not contradicting existing operating techniques. It may be also said that this technique is a method whereby developers will collect evidential items necessary for their development efforts. The result will be presented in the form of a proposal for an evaluating techniques standard for ISO/IEC JTC1 SC27. (NEDO)
-
Integrated secure solution for electronic healthcare records sharing
Yao, Yehong; Zhang, Chenghao; Sun, Jianyong; Jin, Jin; Zhang, Jianguo
2007-03-01
The EHR is a secure, real-time, point-of-care, patient-centric information resource for healthcare providers. Many countries and regional districts have set long-term goals to build EHRs, and most of EHRs are usually built based on the integration of different information systems with different information models and platforms. A number of hospitals in Shanghai are also piloting the development of an EHR solution based on IHE XDS/XDS-I profiles with a service-oriented architecture (SOA). The first phase of the project targets the Diagnostic Imaging domain and allows seamless sharing of images and reports across the multiple hospitals. To develop EHRs for regional coordinated healthcare, some factors should be considered in designing architecture, one of which is security issue. In this paper, we present some approaches and policies to improve and strengthen the security among the different hospitals' nodes, which are compliant with the security requirements defined by IHE IT Infrastructure (ITI) Technical Framework. Our security solution includes four components: Time Sync System (TSS), Digital Signature Manage System (DSMS), Data Exchange Control Component (DECC) and Single Sign-On (SSO) System. We give a design method and implementation strategy of these security components, and then evaluate the performance and overheads of the security services or features by integrating the security components into an image-based EHR system.
-
Developing Scalable Information Security Systems
Directory of Open Access Journals (Sweden)
Valery Konstantinovich Ablekov
2013-06-01
Full Text Available Existing physical security systems has wide range of lacks, including: high cost, a large number of vulnerabilities, problems of modification and support system. This paper covers an actual problem of developing systems without this list of drawbacks. The paper presents the architecture of the information security system, which operates through the network protocol TCP/IP, including the ability to connect different types of devices and integration with existing security systems. The main advantage is a significant increase in system reliability, scalability, both vertically and horizontally, with minimal cost of both financial and time resources.
-
The Emerging Architecture of a Regional Security Complex in the ...
African Journals Online (AJOL)
2015-03-03
Mar 3, 2015 ... Council for the Development of Social Science Research in Africa, 2017 .... of International Security Studies by appropriating Regional Security .... collaborative network is also embedded across Saharan and Sahelian Africa, ... (previously located in the city of Baga in Nigeria's Borno State), fell into the.
-
Cyber security best practices for the nuclear industry
International Nuclear Information System (INIS)
Badr, I.
2012-01-01
When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)
-
Cyber security best practices for the nuclear industry
Energy Technology Data Exchange (ETDEWEB)
Badr, I. [Rational IBM Software Group, IBM Corporation, Evanston, IL 60201 (United States)
2012-07-01
When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)
-
Institute of Scientific and Technical Information of China (English)
2012-01-01
China Standardization:In February 2011,President Hu Jintao gave an important speech on the opening ceremony of the seminar of social management and its innovation for provincial and ministerial level leaders,stressing that the scientific level of social management must be raised and building a social management system with Chinese socialism charactetistics.Would you please talk about the role of the societal security standardization in improving the scientific social manageraent?
-
QoSS Hierarchical NoC-Based Architecture for MPSoC Dynamic Protection
Directory of Open Access Journals (Sweden)
Johanna Sepulveda
2012-01-01
Full Text Available As electronic systems are pervading our lives, MPSoC (multiprocessor system-on-chip security is becoming an important requirement. MPSoCs are able to support multiple applications on the same chip. The challenge is to provide MPSoC security that makes possible a trustworthy system that meets the performance and security requirements of all the applications. The network-on-chip (NoC can be used to efficiently incorporate security. Our work proposes the implementation of QoSS (quality of security service to overcome present MPSoC vulnerabilities. QoSS is a novel concept for data protection that introduces security as a dimension of QoS. QoSS takes advantage of the NoC wide system visibility and critical role in enabling system operation, exploiting the NoC components to detect and prevent a wide range of attacks. In this paper, we present the implementation of a layered dynamic security NoC architecture that integrates agile and dynamic security firewalls in order to detect attacks based on different security rules. We evaluate the effectiveness of our approach over several MPSoCs scenarios and estimate their impact on the overall performance. We show that our architecture can perform a fast detection of a wide range of attacks and a fast configuration of different security policies for several MPSoC applications.
-
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
Sumant Ku Mohapatra; Biswa Ranjan Swain; Pravanjan Das
2015-01-01
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8- security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manage...
-
Control system devices : architectures and supply channels overview.
Energy Technology Data Exchange (ETDEWEB)
Trent, Jason; Atkins, William Dee; Schwartz, Moses Daniel; Mulder, John C.
2010-08-01
This report describes a research project to examine the hardware used in automated control systems like those that control the electric grid. This report provides an overview of the vendors, architectures, and supply channels for a number of control system devices. The research itself represents an attempt to probe more deeply into the area of programmable logic controllers (PLCs) - the specialized digital computers that control individual processes within supervisory control and data acquisition (SCADA) systems. The report (1) provides an overview of control system networks and PLC architecture, (2) furnishes profiles for the top eight vendors in the PLC industry, (3) discusses the communications protocols used in different industries, and (4) analyzes the hardware used in several PLC devices. As part of the project, several PLCs were disassembled to identify constituent components. That information will direct the next step of the research, which will greatly increase our understanding of PLC security in both the hardware and software areas. Such an understanding is vital for discerning the potential national security impact of security flaws in these devices, as well as for developing proactive countermeasures.
-
PCI Compliance Understand and Implement Effective PCI Data Security Standard Compliance
Chuvakin, Anton
2010-01-01
Identity theft and other confidential information theft have now topped the charts as the #1 cybercrime. In particular, credit card data is preferred by cybercriminals. Is your payment processing secure and compliant?. Now in its second edition, PCI Compliance has been revised to follow the new PCI DSS standard 1.2.1. Also new to this edition: Each chapter has how-to guidance to walk you through implementing concepts, and real-world scenarios to help you relate to the information and better grasp how it impacts your data. This book provides the information that you need to understand the curre
-
Software To Secure Distributed Propulsion Simulations
Blaser, Tammy M.
2003-01-01
Distributed-object computing systems are presented with many security threats, including network eavesdropping, message tampering, and communications middleware masquerading. NASA Glenn Research Center, and its industry partners, has taken an active role in mitigating the security threats associated with developing and operating their proprietary aerospace propulsion simulations. In particular, they are developing a collaborative Common Object Request Broker Architecture (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines
-
Cyber Security Policy. A methodology for Determining a National Cyber-Security Alert Level
Directory of Open Access Journals (Sweden)
Dan Constantin TOFAN
2012-01-01
Full Text Available Nowadays, assuring the security of the national cyber-space has become a big issue that can only be tackled through collaborative approaches. Threats cannot be confined to a single computer system just as much as computer systems are rendered useless without being con-nected to a supporting network. The authors of this article propose an innovative architecture of a system designated to help governments collect and analyze data about cyber-security in-cidents, from different organizations, dispersed nationwide, and acting within various economic sectors. The collected data will make us able to determine a national cyber-security alert score that could help policy makers in establishing the best strategies for protecting the national cyber-space.
-
Enterprise security IT security solutions : concepts, practical experiences, technologies
Fumy, Walter
2013-01-01
Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr
-
Restricted access processor - An application of computer security technology
Mcmahon, E. M.
1985-01-01
This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.
-
Energy Technology Data Exchange (ETDEWEB)
Laupichler, Dennis [Bundesamt fuer Sicherheit in der Informationstechnik, Bonn (Germany). Referat D 11, Cyber-Sicherheit in der Digitalisierung
2016-12-15
Intelligent measuring systems are important components in the intelligent net and require security and privacy by design in this critical infrastructure. The smart meter gateway as secure communication platform makes the digital sector coupling possible and becomes the driver for innovations of the digitalization. The protection profiles and the technical rules of the BSI as essential part of the law for the digitalization of the energy transition guarantee a great amount of data protection and data security and provide a unique security standard in the future energy supply system. The data -protection concept of the intelligent measuring system regards a calibration-law conformal data processing and star-shaped data dispatch of the gateway. By this both a traceability and a transparency for the final user is guaranteed and the handling of the data in the sense of the data sovereignty is also technically enforced. For the evidences of compliance of the protection profiles and the technical rules correponding tests in approved test centers with final certification by the BSI are performed. The law for the digitalization of the energy transition makes the first important step to an innovative, digital infrastructure of the intelligent net. By the legal framework additionally a base is created, in order to perform a progressive development of the security targets of the BSI both for intelligent measuring systems as for further important system components of the intelligent energy net via a roadmap for the digitalization. In connection with the technical standards of the BSI the law creates the necessary legal certainty and realizes the aim pursued in the coalition treaty to regulate binding framework conditions for the secure and data-protection conformal application of intelligent measuring systems for diversified application cases in the intelligent net.
-
Directory of Open Access Journals (Sweden)
Robert LUPITU
2016-07-01
Full Text Available The paper aims to review the new political landscape in Poland, a country that has the potential to be a major game changer within the European Union and the North Atlantic Alliance. When the role model of Eastern European countries and former communists satellites becomes a political surface for a tyranny of the majority, a polarized approach used by Law and Justice Party in order to secure and boost its power, another uncertainty falls in Europe. In its sections, the paper focuses on the political environment that has led to Law and Justice Party’s political win, the vital and undesired threat that quick and rough political measures pose to the rule of law system and the ruling party political view that aims to secure and boost its power in the perils from its proximity, by adopting a double standard policy, one distant from EU’s values and another close to NATO’s core interests. Additionally, the paper examines thoughtfully the double standard issue of Warsaw’s new cabinet in a European Union that hardly copes with different sorts of crisis and an unforeseen security landscape that with a NATO troops deployment in Eastern Europe will establish, if not a new Cold War mind set, at least a frosty view from both Russia and the West. By playing a negative game changer role and choosing to consider a prevalence of self-interests among its European and Euro-Atlantic participation, Poland finds itself in a race that may disrupt democracy for security causes, although they are not mutually excluded.
-
Directory of Open Access Journals (Sweden)
Henriette Bier
2014-07-01
Full Text Available The shift from mechanical to digital forces architects to reposition themselves: Architects generate digital information, which can be used not only in designing and fabricating building components but also in embedding behaviours into buildings. This implies that, similar to the way that industrial design and fabrication with its concepts of standardisation and serial production influenced modernist architecture, digital design and fabrication influences contemporary architecture. While standardisation focused on processes of rationalisation of form, mass-customisation as a new paradigm that replaces mass-production, addresses non-standard, complex, and flexible designs. Furthermore, knowledge about the designed object can be encoded in digital data pertaining not just to the geometry of a design but also to its physical or other behaviours within an environment. Digitally-driven architecture implies, therefore, not only digitally-designed and fabricated architecture, it also implies architecture – built form – that can be controlled, actuated, and animated by digital means.In this context, this sixth Footprint issue examines the influence of digital means as pragmatic and conceptual instruments for actuating architecture. The focus is not so much on computer-based systems for the development of architectural designs, but on architecture incorporating digital control, sensing, actuating, or other mechanisms that enable buildings to interact with their users and surroundings in real time in the real world through physical or sensory change and variation.
-
Audit Characteristics for Information System Security
Marius POPA; Mihai DOINEA
2007-01-01
The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment
-
Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald
2013-01-01
Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).
-
SCADA AND SECURITY DISPATCHES ACCORDING TO PRESENT LEGISLATION IN ROMANIA
Directory of Open Access Journals (Sweden)
Cristian Silviu BANACU
2014-11-01
Full Text Available SCADA is an old term, older than twenty years, used for defining systems that acquires data from industrial networks and / or critical infrastructure networks and process them for operational and security purposes. Its importance is growing simultaneously with the development of technology’s interference in our lives (social life, economical life, etc.. Although they are not defined as SCADA systems, Security dispatches (and their structure have a lot of similarities with the general architecture of SCADA systems. Taking into consideration the security dispatches, as they are accepted by the actual Romanian law, we will draw a parallel between them and SCADA architecture, identifying the similarities and the differences between them, and also the points where some changes could be made.
-
Security 2020 Reduce Security Risks This Decade
Howard, Doug; Schneier, Bruce
2010-01-01
Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine
-
Wireless physical layer security
Poor, H. Vincent; Schaefer, Rafael F.
2017-01-01
Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.
-
Directory of Open Access Journals (Sweden)
Oliver Hanka
2011-02-01
Full Text Available In this article, a security extension for the HiiMap Next Generation Internet Architecture is presented. We regard a public key infrastructure which is integrated into the mapping infrastructure of the locator/identifier-split addressing scheme. The security approach is based on Threshold Cryptography which enables a sharing of keys among the mapping servers. Hence, a more trustworthy and fair approach for a Next Generation Internet Architecture as compared to the state of the art approach is fostered. Additionally, we give an evaluation based on IETF AAA recommendations for security-related systems.
-
Security prospects through cloud computing by adopting multiple clouds
DEFF Research Database (Denmark)
Jensen, Meiko; Schwenk, Jörg; Bohli, Jens Matthias
2011-01-01
Clouds impose new security challenges, which are amongst the biggest obstacles when considering the usage of cloud services. This triggered a lot of research activities in this direction, resulting in a quantity of proposals targeting the various security threats. Besides the security issues coming...... with the cloud paradigm, it can also provide a new set of unique features which open the path towards novel security approaches, techniques and architectures. This paper initiates this discussion by contributing a concept which achieves security merits by making use of multiple distinct clouds at the same time....
-
Security and privacy in biometrics
Campisi, Patrizio
2013-01-01
This important text/reference presents the latest secure and privacy-compliant techniques in automatic human recognition. Featuring viewpoints from an international selection of experts in the field, the comprehensive coverage spans both theory and practical implementations, taking into consideration all ethical and legal issues. Topics and features: presents a unique focus on novel approaches and new architectures for unimodal and multimodal template protection; examines signal processing techniques in the encrypted domain, security and privacy leakage assessment, and aspects of standardizati
-
Qiu, Junchao; Zhang, Lin; Li, Diyang; Liu, Xingcheng
2016-06-01
Chaotic sequences can be applied to realize multiple user access and improve the system security for a visible light communication (VLC) system. However, since the map patterns of chaotic sequences are usually well known, eavesdroppers can possibly derive the key parameters of chaotic sequences and subsequently retrieve the information. We design an advanced encryption standard (AES) interleaving aided multiple user access scheme to enhance the security of a chaotic code division multiple access-based visible light communication (C-CDMA-VLC) system. We propose to spread the information with chaotic sequences, and then the spread information is interleaved by an AES algorithm and transmitted over VLC channels. Since the computation complexity of performing inverse operations to deinterleave the information is high, the eavesdroppers in a high speed VLC system cannot retrieve the information in real time; thus, the system security will be enhanced. Moreover, we build a mathematical model for the AES-aided VLC system and derive the theoretical information leakage to analyze the system security. The simulations are performed over VLC channels, and the results demonstrate the effectiveness and high security of our presented AES interleaving aided chaotic CDMA-VLC system.
-
Tadesse, Yohannes
2012-01-01
The importance of information security has made many organizations to invest and utilize effective information security controls within the information systems (IS) architecture. An organization's strategic decisions to secure enterprise-wide services often associated with the overall competitive advantages that are attained through the process of…
-
The adoption of IT security standards in a healthcare environment.
Gomes, Rui; Lapão, Luís Velez
2008-01-01
Security is a vital part of daily life to Hospitals that need to ensure that the information is adequately secured. In Portugal, more CIOs are seeking that their hospital IS departments are properly protecting information assets from security threats. It is imperative to take necessary measures to ensure risk management and business continuity. Security management certification provides just such a guarantee, increasing patient and partner confidence. This paper introduces one best practice for implementing four security controls in a hospital datacenter infrastructure (ISO27002), and describes the security assessment for implementing such controls.
-
A New Electronic Commerce Architecture in the Cloud
Guigang Zhang; Chao Li; Sixin Xue; Yuenan Liu; Yong Zhang; Chunxiao Xing
2012-01-01
In this paper, the authors propose a new electronic commerce architecture in the cloud that satisfies the requirements of the cloud. This architecture includes five technologies, which are the massive EC data storage technology in the cloud, the massive EC data processing technology in the cloud, the EC security management technology in the cloud, OLAP technology for EC in the cloud, and active EC technology in the cloud. Finally, a detailed discussion of future trends for EC in the cloud env...
-
Hijazi Architectural Object Library (haol)
Baik, A.; Boehm, J.
2017-02-01
As with many historical buildings around the world, building façades are of special interest; moreover, the details of such windows, stonework, and ornaments give each historic building its individual character. Each object of these buildings must be classified in an architectural object library. Recently, a number of researches have been focusing on this topic in Europe and Canada. From this standpoint, the Hijazi Architectural Objects Library (HAOL) has reproduced Hijazi elements as 3D computer models, which are modelled using a Revit Family (RFA). The HAOL will be dependent on the image survey and point cloud data. The Hijazi Object such as Roshan and Mashrabiyah, become as vocabulary of many Islamic cities in the Hijazi region such as Jeddah in Saudi Arabia, and even for a number of Islamic historic cities such as Istanbul and Cairo. These architectural vocabularies are the main cause of the beauty of these heritage. However, there is a big gap in both the Islamic architectural library and the Hijazi architectural library to provide these unique elements. Besides, both Islamic and Hijazi architecture contains a huge amount of information which has not yet been digitally classified according to period and styles. Due to this issue, this paper will be focusing on developing of Heritage BIM (HBIM) standards and the HAOL library to reduce the cost and the delivering time for heritage and new projects that involve in Hijazi architectural styles. Through this paper, the fundamentals of Hijazi architecture informatics will be provided via developing framework for HBIM models and standards. This framework will provide schema and critical information, for example, classifying the different shapes, models, and forms of structure, construction, and ornamentation of Hijazi architecture in order to digitalize parametric building identity.
-
A security architecture for 5G networks
Arfaoui, Ghada; Bisson, Pascal; Blom, Rolf; Borgaonkar, Ravishankar; Englund, Håkan; Félix, Edith; Klaedtke, Felix; Nakarmi, Prajwol Kumar; Näslund, Mats; O’Hanlon, Piers; Papay, Juri; Suomalainen, Jani; Surridge, Mike; Wary, Jean-Philippe; Zahariev, Alexander
2018-01-01
5G networks will provide opportunities for the creation of new services, for new business models, and for new players to enter the mobile market. The networks will support efficient and cost-effective launch of a multitude of services, tailored for different vertical markets having varying service and security requirements, and involving a large number of actors. Key technology concepts are network slicing and network softwarisation, including network function virtualisation and software-defi...
-
An eConsent-based System Architecture Supporting Cooperation in Integrated Healthcare Networks.
Bergmann, Joachim; Bott, Oliver J; Hoffmann, Ina; Pretschner, Dietrich P
2005-01-01
The economical need for efficient healthcare leads to cooperative shared care networks. A virtual electronic health record is required, which integrates patient related information but reflects the distributed infrastructure and restricts access only to those health professionals involved into the care process. Our work aims on specification and development of a system architecture fulfilling these requirements to be used in concrete regional pilot studies. Methodical analysis and specification have been performed in a healthcare network using the formal method and modelling tool MOSAIK-M. The complexity of the application field was reduced by focusing on the scenario of thyroid disease care, which still includes various interdisciplinary cooperation. Result is an architecture for a secure distributed electronic health record for integrated care networks, specified in terms of a MOSAIK-M-based system model. The architecture proposes business processes, application services, and a sophisticated security concept, providing a platform for distributed document-based, patient-centred, and secure cooperation. A corresponding system prototype has been developed for pilot studies, using advanced application server technologies. The architecture combines a consolidated patient-centred document management with a decentralized system structure without needs for replication management. An eConsent-based approach assures, that access to the distributed health record remains under control of the patient. The proposed architecture replaces message-based communication approaches, because it implements a virtual health record providing complete and current information. Acceptance of the new communication services depends on compatibility with the clinical routine. Unique and cross-institutional identification of a patient is also a challenge, but will loose significance with establishing common patient cards.
-
A future-proof architecture for telemedicine using loose-coupled modules and HL7 FHIR.
Gøeg, Kirstine Rosenbeck; Rasmussen, Rune Kongsgaard; Jensen, Lasse; Wollesen, Christian Møller; Larsen, Søren; Pape-Haugaard, Louise Bilenberg
2018-07-01
Most telemedicine solutions are proprietary and disease specific which cause a heterogeneous and silo-oriented system landscape with limited interoperability. Solving the interoperability problem would require a strong focus on data integration and standardization in telemedicine infrastructures. Our objective was to suggest a future-proof architecture, that consisted of small loose-coupled modules to allow flexible integration with new and existing services, and the use of international standards to allow high re-usability of modules, and interoperability in the health IT landscape. We identified core features of our future-proof architecture as the following (1) To provide extended functionality the system should be designed as a core with modules. Database handling and implementation of security protocols are modules, to improve flexibility compared to other frameworks. (2) To ensure loosely coupled modules the system should implement an inversion of control mechanism. (3) A focus on ease of implementation requires the system should use HL7 FHIR (Fast Interoperable Health Resources) as the primary standard because it is based on web-technologies. We evaluated the feasibility of our architecture by developing an open source implementation of the system called ORDS. ORDS is written in TypeScript, and makes use of the Express Framework and HL7 FHIR DSTU2. The code is distributed on GitHub. All modules have been tested unit wise, but end-to-end testing awaits our first clinical example implementations. Our study showed that highly adaptable and yet interoperable core frameworks for telemedicine can be designed and implemented. Future work includes implementation of a clinical use case and evaluation. Copyright © 2018 Elsevier B.V. All rights reserved.
-
Cyber secure systems approach for NPP digital control systems
Energy Technology Data Exchange (ETDEWEB)
McCreary, T. J.; Hsu, A. [HF Controls Corporation, 16650 Westgrove Drive, Addison, TX 75001 (United States)
2006-07-01
Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant and distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from
-
Cyber secure systems approach for NPP digital control systems
International Nuclear Information System (INIS)
McCreary, T. J.; Hsu, A.
2006-01-01
Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant and distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to
-
National Cyber Security Policy
Indian Academy of Sciences (India)
National Cyber Security Policy. Salient Features: Caters to ... Creating a secure cyber ecosystem. Creating an assurance framework. Encouraging Open Standards. Strengthening the Regulatory framework. Creating mechanisms for security threat early warning, vulnerability management and response to security threats.
-
Directory of Open Access Journals (Sweden)
Henriette Bier
2010-06-01
Full Text Available The shift from mechanical to digital forces architects to reposition themselves: Architects generate digital information, which can be used not only in designing and fabricating building components but also in embedding behaviours into buildings. This implies that, similar to the way that industrial design and fabrication with its concepts of standardisation and serial production influenced modernist architecture, digital design and fabrication influences contemporary architecture. While standardisation focused on processes of rationalisation of form, mass-customisation as a new paradigm that replaces mass-production, addresses non-standard, complex, and flexible designs. Furthermore, knowledge about the designed object can be encoded in digital data pertaining not just to the geometry of a design but also to its physical or other behaviours within an environment. Digitally-driven architecture implies, therefore, not only digitally-designed and fabricated architecture, it also implies architecture – built form – that can be controlled, actuated, and animated by digital means. In this context, this sixth Footprint issue examines the influence of digital means as pragmatic and conceptual instruments for actuating architecture. The focus is not so much on computer-based systems for the development of architectural designs, but on architecture incorporating digital control, sensing, actuating, or other mechanisms that enable buildings to interact with their users and surroundings in real time in the real world through physical or sensory change and variation.
-
Evaluating a Service-Oriented Architecture
2007-09-01
See the description on page 13. SaaS Software as a service ( SaaS ) is a software delivery model where customers don’t own a copy of the application... serviceability REST Representational State Transfer RIA rich internet application RPC remote procedure call SaaS software as a service SAML Security...Evaluating a Service -Oriented Architecture Phil Bianco, Software Engineering Institute Rick Kotermanski, Summa Technologies Paulo Merson
-
Research on Lightweight Information Security System of the Internet of Things
Ying Li; Li Ping Du; JianWei Guo; Xin Zhao
2013-01-01
In order to improve the security of information transmitted in the internet of things, this study designs an information security system architecture of internet of things based on a lightweight cryptography. In this security system, an authentication protocol, encryption/decryption protocol and signature verification protocol are proposed and implemented. All these security protocol are used to verify the legality of access device and to protect the confidentiality and integrity of transform...
-
[Universalization of health or of social security?].
Levy-Algazi, Santiago
2011-01-01
This article presents an analysis of the architecture of Mexico's health system based on the main economic problem, failing to achieve a GDP growth rate to increase real wages and give workers in formal employment coverage social security. This analysis describes the relationship between social security of the population and employment status of it (either formal or informal employment) and the impact that this situation poses to our health system. Also, it ends with a reform proposal that will give all workers the same social rights, ie to grant universal social security.
-
A Standardization Framework for Electronic Government Service Portals
Sarantis, Demetrios; Tsiakaliaris, Christos; Lampathaki, Fenareti; Charalabidis, Yannis
Although most eGovernment interoperability frameworks (eGIFs) cover adequately the technical aspects of developing and supporting the provision of electronic services to citizens and businesses, they do not exclusively address several important areas regarding the organization, presentation, accessibility and security of the content and the electronic services offered through government portals. This chapter extends the scope of existing eGIFs presenting the overall architecture and the basic concepts of the Greek standardization framework for electronic government service portals which, for the first time in Europe, is part of a country's eGovernment framework. The proposed standardization framework includes standards, guidelines and recommendations regarding the design, development and operation of government portals that support the provision of administrative information and services to citizens and businesses. By applying the guidelines of the framework, the design, development and operation of portals in central, regional and municipal government can be systematically addressed resulting in an applicable, sustainable and ever-expanding framework.
-
Developing cyber security architecture for military networks using cognitive networking
Kärkkäinen, Anssi
2015-01-01
In recent years, the importance of cyber security has increased. Cyber security has not become a critical issue only for governmental or business actors, but also for armed forces that nowadays rely on national or even global networks in their daily activities. The Network Centric Warfare (NCW) paradigm has increased the significance of networking during last decades as it enables information superiority in which military combat power increased by networking the battlefield actors from perspe...
-
Cyber Security Research Frameworks For Coevolutionary Network Defense
Energy Technology Data Exchange (ETDEWEB)
Rush, George D. [Missouri Univ. of Science and Technology, Rolla, MO (United States); Tauritz, Daniel Remy [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
2015-12-03
Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger, more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.
-
A Guanxi Shibboleth based security infrastructure for e-social science
Jie, Wei; Young, Alistair; Arshad, Junaid; Finch, June; Procter, Rob; Turner, Andy
2008-01-01
An e-Social Science infrastructure generally has security requirements to protect their restricted resources or services. As a widely accepted authentication and authorization technology, Shibboleth supports the sharing of resources on interinstitutional federation. Guanxi is an open source implementation of the Shibboleth protocol and architecture. In this paper, we propose a security infrastructure for e-social science based on the Guanxi Shibboleth. This security infrastructure presents tw...
-
Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard.
Gutiérrez-Martínez, Josefina; Núñez-Gaona, Marco Antonio; Aguirre-Meneses, Heriberto
2015-08-01
Data security is a critical issue in an organization; a proper information security management (ISM) is an ongoing process that seeks to build and maintain programs, policies, and controls for protecting information. A hospital is one of the most complex organizations, where patient information has not only legal and economic implications but, more importantly, an impact on the patient's health. Imaging studies include medical images, patient identification data, and proprietary information of the study; these data are contained in the storage device of a PACS. This system must preserve the confidentiality, integrity, and availability of patient information. There are techniques such as firewalls, encryption, and data encapsulation that contribute to the protection of information. In addition, the Digital Imaging and Communications in Medicine (DICOM) standard and the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regulations are also used to protect the patient clinical data. However, these techniques are not systematically applied to the picture and archiving and communication system (PACS) in most cases and are not sufficient to ensure the integrity of the images and associated data during transmission. The ISO/IEC 27001:2013 standard has been developed to improve the ISM. Currently, health institutions lack effective ISM processes that enable reliable interorganizational activities. In this paper, we present a business model that accomplishes the controls of ISO/IEC 27002:2013 standard and criteria of security and privacy from DICOM and HIPAA to improve the ISM of a large-scale PACS. The methodology associated with the model can monitor the flow of data in a PACS, facilitating the detection of unauthorized access to images and other abnormal activities.
-
Directory of Open Access Journals (Sweden)
Milad Malekolkalami
2014-02-01
Full Text Available This study assessed the evaluation of information security management status in central Libraries of governmental universities located in Tehran, according to ISO / I.E.C. 27002. Research method applied for the study is descriptive Survey and a questionnaire was used for collecting information. The questionnaire was distributed between the 74 central library managers of governmental universities in Tehran according to the recent list on the website of Ministry of Science, Research and Technology, that includes 39 components based on 11 indicators of the standard ISO/ I.E.C. 27002. Analysis of data has been done by using both descriptive and inferential statistics by Microsoft Excel 2007and SPSS statistical softwares. The results of research showed that the mean for libraries in 11 indexes are as follows: The mean for the first index, Security policy, is 3.91 , in the second index, organization of information security, is 4.23, in the third index, asset security management, is 4.38, in the fourth index, Human Resources Security management, is 4, in the fifth index, physical and environment Security management, is 4.07, in the sixth index, operations management and communications, is 4.15, in the Seventh index, access controls management, is 4.38, in the eighth index, information system acquisition, development and maintenance, is 3.92, in the ninth index, information security incident management, is 3.84, in the tenth index, business continuity management, is 3.46, in the eleventh index, compliance, is 3.69 that match with the standard ISO / IEC. 27002. The results of Research shown that totally mean for standard ISO/I.E.C. 27002 in the field of information security management in the central libraries, is 4 being in a good condition and there is no significant differences between the performance of the Central libraries of the governmental Universities in Tehran, since It is not observed significant difference between them in the field of
-
Architectural mismatch issues in identity management deployment
DEFF Research Database (Denmark)
Andersen, Mads Schaarup
2010-01-01
Integrating Commercial Off-The-Shelf products in a company's software product portfolio offers business value, but introduces challenges from a software architecture perspective. In this paper, the research challenges in relation to identity management in the Danish municipality administration...... system called Opus, are outlined. Opus BRS is the identity management part of Opus. Opus integrates SAP, legacy mainframe systems, and other third party systems of the individual municipality. Each of these systems define their own software architecture and access control model, leading to architectural...... mismatch with an impact on security, usability, and maintainability. The research project is discussed and access control and identity provisioning are recognized as the major areas of interest in relation to the mismatch challenges. The project is carried out in close cooperation with KMD, one...
-
African Peace and Security Architecture: A Strategic Analysis
2011-12-16
International Development Agency DDR Disarmament, Demobilization, and Reintegration EAC East African Community EASBRICOM Africa Standby Brigade...children, drug control, population, migration, labour and employment, sports and culture); Human resources, science and technology (education...disarmament, demobilization and reintegration (DDR), security sector reform (SSR), and responsibility to protect (R2P) to peacebuilding, peacekeeping, and
-
Energy Technology Data Exchange (ETDEWEB)
Eichelberg, M.; Riesmeier, J. [OFFIS e.V., Bereich IuK-Systeme im Gesundheitswesen, Oldenburg (Germany); Thiel, A.; Jensch, P. [Fachbereich Informatik, Carl-von-Ossietzky-Univ., Oldenburg (Germany); Emmel, D.; Haderer, A.; Ricke, J.; Stohlmann, L. [Klinik fuer Strahlenheilkunde, Charite-Campus-Virchow-Klinikum der Humboldt-Univ. zu Berlin (Germany); Bernarding, J. [Medizinische Informatik, Universitaetsklinikum Benjamin Franklin (UKBF), Freie Univ. Berlin (Germany)
2002-02-01
The use of telemedicine is becoming indispensable for a continuous and economical delivery of a high quality of care. However, data protection requirements have to be considered. For the selection of solutions, vendor-independent components based on standards are a prerequisite for a seamless integration into the existing, often heterogeneous, IT infrastructure. The ''Internet protocol'' TCP/IP and the DICOM standard with it's new security extensions form the basis for an internationally standardized and accepted procedure for a secure interchange of radiological images beyond platform boundaries. (orig.) [German] Um auch in Zukunft eine kostenguenstige und qualitativ hochwertige Patientenversorgung gewaehrleisten zu koennen, ist der Einsatz von Telemedizin unabdingbar. Dabei sind jedoch immer die Belange des Datenschutzes zu beruecksichtigen. Bei der Auswahl der Loesungen sind herstelleruebergreifende und auf Standards basierende Komponenten Voraussetzung fuer eine nahtlose Integration in die bestehende, oft heterogene EDV-Infrastruktur. Das ''Internetprotokoll'' TCP/IP und der DICOM-Standard mit seinen neuen Sicherheitserweiterungen bilden die Grundlage fuer ein weltweit standardisiertes und akzeptiertes Verfahren zum sicheren Austausch radiologischer Bilddaten ueber Plattformgrenzen hinweg. (orig.)
-
Energy Technology Data Exchange (ETDEWEB)
Uslar, Mathias; Beenken, Petra; Beer, Sebastian [OFFIS, Oldenburg (Germany)
2009-07-01
The ongoing integration of distributed energy recourses into the existing power grid has lead to both grown communication costs and an increased need for interoperability between the involved actors. In this context, standardized and ontology- based data models help to reduce integration costs in heterogeneous system landscapes. Using ontology-based security profiles, such models can be extended with meta-data containing information about security measures for energyrelated data in need of protection. By this approach, we achieve both a unified data model and a unified security level. (orig.)
-
Secure Network-Centric Aviation Communication (SNAC)
Nelson, Paul H.; Muha, Mark A.; Sheehe, Charles J.
2017-01-01
The existing National Airspace System (NAS) communications capabilities are largely unsecured, are not designed for efficient use of spectrum and collectively are not capable of servicing the future needs of the NAS with the inclusion of new operators in Unmanned Aviation Systems (UAS) or On Demand Mobility (ODM). SNAC will provide a ubiquitous secure, network-based communications architecture that will provide new service capabilities and allow for the migration of current communications to SNAC over time. The necessary change in communication technologies to digital domains will allow for the adoption of security mechanisms, sharing of link technologies, large increase in spectrum utilization, new forms of resilience and redundancy and the possibly of spectrum reuse. SNAC consists of a long term open architectural approach with increasingly capable designs used to steer research and development and enable operating capabilities that run in parallel with current NAS systems.
-
Hardware-Enabled Security Through On-Chip Reconfigurable Fabric
2016-02-05
level language (SystemC) instead of in RTL such as Verilog and VHDL . To evaluate our approach, we implemented a set of monitors including soft...techniques can be implemented after chip fabrication. The study showed that such programmable architectures can indeed support a broad range of run- time...accelerators where security techniques can be implemented after chip fabrication. The study showed that such programmable architectures can indeed support a
-
Securing Resources in Collaborative Environments: A Peer-to-peerApproach
Energy Technology Data Exchange (ETDEWEB)
Berket, Karlo; Essiari, Abdelilah; Thompson, Mary R.
2005-09-19
We have developed a security model that facilitates control of resources by autonomous peers who act on behalf of collaborating users. This model allows a gradual build-up of trust. It enables secure interactions among users that do not necessarily know each other and allows them to build trust over the course of their collaboration. This paper describes various aspects of our security model and describes an architecture that implements this model to provide security in pure peer-to-peer environments.
-
Control and Communication for a Secure and Reconfigurable Power Distribution System
Giacomoni, Anthony Michael
A major transformation is taking place throughout the electric power industry to overlay existing electric infrastructure with advanced sensing, communications, and control system technologies. This transformation to a smart grid promises to enhance system efficiency, increase system reliability, support the electrification of transportation, and provide customers with greater control over their electricity consumption. Upgrading control and communication systems for the end-to-end electric power grid, however, will present many new security challenges that must be dealt with before extensive deployment and implementation of these technologies can begin. In this dissertation, a comprehensive systems approach is taken to minimize and prevent cyber-physical disturbances to electric power distribution systems using sensing, communications, and control system technologies. To accomplish this task, an intelligent distributed secure control (IDSC) architecture is presented and validated in silico for distribution systems to provide greater adaptive protection, with the ability to proactively reconfigure, and rapidly respond to disturbances. Detailed descriptions of functionalities at each layer of the architecture as well as the whole system are provided. To compare the performance of the IDSC architecture with that of other control architectures, an original simulation methodology is developed. The simulation model integrates aspects of cyber-physical security, dynamic price and demand response, sensing, communications, intermittent distributed energy resources (DERs), and dynamic optimization and reconfiguration. Applying this comprehensive systems approach, performance results for the IEEE 123 node test feeder are simulated and analyzed. The results show the trade-offs between system reliability, operational constraints, and costs for several control architectures and optimization algorithms. Additional simulation results are also provided. In particular, the
-
Reinstein, A; Bayou, M E
1994-10-01
The Financial Accounting Standards Board (FASB) recently issued a new statement that requires all companies to change their methods of accounting for debt and equity securities. Rather than allowing organizations to use a historical cost approach in accounting for such financial instruments, FASB Statement No. 115 requires organizations to adopt a market value approach. The provisions of this statement will affect significantly organizations in the healthcare industry that have large investment portfolios.
-
Technical architecture of ONC-approved plans for statewide health information exchange.
Barrows, Randolph C; Ezzard, John
2011-01-01
ONC-approved state plans for HIE were reviewed for descriptions and depictions of statewide HIE technical architecture. Review was complicated by non-standard organizational elements and technical terminology across state plans. Findings were mapped to industry standard, referenced, and defined HIE architecture descriptions and characteristics. Results are preliminary due to the initial subset of ONC-approved plans available, the rapid pace of new ONC-plan approvals, and continuing advancements in standards and technology of HIE, etc. Review of 28 state plans shows virtually all include a direct messaging component, but for participating entities at state-specific levels of granularity (RHIO, enterprise, organization/provider). About ½ of reviewed plans describe a federated architecture, and ¼ of plans utilize a single-vendor "hybrid-federated" architecture. About 1/3 of states plan to leverage new federal and open exchange technologies (DIRECT, CONNECT, etc.). Only one plan describes a centralized architecture for statewide HIE, but others combine central and federated architectural approaches.
-
The Architecture of Physical Culture in Ancient Greece
Directory of Open Access Journals (Sweden)
Leon Debevec
2015-07-01
Full Text Available The paper discusses the interaction between the culture of the body and architectural creativity in Ancient Greece. This interaction is rooted in a concern for personal and group security, the basis of which was physical fitness, as well as in the immersion of Greek reality in religion, which depicted gods and goddesses in perfect human bodies. Together with a developed feeling for the community, these two aspects stimulated the design of a special architecture devoted to physical culture. Baths, gymnasiums, palaestras, stadiums, hippodromes and theatres are original flashes of Greek architectural genius. They are golden ‘vessels’ devoted to the admiration of beauty, agility and the expressive power of the body – virtues which paved the way to a godlike semblance for every Greek.
-
Computer architecture a quantitative approach
Hennessy, John L
2019-01-01
Computer Architecture: A Quantitative Approach, Sixth Edition has been considered essential reading by instructors, students and practitioners of computer design for over 20 years. The sixth edition of this classic textbook is fully revised with the latest developments in processor and system architecture. It now features examples from the RISC-V (RISC Five) instruction set architecture, a modern RISC instruction set developed and designed to be a free and openly adoptable standard. It also includes a new chapter on domain-specific architectures and an updated chapter on warehouse-scale computing that features the first public information on Google's newest WSC. True to its original mission of demystifying computer architecture, this edition continues the longstanding tradition of focusing on areas where the most exciting computing innovation is happening, while always keeping an emphasis on good engineering design.
-
Space Elevators Preliminary Architectural View
Pullum, L.; Swan, P. A.
Space Systems Architecture has been expanded into a process by the US Department of Defense for their large scale systems of systems development programs. This paper uses the steps in the process to establishes a framework for Space Elevator systems to be developed and provides a methodology to manage complexity. This new approach to developing a family of systems is based upon three architectural views: Operational View OV), Systems View (SV), and Technical Standards View (TV). The top level view of the process establishes the stages for the development of the first Space Elevator and is called Architectural View - 1, Overview and Summary. This paper will show the guidelines and steps of the process while focusing upon components of the Space Elevator Preliminary Architecture View. This Preliminary Architecture View is presented as a draft starting point for the Space Elevator Project.
-
Extending Security-by-Contract with Quantitative Trust on Mobile Devices
DEFF Research Database (Denmark)
Costa, Gabriele; Dragoni, Nicola; Lazouski, Aliaksandr
2010-01-01
program our architecture updates the trust level associated with the contract provider. We also present a possible application of our framework in the scenario of a mobile application marketplace, e.g., Apple AppStore, Cydia, Android Market, that, nowadays, are considered as one of the most attractive e......Security-by-Contract (S×C) is a paradigm providing security assurances for mobile applications. In this work, we present the an extension of S×C, called Security-by-Contract-with-Trust (S×C×T). Indeed, we enrich the S×C architecture by integrating a trust model and adding new modules......-commerce activity for both mobile application developers and industries of mobile devices. Since the number of applications increases, Mobile Applications Marketplace (MAMp) sets up recommendation systems that rank and highlight mobile applications by category, social activity, etc. The S×C×T framework we propose...
-
Considering IIOT and security for the DoD
Klawon, Kevin; Gold, Josh; Bachman, Kristen; Landoll, Darren
2016-05-01
The Internet of Things (IoT) has come of age and domestic and industrial devices are all "smart". But how can they be universally classified and queried? How do we know that the underlying architecture is secure enough to deploy on a defense network? By leverage existing platforms designed for interoperability, extensibility, and security that can manage data across multiple domains and runs on any platform.
-
A Framework for Smart Home Services with Secure and QoS-aware Communications
Directory of Open Access Journals (Sweden)
Markus Hager
2013-01-01
Full Text Available The scenario of smart home services will be discussed with regard to two important aspects: the quality of service problem for the in-house communication and the need for a security scheme for the whole system. We focus on an installation with smart computers in each flat interconnected using a switched Ethernet network. These smart devices are responsible for performing local services, user control and operate as a gateway for the different types of sensor and actor networks installed at each flat. We propose a QoS scheme to prevent congestion situation for the Ethernet network which is applicable to currently available cost-sensitive hardware. Furthermore, the whole system, all communication channels, user data and the access to the framework are secured by our proposed security architecture. Finally, we will present the latest improvements on Ethernet network standards, the ongoing work on this topics and our next steps for future work.
-
Image processing methods and architectures in diagnostic pathology.
Directory of Open Access Journals (Sweden)
Oscar DĂŠniz
2010-05-01
Full Text Available Grid technology has enabled the clustering and the efficient and secure access to and interaction among a wide variety of geographically distributed resources such as: supercomputers, storage systems, data sources, instruments and special devices and services. Their main applications include large-scale computational and data intensive problems in science and engineering. General grid structures and methodologies for both software and hardware in image analysis for virtual tissue-based diagnosis has been considered in this paper. This methods are focus on the user level middleware. The article describes the distributed programming system developed by the authors for virtual slide analysis in diagnostic pathology. The system supports different image analysis operations commonly done in anatomical pathology and it takes into account secured aspects and specialized infrastructures with high level services designed to meet application requirements. Grids are likely to have a deep impact on health related applications, and therefore they seem to be suitable for tissue-based diagnosis too. The implemented system is a joint application that mixes both Web and Grid Service Architecture around a distributed architecture for image processing. It has shown to be a successful solution to analyze a big and heterogeneous group of histological images under architecture of massively parallel processors using message passing and non-shared memory.
-
Bailey, Sarah F; Scheible, Melissa K; Williams, Christopher; Silva, Deborah S B S; Hoggan, Marina; Eichman, Christopher; Faith, Seth A
2017-11-01
Next-generation Sequencing (NGS) is a rapidly evolving technology with demonstrated benefits for forensic genetic applications, and the strategies to analyze and manage the massive NGS datasets are currently in development. Here, the computing, data storage, connectivity, and security resources of the Cloud were evaluated as a model for forensic laboratory systems that produce NGS data. A complete front-to-end Cloud system was developed to upload, process, and interpret raw NGS data using a web browser dashboard. The system was extensible, demonstrating analysis capabilities of autosomal and Y-STRs from a variety of NGS instrumentation (Illumina MiniSeq and MiSeq, and Oxford Nanopore MinION). NGS data for STRs were concordant with standard reference materials previously characterized with capillary electrophoresis and Sanger sequencing. The computing power of the Cloud was implemented with on-demand auto-scaling to allow multiple file analysis in tandem. The system was designed to store resulting data in a relational database, amenable to downstream sample interpretations and databasing applications following the most recent guidelines in nomenclature for sequenced alleles. Lastly, a multi-layered Cloud security architecture was tested and showed that industry standards for securing data and computing resources were readily applied to the NGS system without disadvantageous effects for bioinformatic analysis, connectivity or data storage/retrieval. The results of this study demonstrate the feasibility of using Cloud-based systems for secured NGS data analysis, storage, databasing, and multi-user distributed connectivity. Copyright © 2017 Elsevier B.V. All rights reserved.
-
A Survey on Security-Aware Measurement in SDN
Directory of Open Access Journals (Sweden)
Heng Zhang
2018-01-01
Full Text Available Software-defined networking (SDN is one of the most prevailing networking paradigms in current and next-generation networks. Basically, the highly featured separation of control and data planes makes SDN a proper solution towards many practical problems that challenge legacy networks, for example, energy efficiency, dynamic network configuration, agile network measurement, and flexible network deployment. Although the SDN and its applications have been extensively studied for several years, the research of SDN security is still in its infancy. Typically, the SDN suffers from architecture defect and OpenFlow protocol loopholes such as single controller problem, deficiency of communication verification, and network resources constraint. Hence, network measurement is a fundamental technique of protecting SDN against the above security threats. Specifically, network measurement aims to understand and quantify a variety of network behaviors to facilitate network management and monitoring, anomaly detection, network troubleshooting, and the establishment of security mechanisms. In this paper, we present a systematic survey on security-aware measurement technology in SDN. In particular, we first review the basic architecture of SDN and corresponding security challenges. Then, we investigate two performance measurement techniques in SDN, namely, link latency and available bandwidth measurements. After that, we further provide a general overview of topology measurement in SDN including intradomain and interdomain topology discovering techniques. Finally, we list three interesting future directions of security-aware measurement in SDN followed by giving conclusion remarks.
-
Context Aware Middleware Architectures: Survey and Challenges
Directory of Open Access Journals (Sweden)
Xin Li
2015-08-01
Full Text Available Context aware applications, which can adapt their behaviors to changing environments, are attracting more and more attention. To simplify the complexity of developing applications, context aware middleware, which introduces context awareness into the traditional middleware, is highlighted to provide a homogeneous interface involving generic context management solutions. This paper provides a survey of state-of-the-art context aware middleware architectures proposed during the period from 2009 through 2015. First, a preliminary background, such as the principles of context, context awareness, context modelling, and context reasoning, is provided for a comprehensive understanding of context aware middleware. On this basis, an overview of eleven carefully selected middleware architectures is presented and their main features explained. Then, thorough comparisons and analysis of the presented middleware architectures are performed based on technical parameters including architectural style, context abstraction, context reasoning, scalability, fault tolerance, interoperability, service discovery, storage, security & privacy, context awareness level, and cloud-based big data analytics. The analysis shows that there is actually no context aware middleware architecture that complies with all requirements. Finally, challenges are pointed out as open issues for future work.
-
A remote data access architecture for home-monitoring health-care applications.
Lin, Chao-Hung; Young, Shuenn-Tsong; Kuo, Te-Son
2007-03-01
With the aging of the population and the increasing patient preference for receiving care in their own homes, remote home care is one of the fastest growing areas of health care in Taiwan and many other countries. Many remote home-monitoring applications have been developed and implemented to enable both formal and informal caregivers to have remote access to patient data so that they can respond instantly to any abnormalities of in-home patients. The aim of this technology is to give both patients and relatives better control of the health care, reduce the burden on informal caregivers and reduce visits to hospitals and thus result in a better quality of life for both the patient and his/her family. To facilitate their widespread adoption, remote home-monitoring systems take advantage of the low-cost features and popularity of the Internet and PCs, but are inherently exposed to several security risks, such as virus and denial-of-service (DoS) attacks. These security threats exist as long as the in-home PC is directly accessible by remote-monitoring users over the Internet. The purpose of the study reported in this paper was to improve the security of such systems, with the proposed architecture aimed at increasing the system availability and confidentiality of patient information. A broker server is introduced between the remote-monitoring devices and the in-home PCs. This topology removes direct access to the in-home PC, and a firewall can be configured to deny all inbound connections while the remote home-monitoring application is operating. This architecture helps to transfer the security risks from the in-home PC to the managed broker server, on which more advanced security measures can be implemented. The pros and cons of this novel architecture design are also discussed and summarized.
-
Sustainable, Reliable Mission-Systems Architecture
O'Neil, Graham; Orr, James K.; Watson, Steve
2007-01-01
A mission-systems architecture, based on a highly modular infrastructure utilizing: open-standards hardware and software interfaces as the enabling technology is essential for affordable and sustainable space exploration programs. This mission-systems architecture requires (a) robust communication between heterogeneous system, (b) high reliability, (c) minimal mission-to-mission reconfiguration, (d) affordable development, system integration, and verification of systems, and (e) minimal sustaining engineering. This paper proposes such an architecture. Lessons learned from the Space Shuttle program and Earthbound complex engineered system are applied to define the model. Technology projections reaching out 5 years are mde to refine model details.
-
Porter, Burton W., Jr.
2016-01-01
Approved for public release; distribution is unlimited While engineers must participate in the construction of the Integrated Master Schedule, this thesis proposes a way to reduce that effort through automation. When standardized sub processes exist, automated task name construction with consistent action/object naming convention can be applied to multiple system artifacts. These repeating sub processes also allow the derivation of task sequence and dependencies. The Architecture-Based Uti...
-
Overview of service oriented architecture: definition, use in ...
African Journals Online (AJOL)
Overview of service oriented architecture: definition, use in healthcare ... of service oriented architecture in Healthcare with focus on the pros and cons of its use as ... technologies adapted the required healthcare standards and challenges and ...
-
ZigBee-2007 Security Essentials
DEFF Research Database (Denmark)
Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming
2008-01-01
ZigBee is a fairly new but promising standard for wireless networks due to its low resource requirements. As in other wireless network standards, security is an important issue and each new version of the ZigBee Specification enhances the level of the ZigBee security. In this paper, we present...... the security essentials of the latest ZigBee Specification, ZigBee-2007. We explain the key concepts, protocols, and computations. In addition, we formulate the protocols using standard protocol narrations. Finally, we identify the key challenges to be considered for consolidating ZigBee....
-
Constructing an I and C Upgrade Architecture for Korea Standard Nuclear Power Plants
International Nuclear Information System (INIS)
Suh, Yong Suk; Hur, Seop; Kim, Dong Hoon; Sung, Chan Ho; Kang, Hyun Tai; Lee, Jae Ki; Cho, Chang Hwan
2008-01-01
This paper presents three architectures of the KSNP I and C upgrade. The architectures are constructed with an adoption of PLCs and DCS technology and 3-phase upgrade strategy. The 3-phase upgrade strategy is established to ensure the safety of the upgrade. Based on the architecture, the cabinet configuration is being constructed. From the configuration, it is expected to figure out how to optimize the layout of the cabinets. It is required to study the performance and safety design requirements of the upgrade further
-
Directory of Open Access Journals (Sweden)
Jean Y. Astier
2018-03-01
Full Text Available Current computer operating systems architectures are not well suited for the coming world of connected objects, known as the Internet of Things (IoT for multiple reasons: poor communication performances in both point-to-point and broadcast cases, poor operational reliability and network security, excessive requirements both in terms of processor power and memory size leading to excessive electrical power consumption. We introduce a new computer operating system architecture well adapted to IoT, from the most modest to the most complex, and more generally able to significantly raise the input/output capacities of any communicating computer. This architecture rests on the principles of the Von Neumann hardware model, and is composed of two types of asymmetric distributed containers, which communicate by message passing. We describe the sub-systems of both of these types of containers, where each sub-system has its own scheduler, and a dedicated execution level.
-
How Secure Is Your Radiology Department? Mapping Digital Radiology Adoption and Security Worldwide.
Stites, Mark; Pianykh, Oleg S
2016-04-01
Despite the long history of digital radiology, one of its most critical aspects--information security--still remains extremely underdeveloped and poorly standardized. To study the current state of radiology security, we explored the worldwide security of medical image archives. Using the DICOM data-transmitting standard, we implemented a highly parallel application to scan the entire World Wide Web of networked computers and devices, locating open and unprotected radiology servers. We used only legal and radiology-compliant tools. Our security-probing application initiated a standard DICOM handshake to remote computer or device addresses, and then assessed their security posture on the basis of handshake replies. The scan discovered a total of 2774 unprotected radiology or DICOM servers worldwide. Of those, 719 were fully open to patient data communications. Geolocation was used to analyze and rank our findings according to country utilization. As a result, we built maps and world ranking of clinical security, suggesting that even the most radiology-advanced countries have hospitals with serious security gaps. Despite more than two decades of active development and implementation, our radiology data still remains insecure. The results provided should be applied to raise awareness and begin an earnest dialogue toward elimination of the problem. The application we designed and the novel scanning approach we developed can be used to identify security breaches and to eliminate them before they are compromised.
-
OSE inspection of computer security: Review
International Nuclear Information System (INIS)
Jaehne, E.M.
1987-01-01
The inspection process within the Department of Energy (DOE) serves the function of analyzing and reporting on the performance of security measures and controls in specific areas at sites throughout DOE. Three aspects of this process are discussed based on experience in computer security: Policy basis of performance inspections; Role and form of standards and criteria in inspections; and Conducting an inspection using the standards and criteria. Inspections are based on DOE and other applicable policy in each area. These policy statements have a compliance orientation in which the paper trail is often more clearly discernible than the security intention. The relationship of policy to performance inspections is discussed. To facilitate bridging the gap between the paper trail and the security intention defined by policy, standards and criteria were developed in each area. The consensus process and structure of the resulting product for computer security are discussed. Standards and criteria are inspection tools that support the site in preparing for an inspection and the inspector in conducting one. They form a systematic approach that facilitates consistency in the analysis and reporting of inspection results. Experience using the computer security standards and criteria is discussed
-
Developing a secured social networking site using information security awareness techniques
Directory of Open Access Journals (Sweden)
Julius O. Okesola
2014-11-01
Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS. Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented. Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end. Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours. Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.
-
NINJA: a noninvasive framework for internal computer security hardening
Allen, Thomas G.; Thomson, Steve
2004-07-01
Vulnerabilities are a growing problem in both the commercial and government sector. The latest vulnerability information compiled by CERT/CC, for the year ending Dec. 31, 2002 reported 4129 vulnerabilities representing a 100% increase over the 2001 [1] (the 2003 report has not been published at the time of this writing). It doesn"t take long to realize that the growth rate of vulnerabilities greatly exceeds the rate at which the vulnerabilities can be fixed. It also doesn"t take long to realize that our nation"s networks are growing less secure at an accelerating rate. As organizations become aware of vulnerabilities they may initiate efforts to resolve them, but quickly realize that the size of the remediation project is greater than their current resources can handle. In addition, many IT tools that suggest solutions to the problems in reality only address "some" of the vulnerabilities leaving the organization unsecured and back to square one in searching for solutions. This paper proposes an auditing framework called NINJA (acronym for Network Investigation Notification Joint Architecture) for noninvasive daily scanning/auditing based on common security vulnerabilities that repeatedly occur in a network environment. This framework is used for performing regular audits in order to harden an organizations security infrastructure. The framework is based on the results obtained by the Network Security Assessment Team (NSAT) which emulates adversarial computer network operations for US Air Force organizations. Auditing is the most time consuming factor involved in securing an organization's network infrastructure. The framework discussed in this paper uses existing scripting technologies to maintain a security hardened system at a defined level of performance as specified by the computer security audit team. Mobile agents which were under development at the time of this writing are used at a minimum to improve the noninvasiveness of our scans. In general, noninvasive
-
FPSoC-Based Architecture for a Fast Motion Estimation Algorithm in H.264/AVC
Directory of Open Access Journals (Sweden)
Obianuju Ndili
2009-01-01
Full Text Available There is an increasing need for high quality video on low power, portable devices. Possible target applications range from entertainment and personal communications to security and health care. While H.264/AVC answers the need for high quality video at lower bit rates, it is significantly more complex than previous coding standards and thus results in greater power consumption in practical implementations. In particular, motion estimation (ME, in H.264/AVC consumes the largest power in an H.264/AVC encoder. It is therefore critical to speed-up integer ME in H.264/AVC via fast motion estimation (FME algorithms and hardware acceleration. In this paper, we present our hardware oriented modifications to a hybrid FME algorithm, our architecture based on the modified algorithm, and our implementation and prototype on a PowerPC-based Field Programmable System on Chip (FPSoC. Our results show that the modified hybrid FME algorithm on average, outperforms previous state-of-the-art FME algorithms, while its losses when compared with FSME, in terms of PSNR performance and computation time, are insignificant. We show that although our implementation platform is FPGA-based, our implementation results compare favourably with previous architectures implemented on ASICs. Finally we also show an improvement over some existing architectures implemented on FPGAs.
-
Delay Insensitive Ternary CMOS Logic for Secure Hardware
Directory of Open Access Journals (Sweden)
Ravi S. P. Nair
2015-09-01
Full Text Available As digital circuit design continues to evolve due to progress of semiconductor processes well into the sub 100 nm range, clocked architectures face limitations in a number of cases where clockless asynchronous architectures generate less noise and produce less electro-magnetic interference (EMI. This paper develops the Delay-Insensitive Ternary Logic (DITL asynchronous design paradigm that combines design aspects of similar dual-rail asynchronous paradigms and Boolean logic to create a single wire per bit, three voltage signaling and logic scheme. DITL is compared with other delay insensitive paradigms, such as Pre-Charge Half-Buffers (PCHB and NULL Convention Logic (NCL on which it is based. An application of DITL is discussed in designing secure digital circuits resistant to side channel attacks based on measurement of timing, power, and EMI signatures. A Secure DITL Adder circuit is designed at the transistor level, and several variance parameters are measured to validate the efficiency of DITL in resisting side channel attacks. The DITL design methodology is then applied to design a secure 8051 ALU.
-
Analyzing Resiliency of the Smart Grid Communication Architectures
Energy Technology Data Exchange (ETDEWEB)
None, None
2016-08-01
Smart grids are susceptible to cyber-attack as a result of new communication, control and computation techniques employed in the grid. In this paper, we characterize and analyze the resiliency of smart grid communication architecture, specifically an RF mesh based architecture, under cyber attacks. We analyze the resiliency of the communication architecture by studying the performance of high-level smart grid functions such as metering, and demand response which depend on communication. Disrupting the operation of these functions impacts the operational resiliency of the smart grid. Our analysis shows that it takes an attacker only a small fraction of meters to compromise the communication resiliency of the smart grid. We discuss the implications of our result to critical smart grid functions and to the overall security of the smart grid.
-
Wireless installation standard
International Nuclear Information System (INIS)
Lim, Hwang Bin
2007-12-01
This is divided six parts which are radio regulation law on securing of radio resource, use of radio resource, protection of radio resource, radio regulation enforcement ordinance with securing, distribution and assignment of radio regulation, radio regulation enforcement regulation on utility of radio resource and technical qualification examination, a wireless installation regulation of technique standard and safety facility standard, radio regulation such as certification regulation of information communicative machines and regulation of radio station on compliance of signal security, radio equipment in radio station, standard frequency station and emergency communication.
-
A new Information Architecture, Website and Services for the CMS Experiment
Taylor, Lucas; Rusack, Eleanor; Zemleris, Vidmantas
2012-12-01
The age and size of the CMS collaboration at the LHC means it now has many hundreds of inhomogeneous web sites and services, and hundreds of thousands of documents. We describe a major initiative to create a single coherent CMS internal and public web site. This uses the Drupal web Content Management System (now supported by CERN/IT) on top of a standard LAMP stack (Linux, Apache, MySQL, and php/perl). The new navigation, content and search services are coherently integrated with numerous existing CERN services (CDS, EDMS, Indico, phonebook, Twiki) as well as many CMS internal Web services. We describe the information architecture; the system design, implementation and monitoring; the document and content database; security aspects; and our deployment strategy, which ensured continual smooth operation of all systems at all times.
-
A new Information Architecture, Website and Services for the CMS Experiment
International Nuclear Information System (INIS)
Taylor, Lucas; Rusack, Eleanor; Zemleris, Vidmantas
2012-01-01
The age and size of the CMS collaboration at the LHC means it now has many hundreds of inhomogeneous web sites and services, and hundreds of thousands of documents. We describe a major initiative to create a single coherent CMS internal and public web site. This uses the Drupal web Content Management System (now supported by CERN/IT) on top of a standard LAMP stack (Linux, Apache, MySQL, and php/perl). The new navigation, content and search services are coherently integrated with numerous existing CERN services (CDS, EDMS, Indico, phonebook, Twiki) as well as many CMS internal Web services. We describe the information architecture; the system design, implementation and monitoring; the document and content database; security aspects; and our deployment strategy, which ensured continual smooth operation of all systems at all times.
-
A new information architecture, website and services for the CMS experiment
Energy Technology Data Exchange (ETDEWEB)
Taylor, Lucas [Fermilab; Rusack, Eleanor [Fermilab; Zemleris, Vidmantas [Vilnius U.
2012-01-01
The age and size of the CMS collaboration at the LHC means it now has many hundreds of inhomogeneous web sites and services, and hundreds of thousands of documents. We describe a major initiative to create a single coherent CMS internal and public web site. This uses the Drupal web Content Management System (now supported by CERN/IT) on top of a standard LAMP stack (Linux, Apache, MySQL, and php/perl). The new navigation, content and search services are coherently integrated with numerous existing CERN services (CDS, EDMS, Indico, phonebook, Twiki) as well as many CMS internal Web services. We describe the information architecture, the system design, implementation and monitoring, the document and content database, security aspects, and our deployment strategy, which ensured continual smooth operation of all systems at all times.
-
Network Architecture: lessons from the past, vision for the future
CERN. Geneva
2004-01-01
The Architectural Principles of the Internet have dominated the past decade. Orthogonal to the telecommunications industry principles, they dramatically changed the networking landscape because they relied on iconoclastic ideas. First, the Internet end-to-end principle, which stipulates that the network should intervene minimally on the end-to-end traffic, pushing the complexity to the end-systems. Second, the ban of centralized functions: all the Internet techniques (routing, DNS, management) are based on distributed, decentralized mechanisms. Third, the absolute domination of connectionless (stateless) protocols (as with IP, HTTTP). However, when facing new requirements: multimedia traffic, security, Grid applications, these principles appear sometimes as architectural barriers. Multimedia requires QoS guarantees, but stateless systems are not good at QoS. Security requires active, intelligent networks, but dumb routers or plain end-to-end mail systems are insufficient. Grid applications require...
-
Weaknesses of a dynamic identity based authentication protocol for multi-server architecture
Han, Weiwei
2012-01-01
Recently, Li et al. proposed a dynamic identity based authentication protocol for multi-server architecture. They claimed their protocol is secure and can withstand various attacks. But we found some security loopholes in the protocol. Accordingly, the current paper demonstrates that Li et al.'s protocol is vulnerable to the replay attack, the password guessing attack and the masquerade attack.
-
Scarioni, Carlo
2013-01-01
Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications
-
ATCA for Machines-- Advanced Telecommunications Computing Architecture
Energy Technology Data Exchange (ETDEWEB)
Larsen, R.S.; /SLAC
2008-04-22
The Advanced Telecommunications Computing Architecture is a new industry open standard for electronics instrument modules and shelves being evaluated for the International Linear Collider (ILC). It is the first industrial standard designed for High Availability (HA). ILC availability simulations have shown clearly that the capabilities of ATCA are needed in order to achieve acceptable integrated luminosity. The ATCA architecture looks attractive for beam instruments and detector applications as well. This paper provides an overview of ongoing R&D including application of HA principles to power electronics systems.
-
PLM support to architecture based development
DEFF Research Database (Denmark)
Bruun, Hans Peter Lomholt
, organisation, processes, etc. To identify, evaluate, and align aspects of these domains are necessary for developing the optimal layout of product architectures. It is stated in this thesis that architectures describe building principles for products, product families, and product programs, where this project...... and developing architectures can be difficult to manage, update, and maintain during development. The concept of representing product architectures in computer-based product information tools has though been central in this research, and in the creation of results. A standard PLM tool (Windchill PDMLink...... architectures in computer systems. Presented results build on research literature and experiences from industrial partners. Verification of the theory contributions, approaches, models, and tools, have been carried out in industrial projects, with promising results. This thesis describes the means for: (1...
-
Summarization of firewall architecture
International Nuclear Information System (INIS)
Wan Min; Gao Jianhua
2003-01-01
With the rapid development of the Internet, the attacks to the networks from the hackers are increasing considerably, and the topics concerning the network system security and firewall are becoming more and more active. A hot point is the firewall technology. This article mainly discusses the firewalls at data packet and application level, then combine them together in order to form a powerful and safe firewall architecture: the Screened Subnet and the Proxy Gateway Introduce structure of stream filtration in the technology of the firewall. (authors)
-
2014-01-01
Cloud computing has brought great benefits in cost and flexibility for provisioning services. The greatest challenge of cloud computing remains however the question of security. The current standard tools in access control mechanisms and cryptography can only partly solve the security challenges of cloud infrastructures. In the recent years of research in security and cryptography, novel mechanisms, protocols and algorithms have emerged that offer new ways to create secure services atop cloud...
-
A systematic approach for analysis and design of secure health information systems.
Blobel, B; Roger-France, F
2001-06-01
A toolset using object-oriented techniques including the nowadays popular unified modelling language (UML) approach has been developed to facilitate the different users' views for security analysis and design of health care information systems. Paradigm and concepts used are based on the component architecture of information systems and on a general layered security model. The toolset was developed in 1996/1997 within the ISHTAR project funded by the European Commission as well as through international standardisation activities. Analysing and systematising real health care scenarios, only six and nine use case types could be found in the health and the security-related view, respectively. By combining these use case types, the analysis and design of any thinkable system architecture can be simplified significantly. Based on generic schemes, the environment needed for both communication and application security can be established by appropriate sets of security services and mechanisms. Because of the importance and the basic character of electronic health care record (EHCR) systems, the understanding of the approach is facilitated by (incomplete) examples for this application.
-
Building Paradigms: Major Transformations in School Architecture (1798-2009)
Gislason, Neil
2009-01-01
This article provides an historical overview of significant trends in school architecture from 1798 to the present. I divide the history of school architecture into two major phases. The first period falls between 1798 and 1921: the modern graded classroom emerged as a standard architectural feature during this period. The second period, which…
-
An integrated architecture for the ITER RH control system
International Nuclear Information System (INIS)
Hamilton, David Thomas; Tesini, Alessandro
2012-01-01
Highlights: ► Control system architecture integrating ITER remote handling equipment systems. ► Standard control system architecture for remote handling equipment systems. ► Research and development activities to validate control system architecture. ► Standardization studies to select standard parts for control system architecture. - Abstract: The ITER remote handling (RH) system has been divided into 7 major equipment system procurements that deliver complete systems (operator interfaces, equipment controllers, and equipment) according to task oriented functional specifications. Each equipment system itself is an assembly of transporters, power manipulators, telemanipulators, vehicular systems, cameras, and tooling with a need for controllers and operator interfaces. From an operational perspective, the ITER RH systems are bound together by common control rooms, operations team, and maintenance team; and will need to achieve, to a varying degree, synchronization of operations, co-operation on tasks, hand-over of components, and sharing of data and resources. The separately procured RH systems must, therefore, be integrated to form a unified RH system for operation from the RH control rooms. The RH system will contain a heterogeneous mix of specially developed RH systems and off-the-shelf RH equipment and parts. The ITER Organization approach is to define a control system architecture that supports interoperable heterogeneous modules, and to specify a standard set of modules for each system to implement within this architecture. Compatibility with standard parts for selected modules is required to limit the complexity for operations and maintenance. A key requirement for integrating the control system modules is interoperability, and no module should have dependencies on the implementation details of other modules. The RH system is one of the ITER Plant systems that are integrated and coordinated through the hierarchical structure of the ITER CODAC system
-
Modeling and Security in Cloud Ecosystems
Directory of Open Access Journals (Sweden)
Eduardo B. Fernandez
2016-04-01
Full Text Available Clouds do not work in isolation but interact with other clouds and with a variety of systems either developed by the same provider or by external entities with the purpose to interact with them; forming then an ecosystem. A software ecosystem is a collection of software systems that have been developed to coexist and evolve together. The stakeholders of such a system need a variety of models to give them a perspective of the possibilities of the system, to evaluate specific quality attributes, and to extend the system. A powerful representation when building or using software ecosystems is the use of architectural models, which describe the structural aspects of such a system. These models have value for security and compliance, are useful to build new systems, can be used to define service contracts, find where quality factors can be monitored, and to plan further expansion. We have described a cloud ecosystem in the form of a pattern diagram where its components are patterns and reference architectures. A pattern is an encapsulated solution to a recurrent problem. We have recently expanded these models to cover fog systems and containers. Fog Computing is a highly-virtualized platform that provides compute, storage, and networking services between end devices and Cloud Computing Data Centers; a Software Container provides an execution environment for applications sharing a host operating system, binaries, and libraries with other containers. We intend to use this architecture to answer a variety of questions about the security of this system as well as a reference to design interacting combinations of heterogeneous components. We defined a metamodel to relate security concepts which is being expanded.
-
Secure and interoperable communication infrastructures for PPDR organisations
Müller, Wilmuth; Marques, Hugo; Pereira, Luis; Rodriguez, Jonathan; Brouwer, Frank; Bouwers, Bert; Politis, Ilias; Lykourgiotis, Asimakis; Ladas, Alexandros; Adigun, Olayinka; Jelenc, David
2016-05-01
The growing number of events affecting public safety and security (PS&S) on a regional scale with potential to grow up to large scale cross border disasters puts an increased pressure on agencies and organisation responsible for PS&S. In order to respond timely and in an adequate manner to such events, Public Protection and Disaster Relief (PPDR) organisations need to cooperate, align their procedures and activities, share the needed information and be interoperable. Existing PPDR/PMR technologies such as TETRA, TETRAPOL or P25, do not currently provide broadband capability nor is expected such technologies to be upgraded in the future. This presents a major limitation in supporting new services and information flows. Furthermore, there is no known standard that addresses interoperability of these technologies. In this contribution the design of a next generation communication infrastructure for PPDR organisations which fulfills the requirements of secure and seamless end-to-end communication and interoperable information exchange within the deployed communication networks is presented. Based on Enterprise Architecture of PPDR organisations, a next generation PPDR network that is backward compatible with legacy communication technologies is designed and implemented, capable of providing security, privacy, seamless mobility, QoS and reliability support for mission-critical Private Mobile Radio (PMR) voice and broadband data services. The designed solution provides a robust, reliable, and secure mobile broadband communications system for a wide variety of PMR applications and services on PPDR broadband networks, including the ability of inter-system, interagency and cross-border operations with emphasis on interoperability between users in PMR and LTE.
-
Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models
National Research Council Canada - National Science Library
Mead, Nancy R; Viswanathan, Venkatesh; Padmanabhan, Deepa; Raveendran, Anusha
2008-01-01
...). This report is for information technology managers and security professionals, management personnel with technical and information security knowledge, and any personnel who manage security-critical...
-
Avoid Disaster: Use Firewalls for Inter-Intranet Security.
Charnetski, J. R.
1998-01-01
Discusses the use of firewalls for library intranets, highlighting the move from mainframes to PCs, security issues and firewall architecture, and operating systems. Provides a glossary of basic networking terms and a bibliography of suggested reading. (PEN)
-
International Nuclear Information System (INIS)
Scheepers, M.J.J.; Van Werven, M.J.N.; Seebregts, A.J.; Poort, J.P.; De Nooij, M.; Baarsma, B.E.
2004-05-01
The development and use of a minimum reliability standard in the Dutch electricity market to guarantee an adequate balance between electricity demand and supply in the longer term are discussed. This standard can be based on the duration of a power outage and the related costs for society relative to the costs to prevent the power outage. The reliability standard can be translated in an adequacy standard when the reliability of foreign electricity supply to the Dutch market is taken into account. With a theoretical analysis and an assessment of the use of standards in foreign electricity markets and other sectors this study provides a survey of the use of standards in securing public interests. In electricity markets reliability standards can be used obligatory or only to inform market participants of the adequacy of supply preferred by consumers. If no standard is used, the market should rely on the economic incentives provided by contracts and liability. This study proposes to use a reliability standard for calculating the required generation capacity in an ex-ante market analysis using different future scenarios. On the basis of several market indicators, expected market developments can be monitored. Assessment of the market developments relative to the required generation capacity will give a signal to market participants with respect to the expected adequacy in the longer term (7 to 10 years). The assessment and the resulting signal should help to improve market transparency and assist producers, suppliers and consumers in their decisions towards an effective and efficient response on long-term market developments. Market monitoring results can be used by the government to take specific action, if necessary, to reduce barriers to invest. However, more general policy measures should not be linked to the monitoring results since this could provoke strategic behaviour [nl
-
Comparison and status of 32 bit backplane bus architectures
International Nuclear Information System (INIS)
Muller, K.D.
1985-01-01
With the introduction of 32 bit microprocessors several new 32 bit backplane bus architectures have been developed and are in the process for standardization. Among these are Future Bus (IEEE P896.1), VME-Bus (IEEE 1014), MULTIBUS II, Nu-Bus and Fastbus (IEEE 960). The paper describes and compares the main features of these bus architectures and mentions the status of national and international standardization efforts
-
CLOUD SECURITY AND COMPLIANCE - A SEMANTIC APPROACH IN END TO END SECURITY
Kalaiprasath, R.; Elankavi, R.; Udayakumar, R.
2017-01-01
The Cloud services are becoming an essential part of many organizations. Cloud providers have to adhere to security and privacy policies to ensure their users' data remains confidential and secure. Though there are some ongoing efforts on developing cloud security standards, most cloud providers are implementing a mish-mash of security and privacy controls. This has led to confusion among cloud consumers as to what security measures they should expect from the cloud services, and whether thes...
-
Directory of Open Access Journals (Sweden)
Radu CONSTANTINESCU
2006-01-01
Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.
-
ATCA for Machines-- Advanced Telecommunications Computing Architecture
International Nuclear Information System (INIS)
Larsen, R
2008-01-01
The Advanced Telecommunications Computing Architecture is a new industry open standard for electronics instrument modules and shelves being evaluated for the International Linear Collider (ILC). It is the first industrial standard designed for High Availability (HA). ILC availability simulations have shown clearly that the capabilities of ATCA are needed in order to achieve acceptable integrated luminosity. The ATCA architecture looks attractive for beam instruments and detector applications as well. This paper provides an overview of ongoing R and D including application of HA principles to power electronics systems
-
Support for Multi-Level Security Policies in DRM Architectures
Tanenbaum, A.S.; Popescu, B.C.; Crispo, B.; Hempelmann, C.F.; Raskin, V.
2004-01-01
Digital rights management systems allow copyrighted content to be commercialized in digital format without the risk of revenue loss due to piracy. Making such systems secure is no easy task, given that content needs to be protected while accessed through electronic devices in the hands of
-
Security Issues Model on Cloud Computing: A Case of Malaysia
Komeil Raisian; Jamaiah Yahaya
2015-01-01
By developing the cloud computing, viewpoint of many people regarding the infrastructure architectures, software distribution and improvement model changed significantly. Cloud computing associates with the pioneering deployment architecture, which could be done through grid calculating, effectiveness calculating and autonomic calculating. The fast transition towards that, has increased the worries regarding a critical issue for the effective transition of cloud computing. From the security v...
-
Integrated Nationwide Electronic Health Records system: Semi-distributed architecture approach.
Fragidis, Leonidas L; Chatzoglou, Prodromos D; Aggelidis, Vassilios P
2016-11-14
The integration of heterogeneous electronic health records systems by building an interoperable nationwide electronic health record system provides undisputable benefits in health care, like superior health information quality, medical errors prevention and cost saving. This paper proposes a semi-distributed system architecture approach for an integrated national electronic health record system incorporating the advantages of the two dominant approaches, the centralized architecture and the distributed architecture. The high level design of the main elements for the proposed architecture is provided along with diagrams of execution and operation and data synchronization architecture for the proposed solution. The proposed approach effectively handles issues related to redundancy, consistency, security, privacy, availability, load balancing, maintainability, complexity and interoperability of citizen's health data. The proposed semi-distributed architecture offers a robust interoperability framework without healthcare providers to change their local EHR systems. It is a pragmatic approach taking into account the characteristics of the Greek national healthcare system along with the national public administration data communication network infrastructure, for achieving EHR integration with acceptable implementation cost.
-
Secure Sessions for Web Services
Reiter, M.; Bhargavan, K.; Corin, R.J.; Fournet, C.; Gordon, A.D.
2007-01-01
We address the problem of securing sequences of SOAP messages exchanged between web services and their clients. The WS-Security standard defines basic mechanisms to secure SOAP traffic, one message at a time. For typical web services, however, using WS-Security independently for each message is
-
Network perimeter security building defense in-depth
Riggs, Cliff
2003-01-01
PREFACEWho is this Book For?The Path to Network SecurityWho Should Read This Book?MANAGING NETWORK SECURITYThe Big Picture: Security Policies from A to ZAdministrative CountermeasuresPhysical CountermeasuresTechnological CountermeasuresCreating the Security Standards DocumentCreating the Configuration Guide DocumentPulling it All Together: Sample Security Policy CreationProteris Security Standards and ProceduresTHE NETWORK STACK AND SECURITYConnecting the NetworkProtocolsServers and HostsCRYPTOGRAPHY AND VPN TERMINOLOGYKeysCertificatesHashingDigital SignaturesCommon Encryption AlgorithmsSplit
-
Information architecture. Volume 1, The foundations
Energy Technology Data Exchange (ETDEWEB)
NONE
1995-03-01
The Information Management Planning and Architecture Coordinating Team was formed to establish an information architecture framework to meet DOE`s current and future information needs. This department- wide activity was initiated in accordance with the DOE Information Management Strategic Plan; it also supports the Departmental Strategic Plan. It recognizes recent changes in emphasis as reflected in OMB Circular A-130 and the Information Resources Management Planning Process Improvement Team recommendations. Sections of this document provides the foundation for establishing DOE`s Information Architecture: Background, Business Case (reduced duplication of effort, increased integration of activities, improved operational capabilities), Baseline (technology baseline currently in place within DOE), Vision (guiding principles for future DOE Information Architecture), Standards Process, Policy and Process Integration (describes relations between information architecture and business processes), and Next Steps. Following each section is a scenario. A glossary of terms is provided.
-
Architecture Studio Learning: Strategy to Achieve Architects Competence
Directory of Open Access Journals (Sweden)
Saifudin Mutaqi Ahmad
2018-01-01
Full Text Available In most Schools of Architecture, Architecture Studio is at the core of the architectural learning process. In the process, students are trained to have the skills of architectonic spaces design based on the study of the site, its function, and its aesthetics. Students are also trained to have awareness and understanding about the impact of their design on the surrounding environment, both physically and socially. Also, students are trained to present their designs in various forms such as visual graphics, verbal narratives, and three dimensional model animations. Indonesian Association of School of Architecture (APTARI Asosiasi Perguruan Tinggi Arsitektur Indonesia and Indonesian Institute of Architects (IAI - Ikatan Arsitek Indonesia has formulated an education Standards, Curriculum, and Achievements of Architect Professional Program to be referred by Ministry of Research, Technology, and Higher Education (KEMENRISTEKDIKTI – Kementerian Riset, Teknologi, danPerguruanTinggi as the guidance for the implementation of Architect Professional Program (PPA - Pendidikan Profesi Arsitek in Indonesia. One of the eight recommendations is the PPA Content Standard which contains the learning for the achievement of IAI Architect Competencies through the recommended study materials. However, the recommended study materials did not indicate the activity of the Architecture Studio learning model (Final Report of APTARI Part II and IAI. Will architect’s competence be achieved if the learning process withoutarchitectural studio learning model? The formulation of the curriculum that is developed independently by the IAI recommends the learning of Architectural Studio as Professional Studio. The size of the SKS is large enough to enable someone who follows the lesson to intensively gain experience in designing the building as a real architectural work. This Architecture Studio learning model is interpreted by PPAr organizer universities with various forms
-
2013-06-01
widgets for an OA system Design-time architecture: Browser, email, widget, DB, OS Go ogle Instance architecture: Chrome, Gmail, Google...provides functionally similar components or applications compatible with an OA system design Firefox Browser, WP, calendar Opera Instance...architecture: Firefox , AbiWord, Evolution, Fedora GPL Ab1Word Google Docs Instance ardlitecture: Fire fox, OR Google cal., Google Docs, Fedora
-
Essential Layers, Artifacts, and Dependencies of Enterprise Architecture
Winter, Robert; Fischer, Ronny
2007-01-01
After a period where implementation speed was more important than integration, consistency and reduction of complexity, architectural considerations have become a key issue of information management in recent years again. Enterprise architecture is widely accepted as an essential mechanism for ensuring agility and consistency, compliance and efficiency. Although standards like TOGAF and FEAF have developed, however, there is no common agreement on which architecture layers, which artifact typ...
-
Towards adaptive security for convergent wireless sensor networks in beyond 3G environments
DEFF Research Database (Denmark)
Mitseva, Anelia; Aivaloglou, Efthimia; Marchitti, Maria-Antonietta
2010-01-01
The integration of wireless sensor networks with different network systems gives rise to many research challenges to ensure security, privacy and trust in the overall architecture. The main contribution of this paper is a generic security, privacy and trust framework providing context-aware adapt...
-
Software Defined Radio Architecture Contributions to Next Generation Space Communications
Kacpura, Thomas J.; Eddy, Wesley M.; Smith, Carl R.; Liebetreu, John
2015-01-01
systems, as well as those communications and navigation systems operated by international space agencies and civilian and government agencies. In this paper, we review the philosophies, technologies, architectural attributes, mission services, and communications capabilities that form the structure of candidate next-generation integrated communication architectures for space communications and navigation. A key area that this paper explores is from the development and operation of the software defined radio for the NASA Space Communications and Navigation (SCaN) Testbed currently on the International Space Station (ISS). Evaluating the lessons learned from development and operation feed back into the communications architecture. Leveraging the reconfigurability provides a change in the way that operations are done and must be considered. Quantifying the impact on the NASA Space Telecommunications Radio System (STRS) software defined radio architecture provides feedback to keep the standard useful and up to date. NASA is not the only customer of these radios. Software defined radios are developed for other applications, and taking advantage of these developments promotes an architecture that is cost effective and sustainable. Developments in the following areas such as an updated operating environment, higher data rates, networking and security can be leveraged. The ability to sustain an architecture that uses radios for multiple markets can lower costs and keep new technology infused.
-
CisLunar Habitat Internal Architecture Design Criteria
Jones, R.; Kennedy, K.; Howard, R.; Whitmore, M.; Martin, C.; Garate, J.
2017-01-01
BACKGROUND: In preparation for human exploration to Mars, there is a need to define the development and test program that will validate deep space operations and systems. In that context, a Proving Grounds CisLunar habitat spacecraft is being defined as the next step towards this goal. This spacecraft will operate differently from the ISS or other spacecraft in human history. The performance envelope of this spacecraft (mass, volume, power, specifications, etc.) is being defined by the Future Capabilities Study Team. This team has recognized the need for a human-centered approach for the internal architecture of this spacecraft and has commissioned a CisLunar Phase-1 Habitat Internal Architecture Study Team to develop a NASA reference configuration, providing the Agency with a "smart buyer" approach for future acquisition. THE CISLUNAR HABITAT INTERNAL ARCHITECTURE STUDY: Overall, the CisLunar Habitat Internal Architecture study will address the most significant questions and risks in the current CisLunar architecture, habitation, and operations concept development. This effort is achieved through definition of design criteria, evaluation criteria and process, design of the CisLunar Habitat Phase-1 internal architecture, and the development and fabrication of internal architecture concepts combined with rigorous and methodical Human-in-the-Loop (HITL) evaluations and testing of the conceptual innovations in a controlled test environment. The vision of the CisLunar Habitat Internal Architecture Study is to design, build, and test a CisLunar Phase-1 Habitat Internal Architecture that will be used for habitation (e.g. habitability and human factors) evaluations. The evaluations will mature CisLunar habitat evaluation tools, guidelines, and standards, and will interface with other projects such as the Advanced Exploration Systems (AES) Program integrated Power, Avionics, Software (iPAS), and Logistics for integrated human-in-the-loop testing. The mission of the Cis
-
Architectural transformations in network services and distributed systems
Luntovskyy, Andriy
2017-01-01
With the given work we decided to help not only the readers but ourselves, as the professionals who actively involved in the networking branch, with understanding the trends that have developed in recent two decades in distributed systems and networks. Important architecture transformations of distributed systems have been examined. The examples of new architectural solutions are discussed. Content Periodization of service development Energy efficiency Architectural transformations in Distributed Systems Clustering and Parallel Computing, performance models Cloud Computing, RAICs, Virtualization, SDN Smart Grid, Internet of Things, Fog Computing Mobile Communication from LTE to 5G, DIDO, SAT-based systems Data Security Guaranteeing Distributed Systems Target Groups Students in EE and IT of universities and (dual) technical high schools Graduated engineers as well as teaching staff About the Authors Andriy Luntovskyy provides classes on networks, mobile communication, software technology, distributed systems, ...
-
EAES: Extended Advanced Encryption Standard with Extended Security
Directory of Open Access Journals (Sweden)
Abul Kalam Azad
2018-05-01
Full Text Available Though AES is the highest secure symmetric cipher at present, many attacks are now effective against AES too which is seen from the review of recent attacks of AES. This paper describes an extended AES algorithm with key sizes of 256, 384 and 512 bits with round numbers of 10, 12 and 14 respectively. Data block length is 128 bits, same as AES. But unlike AES each round of encryption and decryption of this proposed algorithm consists of five stages except the last one which consists of four stages. Unlike AES, this algorithm uses two different key expansion algorithms with two different round constants that ensure higher security than AES. Basically, this algorithm takes one cipher key and divides the selected key of two separate sub-keys: FirstKey and SecondKey. Then expand them through two different key expansion schedules. Performance analysis shows that the proposed extended AES algorithm takes almost same amount of time to encrypt and decrypt the same amount of data as AES but with higher security than AES.
-
A protect solution for data security in mobile cloud storage
Yu, Xiaojun; Wen, Qiaoyan
2013-03-01
It is popular to access the cloud storage by mobile devices. However, this application suffer data security risk, especial the data leakage and privacy violate problem. This risk exists not only in cloud storage system, but also in mobile client platform. To reduce the security risk, this paper proposed a new security solution. It makes full use of the searchable encryption and trusted computing technology. Given the performance limit of the mobile devices, it proposes the trusted proxy based protection architecture. The design basic idea, deploy model and key flows are detailed. The analysis from the security and performance shows the advantage.
-
SCONES: Secure Content-Oriented Networking for Exploring Space, Phase I
National Aeronautics and Space Administration — We envision a secure content-oriented internetwork as a natural generalization of the cache-and-forward architecture inherent in delay-tolerant networks. Using our...
-
Architecture for the Secret-Key BC3 Cryptography Algorithm
Directory of Open Access Journals (Sweden)
Arif Sasongko
2014-11-01
Full Text Available Cryptography is a very important aspect in data security. The focus of research in this field is shifting from merely security aspect to consider as well the implementation aspect. This paper aims to introduce BC3 algorithm with focus on its hardware implementation. It proposes an architecture for the hardware implementation for this algorithm. BC3 algorithm is a secret-key cryptography algorithm developed with two considerations: robustness and implementation efficiency. This algorithm has been implemented on software and has good performance compared to AES algorithm. BC3 is improvement of BC2 and AE cryptographic algorithm and it is expected to have the same level of robustness and to gain competitive advantages in the implementation aspect. The development of the architecture gives much attention on (1 resource sharing and (2 having single clock for each round. It exploits regularity of the algorithm. This architecture is then implemented on an FPGA. This implementation is three times smaller area than AES, but about five times faster. Furthermore, this BC3 hardware implementation has better performance compared to BC3 software both in key expansion stage and randomizing stage. For the future, the security of this implementation must be reviewed especially against side channel attack.
-
A case for avoiding security-enhanced HTTP tools to improve security for Web-based applications
Energy Technology Data Exchange (ETDEWEB)
Wood, B.
1996-03-01
This paper describes some of the general weaknesses of the current popular Hypertext Transmission Protocol (HTTP) security standards and products in an effort to show that these standards are not appealing for many applications. The author will then show how one can treat HTTP browsers and servers as untrusted elements in the network so that one can rely on other mechanisms to achieve better overall security than can be attained through today`s security-enhanced HTTP tools.
-
Layered distributed architecture for plant automation
International Nuclear Information System (INIS)
Aravamuthan, G.; Verma, Yachika; Ranjan, Jyoti; Chachondia, Alka S.; Ganesh, G.
2005-01-01
The development of plant automation system and associated software remains one of the greatest challenges to the widespread implementation of highly adaptive re-configurable automation technology. This paper presents a layered distributed architecture for a plant automation system designed to support rapid reconfiguration and redeployment of automation components. The paper first presents evolution of automation architecture and their associated environment in the past few decades and then presents the concept of layered system architecture and the use of automation components to support the construction of a wide variety of automation system. It also highlights the role of standards and technology, which can be used in the development of automation components. We have attempted to adhere to open standards and technology for the development of automation component at a various layers. It also highlights the application of this concept in the development of an Operator Information System (OIS) for Advanced Heavy Water Reactor (AHWR). (author)