WorldWideScience

Sample records for cabig security whitepaper

  1. Telematics Strategy for Automobile Insurers : Whitepaper

    OpenAIRE

    Paefgen, Johannes; Fleisch, Elgar; Staake, Thorsten; Ackermann, Lukas; Best, Jonas; Egli, Lukas

    2013-01-01

    This whitepaper investigates the business implications telematics services and Pay-as-you-drive (PAYD) insurance in particular, from the perspective of automobile insurance providers. Specifically, it discusses - the PROFITABILITY and competitive dynamics of PAYD insurance, - a simplified BUSINESS CASE for a new market entrant with a PAYD product, - the present STRUCTURE OF INTERNATIONAL MARKETS for insurance telematics services, - DRIVERS AND BARRIERS for the focus markets Swit...

  2. ASC Predictive Science Academic Alliance Program Verification and Validation Whitepaper

    Energy Technology Data Exchange (ETDEWEB)

    Klein, R; Graziani, F; Trucano, T

    2006-03-31

    The purpose of this whitepaper is to provide a framework for understanding the role that verification and validation (V&V) are expected to play in successful ASC Predictive Science Academic Alliance (PSAA) Centers and projects. V&V have been emphasized in the recent specification of the PSAA (NNSA, 2006): (1) The resulting simulation models lend themselves to practical verification and validation methodologies and strategies that should include the integrated use of experimental and/or observational data as a key part of model and sub-model validation, as well as demonstrations of numerical convergence and accuracy for code verification. (2) Verification, validation and prediction methodologies and results must be much more strongly emphasized as research topics and demonstrated via the proposed simulations. (3) It is mandatory that proposals address the following two topics: (a) Predictability in science & engineering; and (b) Verification & validation strategies for large-scale simulations, including quantification of uncertainty and numerical convergence. We especially call attention to the explicit coupling of computational predictability and V&V in the third bullet above. In this whitepaper we emphasize this coupling, and provide concentrated guidance for addressing item 2. The whitepaper has two main components. First, we provide a brief and high-level tutorial on V&V that emphasizes critical elements of the program. Second, we state a set of V&V-related requirements that successful PSAA proposals must address.

  3. Development of the Lymphoma Enterprise Architecture Database: a caBIG Silver level compliant system.

    Science.gov (United States)

    Huang, Taoying; Shenoy, Pareen J; Sinha, Rajni; Graiser, Michael; Bumpers, Kevin W; Flowers, Christopher R

    2009-01-01

    Lymphomas are the fifth most common cancer in United States with numerous histological subtypes. Integrating existing clinical information on lymphoma patients provides a platform for understanding biological variability in presentation and treatment response and aids development of novel therapies. We developed a cancer Biomedical Informatics Grid (caBIG) Silver level compliant lymphoma database, called the Lymphoma Enterprise Architecture Data-system (LEAD), which integrates the pathology, pharmacy, laboratory, cancer registry, clinical trials, and clinical data from institutional databases. We utilized the Cancer Common Ontological Representation Environment Software Development Kit (caCORE SDK) provided by National Cancer Institute's Center for Bioinformatics to establish the LEAD platform for data management. The caCORE SDK generated system utilizes an n-tier architecture with open Application Programming Interfaces, controlled vocabularies, and registered metadata to achieve semantic integration across multiple cancer databases. We demonstrated that the data elements and structures within LEAD could be used to manage clinical research data from phase 1 clinical trials, cohort studies, and registry data from the Surveillance Epidemiology and End Results database. This work provides a clear example of how semantic technologies from caBIG can be applied to support a wide range of clinical and research tasks, and integrate data from disparate systems into a single architecture. This illustrates the central importance of caBIG to the management of clinical and biological data. PMID:19492074

  4. CERN openlab Whitepaper on Future IT Challenges in Scientific Research

    CERN Document Server

    Di Meglio, Alberto; Purcell, Andrew

    2014-01-01

    This whitepaper describes the major IT challenges in scientific research at CERN and several other European and international research laboratories and projects. Each challenge is exemplified through a set of concrete use cases drawn from the requirements of large-scale scientific programs. The paper is based on contributions from many researchers and IT experts of the participating laboratories and also input from the existing CERN openlab industrial sponsors. The views expressed in this document are those of the individual contributors and do not necessarily reflect the view of their organisations and/or affiliates.

  5. The Cancer Biomedical Informatics Grid (caBIG™) Security Infrastructure

    OpenAIRE

    Langella, Stephen; Oster, Scott; Hastings, Shannon; Siebenlist, Frank; Phillips, Joshua; Ervin, David; Permar, Justin; Kurc, Tahsin; Saltz, Joel

    2007-01-01

    Security is a high priority issue in medical domain, because many institutions performing biomedical research work with sensitive medical data regularly. This issue becomes more complicated, when it is desirable or needed to access and analyze data in a multi-institutional setting. In the NCI cancer Biomedical Informatics Grid (caBIG™) program, several security issues were raised that existing security technologies could not address. Considering caBIG is envisioned to span a large number of c...

  6. Astro2010 Decadal Survey Whitepaper: Coordinated Science in the Gravitational and Electromagnetic Skies

    CERN Document Server

    Bloom, Joshua S; Hughes, Scott A; Menou, Kristen; Adams, Allan; Anderson, Scott F; Becker, Andy; Bower, Geoffrey C; Brandt, Niel; Cobb, Bethany; Cook, Kem; Corsi, Alessandra; Covino, Stefano; Fox, Derek; Fruchter, Andrew; Fryer, Chris; Grindlay, Jonathan; Hartmann, Dieter; Haiman, Zoltan; Kocsis, Bence; Jones, Lynne; Loeb, Abraham; Marka, Szabolcs; Metzger, Brian; Nakar, Ehud; Nissanke, Samaya; Perley, Daniel A; Piran, Tsvi; Poznanski, Dovi; Prince, Tom; Schnittman, Jeremy; Soderberg, Alicia; Strauss, Michael; Shawhan, Peter S; Shoemaker, David H; Sievers, Jonathan; Stubbs, Christopher; Tagliaferri, Gianpiero; Ubertini, Pietro; Wozniak, Przemyslaw

    2009-01-01

    It is widely expected that the coming decade will witness the first direct detection of gravitational waves (GWs). The ground-based LIGO and Virgo GW observatories are being upgraded to advanced sensitivity, and are expected to observe a significant binary merger rate. The launch of The Laser Interferometer Space Antenna (LISA) would extend the GW window to low frequencies, opening new vistas on dynamical processes involving massive (M >~ 10^5 M_Sun) black holes. GW events are likely to be accompanied by electromagnetic (EM) counterparts and, since information carried electromagnetically is complementary to that carried gravitationally, a great deal can be learned about an event and its environment if it becomes possible to measure both forms of radiation in concert. Measurements of this kind will mark the dawn of trans-spectral astrophysics, bridging two distinct spectral bands of information. The aim of this whitepaper is to articulate future directions in both theory and observation that are likely to impa...

  7. US National Climate Assessment (NCA) Scenarios for Assessing Our Climate Future: Issues and Methodological Perspectives Background Whitepaper for Participants

    Energy Technology Data Exchange (ETDEWEB)

    Moss, Richard H.; Engle, Nathan L.; Hall, John; Jacobs, Kathy; Lempert, Rob; Mearns, L. O.; Melillo, Jerry; Mote, Phil; O' Brien, Sheila; Rosenzweig, C.; Ruane, Alex; Sheppard, Stephen; Vallario, Robert W.; Wiek, Arnim; Wilbanks, Thomas

    2011-10-01

    This whitepaper is intended to provide a starting point for discussion at a workshop for the National Climate Assessment (NCA) that focuses on the use and development of scenarios. The paper will provide background needed by participants in the workshop in order to review options for developing and using scenarios in NCA. The paper briefly defines key terms and establishes a conceptual framework for developing consistent scenarios across different end uses and spatial scales. It reviews uses of scenarios in past U.S. national assessments and identifies potential users of and needs for scenarios for both the report scheduled for release in June 2013 and to support an ongoing distributed assessment process in sectors and regions around the country. Because scenarios prepared for the NCA will need to leverage existing research, the paper takes account of recent scientific advances and activities that could provide needed inputs. Finally, it considers potential approaches for providing methods, data, and other tools for assessment participants. We note that the term 'scenarios' has many meanings. An important goal of the whitepaper (and portions of the workshop agenda) is pedagogical (i.e., to compare different meanings and uses of the term and make assessment participants aware of the need to be explicit about types and uses of scenarios). In climate change research, scenarios have been used to establish bounds for future climate conditions and resulting effects on human and natural systems, given a defined level of greenhouse gas emissions. This quasi-predictive use contrasts with the way decision analysts typically use scenarios (i.e., to consider how robust alternative decisions or strategies may be to variation in key aspects of the future that are uncertain). As will be discussed, in climate change research and assessment, scenarios describe a range of aspects of the future, including major driving forces (both human activities and natural processes

  8. Security

    Science.gov (United States)

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  9. Sensor Compendium - A Snowmass Whitepaper-

    Energy Technology Data Exchange (ETDEWEB)

    Artuso, M. [Syracuse Univ., NY (United States); Battaglia, M. [Univ. of California, Santa Cruz, CA (United States); Bolla, G. [Purdue Univ., West Lafayette, IN (United States); Bortoletto, D. [Purdue Univ., West Lafayette, IN (United States); Caberera, B. [Stanford Univ., CA (United States); Carlstrom, J E [Univ. of Chicago, IL (United States); Argonne National Lab. (ANL), Argonne, IL (United States); Chang, C. L. [Univ. of Chicago, IL (United States); Argonne National Lab. (ANL), Argonne, IL (United States); Cooper, W. [Fermi National Accelerator Lab. (FNAL), Batavia, IL (United States); Da Via, C. [Univ. of Manchester (United Kingdom); Demarteau, M. [Argonne National Lab. (ANL), Argonne, IL (United States); Fast, J. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Frisch, H. [Univ. of Chicago, IL (United States), et al.

    2013-10-01

    Sensors play a key role in detecting both charged particles and photons for all three frontiers in Particle Physics. The signals from an individual sensor that can be used include ionization deposited, phonons created, or light emitted from excitations of the material. The individual sensors are then typically arrayed for detection of individual particles or groups of particles. Mounting of new, ever higher performance experiments, often depend on advances in sensors in a range of performance characteristics. These performance metrics can include position resolution for passing particles, time resolution on particles impacting the sensor, and overall rate capabilities. In addition the feasible detector area and cost frequently provides a limit to what can be built and therefore is often another area where improvements are important. Finally, radiation tolerance is becoming a requirement in a broad array of devices. We present a status report on a broad category of sensors, including challenges for the future and work in progress to solve those challenges.

  10. Alternative security

    International Nuclear Information System (INIS)

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  11. Financial security

    NARCIS (Netherlands)

    M. de Goede

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  12. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  13. The caBIG annotation and image Markup project.

    Science.gov (United States)

    Channin, David S; Mongkolwat, Pattanasak; Kleper, Vladimir; Sepukar, Kastubh; Rubin, Daniel L

    2010-04-01

    Image annotation and markup are at the core of medical interpretation in both the clinical and the research setting. Digital medical images are managed with the DICOM standard format. While DICOM contains a large amount of meta-data about whom, where, and how the image was acquired, DICOM says little about the content or meaning of the pixel data. An image annotation is the explanatory or descriptive information about the pixel data of an image that is generated by a human or machine observer. An image markup is the graphical symbols placed over the image to depict an annotation. While DICOM is the standard for medical image acquisition, manipulation, transmission, storage, and display, there are no standards for image annotation and markup. Many systems expect annotation to be reported verbally, while markups are stored in graphical overlays or proprietary formats. This makes it difficult to extract and compute with both of them. The goal of the Annotation and Image Markup (AIM) project is to develop a mechanism, for modeling, capturing, and serializing image annotation and markup data that can be adopted as a standard by the medical imaging community. The AIM project produces both human- and machine-readable artifacts. This paper describes the AIM information model, schemas, software libraries, and tools so as to prepare researchers and developers for their use of AIM. PMID:19294468

  14. LTE security

    CERN Document Server

    Forsberg, Dan; Moeller, Wolf-Dietrich

    2010-01-01

    Addressing the security solutions for LTE, a cellular technology from Third Generation Partnership Project (3GPP), this book shows how LTE security substantially extends GSM and 3G security. It also encompasses the architectural aspects, known as SAE, to give a comprehensive resource on the topic. Although the security for SAE/LTE evolved from the security for GSM and 3G, due to different architectural and business requirements of fourth generation systems the SAE/LTE security architecture is substantially different from its predecessors. This book presents in detail the security mechanisms em

  15. Security Expertise

    DEFF Research Database (Denmark)

    This volume brings together scholars from different fields to explore the power, consequences and everyday practices of security expertise. Expertise mediates between different forms of knowledge: scientific and technological, legal, economic and political knowledge. This book offers the first...... systematic study of security expertise and opens up a productive dialogue between science and technology studies and security studies to investigate the character and consequences of this expertise. In security theory, the study of expertise is crucial to understanding whose knowledge informs security making...... and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think...

  16. Being Secure

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    As the world wrestles with challenges from nontraditional security threats, a new concept of security management is emerging Security has traditionally been seen as the means of defending a territory, primarily through the use of military power. However, as the world evolves through the process of globalization, so too does the concept of security. It now incorporates military, political, economic, societal and environmental issues, as well as the many links that bind them. Yet for most people in the wor...

  17. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  18. Securities lending

    OpenAIRE

    Paul C. Lipson; Sabel, Bradley K.; Frank M. Keane

    2012-01-01

    This paper, originally released in August 1989 as part of a Federal Reserve Bank of New York series on the U.S. securities markets, examines loans of Treasury and agency securities in the domestic market. It highlights some important institutional characteristics of securities loan transactions, in particular the common use of agents to arrange the terms of the loans. While we note that this characteristic sets securities lending apart from most repurchase agreement (repo) transactions, which...

  19. Node security

    CERN Document Server

    Barnes, Dominic

    2013-01-01

    A practical and fast-paced guide that will give you all the information you need to secure your Node applications.If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

  20. Security Locks

    Science.gov (United States)

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions affected--perhaps the…

  1. Security studies

    International Nuclear Information System (INIS)

    The so called 'Security Studies' constitute one of the major tools for evaluating the provisions implemented at facilities to protect and control nuclear material (NM) against unauthorized removal. Operators use security studies to demonstrate that they are complying with objectives set by the Competent Authority to counter internal or external acts aimed at unauthorized removal of nuclear material. The paper presents the context of security studies carried out in France. (author)

  2. Grid Security

    CERN Document Server

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  3. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  4. Security management

    International Nuclear Information System (INIS)

    Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP)

  5. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  6. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  7. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  8. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  9. Network Security

    CERN Document Server

    Huang, Scott; Du, Ding-Zhu

    2010-01-01

    This book provides a reference tool for the increasing number of the scientists whose research is related to sensor network security. The book is organized into several sections, each including some chapters exploring a specific topic. Network security is attracting great attention and there are many research topics waiting to be studied. In this book, the topics covered include network design and modeling, network management, data management, security and applications. The aim, intent, and motivation of this book is to provide a reference tool for the increasing number of scientists whose res

  10. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  11. Secure PVM

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  12. Wireless Security

    CERN Document Server

    Osterhage, Wolfgang

    2011-01-01

    In the wake of the growing use of wireless communications, new types of security risks have evolved. Wireless Security covers the major topic of wireless communications with relevance both to organizations and private users. The technological background of these applications and protocols is laid out and presented in detail. Special emphasis is placed on the IEEE 802.11x-Standards that have been introduced for WLAN technology. Other technologies covered besides WLAN include: mobile phones, bluetooth and infrared. In each chapter a major part is devoted to security risks and provisions includin

  13. European Security

    DEFF Research Database (Denmark)

    Møller, Bjørn

    Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"...

  14. Energy Security

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    With an increasing number of countries becoming industrialized, energy, the so-called blood of modern economies, is becoming increasingly important Energy security has become an important factor that directly influences world economic stability and international relations. In an article posted on People's Daily Online, Liu Jianfei, professor at the International Strategic Research Center of the Party School of the Central Committee of the Communist Party of China, shares his opinions on energy security.

  15. Privatising Security

    OpenAIRE

    Irina Mindova-Docheva

    2016-01-01

    The article proposes an analysis of the different approaches towards employing the international legal framework in the regulation and oversight of private military and security companies’ operation in armed conflicts and in peace time security systems. It proposes a partnership-based approach for public and private actors aiming at creating and sharing common values under the principles of solidarity, protection of human rights and rule of law. A focus of further research shou...

  16. Secure portal.

    Energy Technology Data Exchange (ETDEWEB)

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing

  17. Food security

    OpenAIRE

    Dorina Ardelean

    2011-01-01

    The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks); redistribution of food availability within the country or out through internationa...

  18. FOOD SECURITY

    Directory of Open Access Journals (Sweden)

    Dorina Ardelean

    2013-12-01

    Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

  19. Security an introduction

    CERN Document Server

    Purpura, Philip P

    2011-01-01

    Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

  20. Security and Security Complex: Operational Concepts

    Directory of Open Access Journals (Sweden)

    Luis Tomé

    2010-01-01

    Full Text Available Security is one of the most ambiguous, contested, and debated ideas in the conceptual framework of international relations. The "traditional" perspective has been severely contested as new approaches develop, and the concept of security has been reworked in all its fundamental components and dimensions, from object and reference to range and security instruments. Likewise, the discussion over the definition and characterization of international security systems, namely regarding competitive security, common security, cooperative security, collective security, and security community, continues to be very lively. Starting from these debates, and in the light of the current international situation, we propose operational concepts of security and of security complex.

  1. Information Security

    International Nuclear Information System (INIS)

    As nuclear materials and technologies spread, the global community needs to be ever more vigilant to prevent their acquisition by those that have no legitimate reason to access or use them. International efforts to strengthen nuclear security measures gained momentum when, in 2009, President Obama announced his intention to convene for the first time an international Nuclear Security Summit. Held in Washington in 2010, the Summit was attended by 47 Heads of State who collectively committed to securing all vulnerable nuclear material within four years. Two years later, 53 Heads of State came together at a second Summit in Seoul and agreed a set of concrete actions to deliver on this ambition. The Summit process has functioned not only as a catalyst to move nuclear security up States’ political consciousness, but also as a platform for broadening their perspective on this agenda. Specifically, the last three years have seen the international community increasingly recognise the fundamental need for nuclear security regimes to protect not only nuclear material and physical assets from non-state actors, but also the information needed to obtain and use these goods for nefarious purposes

  2. Data security.

    Science.gov (United States)

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement. PMID:27581899

  3. Energy security

    International Nuclear Information System (INIS)

    In the case of Cuba, energy security goes beyond the typical security framework of energy supply to encompass the economic blockade which affects Cuba's access to some markets for its traditional products and obstructs international credit options. Recent problems concerning security of national energy supply include: - Shortages of foreign exchange necessary for the purchase of fuel and spare parts, for new investments and for the implementation of programmes supporting the rational use of energy. - High dependence on imported energy, including oil and petroleum products. -Use of domestic crude oil, with energy performance slightly below that of the imported fuels it replaces, especially fuel oil. The main negative aspect is the high sulphur content, which has adverse operational and environmental effects. - Interruptions in energy services resulting from hurricanes and tropical storms, and from breakdowns and accidents related to the transport of fuels, especially coastal transport. The strategies employed to improve Cuba's energy security situation are based on: - Increased economic competitiveness; - Fuel conservation and rational use of energy; - Efficient exploration and use of oil and natural gas; - Development of renewable energy sources; - Legal and institutional support of activities in the energy sector; - Active involvement in the international arena focused on regional integration efforts and international forums related to technological, energy and environmental issues, and on strengthening bilateral alliances aimed at creating the necessary environment for trade, technological transfer and foreign investment for guaranteeing national energy supply

  4. Arctic Security

    DEFF Research Database (Denmark)

    Wang, Nils

    2013-01-01

    of the general security situation and to identify both the explicit and the implicit agendas of the primary state actors. The region contains all the ingredients for confrontation and conflict but the economical potential for all the parties concerned creates a general interest in dialogue and cooperation...

  5. Security Systems Consideration: A Total Security Approach

    Science.gov (United States)

    Margariti, S. V.; Meletiou, G.; Stergiou, E.; Vasiliadis, D. C.; Rizos, G. E.

    2007-12-01

    The "safety" problem for protection systems is to determine in a given situation whether a subject can acquire a particular right to an object. Security and audit operation face the process of securing the application on computing and network environment; however, storage security has been somewhat overlooked due to other security solutions. This paper identifies issues for data security, threats and attacks, summarizes security concepts and relationships, and also describes storage security strategies. It concludes with recommended storage security plan for a total security solution.

  6. Opinions about Component Energetic Security

    OpenAIRE

    Elena GOLUMBEANU (GEORGESCU)

    2012-01-01

    Collective security (international) represent the morphological expression of individual security components. According to the Report presented at the United Nations Development Programme, collective security (international) as well as national security, is the expression of seven synergistic dimensions as follows: economic security, food security, environmental security, personal security, community security, political security and individual security. As part of economic security, energy an...

  7. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  8. Nuclear security

    International Nuclear Information System (INIS)

    This paper reports that despite an Executive Order limiting the authority to make original classification decisions to government officials, DOE has delegated this authority to a number of contractor employees. Although the number of original classification decisions made by these contractors is small, this neither negates nor diminishes the significance of the improper delegation of authority. If misclassification were to occur, particularly at the Top Secret level, U.S. national security interests could potentially be seriously affected and threatened. DOE's argument that the delegation of such authority is a long-standing policy and done on a selective basis does not legitimize the practice and does not relieve DOE of its responsibility to meet the requirements of the Executive Order. DOE needs to independently assess all original classification determinations made by contractors; otherwise, it cannot be sure that U.S. national security interests have been or are being adequately protected

  9. Collective Security

    DEFF Research Database (Denmark)

    Galster, Kjeld

    of one party, led to regarding the armed services as harmful to designs for developing civic society and a waste of resources generally. Moreover, they estimated that armed defence was a priori hopeless and possibly even dangerous as it might attract unnecessary attention by a would-be belligerent.......Collective Security: National Egotism (Abstract) In Danish pre-World War I defence debate the notion of collective security is missing. During the early years of the 19th century, the political work is influenced by a pervasive feeling of rising tension and danger on the continent of Europe...... and real defence of the country’s neutrality let alone a capability to support possible League of Nations action, should such need arise. The anti-militarist ideology of one party, led to regarding the armed services as harmful to designs for developing civic society and a waste of resources generally...

  10. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  11. Password Security

    OpenAIRE

    Danuvasin Charoen

    2014-01-01

    This study investigates users’ behavior in password utilization. Good password practices are critical to the security of any information system. End users often use weak passwords that are short, simple, and based on personal and meaningful information that can be easily guessed. A survey was conducted among executive MBA students who hold managerial positions. The results of the survey indicate that users practice insecure behaviors in the utilization of passwords. The results support the li...

  12. Watermarking security

    OpenAIRE

    Furon, Teddy

    2016-01-01

    International audience This chapter deals with applications where watermarking is a security primitive included in a larger system protecting the value of multimedia content. In this context, there might exist dishonest users, in the sequel so-called attackers, willing to read/overwrite hidden messages or simply to remove the watermark signal.The goal of this section is to play the role of the attacker. We analyze means to deduce information about the watermarking technique that will later...

  13. Network Security

    OpenAIRE

    Sunil Kumar

    2012-01-01

    The rapid increase in computer, mobile applications and wireless networks has globally changed the features of network security. A series of Internet attack and fraudulent acts on companies and individual network have shown us that open computer networks have no immunity from intrusions. The traditional way of protecting computer networks, such as firewalls and software encryption are insufficient and ineffective. The wireless ad-hoc network is susceptible to physical attack or harm due to...

  14. Security studies

    International Nuclear Information System (INIS)

    Full text: Security studies constitute one of the major tools for evaluating the provisions implemented at facilities to protect and control Nuclear Material against unauthorized removal. Operators use security studies to demonstrate that they are complying with objectives set by the Competent Authority to counter internal or external acts aimed at unauthorized removal of NM. The paper presents the context of security studies carried out in France. The philosophy of these studies is based on a postulated unauthorized removal of NM and the study of the behavior of the systems implemented to control and protect NM in a facility. The potential unauthorized removal of NM usually may take place in two stages. The first stage involves the sequence leading to handling of the NM. It occurs inside the physical barriers of a facility and may include action involving the documents corresponding to Material Control and Accounting systems. At this stage it is possible to limit the risk of unauthorized removal of NM by means of detection capabilities of the MC and A systems. The second stage is more specific to theft and involves removing the NM out of the physical barriers of a facility in which they are being held, notably by affecting the Physical Protection System. Operators have to study, from a quantity and time lapse point of view, the ability of the installed systems to detect unauthorized removal, as well as the possibility of tampering with the systems to mask unlawful operations. Operators have also to analyze the sequences during which NM are accessed, removed from their containment and further removed from the facility in which they are stored. At each stage in the process, the probability of detection and the time taken to carry out the above actions have to be estimated. Of course, these two types of studies complement each other. Security studies have begun, in France, for more than fifteen years. Up to now more than fifty security studies are available in the

  15. Transportation Security Administration

    Science.gov (United States)

    ... content Official website of the Department of Homeland Security CSS for FAQ Transportation Security Administration Search When I fly can I bring ... to know if you could bring through the security checkpoint. Main menu Administrator Travel Security Screening Special ...

  16. Human Security

    OpenAIRE

    Mary Kaldor

    2012-01-01

    The essay poses the question whether the so-called Arab spring offers the potential to complete the 1989 revolutions. It first discusses what was hoped to be achieved in 1989, and it then argues that the post-1989 arrangements failed to prevent new security challenges from emerging. The Islamist threat came to play the role that the Communist threat had played to the West or the Western threat had played to the East. The essay then turns to the question on what needs to happen if current even...

  17. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  18. Internet Banking Security Strategy: Securing Customer Trust

    OpenAIRE

    2012-01-01

    Internet banking strategies should enhance customers¡¯ online experiences which are affected by trust and security issues. This study provides perspectives of users and nonusers on internet banking security with a view to understanding trust and security factors in relation to adoption and continuous usage. Perception of internet banking security influenced usage intentions. Nonusers viewed internet banking to be insecure but users perceived it to be secure with perceived ease of use influenc...

  19. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  20. ORACLE DATABASE SECURITY

    OpenAIRE

    Cristina-Maria Titrade

    2011-01-01

    This paper presents some security issues, namely security database system level, data level security, user-level security, user management, resource management and password management. Security is a constant concern in the design and database development. Usually, there are no concerns about the existence of security, but rather how large it should be. A typically DBMS has several levels of security, in addition to those offered by the operating system or network. Typically, a DBMS has user a...

  1. SECURITY CHALLENGESASA FACTOR AFFECTINGTHE SECURITY OFMANET: ATTACKS, AND SECURITY SOLUTIONS

    OpenAIRE

    Dr.Nabeel Zanoon; Dr.Nashat Albdour; Dr.Hatem S. A. Hamatta; RashaMoh'd Al-Tarawneh

    2015-01-01

    The Ad Hoc mobile network (MANET) is a wireless network with properties which may constitute challenges and weaknesses before the security progress in MANET network. It causes weakness in security, which leads to increased attacks on MANET. In this paper the challenges and attacks likely to threaten MANET will be investigated. As a corollary, security solutions will be discussed, the relationship between them will be concluded and architectural security solutions in MANET will beproposed.

  2. Planning security for supply security

    International Nuclear Information System (INIS)

    The situation of the hardcoal mining industry is still difficult, however better than last year. Due to better economic trends in the steel industry, though on a lower level, sales in 1994 have stabilised. Stocks are being significantly reduced. As to the production, we have nearly reached a level which has been politically agreed upon in the long run. Due to the determined action of the coalmining companies, a joint action of management and labour, the strong pressure has been mitigated. On the energy policy sector essential targets have been achieved: First of all the ECSC decision on state aid which will be in force up to the year 2002 and which will contribute to accomplish the results of the 1991 Coal Round. Furthermore, the 1994 Act on ensuring combustion of hardcoal in electricity production up to the year 2005. The hardcoal mining industry is grateful to all political decision makers for the achievements. The industry demands, however, that all questions still left open, including the procurement of financial means after 1996, should be settled soon on the basis of the new act and in accordance with the 1991 Coal Round and the energy concept of the Federal Government. German hardcoal is an indispensable factor within a balanced energy mix which guarantees the security of our energy supply, the security of the price structure and the respect of the environment. (orig.)

  3. Computer Security: the security marathon, part 2

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

  4. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  5. Information Systems Security Audit

    Directory of Open Access Journals (Sweden)

    Gheorghe Popescu

    2007-12-01

    Full Text Available The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  6. Security for grids

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  7. Transforming Homeland Security [video

    OpenAIRE

    McIntyre, David; Center for Homeland Defense and Security Naval Postgraduate School

    2011-01-01

    A pioneer in homeland security, and homeland security education, David McIntyre discusses the complexities in transforming homeland security from a national program in its inception, to also include state and local agencies and other public and private parties.

  8. Security and Security Complex: Operational Concepts

    OpenAIRE

    Luis Tomé

    2010-01-01

    Security is one of the most ambiguous, contested, and debated ideas in the conceptual framework of international relations. The "traditional" perspective has been severely contested as new approaches develop, and the concept of security has been reworked in all its fundamental components and dimensions, from object and reference to range and security instruments. Likewise, the discussion over the definition and characterization of international security systems, namely regarding competitive s...

  9. Foundational aspects of security

    DEFF Research Database (Denmark)

    Chatzikokolakis, Konstantinos; Mödersheim, Sebastian Alexander; Palamidessi, Catuscia;

    2014-01-01

    This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security.......This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security....

  10. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1991-01-01

    This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

  11. Security Testing: A Survey

    OpenAIRE

    Felderer, M.; Büchlein, M.; Johns, M; Brucker, A.D.; Breu, R.; Pretschner, A.

    2015-01-01

    Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and...

  12. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  13. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  14. The corporate security professional

    DEFF Research Database (Denmark)

    Petersen, Karen Lund

    2013-01-01

    In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

  15. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1993-06-01

    This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

  16. The DESI Experiment, a whitepaper for Snowmass 2013

    CERN Document Server

    Levi, Michael; Beers, Timothy; Blum, Robert; Cahn, Robert; Eisenstein, Daniel; Flaugher, Brenna; Honscheid, Klaus; Kron, Richard; Lahav, Ofer; McDonald, Patrick; Roe, Natalie; Schlegel, David

    2013-01-01

    The Dark Energy Spectroscopic Instrument (DESI) is a massively multiplexed fiber-fed spectrograph that will make the next major advance in dark energy in the timeframe 2018-2022. On the Mayall telescope, DESI will obtain spectra and redshifts for at least 18 million emission-line galaxies, 4 million luminous red galaxies and 3 million quasi-stellar objects, in order to: probe the effects of dark energy on the expansion history using baryon acoustic oscillations (BAO), measure the gravitational growth history through redshift-space distortions, measure the sum of neutrino masses, and investigate the signatures of primordial inflation. The resulting 3-D galaxy maps at z2 will make 1%-level measurements of the distance scale in 35 redshift bins, thus providing unprecedented constraints on cosmological models.

  17. Untangle network security

    CERN Document Server

    El-Bawab, Abd El-Monem A

    2014-01-01

    If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.

  18. Security culture in Germany

    International Nuclear Information System (INIS)

    The standing of the terms 'security' and 'culture' will be discussed. A brief overview about states and operators responsibilities linked to security culture will be given, and a definition of the term 'security culture' will be explained. The security culture in German nuclear facilities will be briefly discussed

  19. Networking and Security Measures

    OpenAIRE

    Vaibhav Gupta; Sumit Goswami; Ashok Kumar; Mohinder Singh

    2004-01-01

    By writing this paper a small effort has been put to understand the growing network needs and its security. Various types of network threats and security services are discussed. This will help in designing a secure and robust network infrastructure by discussing management security policies and risk analysis.

  20. RFID security

    OpenAIRE

    Καλυβιώτη, Αριστέλα

    2008-01-01

    Αντικείμενο αυτής της διπλωματικής εργασίας είναι το RFID Security. Στο κεφάλαιο 1 παρουσιάζεται η ιστορική αναδρομή και οι εφαρμογές του RFID. Στο κεφάλαιο 2 αναλύεται περισσότερο η αρχιτεκτονική του RFID και κάποια χαρακτηριστικά του γνωρίσματα καθώς και τα πρότυπα που το περιβάλλουν. Στο κεφάλαιο 3 περιγράφονται οι στόχοι και οι ιδιότητες της ασφάλειας. Στο κεφάλαιο 4 παρουσιάζονται οι βασικοί τύποι επίθεσης , οι τύποι σύμφωνα με τον αντικειμενικό σκοπό τους και αναλύονται περισσότερο οι α...

  1. Professional Cocoa Application Security

    CERN Document Server

    Lee, Graham J

    2010-01-01

    The first comprehensive security resource for Mac and iPhone developers. The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development.: While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first

  2. IAEA nuclear security program

    International Nuclear Information System (INIS)

    Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)

  3. Survey of information security

    Institute of Scientific and Technical Information of China (English)

    SHEN ChangXiang; ZHANG HuangGuo; FENG DengGuo; CAO ZhenFu; HUANG JiWu

    2007-01-01

    The 21st century is the age of information when information becomes an important strategic resource. The information obtaining, processing and security guarantee capability are playing critical roles in comprehensive national power, and information security is related to the national security and social stability. Therefore, we should take measures to ensure the information security of our country. In recent years, momentous accomplishments have been obtained with the rapid development of jnformation security technology. There are extensive theories about information security and technology. However, due to the limitation of length, this article mainly focuses on the research and development of cryptology, trusted computing, security of network, and information hiding, etc.

  4. Security guide for subcontractors

    International Nuclear Information System (INIS)

    The objectives of security in the Department of Energy (DOE) contractor/subcontractor program are: (1) to ensure the protection of information which, if related, would endanger the common defense and security of the nation; and (2) to safeguard the plants and installations of the DOE and its contractors in order that research and production programs will not be interrupted. To achieve these objectives, security responsibilities have been divided into three interdependent categories: personnel security, physical security, and security education and quality audits. This guide presents instructions for implementing a security program at a contractor/subcontractor site

  5. Lecture 2: Software Security

    CERN Document Server

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development, testing and deployment. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and ...

  6. Securing By Design

    OpenAIRE

    Weber, Cynthia; Lacy, Mark

    2011-01-01

    This article investigates how modern neo-liberal states are 'securing by design' harnessing design to new technologies in order to produce security, safety, and protection. We take a critical view toward 'securing by design' and the policy agendas it produces of 'designing out insecurity' and 'designing in protection' because securing by design strategies rely upon inadequate conceptualisations of security, technology, and design and inadequate understandings of their relationships to produce...

  7. Network Security Scanner

    OpenAIRE

    G. MURALI; M.Pranavi; Y.Navateja; K. Bhargavi

    2011-01-01

    Network Security Scanner (NSS) is a tool that allows auditing and monitoring remote network computers for possible vulnerabilities, checks your network for all potential methods that a hacker might use to attack it. Network Security Scanner is a complete networking utilities package that includes a wide range of tools for network security auditing, vulnerability Auditing, scanning, monitoring and more. Network Security Scanner (NSS) is an easy to use, intuitive network security scanner that c...

  8. Generalized Software Security Framework

    OpenAIRE

    Smriti Jain; Maya Ingle

    2011-01-01

    Security of information has become a major concern in today's digitized world. As a result, effective techniques to secure information are required. The most effective way is to incorporate security in the development process itself thereby resulting into secured product. In this paper, we propose a framework that enables security to be included in the software development process. The framework consists of three layers namely; control layer, aspect layer and development layer. The control la...

  9. WORKSTATION SECURITY ENSURANCE

    OpenAIRE

    Hudoklin, Alenka; Stadler, Alenka

    1998-01-01

    A methodology for the ensured security of a workstation connected in a computer network with in an organization is presented. A technique for the determination of the required security level for a workstation's tangible and intangible components is described. A set of security measures for each security level of the workstation's tangible and intangible components is selected. The methodology is applied to workstations in the computer network of a Slovenian state agency. The required security...

  10. Combining security risk assessment and security testing

    OpenAIRE

    Großmann, Jürgen; Seehusen, Fredrik

    2014-01-01

    Complex networked systems have become an integral part of our supply infrastructure. Mobile devices, home automation, smart grids and even vehicles are connected via the Internet and becoming accessible and thus vulnerable to hacker attacks. While the number of security incidents drastically increases, we are more than ever dependent on a secure and mature ICT infrastructure. One of the keys to maintain such a secure and dependable infrastructure are mature, systematic and capable proactive m...

  11. NETWORK SECURITY: AN APPROACH TOWARDS SECURE COMPUTING

    OpenAIRE

    Rahul Pareek

    2011-01-01

    The security of computer networks plays a strategic role in modern computer systems. In order to enforce high protection levels against malicious attack, a number of software tools have been currently developed. Intrusion Detection System has recently become a heated research topic due to its capability of detecting and preventing the attacks from malicious network users. A pattern matching IDS for network security has been proposed in this paper. Many network security applications...

  12. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  13. Hybrid-secure MPC 

    DEFF Research Database (Denmark)

    Lucas, Christoph; Raub, Dominik; Maurer, Ueli

    2010-01-01

    parameter ρ < n/2, we obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t < n/2, and computationally secure with agreement on abort (privacy and correctness only) for up to t < n -ρ. Our......Most protocols for distributed, fault-tolerant computation, or multi-party computation (MPC), provide security guarantees in an all-or-nothing fashion. In contrast, a hybrid-secure protocol provides different security guarantees depending on the set of corrupted parties and the computational power...... of the adversary, without being aware of the actual adversarial setting. Thus, hybrid-secure MPC protocols allow for graceful degradation of security. We present a hybrid-secure MPC protocol that provides an optimal trade-off between IT robustness and computational privacy: For any robustness...

  14. Smart security proven practices

    CERN Document Server

    Quilter, J David

    2014-01-01

    Smart Security: Understanding and Contributing to the Business is a video presentation. Length: 68 minutes. In Smart Security: Understanding and Contributing to the Business, presenter J. David Quilter demonstrates the benefits of how a fully integrated security program increases business profits and delivers smart security practices at the same time. The presentation does away with the misconception that security is only an expense. In fact, a well-integrated security program can protect business interests, thereby enhancing productivity and net income. Quilter covers cost analysis and secu

  15. ICT security management

    OpenAIRE

    Schreurs, Jeanne; Moreau, Rachel

    2008-01-01

    Security becomes more and more important and companies are aware that it has become a management problem. It’s critical to know what are the critical resources and processes of the company and their weaknesses. A security audit can be a handy solution. We have developed BEVA, a method to critically analyse the company and to uncover the weak spots in the security system. BEVA results also in a general security score and security scores for each security factor. These will be used in the risk ...

  16. Android apps security

    CERN Document Server

    Gunasekera, Sheran

    2012-01-01

    Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible.  Overview of Android OS versions, features, architecture and security.  Detailed examination of areas where attacks on applications can take place and what controls should b

  17. Securing the Vista Environment

    CERN Document Server

    Gregory, Peter

    2007-01-01

    "Securing the Vista Environment" takes you on a quick tour of the most significant security features in Vista, Microsoft's first revision of Windows in almost six years. You'll get background on threats and vulnerabilities that will make you think differently about security. Security is more than just the technology and configurations--it's about how we use the system that makes it secure or not. Then we'll cover Vista's security features, from user privileges to Windows Defender, User Account Control, and BitLocker, as well as strategies for protecting your information from unwanted disclo

  18. SecureD: A Secure Dual Core Embedded Processor

    OpenAIRE

    Ragel, Roshan G.; Ambrose, Jude A.; Parameswaran, Sri

    2015-01-01

    Security of embedded computing systems is becoming of paramount concern as these devices become more ubiquitous, contain personal information and are increasingly used for financial transactions. Security attacks targeting embedded systems illegally gain access to the information in these devices or destroy information. The two most common types of attacks embedded systems encounter are code-injection and power analysis attacks. In the past, a number of countermeasures, both hardware- and sof...

  19. Security Protocols in a Nutshell

    OpenAIRE

    Toorani, Mohsen

    2016-01-01

    Security protocols are building blocks in secure communications. They deploy some security mechanisms to provide certain security services. Security protocols are considered abstract when analyzed, but they can have extra vulnerabilities when implemented. This manuscript provides a holistic study on security protocols. It reviews foundations of security protocols, taxonomy of attacks on security protocols and their implementations, and different methods and models for security analysis of pro...

  20. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

  1. Department of Homeland Security

    Science.gov (United States)

    ... Main Content Official website of the Department of Homeland Security Contact Us Quick Links Site Map A-Z ... Forms Combating Human Trafficking Taking Action on Immigration Homeland Security Jobs Visa Waiver Program Immigration Case Status Science & ...

  2. Checking Security Policy Compliance

    CERN Document Server

    Gowadia, Vaibhav; Kudo, Michiharu

    2008-01-01

    Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our compliance checking framework is based on organizational and security metadata to support refinement of high-level concepts to implementation specific instances. Our work uses the results of refinement calculus to express valid refinement patterns and their properties. Intuitively, a low-level security policy is compliant to a high-level security policy if there is a valid refinement path from the high-level security policy to the low-level security policy. Our model is capable of detecting violations of security policies, failures to meet obligations, and capability and modal conflicts.

  3. Wireshark network security

    CERN Document Server

    Verma, Piyush

    2015-01-01

    If you are network administrator or a security analyst with an interest in using Wireshark for security analysis, then this is the book for you. Basic familiarity with common network and application services terms and technologies is assumed.

  4. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

  5. Secure DTN Communications Project

    Data.gov (United States)

    National Aeronautics and Space Administration — Innoflight proposes to implement and perform an on-orbit demonstration of a Secure DTN communications suite on the SCaN Testbed aboard the ISS. Secure DTN is a...

  6. Security in Computer Applications

    CERN Document Server

    CERN. Geneva

    2004-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

  7. Social Security Financial Crises

    OpenAIRE

    Rodrigo Cerda

    2003-01-01

    This paper explores the causes of the social security financial crises. We indicate that the financial crisis might be endogenous to the social security system. The main idea is that the PAYG social security system might affect fertility and human capital's decisions and therefore, may negatively impact the aggregated growth rate of the economy. These effects lead to an endogenous erosion of the financial basis of the PAYG social security program so that, as a consequence, the PAYG system is ...

  8. When security becomes green

    International Nuclear Information System (INIS)

    Environmental security is a relatively recent concept which gives rise to intense debate at the heart of the theory of international relations. What is the referent object of environmental security? To what extent can the scarcity of a natural resource be the cause of a 'green' war? Is climate change a threat to national security? This article tackles these questions through a review of the literature on the theoretical work dealing with environmental security in the field of international relations. (author)

  9. East Asia's Security System

    OpenAIRE

    Hojzáková, Věra

    2012-01-01

    The aim of the master thesis is to characterize and evaluate the current security system in East Asia, to show the security strategies of the system actors and the existing friction points, and to assess the future development of the security system in place. For this purpose the author first defines the East Asia's security system using the conceptual tools of three international relations theories, namely neo-realism, neo-liberalism, and constructivism. In the following section, the securit...

  10. Security system signal supervision

    Energy Technology Data Exchange (ETDEWEB)

    Chritton, M.R. (BE, Inc., Barnwell, SC (United States)); Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States))

    1991-09-01

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs.

  11. Electronic healthcare information security

    CERN Document Server

    Dube, Kudakwashe; Shoniregun, Charles A

    2010-01-01

    The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

  12. Mobile platform security

    CERN Document Server

    Asokan, N; Dmitrienko, Alexandra

    2013-01-01

    Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrat

  13. Security system signal supervision

    International Nuclear Information System (INIS)

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs

  14. Developing Secure Cloud Applications

    OpenAIRE

    Rak, Massimiliano; Ficco, Massimo; Battista, Ermanno; Casola, Valentina; Mazzocca, Nicola

    2014-01-01

    Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud service provider prospective in order to securely integrate frameworks and Infrastructures as a Services in a Cloud datacenter. Customer could not monitor and evaluate the security mechanisms enforced by service provider. Service Level Agreements mainly focus on performance related terms and no guarantees are ...

  15. Security Policy Enforcement

    OpenAIRE

    Irvine, Cynthia E.

    2005-01-01

    Many chapters of this Handbook describe mechanisms that contribute to various facets of security. The arbitrary use of security mechanisms provides no prescription for the achievement of security goals. It is only in their application in the context of organizational objectives for the protection of information and computational assets that security can be assessed. This chapter is intended to discuss the policies that provide a rationale for those mechanisms and to broadly examine their enfo...

  16. Web Application Security Testing

    OpenAIRE

    Bukovský, Ondřej

    2012-01-01

    The purpose of this bachelor's thesis is to present the topic of web applications security. The purpose of the first, theoretical part of this work is to introduce and describe fundamentals like web security or penetration testing. OWASP (Open Web Application Security Project) and their ten most critical web applications security risks are presented in the rest of the first part. Second, practical part describes tested web application and defines purpose and scope of penetration tests. Then t...

  17. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables, ... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  18. Windows Security patch required

    CERN Multimedia

    3004-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  19. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  20. Web Security Testing Cookbook

    CERN Document Server

    Hope, Paco

    2008-01-01

    Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

  1. Information Security Management

    OpenAIRE

    Huang, Lu

    2015-01-01

    The main purpose of the thesis was to present different areas of information security controls based on the international information security standard ISO 27001. The thesis also describes the methods of risk analysis and how to establish, implement, maintain and improve information security system in organizations. Most of the material was collected from books and various online resources. Some information was taken also from the teaching materials of the information security course. ...

  2. Advanced Linux Security

    Directory of Open Access Journals (Sweden)

    Ranjit Nimbalkar

    2013-01-01

    Full Text Available Using mandatory access control greatly increases the secu-rity of an operating system. SELinux, which is an implemen-tation of Linux Security Modules (LSM, implements several measures to prevent unauthorized system usage. The se-curity architecture used is named Flask, and provides a clean separation of security policy and enforcement. This paper is an overview of the Flask architecture and the implementation in Linux.

  3. Network Security with Cryptography

    OpenAIRE

    Prof. Mukund R. Joshi; Renuka Avinash Karkade

    2015-01-01

    Network Security & Cryptography is a concept to protect network and data transmission over wireless network. Data Security is the main aspect of secure data transmission over unreliable network. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Netw...

  4. Hybrid Security Policies

    Directory of Open Access Journals (Sweden)

    Radu CONSTANTINESCU

    2006-01-01

    Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

  5. Android application security essentials

    CERN Document Server

    Rai, Pragati

    2013-01-01

    Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

  6. SECURE REMOTE CLIENT AUTHENTICATION

    Directory of Open Access Journals (Sweden)

    K.Pradeep,

    2010-10-01

    Full Text Available This paper discusses an application of Secure Remote Client Authentication. It presents a Smart Cards and Digitally certification from third party vendors, Smart cards are based on algorithm to provide secure Remote client Authentication. These schemes vary significantly.In relation to today’s security challenges, which includephishing, man-in-the-middle attacks and malicious software. Secure Remote Client authentication plays a key role.

  7. SECURE REMOTE CLIENT AUTHENTICATION

    OpenAIRE

    K.Pradeep,; R.Usha Rani; E.Ravi Kumar; K.Nikhila,; Vijay Sankar

    2010-01-01

    This paper discusses an application of Secure Remote Client Authentication. It presents a Smart Cards and Digitally certification from third party vendors, Smart cards are based on algorithm to provide secure Remote client Authentication. These schemes vary significantly.In relation to today’s security challenges, which includephishing, man-in-the-middle attacks and malicious software. Secure Remote Client authentication plays a key role.

  8. Measuring Network Security

    OpenAIRE

    Serrelis, Emmanouil; Alexandris, Nikolaos

    2010-01-01

    The question that was analyzed in this chapter is whether and how the principles of the security measurement methodologies can be applied so that the objective measurement of security of business services can be achieved. The motives that support this question are focused in the justification of expenses and investments that are related with to security. Thus, although the management of security is closely related to technical and organisational

  9. Learning Puppet security

    CERN Document Server

    Slagle, Jason

    2015-01-01

    If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

  10. Refelctions on the security

    Directory of Open Access Journals (Sweden)

    Ladislav Hofreiter

    2013-07-01

    Full Text Available In this paper are presented the author‘s reflections about concept meaning of the security, about his systemic perception and actual scientific access to the security research. The author presented securitology paradigm for valuation security optional reference object.

  11. Secure Disk Mixed System

    Directory of Open Access Journals (Sweden)

    Myongchol Ri

    2013-01-01

    Full Text Available We propose a disk encryption method, called Secure Disk Mixed System (SDMS in this paper, for data protection of disk storages such as USB flash memory, USB hard disk and CD/DVD. It is aimed to solve temporal and spatial limitations of existing disk encryption methods and to control security performance flexibly according to the security requirement of system.

  12. Europe: Future security agenda

    International Nuclear Information System (INIS)

    The security in Europe is not a condition but a process. At different stages of that process the priorities and political significance of various factors determining the security of individual states, and Europe as w whole, are changing. While thinking of future, the importance of searching for new means of confidence building, disarmament, co-ordination and cooperation among various security structures increases

  13. Microsoft Azure security

    CERN Document Server

    Freato, Roberto

    2015-01-01

    This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

  14. Secure pairing with biometrics

    NARCIS (Netherlands)

    Buhan, I.R.; Boom, B.J.; Doumen, J.M.; Hartel, P.H.; Veldhuis, R.N.J.

    2009-01-01

    Secure pairing enables two devices that share no prior context with each other to agree upon a security association, which they can use to protect their subsequent communication. Secure pairing offers guarantees of the association partner identity and it should be resistant to eavesdropping and to a

  15. Autonomous Security Patrol System

    OpenAIRE

    Erramouspe, Jake

    2010-01-01

    This project provides an efficient and cost-effective solution to building security and active monitoring. The security is monitored and controlled by autonomous patrol robots. Any indication of a security breach will result in an immediate alarm and activation of the robot group to subdue and tranquilize the intruder.

  16. Core software security security at the source

    CERN Document Server

    Ransome, James

    2013-01-01

    First and foremost, Ransome and Misra have made an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. This book clarifies to executives the decisions to be made on software security and then provides guidance to managers and developers on process and procedure. Readers are armed with firm solutions for the fight against cyber threats.-Dr. Dena Haritos Tsamitis. Carnegie Mellon UniversityIn the wake of cloud computing and mobile apps, the issue of software security has never been more importan

  17. Poland's gas security

    OpenAIRE

    Rosicki, Remigiusz

    2015-01-01

    The subject matter analyzed in the text is Poland’s energy security as illustrated with the security of gas supply (gas supply security). The text analyzes a selection of problems concerned with gas security and so the focus is on: (1) a description of gas supply contracts, and (2) an assessment of gas supply security with regard to the technical import capabilities of the transmission infrastructure. In both cases two time-frames were applied: (1) 2006–2010, (2) the period after 2010 with a ...

  18. Information security fundamentals

    CERN Document Server

    Blackley, John A; Peltier, Justin

    2004-01-01

    Effective security rules and procedures do not exist for their own sake-they are put in place to protect critical assets, thereby supporting overall business objectives. Recognizing security as a business enabler is the first step in building a successful program.Information Security Fundamentals allows future security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables students to understand the key elements that comprise a successful information security program and eventually apply thes

  19. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2014-01-01

    The runaway growth of computer viruses and worms and the ongoing nuisance posed by malicious hackers and employees who exploit the security vulnerabilities of open network protocols make the tightness of an organization's security system an issue of prime importance. And information systems technology is advancing at a frenetic pace. Against this background, the challenges facing information security professionals are increasing rapidly.Information Security Management Handbook, Fourth Edition, Volume 2 is an essential reference for anyone involved in the security of information systems.

  20. Secure Transportation Management

    Energy Technology Data Exchange (ETDEWEB)

    Gibbs, P. W. [Brookhaven National Lab. (BNL), Upton, NY (United States)

    2014-10-15

    Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

  1. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  2. Secure Transportation Management

    International Nuclear Information System (INIS)

    Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

  3. Android security cookbook

    CERN Document Server

    Makan, Keith

    2013-01-01

    Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.""Android Security Cookbook"" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from

  4. Pro Spring security

    CERN Document Server

    Scarioni, Carlo

    2013-01-01

    Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

  5. Introduction to Hardware Security

    Directory of Open Access Journals (Sweden)

    Yier Jin

    2015-10-01

    Full Text Available Hardware security has become a hot topic recently with more and more researchers from related research domains joining this area. However, the understanding of hardware security is often mixed with cybersecurity and cryptography, especially cryptographic hardware. For the same reason, the research scope of hardware security has never been clearly defined. To help researchers who have recently joined in this area better understand the challenges and tasks within the hardware security domain and to help both academia and industry investigate countermeasures and solutions to solve hardware security problems, we will introduce the key concepts of hardware security as well as its relations to related research topics in this survey paper. Emerging hardware security topics will also be clearly depicted through which the future trend will be elaborated, making this survey paper a good reference for the continuing research efforts in this area.

  6. Information security cost management

    CERN Document Server

    Bazavan, Ioana V

    2006-01-01

    While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

  7. Security by Design

    International Nuclear Information System (INIS)

    Security by design can reduce the intrinsic vulnerability of nuclear facilities while minimising costs and disruption to operations. The fundamental processes of a nuclear facility should be designed from the start to give the same priority to nuclear security objectives as to nuclear safety. Vital Areas should be designed out, minimising the need for protective security and reducing the risk from insiders. This requires a proactive approach, involving engineers, security managers, safety specialists and operators to optimise the benefits from the intrinsic features of the processes, materials and structures. A robust, threat tolerant design is required. In some areas, measures included in the design to improve nuclear safety will also assist security. In others, a design solution needs to be sought that will minimise conflicting requirements. Security by design requires appropriate organisational commitment and culture to enable full integration of the design for operations, security, safety and safeguards. (author)

  8. Wireless network security and cracking security key

    OpenAIRE

    Bikov, Dusan; Bouyuklieva, Stefka; Stojanova, Aleksandra

    2014-01-01

    Wireless technology gives us mobility easy access to the computer network without copper wires. With the increased use of wireless technology, more and more Wi-Fi hotspots, rising number of cell phones, PDAs, Tablet PC, laptops (devices with Wi-Fi module), wireless security is an ever increasing issue for many organizations. In other words wireless networks add another entry point into a network for hackers. Because this technology is relatively new there is many security vulnerabilities. ...

  9. Overview of security culture

    International Nuclear Information System (INIS)

    Nuclear Security culture concept has been aggressively promoted over the past several years as a tool to improve the physical protection of the nuclear and radioactive materials due to growing threats of catastrophic terrorism and other new security challenges. It is obvious that, the scope of nuclear security and the associated cultures need to be extended beyond the traditional task of protecting weapons-usable materials. The role of IAEA is to strengthen the nuclear security framework globally and in leading the coordination of international activities in this field. Therefore all governments should work closely with the IAEA to take stronger measures to ensure the physical protection, the safety and security of the nuclear and radioactive materials. In the effort to reflect this new realities and concerns, the IAEA in 2008 came up with the document, the Nuclear Security Culture, Nuclear Security Series No. 7, Implementing Guide to the member states which urged every member state to take appropriate measures to promote security culture with respect to nuclear and radioactive materials. The document depicted this cultural approach as the way to protect individual, society and the environment. Among other things, the document defined nuclear security culture as characteristics and attitudes in organizations and of individuals which establishes that, nuclear security issues receives attention warranted by their significance. (au)

  10. PACS image security server

    Science.gov (United States)

    Cao, Fei; Huang, H. K.

    2004-04-01

    Medical image security in a PACS environment has become a pressing issue as communications of images increasingly extends over open networks, and hospitals are currently hard-pushed by Health Insurance Portability and Accountability Act (HIPAA) to be HIPPA complaint for ensuring health data security. Other security-related guidelines and technical standards continue bringing to the public attention in healthcare. However, there is not an infrastructure or systematic method to implement and deploy these standards in a PACS. In this paper, we first review DICOM Part15 standard for secure communications of medical images and the HIPAA impacts on PACS security, as well as our previous works on image security. Then we outline a security infrastructure in a HIPAA mandated PACS environment using a dedicated PACS image security server. The server manages its own database of all image security information. It acts as an image Authority for checking and certificating the image origin and integrity upon request by a user, as a secure DICOM gateway to the outside connections and meanwhile also as a PACS operation monitor for HIPAA supporting information.

  11. Human Security Agendas

    Institute of Scientific and Technical Information of China (English)

    Alan Hunter

    2012-01-01

    Ⅰ.IntroductionThe need for governments and international organisations to gain a better understanding of "security" is ever more urgent.For example in the conflict in Libya in early 2011,many security dilemmas were visible:the protection of Libyan civilians,the security of the regime,whether and how the UN or NATO should intervene,whether Europe would be threatened with a massive refugee flow,how to protect or evacuate foreign citizens (including Chinese),how to secure food and medical supplies in the midst of armed conflict.Such events may be termed "complex emergencies" which often raise legal, military and humanitarian issues simultaneously.International law and practice do not provide clear guidelines on such situations,and responses can be random,contingent on a variety of factors.Traditional concepts of security,for example protection of national borders,are certainly still relevant and legally enforceable,but more sophisticated concepts are needed to respond to security dilemmas in today's globalised world.Human security as a concept was first developed within the UN system in the 1990s,and set out,for example,in Human Security Now [1] The first section of this paper tracks the development of Human Security discourse,and also examines the broadening of the "security"concept in recent years.The second section reports on institutions with a specific interest in Human Security,for example within the UN system and in universities.The third section acknowledges some critiques of the Human Security paradigm.The last section reports on new directions that may enrich the Human Security agenda.

  12. EU Security Strategy

    Institute of Scientific and Technical Information of China (English)

    Hong Jianjun

    2007-01-01

    The European Security and Defence Policy (ESDP) comprises an important part of the EU's Common Foreign and Security Policy (CFSP). The aim of ESDP is to strengthen the EU's external ability to act through the development of civilian and military capabilities for international conflict prevention and crisis management. In December 2003, the EU adopted its first European Security Strategy (ESS). Ever since then, the implementation of the ESS has been regarded as one of the biggest challenges for the EU in CFSP/ESDP matters. Although much progress has been made in its independent security and defence-building process, EU still faces serious problems and difficulties in this policy area. This paper tries to examine these recent developments, assess their impacts in regional-global security, and analyze existing problems and future trends. Finally, the author also examines EU-China engagements in recent years and explores possibilities for their future cooperation in the area of international security.

  13. While working around security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg; Bødker, Susanne; Petersen, Marianne Graves

    This paper describes our work at two levels. First of all the paper discusses how users of IT deal with issues of IT security in their everyday life. Secondly, we discuss how the kind of understanding of IT security that comes out of careful analyses of use confronts the ways in which usable IT...... security is established in the literature. Recent literature has called for better conceptual models as a starting point for improving IT security. In contrast to such models we propose to dress up designers by helping them better understand the work that goes into everyday security. The result is a...... methodological toolbox that helps address and design for usable and useful IT security. We deploy examples of analyses and design, carried out by ourselves and by others to fine-tune our design perspective; in particular we use examples from three current research projects....

  14. While Working Around Security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg

    Users of technology encounter various IT security mechanisms in their everyday lives. If these mechanisms fail to support everyday activities, they either get in the way, or the users find a way to work around them. Even though users manage to carry out everyday activities by using substandard IT...... security mechanisms or via workarounds, it will influence their experience of security. If researchers and designers only focus on IT security artifacts and fail to take the user experience into account, incorrect processes or workarounds will occur. Accordingly, to get users to follow the correct process...... may seem to be a criterion of success, even though it may yield a less appropriate experience of security. This dissertation deals with an improved understanding of IT security sensitive IT artifacts and presents three design methods, and a framework for addressing the complexities and contingencies...

  15. Unconditionally Secure Protocols

    DEFF Research Database (Denmark)

    Meldgaard, Sigurd Torkel

    the bottleneck of sorting networks. And we show how to utilize this construction for four-player MPC. Another line of work has results about the power of correlated randomness; meaning in a preprocessing phase the participants in a MPC protocol receive samples from some joint distribution to aid them implement......This thesis contains research on the theory of secure multi-party computation (MPC). Especially information theoretically (as opposed to computationally) secure protocols. It contains results from two main lines of work. One line on Information Theoretically Secure Oblivious RAMS, and how...... the secure computation. Especially we look at the communication complexity of protocols in this model, and perfectly secure protocols. We show general protocols for any finite functionality with statistical security and optimal communication complexity (but exponential amount of preprocessing). And for two...

  16. Securing Wireless Sensor Networks: Security Architectures

    Directory of Open Access Journals (Sweden)

    David Boyle

    2008-01-01

    Full Text Available Wireless sensor networking remains one of the most exciting and challenging research domains of our time. As technology progresses, so do the capabilities of sensor networks. Limited only by what can be technologically sensed, it is envisaged that wireless sensor networks will play an important part in our daily lives in the foreseeable future. Privy to many types of sensitive information, both sensed and disseminated, there is a critical need for security in a number of applications related to this technology. Resulting from the continuous debate over the most effective means of securing wireless sensor networks, this paper considers a number of the security architectures employed, and proposed, to date, with this goal in sight. They are presented such that the various characteristics of each protocol are easily identifiable to potential network designers, allowing a more informed decision to be made when implementing a security protocol for their intended application. Authentication is the primary focus, as the most malicious attacks on a network are the work of imposters, such as DOS attacks, packet insertion etc. Authentication can be defined as a security mechanism, whereby, the identity of a node in the network can be identified as a valid node of the network. Subsequently, data authenticity can be achieved; once the integrity of the message sender/receiver has been established.

  17. Automated security management

    CERN Document Server

    Al-Shaer, Ehab; Xie, Geoffrey

    2013-01-01

    In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

  18. Addressing Software Security

    Science.gov (United States)

    Bailey, Brandon

    2015-01-01

    Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

  19. ITIL® and information security

    International Nuclear Information System (INIS)

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework

  20. Pricing for system security

    OpenAIRE

    Wu, Felix F; Kaye, RJohn; Varaiya, Pravin

    1995-01-01

    Security in power systems refers to the ability of the system to withstand imminent disturbances (contingencies). Maintaining security is an issue which must be addressed at the system level. It is shown in this paper, however, that it is possible to maintain system security in an operating environment with many participants (power companies, independent power producers, co-generators, consumers) each attempting to optimize their own benefit, through pricing incentives and appropriate informa...

  1. Security consideration for virtualization

    OpenAIRE

    Gebhardt, Carl

    2008-01-01

    Virtualization is not a new technology, but has recently experienced a resurgence of interest among industry and research. New products and technologies are emerging quickly, and are being deployed with little considerations to security concerns. It is vital to understand that virtualization does not improve security by default. Hence, any aspect of virtualization needs to undergo constant security analysis and audit. Virtualization is a changeable and very dynamic field wit...

  2. Outsourcing information security

    CERN Document Server

    Axelrod, Warren

    2004-01-01

    This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

  3. Securing personal network clusters

    OpenAIRE

    Jehangir, Assed; Heemstra de Groot, Sonia M.

    2007-01-01

    A Personal Network is a self-organizing, secure and private network of a user’s devices notwithstanding their geographic location. It aims to utilize pervasive computing to provide users with new and improved services. In this paper we propose a model for securing Personal Network clusters. Clusters are ad-hoc networks of co-located personal devices. The ad-hoc makeup of clusters, coupled with the resource constrained nature of many constituent devices, makes enforcing security a challenging ...

  4. Information Security Training & Awareness

    OpenAIRE

    Hogervorst, Monique

    2009-01-01

    Information security standards, best practices and literature all identify the need for Training & Awareness, the theory is clear. The surveys studied show that in the real world the situation is different: the focus of businesses is still on technical information security controls aimed at the external attacker. And although threats and vulnerabilities point out that personnel security becomes more important, the attitude of managers and employees does not reflect tha...

  5. Towards Information Security Awareness

    OpenAIRE

    Marius Petrescu; Delia Mioara Popescu; Nicoleta Sirbu

    2010-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  6. Security through Play

    OpenAIRE

    Gondree, Mark; Peterson, Zachary N. J.; Denning, Tamara

    2013-01-01

    Precollege classrooms have neither the support nor the room to explore computer security topics. At best, students are the targets of in-school safety campaigns, absorbing rules and best practices that only hint at the rich landscape of security problems. How to expose young students to cybersecurity outside the classroom!to computer security technology, concepts, and careers!is a challenge. Unfortunately, popular media might give more visibility to cybe...

  7. Fragile States : Securing Development

    OpenAIRE

    Zoellick, R.

    2008-01-01

    Fragile states are the toughest development challenge of our era. But we ignore them at our peril: about one billion people live in fragile states, including a disproportionate number of the world's extreme poor, and they account for most of today's wars. These situations require a different framework of building security, legitimacy, governance, and the economy. Only by securing development - bringing security and development together to smooth the transition from conflict to peace and then ...

  8. Security Components of Globalization

    OpenAIRE

    Florin Iftode

    2015-01-01

    The objective of this paper is our intention to present what are the main connections between globalization and international security. In terms of global security we can perceive the globalization as a process by which global state is represented by the UN, with a single world system, represented by major security organizations and with global effects. We will present from the beginning the main theoretical aspects that define the phenomenon of globalization, and then our contrib...

  9. Microsoft Windows Security Essentials

    CERN Document Server

    Gibson, Darril

    2011-01-01

    Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed,

  10. Beginning ASPNET Security

    CERN Document Server

    Dorrans, Barry

    2010-01-01

    Beginning ASP.NET 3.5 Security is geared for novice to intermediate ASP.NET programmers who wish to protect and defend their web sites against attack and exploitation. Beginning with a discussion of why we need security and the things that may occur when it is ignored and an overview of how ASP.NET works, readers are taken through the common steps in developing a web site, the security problems each area exposes and how these can be exploited. Visual Studio Security MVP Barry Dorrans teaches readers how they can defend their applications using the standard .NET framework, industry patterns and

  11. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2004-01-01

    For more than a decade, the Information Security Management Handbook has served as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination and as a reference for information security practitioners. Now thoroughly revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a comprehensive understanding of all the items in it. This is a valuable book, both for preparing for the CISSP exam and as a complete, up-to

  12. Chemical Security Analysis Center

    Data.gov (United States)

    Federal Laboratory Consortium — In 2006, by Presidential Directive, DHS established the Chemical Security Analysis Center (CSAC) to identify and assess chemical threats and vulnerabilities in the...

  13. Beyond grid security

    International Nuclear Information System (INIS)

    While many fields relevant to Grid security are already covered by existing working groups, their remit rarely goes beyond the scope of the Grid infrastructure itself. However, security issues pertaining to the internal set-up of compute centres have at least as much impact on Grid security. Thus, this talk will present briefly the EU ISSeG project (Integrated Site Security for Grids). In contrast to groups such as OSCT (Operational Security Coordination Team) and JSPG (Joint Security Policy Group), the purpose of ISSeG is to provide a holistic approach to security for Grid computer centres, from strategic considerations to an implementation plan and its deployment. The generalised methodology of Integrated Site Security (ISS) is based on the knowledge gained during its implementation at several sites as well as through security audits, and this will be briefly discussed. Several examples of ISS implementation tasks at the Forschungszentrum Karlsruhe will be presented, including segregation of the network for administration and maintenance and the implementation of Application Gateways. Furthermore, the web-based ISSeG training material will be introduced. This aims to offer ISS implementation guidance to other Grid installations in order to help avoid common pitfalls

  14. Linux Security Cookbook

    CERN Document Server

    Barrett, Daniel J; Byrnes, Robert G

    2003-01-01

    Computer security is an ongoing process, a relentless contest between system administrators and intruders. A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education. If you're grounded in the basics of security, however, you won't necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you want to get straight to the point. That's exactly what the new Linux Security Cookbook does. Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-fol

  15. Operating System Security

    CERN Document Server

    Jaeger, Trent

    2008-01-01

    Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

  16. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Directory of Open Access Journals (Sweden)

    Weems William A

    2009-06-01

    Full Text Available Abstract Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31 individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31 individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and

  17. Software Security Requirements Gathering Instrument

    OpenAIRE

    Smriti Jain; Maya Ingle

    2011-01-01

    Security breaches are largely caused by the vulnerable software. Since individuals and organizations mostly depend on softwares, it is important to produce in secured manner. The first step towards producing secured software is through gathering security requirements. This paper describes Software Security Requirements Gathering Instrument (SSRGI) that helps gather security requirements from the various stakeholders. This will guide the developers to gather security requirements along with th...

  18. Strategic planning and security analysis

    International Nuclear Information System (INIS)

    Nuclear security master planning is a deliberative process, founded on the premise that the broad scope of security must be analyzed before any meaningful determinations may be reached on an individual security aspect. This paper examines the analytical process required in developing a Security Master Plan. It defines a four stage process concluding with the selection of security measures encompassing physical security, policy and procedure considerations and guard force deployment. The final product orchestrates each security measure in a complementary and supportive configuration

  19. Cyberspace security: How to develop a security strategy

    CERN Document Server

    Raggad, Bel G

    2007-01-01

    Despite all visible dividers, the Internet is getting us closer and closer, but with a great price. Our security is the price. The internatl. community is fully aware of the urgent need to secure the cyberspace as you see the multiplication of security standards and national schemes interpreting them beyond borders: ISO 15408, ISO 17799, and ISO 27001. Even though some countries, incl. the Security Big Six (SB6), are equipped with their security books and may feel relatively safe; this remains a wrong sense of security as long as they share their networks with entities of less security. The standards impose security best practices and system specifications for the development of information security management systems. Partners beyond borders have to be secure as this is only possible if all entities connected to the partnership remain secure. Unfortunately, there is no way to verify the continuous security of partners without periodic security auditing and certification, and members who do not comply should ...

  20. Bidding with Securities: Auctions and Security Design

    OpenAIRE

    Peter M. DeMarzo; Ilan Kremer; Andrzej Skrzypacz

    2005-01-01

    We study security-bid auctions in which bidders compete by bidding with securities whose payments are contingent on the realized value of the asset being sold. Such auctions are commonly used, both formally and informally. In formal auctions, the seller restricts bids to an ordered set, such as an equity share or royalty rate, and commits to a format, such as first or second-price. In informal settings with competing buyers, the seller does not commit to a mechanism upfront. Rather, bidders o...

  1. E-Security Issues

    Directory of Open Access Journals (Sweden)

    Mani Arora

    2012-10-01

    Full Text Available With the rapid growth of e-commerce, governmental and corporate agencies are taking extra precautions when it comes to protecting information. The development of e-security as a discipline has enabled organisations to discover a wider array of similarities between attacks occurring across their security environment and develop appropriate countermeasures. To further improve the security of information, there is a need for conceptualising the interrelationships between e-security and the major elements involved in changing a company's infrastructure. Organisations should act in an ethical manner, especially when it comes to e-security and e-privacy policies, procedures, and practices. The consequential theory of utilitarianism is used and applied to a conceptual model to help explain how organisations may develop better secured information in an information-sharing and globally networked environment. E-security is a critical concern for both consumers and business. Establishing trust between all parties in an online transaction is vital for the success of e-commerce. The public wants  full assurance that the information they supply is going to the company they think it is going to, will not be misused by that company, and that credit card information or other payment mechanisms are confidential and secure. On the other hand, companies also want that their systems must remain protected from intruders and they cannot tamper with the data. Some degree of risk is always associated with E-transactions, if security controls are not applied while engaging into such transactions. Users must be sure before engaging into transactions that they are safe and the information provided by them is not going to unauthorized people. Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a

  2. Secure Dynamic Program Repartitioning

    DEFF Research Database (Denmark)

    Hansen, Rene Rydhoff; Probst, Christian

    2005-01-01

    Secure program partitioning has been introduced as a language-based technique to allow the distribution of data and computation across mutualy untrusted hosts, while at the same time guaranteeing the protection of confidential data. Programs that have been annotated with security types are...

  3. Security Embedding Codes

    CERN Document Server

    Ly, Hung D; Blankenship, Yufei

    2011-01-01

    This paper considers the problem of simultaneously communicating two messages, a high-security message and a low-security message, to a legitimate receiver, referred to as the security embedding problem. An information-theoretic formulation of the problem is presented. A coding scheme that combines rate splitting, superposition coding, nested binning and channel prefixing is considered and is shown to achieve the secrecy capacity region of the channel in several scenarios. Specifying these results to both scalar and independent parallel Gaussian channels (under an average individual per-subchannel power constraint), it is shown that the high-security message can be embedded into the low-security message at full rate (as if the low-security message does not exist) without incurring any loss on the overall rate of communication (as if both messages are low-security messages). Extensions to the wiretap channel II setting of Ozarow and Wyner are also considered, where it is shown that "perfect" security embedding...

  4. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  5. VMware view security essentials

    CERN Document Server

    Langenhan, Daniel

    2013-01-01

    A practical and fast-paced guide that gives you all the information you need to secure your virtual environment.This book is a ""how-to"" for the novice, a ""reference guide"" for the advanced user, and a ""go to"" for the experienced user in all the aspects of VMware View desktop virtualization security.

  6. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2009-01-01

    Includes coverage of each domain of the Common Body of Knowledge, the standard of knowledge required by IT security professionals worldwide. This book includes information on mobile device security, adaptive threat defense, Web 2.0, virtualization, data leakage, and governance

  7. Nuclear Security Culture Practice

    International Nuclear Information System (INIS)

    Both the human factor and security culture are critical components in ensuring the security of nuclear facilities, infrastructure and transport – their importance cannot be overestimated. To reflect that, the IAEA and international experts have developed the concept of nuclear security culture and its implementing guide, which was published by the IAEA in 2008 under the Nuclear Security Series No. 7. The importance of nuclear security culture has also been recognized by the two nuclear security summits in 2010 and 2012, and included in the final communique and summit recommendations as one of the most important factors. As the next step in promoting and improving nuclear security culture, the IAEA has been working with a group of international experts to develop and implement a robust methodology for self-assessment at nuclear facilities to provide national authorities and facility management with benchmark information on the status of nuclear security culture, and later for the development of a set of measures to fill the identified gaps. The methodology is currently in the final stages of development, and will be brought for IAEA member state review and finalization

  8. Technology's Role in Security.

    Science.gov (United States)

    Day, C. William

    1999-01-01

    Examines the use of technology to bolster the school security system, tips on selecting a security consultant, and several basic strategies to make buildings and grounds safer. Technological ideas discussed include the use of telephones in classrooms to expedite care in emergency situations, surveillance cameras to reduce crime, and metal…

  9. Google - Security Testing Tool

    OpenAIRE

    Staykov, Georgi

    2007-01-01

    Using Google as a security testing tool, basic and advanced search techniques using advanced google search operators. Examples of obtaining control over security cameras, VoIP systems, web servers and collecting valuable information as: Credit card details, cvv codes – only using Google.

  10. Information security management principles

    CERN Document Server

    Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy

    2013-01-01

    In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.

  11. Network Security Is Manageable

    Science.gov (United States)

    Roberts, Gary

    2006-01-01

    An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…

  12. Relaxing Chosen-Ciphertext Security

    DEFF Research Database (Denmark)

    Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

    2003-01-01

    Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...

  13. Intelligent mobile security systems

    International Nuclear Information System (INIS)

    This paper reports that mobile security systems are becoming increasingly important to military (Army, Air Force) and non-military (Drug Enforcement Agency, Border Patrol) organizations as the level and sophistication of terrorist activity increases. Frequently, organizations are required to deploy at remote sites on little notice. To ensure protection of life and equipment, security systems are sometimes required. Often, the personnel deployed on these missions are not adequately trained in the selection, installation, and operation of today's complex security equipment. The Intelligent Mobile Security System (IMSS) concept, as being developed by Sandia National Laboratories (SNL), allows untrained, non-technical personnel to configure, deploy, operate, and troubleshoot temporary/mobile physical security system. The IMSS may be used at nuclear facilities

  14. Indirection and computer security.

    Energy Technology Data Exchange (ETDEWEB)

    Berg, Michael J.

    2011-09-01

    The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyze common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.

  15. Moving towards Cloud Security

    Directory of Open Access Journals (Sweden)

    Edit Szilvia Rubóczki

    2015-01-01

    Full Text Available Cloud computing hosts and delivers many different services via Internet. There are a lot of reasons why people opt for using cloud resources. Cloud development is increasing fast while a lot of related services drop behind, for example the mass awareness of cloud security. However the new generation upload videos and pictures without reason to a cloud storage, but only few know about data privacy, data management and the proprietary of stored data in the cloud. In an enterprise environment the users have to know the rule of cloud usage, however they have little knowledge about traditional IT security. It is important to measure the level of their knowledge, and evolve the training system to develop the security awareness. The article proves the importance of suggesting new metrics and algorithms for measuring security awareness of corporate users and employees to include the requirements of emerging cloud security.

  16. European [Security] Union

    DEFF Research Database (Denmark)

    Manners, Ian James

    2013-01-01

    policies involved the navigation and negotiation of security, borders and governance in and by the European Union (EU). This article analyses these practices of bordering and governance through a five-fold security framework. The article argues that a richer understanding of EU security discourses can be...... achieved through bringing the five dimensions to the analysis and using them to study both the interlinking and the interweaving of security, bordering and governance. Overall, the analysis presented here suggests that the five dimensions of broadening, deepening, thickening, practice and being can all...... contribute to a more expansive understanding of how EU security in the 2000s has been related to bordering and governance processes, and how these have been increasingly interwoven within the EU....

  17. International Nuclear Security

    Energy Technology Data Exchange (ETDEWEB)

    Doyle, James E. [Los Alamos National Laboratory

    2012-08-14

    This presentation discusses: (1) Definitions of international nuclear security; (2) What degree of security do we have now; (3) Limitations of a nuclear security strategy focused on national lock-downs of fissile materials and weapons; (4) What do current trends say about the future; and (5) How can nuclear security be strengthened? Nuclear security can be strengthened by: (1) More accurate baseline inventories; (2) Better physical protection, control and accounting; (3) Effective personnel reliability programs; (4) Minimize weapons-usable materials and consolidate to fewer locations; (5) Consider local threat environment when siting facilities; (6) Implement pledges made in the NSS process; and (7) More robust interdiction, emergency response and special operations capabilities. International cooperation is desirable, but not always possible.

  18. Network systems security analysis

    Science.gov (United States)

    Yilmaz, Ä.°smail

    2015-05-01

    Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

  19. Human factors in network security

    OpenAIRE

    Jones, Francis B.

    1991-01-01

    Human factors, such as ethics and education, are important factors in network information security. This thesis determines which human factors have significant influence on network security. Those factors are examined in relation to current security devices and procedures. Methods are introduced to evaluate security effectiveness by incorporating the appropriate human factors into network security controls

  20. Natural gas and energy security

    International Nuclear Information System (INIS)

    This paper relates to energy security by natural gas supply seen in an International Energy Agency perspective. Topics are: Security of supply, what is it; the role gas on the European energy scene; short term security of supply; long term security of supply; future structural and regulatory developments and possible implications for security of supply. 6 figs

  1. Center for Homeland Defense and Security Homeland Security Affairs Journal

    OpenAIRE

    2015-01-01

    Homeland Security Affairs is the peer-reviewed online journal of the Center for Homeland Defense and Security (CHDS). The journal provides a forum to propose and debate strategies, policies and organizational arrangements to strengthen U.S. homeland security.

  2. Energizing security: NATO’s quest for energy security

    OpenAIRE

    Schlag, Gabriele

    2011-01-01

    At least since the 1980s, a scholarly debate on the very meaning of security has structured the field of (Critical) Security Studies to a large extent (see Working Paper #1). Today, many new concept such as human security and societal security are prominent anchors in academic and political debates directing our attention to the non-military aspects of security, in particular to the manifold insecurities people (and not only the state) face. The call for energy security is one prominent examp...

  3. Security intelligence a practitioner's guide to solving enterprise security challenges

    CERN Document Server

    Li, Qing

    2015-01-01

    Identify, deploy, and secure your enterprise Security Intelligence, A Practitioner's Guide to Solving Enterprise Security Challenges is a handbook for security in modern times, against modern adversaries. As leaders in the design and creation of security products that are deployed globally across a range of industries and market sectors, authors Qing Li and Gregory Clark deliver unparalleled insight into the development of comprehensive and focused enterprise security solutions. They walk you through the process of translating your security goals into specific security technology domains, fo

  4. Global nuclear security engagement

    International Nuclear Information System (INIS)

    Full text: The Nuclear Security Summits in Washington (2010) and Seoul (2012) were convened with the goal of reducing the threat of nuclear terrorism. These meetings have engaged States with established nuclear fuel cycle activities and encouraged their commitment to nuclear security. The participating States have reaffirmed that it is a fundamental responsibility of nations to maintain effective nuclear security in order to prevent unauthorized actors from acquiring nuclear materials. To that end, the participants have identified important areas for improvement and have committed to further progress. Yet, a broader message has emerged from the Summits: effective nuclear security requires both global and regional engagement. Universal commitment to domestic nuclear security is essential, if only because the peaceful use of nuclear energy remains a right of all States: Nations may someday adopt nuclear energy, even if they are not currently developing nuclear technology. However, the need for nuclear security extends beyond domestic power production. To harvest natural resources and to develop part of a nuclear fuel cycle, a State should embrace a nuclear security culture. Nuclear materials may be used to produce isotopes for medicine and industry. These materials are transported worldwide, potentially crossing a nation's borders or passing by its shores. Regrettably, measures to prevent the loss of control may not be sufficient against an adversary committed to using nuclear or other radioactive materials for malicious acts. Nuclear security extends beyond prevention measures, encompassing efforts to detect illicit activities and respond to nuclear emergencies. The Seoul Communique introduces the concept of a Global Nuclear Security Architecture, which includes multilateral instruments, national legislation, best practices, and review mechanisms to promote adoption of these components. Key multilateral instruments include the Convention on Physical Protection of

  5. Security and SCADA protocols

    International Nuclear Information System (INIS)

    Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview of security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)

  6. Medical Information Security

    Directory of Open Access Journals (Sweden)

    William C. Figg, Ph.D.

    2011-05-01

    Full Text Available Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs and application security and transmission protocols are not consistently maintained. Health insurance needs and general financial opportunity has created an emerging market in medical identity theft. Medical offices have the perfect storm of information collection, personal, credit, banking, health, and insurance. Thieves have realized that medical facilities have as much economic value as banks and the security is much easier to crack. Mostly committed by insiders, medical identity theft is a well-hidden information crime. In spite of its covert nature, the catastrophic ramification to the victims is overt. This information crime involves stealing patients’ records to impersonate the patients in an effort of obtaining health care services or claiming Medicare on the patients’ behalf. Unlike financial identity theft, there is a lack of recourse for the victims to recover from damages. Medical identity theft undermines the quality of health care information systems and enervates the information security of electronic patient record.

  7. Perspectives on Energy Security

    International Nuclear Information System (INIS)

    A common notion of 'Energy Security' is that it includes access to energy resources without risking the the survival of the state. 'Security of supply' is most often the concept emphasized in the political discourse on energy security and it includes both production as well as secure and safe delivery of energy to the end consumers. Another aspect of energy security is the need for reducing energy consumption by improving energy efficiency. In this report, eight chapters covering these and other perspectives on energy security are presented. Six of the chapters deal with the supply perspective. Included topics cover power politics and geopolitical perspectives regarding large infrastructure projects and the ambitions of the EU in this regard. Further, methods and approaches for conducting risk analyses of electricity supply systems as well as for improving the security of digital control systems are discussed. As climate change will affect the supply and distribution of energy, one chapter presents an overview of this topic. The consumption perspective is discussed against the backdrop of research about household consumption practices and the role of climate change for future consumption levels. Finally, the role of armed forces as a large energy users is touched upon, as well as how so-called 'future studies' have dealt with energy as a topic

  8. Security Components of Globalization

    Directory of Open Access Journals (Sweden)

    Florin Iftode

    2015-05-01

    Full Text Available The objective of this paper is our intention to present what are the main connections between globalization and international security. In terms of global security we can perceive the globalization as a process by which global state is represented by the UN, with a single world system, represented by major security organizations and with global effects. We will present from the beginning the main theoretical aspects that define the phenomenon of globalization, and then our contribution in assessing the implications of this phenomenon on the regional and global security. The results of our research are materialized in the last part of the paper. They emphasize the personal assessments on how the phenomenon of globalization has direct effect on global security. When talking about government, we think of norms, rules and decisionmaking procedures in the management of international life. The value that we add to the new scientific interpretation of the definition of globalization is represented, primarily, by the valuable bibliographic used resources and the original approach on the concept that refers to the links between globalization and security. This article may be, at any time, a starting point in an interesting research direction in the field of global security.

  9. Network Security Scanner

    Directory of Open Access Journals (Sweden)

    G. Murali

    2011-11-01

    Full Text Available Network Security Scanner (NSS is a tool that allows auditing and monitoring remote network computers for possible vulnerabilities, checks your network for all potential methods that a hacker might use to attack it. Network Security Scanner is a complete networking utilities package that includes a wide range of tools for network security auditing, vulnerability Auditing, scanning, monitoring and more. Network Security Scanner (NSS is an easy to use, intuitive network security scanner that can quickly scan and audit your network computers for vulnerabilities, exploits, and information enumerations. Vulnerability management is an on-going process that protects your valuable data and it is a key component of an effective information security strategy, which provides comprehensive, preemptive protection against threats to your enterprise security. N.S.S is built on an architecture that allows for high reliability and scalability that caters for both medium and large sized networks. NSS consists of six modules. They are Host Scanning, Port Scanning, Pinging, NSLookup, Vulnerability Auditing and Trace route. NSS also performs live host detection, operating system identification, SNMP Auditing. Finds rouge services and open TCP and UDP ports. The ability varies to perform scanning over the network identifying the live hosts and guess the operating system of the remote hosts and installed programs into the remote hosts. Apart identifying the live hosts we could map the ports and list the services which are running in the host.

  10. Secure Cloud Architecture

    Directory of Open Access Journals (Sweden)

    Kashif Munir

    2013-02-01

    Full Text Available Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centers located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. The biggest challenge in cloud computing is the security and privacy problems caused by its multi-tenancy nature and the outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting cloud services for their businesses, measures need to be developed so that organizations can be assured of security in their businesses and can choose a suitable vendor for their computing needs. Cloud computing depends on the internet as a medium for users to access the required services at any time on pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers from threats and vulnerabilities that prevent the users from trusting it. Various malicious activitiesfrom illegal users have threatened this technology such as data misuse, inflexible access control and limited monitoring. The occurrence of these threats may result into damaging or illegal access of critical and confidential data of users. In this paper we identify the most vulnerable security threats/attacks in cloud computing, which will enable both end users and vendors to know a bout the k ey security threats associated with cloud computing and propose relevant solution directives to strengthen security in the Cloud environment. We also propose secure cloud architecture for organizations to strengthen the security.

  11. Secure Method Invocation in JASON

    OpenAIRE

    Brinkman, Richard; Hoepman, Jaap-Henk

    2002-01-01

    We describe the Secure Method Invocation (SMI) framework implemented for Jason, our Javacard As Secure Objects Networks platform. Jason realises the secure object store paradigm, that reconciles the card-as-storage-element and card-as-processing-element views. In this paradigm, smart cards are viewed as secure containers for objects, whose methods can be called straightforwardly and securely using SMI. Jason is currently being developed as a middleware layer that securely interconnects an arb...

  12. Food Security Strategies for Vanuatu

    OpenAIRE

    Welegtabit, Shadrack R.

    2001-01-01

    This report describes and analyzes food security conditions and policies in Vanuatu. The national food security systems are dualistic in nature, and the rural and urban food security systems are weakly related. Household food security in rural areas is primarily determined by access to arable land and fishery resources, whereas in urban areas household food security is primarily determined by access to employment. Household food security has been a concern in both rural and urban areas. Both ...

  13. Agile IT Security Implementation Methodology

    CERN Document Server

    Laskowski, Jeff

    2011-01-01

    The book is a tutorial that goes from basic to professional level for Agile IT security. It begins by assuming little knowledge of agile security. Readers should hold a good knowledge of security methods and agile development. The book is targeted at IT security managers, directors, and architects. It is useful for anyone responsible for the deployment of IT security countermeasures. Security people with a strong knowledge of agile software development will find this book to be a good review of agile concepts.

  14. Security for multihop wireless networks

    CERN Document Server

    Khan, Shafiullah

    2014-01-01

    Security for Multihop Wireless Networks provides broad coverage of the security issues facing multihop wireless networks. Presenting the work of a different group of expert contributors in each chapter, it explores security in mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and personal area networks.Detailing technologies and processes that can help you secure your wireless networks, the book covers cryptographic coprocessors, encryption, authentication, key management, attacks and countermeasures, secure routing, secure medium access control, intrusion detection, ep

  15. Security is like oxygen

    OpenAIRE

    Zhang, Xiaobo

    2004-01-01

    "Since the early 1990s, Uganda has been one of Africa's fastest growing countries. However, at the sub-national level, growth has been uneven due to civil conflict in the northern region. Using a panel of household and community level data, this paper examines the links between security and economic growth. It is found that security is a pre-condition for successful economic development and that there is in fact a threshold level of security below which public investments in infrastructure an...

  16. Information Security Standards

    Directory of Open Access Journals (Sweden)

    Dan Constantin Tofan

    2011-09-01

    Full Text Available The use of standards is unanimously accepted and gives the possibility of comparing a personal security system with a given frame of reference adopted at an international level. A good example is the ISO 9000 set of standards regarding the quality management system, which is a common reference regardless of the industry in which a certain company activates. Just like quality control standards for other industrial processes such as manufacturing and customer service, information security standards demonstrate in a methodical and certifiable manner that an organization conforms to industry best practices and procedures. This article offers a review of the world’s most used information security standards.

  17. Smart grid security

    CERN Document Server

    Goel, Sanjay; Papakonstantinou, Vagelis; Kloza, Dariusz

    2015-01-01

    This book on smart grid security is meant for a broad audience from managers to technical experts. It highlights security challenges that are faced in the smart grid as we widely deploy it across the landscape. It starts with a brief overview of the smart grid and then discusses some of the reported attacks on the grid. It covers network threats, cyber physical threats, smart metering threats, as well as privacy issues in the smart grid. Along with the threats the book discusses the means to improve smart grid security and the standards that are emerging in the field. The second part of the b

  18. Web Security, Privacy & Commerce

    CERN Document Server

    Garfinkel, Simson

    2011-01-01

    Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites. Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Exp

  19. Wi-Fi security

    OpenAIRE

    Vlach, Lukáš

    2011-01-01

    The thesis is focused on the problem of wireless networking and its security. The thesis is divided into two main parts, both parts builds on the bachelor thesis and some of its chapters are further extended and complemented by the issue. The theoretical part deals with the standards of IEEE organization and security policy of Wi-Fi networks with a focus on the distribution of wireless networks and its security. The practical part is focused on the survey of the Wi-Fi safety in selected...

  20. Transmission grid security

    CERN Document Server

    Haarla, Liisa; Hirvonen, Ritva; Labeau, Pierre-Etienne

    2011-01-01

    In response to the growing importance of power system security and reliability, ""Transmission Grid Security"" proposes a systematic and probabilistic approach for transmission grid security analysis. The analysis presented uses probabilistic safety assessment (PSA) and takes into account the power system dynamics after severe faults. In the method shown in this book the power system states (stable, not stable, system breakdown, etc.) are connected with the substation reliability model. In this way it is possible to: estimate the system-wide consequences of grid faults; identify a chain of eve

  1. Privacy vs security

    CERN Document Server

    Stalla-Bourdillon, Sophie; Ryan, Mark D

    2014-01-01

    Securing privacy in the current environment is one of the great challenges of today's democracies. Privacy vs. Security explores the issues of privacy and security and their complicated interplay, from a legal and a technical point of view. Sophie Stalla-Bourdillon provides a thorough account of the legal underpinnings of the European approach to privacy and examines their implementation through privacy, data protection and data retention laws. Joshua Philips and Mark D. Ryan focus on the technological aspects of privacy, in particular, on today's attacks on privacy by the simple use of today'

  2. Computer Security Handbook

    CERN Document Server

    Bosworth, Seymour; Whyne, Eric

    2012-01-01

    The classic and authoritative reference in the field of computer security, now completely updated and revised With the continued presence of large-scale computers; the proliferation of desktop, laptop, and handheld computers; and the vast international networks that interconnect them, the nature and extent of threats to computer security have grown enormously. Now in its fifth edition, Computer Security Handbook continues to provide authoritative guidance to identify and to eliminate these threats where possible, as well as to lessen any losses attributable to them. With seventy-seven chapter

  3. Linux Server Security

    CERN Document Server

    Bauer, Michael D

    2005-01-01

    Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well. This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--

  4. Security in Android

    OpenAIRE

    Amritesh Kumar Sharma; Arun Kumar Singh; Pankaj P. Singh

    2014-01-01

    New technologies have always created new areas of concern for information security teams. Usually it provides time for the development of effective security controls. The rapid growth of the smartphone in market and the use of these devices for so many sensitive data have led to the emergence of security threat. A malicious user or malware on a device can create a number of risks for an organization, and so the fact that these devices are not necessarily connected does not translate to a lack...

  5. Shipment security update - 2003

    International Nuclear Information System (INIS)

    At the 2002 RERTR, NAC reported on the interim measures taken by the U.S. Nuclear Regulatory Commission to enhance the security afforded to shipments of spent nuclear fuel. Since that time, there have been a number of additional actions focused on shipment security including training programs sponsored by the U.S. Department of Transportation and the Electric Power Research Council, investigation by the Government Accounting Office, and individual measures taken by shippers and transportation agents. The paper will present a status update regarding this dynamic set of events and provide an objective assessment of the cost, schedule and technical implications of the changing security landscape. (author)

  6. Android Applications Security

    Directory of Open Access Journals (Sweden)

    Paul POCATILU

    2011-01-01

    Full Text Available The use of smartphones worldwide is growing very fast and also the malicious attacks have increased. The mobile security applications development keeps the pace with this trend. The paper presents the vulnerabilities of mobile applications. The Android applications and devices are analyzed through the security perspective. The usage of restricted API is also presented. The paper also focuses on how users can prevent these malicious attacks and propose some prevention measures, including the architecture of a mobile security system for Android devices.

  7. Secure Mobile Identities

    OpenAIRE

    Chandrasekaran, Varun; Amjad, Fareeha; Sharma, Ashlesh; Subramanian, Lakshminarayanan

    2016-01-01

    The unique identities of every mobile user (phone number,IMSI) and device (IMEI) are far from secure and are increasingly vulnerable to a variety of network-level threats. The exceedingly high reliance on the weak SIM authentication layer does not present any notion of end-to-end security for mobile users. We propose the design and implementation of Secure Mobile Identities (SMI), a repetitive key-exchange protocol that uses this weak SIM authentication as a foundation to enable mobile users ...

  8. Software Safety and Security

    CERN Document Server

    Nipkow, T; Hauptmann, B

    2012-01-01

    Recent decades have seen major advances in methods and tools for checking the safety and security of software systems. Automatic tools can now detect security flaws not only in programs of the order of a million lines of code, but also in high-level protocol descriptions. There has also been something of a breakthrough in the area of operating system verification. This book presents the lectures from the NATO Advanced Study Institute on Tools for Analysis and Verification of Software Safety and Security; a summer school held at Bayrischzell, Germany, in 2011. This Advanced Study Institute was

  9. Cloud Computing Security

    OpenAIRE

    Ngongang, Guy

    2011-01-01

    This project aimed to show how possible it is to use a network intrusion detection system in the cloud. The security in the cloud is a concern nowadays and security professionals are still finding means to make cloud computing more secure. First of all the installation of the ESX4.0, vCenter Server and vCenter lab manager in server hardware was successful in building the platform. This allowed the creation and deployment of many virtual servers. Those servers have operating systems and a...

  10. Smart Security Management in Secure Devices

    OpenAIRE

    Robisson, Bruno; Agoyan, Michel; Soquet, Patrick; Le Henaff, Sébastien; Wajsbürt, Franck; Bazargan-Sabet, Pirouz; Phan, Guillaume

    2015-01-01

    International audience Among other threats, secure components are subjected tophysical attacks whose aim is to recover the secret information theystore. Most of the work carried out to protect these components generally consists in developing protections (or countermeasures) taken one byone. But this “countermeasure-centered” approach drastically decreasesthe performance of the chip in terms of power, speed and availability.In order to overcome this limitation, we propose a complementary a...

  11. To The Question Of The Concepts "National Security", "Information Security", "National Information Security" Meanings

    OpenAIRE

    Alexander A. Galushkin

    2015-01-01

    In the present article author analyzes value of the concepts "national security", "information security", "national information security". Author gives opinions of scientists-jurists, definitions given by legislators and normotvorets in various regulations.

  12. Media and Security Team

    Data.gov (United States)

    Federal Laboratory Consortium — The Media And Security Team led by Prof. Min Wu was established in Fall 2001 at University of Maryland, College Park. A number of research and education activities...

  13. Cognitive Computing for Security.

    Energy Technology Data Exchange (ETDEWEB)

    Debenedictis, Erik [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rothganger, Fredrick [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Aimone, James Bradley [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Marinella, Matthew [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Evans, Brian Robert [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Warrender, Christina E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Mickel, Patrick [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2015-12-01

    Final report for Cognitive Computing for Security LDRD 165613. It reports on the development of hybrid of general purpose/ne uromorphic computer architecture, with an emphasis on potential implementation with memristors.

  14. Security in the internet

    International Nuclear Information System (INIS)

    Aim of the study: Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Conclusions: Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet. (orig.)

  15. Tools for Computer Security

    CERN Document Server

    Lecoeuche, Denis

    2015-01-01

    This report describes several scripts developed in order to facilitate and automate security-related tests and tasks for the CMS Group at CERN. They will be integrated in the release cycle of specific web services.

  16. Railway infrastructure security

    CERN Document Server

    Sforza, Antonio; Vittorini, Valeria; Pragliola, Concetta

    2015-01-01

    This comprehensive monograph addresses crucial issues in the protection of railway systems, with the objective of enhancing the understanding of railway infrastructure security. Based on analyses by academics, technology providers, and railway operators, it explains how to assess terrorist and criminal threats, design countermeasures, and implement effective security strategies. In so doing, it draws upon a range of experiences from different countries in Europe and beyond. The book is the first to be devoted entirely to this subject. It will serve as a timely reminder of the attractiveness of the railway infrastructure system as a target for criminals and terrorists and, more importantly, as a valuable resource for stakeholders and professionals in the railway security field aiming to develop effective security based on a mix of methodological, technological, and organizational tools. Besides researchers and decision makers in the field, the book will appeal to students interested in critical infrastructur...

  17. Human security policy challenges

    Directory of Open Access Journals (Sweden)

    Andrew Morton

    2008-10-01

    Full Text Available All evidence points towards climate- and environmentallyinduced migration becoming one of the major policychallenges of this century. Adequate planning for andmanagement of this phenomenon will be critical forhuman security.

  18. VMware vsphere security cookbook

    CERN Document Server

    Greer, Mike

    2014-01-01

    This book is intended for virtualization professionals who are experienced with the setup and configuration of VMware vSphere, but didn't get the opportunity to learn how to secure the environment properly.

  19. Gaming security by obscurity

    CERN Document Server

    Pavlovic, Dusko

    2011-01-01

    Shannon sought security against the attacker with unlimited computational powers: *if an information source conveys some information, then Shannon's attacker will surely extract that information*. Diffie and Hellman refined Shannon's attacker model by taking into account the fact that the real attackers are computationally limited. This idea became one of the greatest new paradigms in computer science, and led to modern cryptography. Shannon also sought security against the attacker with unlimited logical and observational powers, expressed through the maxim that "the enemy knows the system". This view is still endorsed in cryptography. The popular formulation, going back to Kerckhoffs, is that "there is no security by obscurity", meaning that the algorithms cannot be kept obscured from the attacker, and that security should only rely upon the secret keys. In fact, modern cryptography goes even further than Shannon or Kerckhoffs in tacitly assuming that *if there is an algorithm that can break the system, the...

  20. Masters in Nuclear Security

    International Nuclear Information System (INIS)

    Continuing global efforts to improve the security of nuclear and other radioactive material against the threat of malicious acts are being assisted by a new initiative, the development of a corps of professional experts to strengthen nuclear security. The IAEA, the European Commission, universities, research institutions and other bodies working in collaboration have established an International Nuclear Security Education Network (INSEN). In 2011, six European academic institutions, the Vienna University of Technology, the Brandenburg University of Applied Sciences, the Demokritos National Centre for Scientific Research in Greece, the Reactor Institute Delft of the Delft University of Technology in the Netherlands, the University of Oslo, and the University of Manchester Dalton Nuclear Institute, started developing a European Master of Science Programme in Nuclear Security Management. In March 2013, the masters project was inaugurated when ten students commenced studies at the Brandenburg University of Applied Sciences in Germany for two weeks. In April, they moved to the Delft University of Technology in the Netherlands for a further two weeks of studies. The pilot programme consists of six teaching sessions in different academic institutions. At the inauguration in Delft, IAEA Director General Yukiya Amano commended this effort to train a new generation of experts who can help to improve global nuclear security. ''It is clear that we will need a new generation of policy-makers and nuclear professionals - people like you - who will have a proper understanding of the importance of nuclear security,'' Mr. Amano told students and faculty members. ''The IAEA's goal is to support the development of such programmes on a global basis,'' said David Lambert, Senior Training Officer in the IAEA's Office of Nuclear Security. ''An existing postgraduate degree programme focused on nuclear security at Naif Arab University for Security Sciences (NAUSS) is currently supported by

  1. Security of computer networks

    OpenAIRE

    Kolář, Tomáš

    2012-01-01

    This thesis is focused on design and documentation of computer network and its security in the medium-sized company. First part of this thesis describes basics of computer networks, computer infiltrations, types of assault and preventive protection of corporate networks. The practical part of this thesis is devoted to documentation of the old corporate network and the complete design of a new computer network, its security against attacks and the loss corporate data.

  2. Cities and human security

    OpenAIRE

    Szpak, Agnieszka

    2016-01-01

    Cities have been researched mostly in terms of their economic, technological, and social value and significance. Despite some changes in this respect there is still a need to research cities as a fascinating phenomenon, also in respect of its capabilities to increase human security on a local and global scale. The article examines the role of cities for human security in the selected and representative fields such as sustainable development, human rights and environmental protection which are...

  3. Evolving concepts of security

    OpenAIRE

    Jovanovic, Milos; Sweijs, Tim

    2015-01-01

    This volume looks into the challenges of formulating and implementing a comprehensive approach to security while taking into account the perceptions of variety of stakeholders. It includes studies on the Syrian asylum seekers in view of the concept of human security, CBRN crisis management frameworks, and national case studies on Bulgaria, Serbia, and Turkey. The volume reflects findings from the FP7 EvoCS project (link is external), as well as related contributions from researchers outside t...

  4. Data port security lock

    Science.gov (United States)

    Quinby, Joseph D.; Hall, Clarence S.

    2008-06-24

    In a security apparatus for securing an electrical connector, a plug may be fitted for insertion into a connector receptacle compliant with a connector standard. The plug has at least one aperture adapted to engage at least one latch in the connector receptacle. An engagement member is adapted to partially extend through at least one aperture and lock to at least one structure within the connector receptacle.

  5. Credit Card Security

    OpenAIRE

    G.C., Anup

    2013-01-01

    Author: Anup G.C. Year: 2013 Subject of thesis: Credit Card Security Number of pages: 36+2 Credit Card is a widely used electronic chip for easy transactions. The main purpose of the report was to show the security measures of transaction by credit cards. The purpose was to give information about credit cards and how they were introduced. The thesis reportcontained the types of card theft with examples and sited the various protocols used for online ...

  6. CLOUD COMPUTING SECURITY

    Directory of Open Access Journals (Sweden)

    DANISH JAMIL,

    2011-04-01

    Full Text Available It is no secret that cloud computing is becoming more and more popular today and is ever increasing inpopularity with large companies as they share valuable resources in a cost effective way. Due to this increasingdemand for more clouds there is an ever growing threat of security becoming a major issue. This paper shalllook at ways in which security threats can be a danger to cloud computing and how they can be avoided.

  7. Computer security simulation

    International Nuclear Information System (INIS)

    Development and application of a series of simulation codes used for computer security analysis and design are described. Boolean relationships for arrays of barriers within functional modules are used to generate composite effectiveness indices. The general case of multiple layers of protection with any specified barrier survival criteria is given. Generalized reduction algorithms provide numerical security indices in selected subcategories and for the system as a whole. 9 figures, 11 tables

  8. Security, insecurity and health

    OpenAIRE

    Coupland, Robin

    2007-01-01

    An examination of the nexus of security, insecurity and health shows that security is a prerequisite for health. The many and varied ways that armed violence — including threats of armed violence — can affect people’s health can be documented by formal studies; however, valuable data also exist in other reports, such as media reports. The health community needs to recognize that people’s insecurity is a massive global health issue. The foreign policies of donor governments should incorporate ...

  9. Android Applications Security

    OpenAIRE

    Paul POCATILU

    2011-01-01

    The use of smartphones worldwide is growing very fast and also the malicious attacks have increased. The mobile security applications development keeps the pace with this trend. The paper presents the vulnerabilities of mobile applications. The Android applications and devices are analyzed through the security perspective. The usage of restricted API is also presented. The paper also focuses on how users can prevent these malicious attacks and propose some prevention measures, including the a...

  10. Security of RFID protocols

    OpenAIRE

    van Deursen, Ton

    2011-01-01

    Radio-frequency identification (RFID) is a technology that uses radio waves to exchange data between RFID readers and tags. The low manufacturing costs and small size and the lack of need of a power source make RFID tags useful in many applications, but also impose a strong need for secure RFID protocols. The first part of this thesis considers the analysis of untraceability of RFID protocols. We start by designing a formal syntax and semantics for security protocols. We define untraceab...

  11. Data Security in Biomedicine

    OpenAIRE

    Horňáková, Anna

    2011-01-01

    This thesis analyzes current state of use of biometrics in computer security. It provides an overview of the most commonly used anatomical-physiological and behavioral biometric identification methods. The result of the work will be a new set of methods, which allows reliable identification of the user in the most comfortable way. These new principles of data security will be used to enhance the protection of specialized health record. This will contribute to expansion of generally conceived ...

  12. Computer Security: Competing Concepts

    OpenAIRE

    Nissenbaum, Helen; Friedman, Batya; Felten, Edward

    2001-01-01

    This paper focuses on a tension we discovered in the philosophical part of our multidisciplinary project on values in web-browser security. Our project draws on the methods and perspectives of empirical social science, computer science, and philosophy to identify values embodied in existing web-browser security and also to prescribe changes to existing systems (in particular, Mozilla) so that values relevant to web-browser systems are better served than presently they are. The tension, which ...

  13. Secure Fractal Image Coding

    OpenAIRE

    Lian, Shiguo

    2007-01-01

    In recent work, various fractal image coding methods are reported, which adopt the self-similarity of images to compress the size of images. However, till now, no solutions for the security of fractal encoded images have been provided. In this paper, a secure fractal image coding scheme is proposed and evaluated, which encrypts some of the fractal parameters during fractal encoding, and thus, produces the encrypted and encoded image. The encrypted image can only be recovered by the correct ke...

  14. Analysis of Docker Security

    OpenAIRE

    Bui, Thanh

    2015-01-01

    Over the last few years, the use of virtualization technologies has increased dramatically. This makes the demand for efficient and secure virtualization solutions become more obvious. Container-based virtualization and hypervisor-based virtualization are two main types of virtualization technologies that have emerged to the market. Of these two classes, container-based virtualization is able to provide a more lightweight and efficient virtual environment, but not without security concerns. I...

  15. Secure Location Verification

    OpenAIRE

    Becker, Georg T.; Lo, Sherman C.; De Lorenzo, David S.; Enge, Per K.; Paar, Christof

    2010-01-01

    The use of location based services has increased significantly over the last few years. However, location information is only sparsely used as a security mechanism. One of the reasons for this is the lack of location verification techniques with global coverage. Recently, a new method for authenticating signals from Global Navigation Satellite Systems(GNSS) such as GPS or Galileo has been proposed. In this paper, we analyze the security of this signal authentication mechanism and show how it ...

  16. Towards Secure Distance Bounding

    OpenAIRE

    Boureanu, Ioana; Mitrokotsa, Aikaterini; Vaudenay, Serge

    2013-01-01

    Relay attacks (and, more generally, man-in-the-middle attacks) are a serious threat against many access control and payment schemes. In this work, we present distance-bounding protocols, how these can deter relay attacks, and the security models formalizing these protocols. We show several pitfalls making existing protocols insecure (or at least, vulnerable, in some cases). Then, we introduce the SKI protocol which enjoys resistance to all popular attack-models and features provable security....

  17. Securing Online Advertising

    OpenAIRE

    Vratonjic, Nevena; Freudiger, Julien; Felegyhazi, Mark; Hubaux, Jean-Pierre

    2008-01-01

    Online advertisement is a major source of revenues in the Internet. In this paper, we identify a number of vulnerabilities of current ad serving systems. We describe how an adversary can exploit these vulnerabilities to divert part of the ad revenue stream for its own benefit. We propose a scalable, secure ad serving scheme to fix this problem. We also explain why the deployment of this solution would benefit the Web browsing security in general.

  18. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  19. Banking Software Applications Security

    OpenAIRE

    Ioan Alexandru Bubu

    2015-01-01

    Computer software products are among the most complex artifacts, if not the most complex artifacts mankind has created. Securing those artifacts against intelligent attackers who try to exploit flaws in software design and construct is a great challenge too.The purpose of this paper is to introduce a secure alternative to banking software applications that are currently in use. This new application aims to cover most of the well-known vulnerabilities that plague the majority of current softwa...

  20. Information Security Standards

    OpenAIRE

    Dan Constantin Tofan

    2011-01-01

    The use of standards is unanimously accepted and gives the possibility of comparing a personal security system with a given frame of reference adopted at an international level. A good example is the ISO 9000 set of standards regarding the quality management system, which is a common reference regardless of the industry in which a certain company activates. Just like quality control standards for other industrial processes such as manufacturing and customer service, information security stand...

  1. Network security - Firewalls

    OpenAIRE

    Nepovím, Bohuslav

    2012-01-01

    This thesis deals with the security of computer networks. A theoretical part gradually provides the description of fundamental principles of computer networks, computer network security, possible network attacks and protection against them, social engineering, functions of firewalls and various integration of the firewalls in the network. The practical part consequently describes personal firewall tests by means of the Nessus program, and utilities, so-called the leak tests. Whereas the Ne...

  2. Security in Internet

    Directory of Open Access Journals (Sweden)

    Felician ALECU

    2006-01-01

    Full Text Available A very good method that can be used to protect a private network is the implementation of a firewall between Internet and Intranet. This firewall will filter the packets that transit the network according with the security policy defined at the system level. The SSL protocol allows verifying the identity of a WEB server based on a digital certificate issued by a certification authority. Secure data transport over the Internet is done by using encryption methods.

  3. [Food security in Mexico].

    Science.gov (United States)

    Urquía-Fernández, Nuria

    2014-01-01

    An overview of food security and nutrition in Mexico is presented, based on the analysis of the four pillars of food security: availability, access, utilization of food, and stability of the food supply. In addition, the two faces of malnutrition in Mexico were analyzed: obesity and undernourishment. Data were gathered from the food security indicators of the United Nations's Food and Agriculture Organization, from the Mexican Scale of Food Security, and from the National Health and Nutrition Survey. Mexico presents an index of availability of 3 145 kilocalories per person per day, one of the highest indexes in the world, including both food production and imports. In contrast, Mexico is affected by a double burden of malnutrition: whereas children under five present 14% of stunt, 30% of the adult population is obese. Also, more than 18% of the population cannot afford the basic food basket (food poverty). Using perception surveys, people reports important levels of food insecurity, which concentrates in seven states of the Mexican Federation. The production structure underlying these indicators shows a very heterogeneous landscape, which translates in to a low productivity growth across the last years. Food security being a multidimensional concept, to ensure food security for the Mexican population requires a revision and redesign of public productive and social policies, placing a particular focus on strengthening the mechanisms of institutional governance. PMID:25649459

  4. Security extensions to DICOM

    Science.gov (United States)

    Thiel, Andreas; Bernarding, Johannes; Schaaf, Thorsten; Bellaire, Gunter; Tolxdorff, Thomas

    1999-07-01

    To ensure the acceptance of telemedical applications several obstacles must be overcome: the transfer of huge amounts of data over heterogeneous hard- and software platforms must be optimized; extended data post-processing is often required; and data security must be taken into consideration; post- processing based on secured data exchange must retain the relationship between original and post-processed images. To analyze and solve these problems, applications of distributed medical services were integrated. Data transfer and management was based on the Digital Imaging and Communications (DICOM) standard. To account for platform- independence of remote users, a novel DICOM server and viewer as implemented in JAVA. Different DICOM-conform data security concepts were analyzed. Encryption of the complete data stream using secure socket layers as well as a partial encryption concepts were tested. The best result was attained by a DICOM-conform encryption of patient-relevant data. The implementation medical services, which used newly develop techniques of magnetic resonance imaging, allowed a much earlier diagnosis of the human brain infarct. The integrated data security enabled remote segmentation within the unsecured internet, followed by storing the data back into the secured network.

  5. Security systems engineering overview

    International Nuclear Information System (INIS)

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.)

  6. CHANGES IN THE SECURITY AGENDA: CRITICAL SECURITY STUDIES AND HUMAN SECURITY. THE CASE OF CHINA

    Directory of Open Access Journals (Sweden)

    Nguyen THI THUY HANG

    2012-06-01

    Full Text Available Since the end of the Cold War the meaning of security has fundamentally changed. Issues which are labeled as non-traditional security namely human development, economic crises, environmental degradation, natural disaster, poverty, epidemics… have become a crucial part of the security agenda. These changes have been intensified with the development of the two approaches: Critical Security Studies and Human Security. This article explores how the meaning of security has changed and how the boundaries between traditional and non-traditional security have become blurred. The case of China is taken as empirical evidence to support the assertion that security has evolved beyond its traditional focus on the state.

  7. Threats or threads: from usable security to secure experience

    DEFF Research Database (Denmark)

    Bødker, Susanne; Mathiasen, Niels Raabjerg

    2008-01-01

    mainly on adjusting user behavior to behave securely. With our background in newer HCI perspectives we address secure interaction from the perspective of security technology as experience. We analyze a number of collected user stories to understand what happens when everyday users encounter security...

  8. Security of radioactive sources

    International Nuclear Information System (INIS)

    Strengthening the security of radioactive sources is not a new issue for the IAEA, which has an international mandate in the protection against radiological situations caused by breaches in the security of radioactive sources. The IAEA is authorized by its Statute to establish pertinent international standards and to provide for their application at the request of a State and, jointly with other specialized agencies within the UN system, has set up international radiation protection and safety standards that include requirements on the security of radioactive sources. International security requirements are mandatory for IAEA operations but are not legally binding for Member States, which may however adopt them for use in their national regulations. For providing for the application of its international standards, the IAEA uses a variety of mechanisms -- including the performance of peer-review appraisals of the security situation in a requesting State and the provision of technical co-operation and education and training. The IAEA has also a mandate in the implementation of relevant obligations undertaken by States through international 'conventions', notably the conventions of notification of radiological emergencies and of emergency assistance, which would be applicable should such crises occur. Following a decision of its General Conference (as a result of an international conference on security organized by the IAEA jointly with Interpol, the WCO and the EC at Dijon in 1998), the IAEA has been implementing an international Action Plan covering the security of radioactive sources. Among other relevant actions, a non-binding 'Code of Conduct' for Sates has been adopted. An international conference of national authorities regulating the security of radioactive sources, convened by the IAEA in Buenos Aires in 2000, recommended an updating and strengthening of the Action Plan. The overall strategy is to ensure that significant radioactive sources are localized

  9. Database and applications security integrating information security and data management

    CERN Document Server

    Thuraisingham, Bhavani

    2005-01-01

    This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

  10. Security patterns in practice designing secure architectures using software patterns

    CERN Document Server

    Fernandez-Buglioni, Eduardo

    2013-01-01

    Learn to combine security theory and code to produce secure systems Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML. Provides

  11. Roadmap on optical security

    Science.gov (United States)

    Javidi, Bahram; Carnicer, Artur; Yamaguchi, Masahiro; Nomura, Takanori; Pérez-Cabré, Elisabet; Millán, María S.; Nishchal, Naveen K.; Torroba, Roberto; Fredy Barrera, John; He, Wenqi; Peng, Xiang; Stern, Adrian; Rivenson, Yair; Alfalou, A.; Brosseau, C.; Guo, Changliang; Sheridan, John T.; Situ, Guohai; Naruse, Makoto; Matsumoto, Tsutomu; Juvells, Ignasi; Tajahuerce, Enrique; Lancis, Jesús; Chen, Wen; Chen, Xudong; Pinkse, Pepijn W. H.; Mosk, Allard P.; Markman, Adam

    2016-08-01

    Information security and authentication are important challenges facing society. Recent attacks by hackers on the databases of large commercial and financial companies have demonstrated that more research and development of advanced approaches are necessary to deny unauthorized access to critical data. Free space optical technology has been investigated by many researchers in information security, encryption, and authentication. The main motivation for using optics and photonics for information security is that optical waveforms possess many complex degrees of freedom such as amplitude, phase, polarization, large bandwidth, nonlinear transformations, quantum properties of photons, and multiplexing that can be combined in many ways to make information encryption more secure and more difficult to attack. This roadmap article presents an overview of the potential, recent advances, and challenges of optical security and encryption using free space optics. The roadmap on optical security is comprised of six categories that together include 16 short sections written by authors who have made relevant contributions in this field. The first category of this roadmap describes novel encryption approaches, including secure optical sensing which summarizes double random phase encryption applications and flaws [Yamaguchi], the digital holographic encryption in free space optical technique which describes encryption using multidimensional digital holography [Nomura], simultaneous encryption of multiple signals [Pérez-Cabré], asymmetric methods based on information truncation [Nishchal], and dynamic encryption of video sequences [Torroba]. Asymmetric and one-way cryptosystems are analyzed by Peng. The second category is on compression for encryption. In their respective contributions, Alfalou and Stern propose similar goals involving compressed data and compressive sensing encryption. The very important area of cryptanalysis is the topic of the third category with two sections

  12. Modified Small Business Network Security

    Directory of Open Access Journals (Sweden)

    Md. Belayet Ali

    2012-02-01

    Full Text Available This paper covers some likely threats and effectivesteps for a secure small business. It also involves a flowchart tocomprehend the overall small business network security easilyand we identify a set of security issues and applyappropriate techniques to satisfy the correspondingsecurity requirements. In respect of all, this document isstrong enough for any small business network security.

  13. Secure Sessions for Web Services

    NARCIS (Netherlands)

    Bhargavan, K.; Corin, R.J.; Fournet, C.; Gordon, A.D.; Reiter, M.

    2007-01-01

    We address the problem of securing sequences of SOAP messages exchanged between web services and their clients. The WS-Security standard defines basic mechanisms to secure SOAP traffic, one message at a time. For typical web services, however, using WS-Security independently for each message is rath

  14. Secure Sessions for Web Services

    NARCIS (Netherlands)

    Bhargavan, K.; Corin, R.J.; Fournet, C.; Gordon, A.D.

    2004-01-01

    WS-Security provides basic means to secure SOAP traffic, one envelope at a time. For typical web services, however, using WS-Security independently for each message is rather inefficient; besides, it is often important to secure the integrity of a whole session, as well as each message. To this end,

  15. Security Planning in IT Systems

    OpenAIRE

    Radu CONSTANTINESCU

    2006-01-01

    Security planning is a necessity nowadays. Planning involves policies, controls, timetable and a continuing attention. Policies are the foundation of effective information security. Security policies challenge users to change the way they think about their own responsibility for protecting corporate information. The paper presents the compulsive elements of security planning.

  16. Considerations for Cloud Security Operations

    OpenAIRE

    Cusick, James

    2016-01-01

    Information Security in Cloud Computing environments is explored. Cloud Computing is presented, security needs are discussed, and mitigation approaches are listed. Topics covered include Information Security, Cloud Computing, Private Cloud, Public Cloud, SaaS, PaaS, IaaS, ISO 27001, OWASP, Secure SDLC.

  17. Securing Web Services using Service Token Security

    Directory of Open Access Journals (Sweden)

    Stelian Dumitra

    2014-06-01

    Full Text Available Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 Web services are distributed components that enable interaction of software componentsacross organizational boundaries. The main advantages of web services are related to the flexibility and versatility: they support a variety of architectures and are independent of platforms and models. Also, they can expose valuable data, applications and systems of organizations to a variety of external threats. Securing web services is one of the most important topics related to them. This paper describes the core web services specifications, the top threats facing web services and the security fundamentals. At the end of the paper is presented a custom authentication and authorization model (brokered authentication to ensure a robust protection, a model that shows how to authenticate and authorize callers to perform operations and how to access resources. This model uses the following frameworks/standards: Windows Identity Foundation (WIF to apply the principles of claims-based identity, Windows Communication Foundation (WCF, to develop services/client services and integrate with WIF, and Service Token Security (STS, to issue security tokens.The conclusions and the future proposed developments are presented in the end of the paper. /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso

  18. Securing Sovereignty by Governing Security through Markets

    OpenAIRE

    Leander, Anna

    2008-01-01

    On September 16 2007 the employees of the U.S. security firm Blackwater became involved in a shooting incidence in the Nisour Square in Baghdad. They were escorting a U.S. State Department delegation, which according to the firm, came under attack. According to by-standers, the Blackwater employees opened fire unprovoked, shooting in all directions and seemingly at anyone moving, including those trying to flee or help those wounded. 17 Iraqis civilians died in the incidence and at least twice...

  19. Security planning an applied approach

    CERN Document Server

    Lincke, Susan

    2015-01-01

    This book guides readers through building an IT security plan. Offering a template, it helps readers to prioritize risks, conform to regulation, plan their defense and secure proprietary/confidential information. The process is documented in the supplemental online security workbook. Security Planning is designed for the busy IT practitioner, who does not have time to become a security expert, but needs a security plan now. It also serves to educate the reader of a broader set of concepts related to the security environment through the Introductory Concepts and Advanced sections. The book serv

  20. Security models for heterogeneous networking.

    OpenAIRE

    Mapp, Glenford E.; Aiash, Mahdi; Lasebae, Aboubaker; Phan, Raphael

    2010-01-01

    Security for Next Generation Networks (NGNs) is an attractive topic for many research groups. The Y-Comm security group believes that a new security approach is needed to address the security challenges in 4G networks. This paper sheds light on our approach of providing security for the Y-Comm architecture as an example of 4G communication frameworks. Our approach proposes a four-layer security integrated module to protect data and three targeted security models to protect different network e...

  1. Asset protection through security awareness

    CERN Document Server

    Speed, Tyler Justin

    2011-01-01

    Introduction: What Is Information Security? Creating a Culture of Security Awareness Protecting Corporate Assets Protective MeasuresA Culture of Security AwarenessRemaining DynamicOverview of Security Awareness Categories Overview Industry StandardsPrivacy ConcernsPassword Management Credit Card Compliance (PCI) General File ManagementExamples of Security Regulations and LawsWho Is an IS Professional?Introduction Empowering Security Professionals Top-Down ApproachDiplomacyThe People Portion of Information SecurityThe IS SpecialistDiplomacy-The IS Professional's Best FriendEnd Users Are Great N

  2. Gross anatomy of network security

    Science.gov (United States)

    Siu, Thomas J.

    2002-01-01

    Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

  3. Telematics Based Security System

    Directory of Open Access Journals (Sweden)

    A.V.Prabu

    2011-05-01

    Full Text Available This paper describes a new way of providing security for objects; the object can either bea file or an automotive like car, etc. The method used for providing security to objects is by creating avirtual fence around the object in such a way that whenever the object is moved out of the fence it isconsidered as an event and the event is notified to the user. Encryption is one of the techniques forproviding security to objects, and the key used for encryption plays major role in providing security. Thispaper explains a new way of key generation which makes the file to be decrypted at the same location andby the same person (who knows the password where it is encrypted, and the decrypted file is deletedwhenever the fence is exited. This paper also explains a method for providing security to automobile bycreating a fence around the vehicle. The engine automatically locks whenever the fence is exited and whenthe vehicle is used by an unauthorized person.

  4. Indicators for energy security

    International Nuclear Information System (INIS)

    The concept of energy security is widely used, yet there is no consensus on its precise interpretation. In this research, we have provided an overview of available indicators for long-term security of supply (SOS). We distinguished four dimensions of energy security that relate to the availability, accessibility, affordability and acceptability of energy and classified indicators for energy security according to this taxonomy. There is no one ideal indicator, as the notion of energy security is highly context dependent. Rather, applying multiple indicators leads to a broader understanding. Incorporating these indicators in model-based scenario analysis showed accelerated depletion of currently known fossil resources due to increasing global demand. Coupled with increasing spatial discrepancy between consumption and production, international trade in energy carriers is projected to have increased by 142% in 2050 compared to 2008. Oil production is projected to become increasingly concentrated in a few countries up to 2030, after which production from other regions diversifies the market. Under stringent climate policies, this diversification may not occur due to reduced demand for oil. Possible benefits of climate policy include increased fuel diversity and slower depletion of fossil resources.

  5. Security bingo for administrators

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Have you ever thought about the security of your service(s) or system(s)? Show us and win one of three marvellous books on computer security! Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us at Computer.Security@cern.ch or P.O. Box G19710, by November 14th 2011.   Winners[1] must show us that they follow at least five good practices in a continuous horizontal row, vertical column or diagonal. For details on CERN Computer Security, please consult http://cern.ch/security. My service or system…   …is following a software development life-cycle. …is patched in an automatic and timely fashion. …runs a tightened local ingress/egress firewall. …uses CERN Single-Sign-On (SSO). …has physical access protections in place. …runs all processes / services / applications with least privileges. …has ...

  6. Biological and Chemical Security

    Energy Technology Data Exchange (ETDEWEB)

    Fitch, P J

    2002-12-19

    The LLNL Chemical & Biological National Security Program (CBNP) provides science, technology and integrated systems for chemical and biological security. Our approach is to develop and field advanced strategies that dramatically improve the nation's capabilities to prevent, prepare for, detect, and respond to terrorist use of chemical or biological weapons. Recent events show the importance of civilian defense against terrorism. The 1995 nerve gas attack in Tokyo's subway served to catalyze and focus the early LLNL program on civilian counter terrorism. In the same year, LLNL began CBNP using Laboratory-Directed R&D investments and a focus on biodetection. The Nunn-Lugar-Domenici Defense Against Weapons of Mass Destruction Act, passed in 1996, initiated a number of U.S. nonproliferation and counter-terrorism programs including the DOE (now NNSA) Chemical and Biological Nonproliferation Program (also known as CBNP). In 2002, the Department of Homeland Security was formed. The NNSA CBNP and many of the LLNL CBNP activities are being transferred as the new Department becomes operational. LLNL has a long history in national security including nonproliferation of weapons of mass destruction. In biology, LLNL had a key role in starting and implementing the Human Genome Project and, more recently, the Microbial Genome Program. LLNL has over 1,000 scientists and engineers with relevant expertise in biology, chemistry, decontamination, instrumentation, microtechnologies, atmospheric modeling, and field experimentation. Over 150 LLNL scientists and engineers work full time on chemical and biological national security projects.

  7. Energy and national security.

    Energy Technology Data Exchange (ETDEWEB)

    Karas, Thomas H.

    2003-09-01

    On May 19 and 20, 2003, thirty-some members of Sandia staff and management met to discuss the long-term connections between energy and national security. Three broad security topics were explored: I. Global and U.S. economic dependence on oil (and gas); II. Potential security implications of global climate change; and III. Vulnerabilities of the U.S. domestic energy infrastructure. This report, rather than being a transcript of the workshop, represents a synthesis of background information used in the workshop, ideas that emerged in the discussions, and ex post facto analysis of the discussions. Each of the three subjects discussed at this workshop has significant U.S. national security implications. Each has substantial technology components. Each appears a legitimate area of concern for a national security laboratory with relevant technology capabilities. For the laboratory to play a meaningful role in contributing to solutions to national problems such as these, it needs to understand the political, economic, and social environments in which it expects its work to be accepted and used. In addition, it should be noted that the problems of oil dependency and climate change are not amenable to solution by the policies of any one nation--even the one that is currently the largest single energy consumer. Therefore, views, concerns, policies, and plans of other countries will do much to determine which solutions might work and which might not.

  8. Medical Information Security

    Directory of Open Access Journals (Sweden)

    William C. Figg, Ph.D.

    2011-05-01

    Full Text Available Modern medicine is facing a complex environment, not from medical technology but rather governmentregulations and information vulnerability. HIPPA is the government’s attempt to protect patient’sinformation yet this only addresses traditional record handling. The main threat is from the evolvingsecurity issues. Many medical offices and facilities have multiple areas of information security concerns.Physical security is often weak, office personnel are not always aware of security needs and applicationsecurity and transmission protocols are not consistently maintained.Health insurance needs and general financial opportunity has created an emerging market in medicalidentity theft. Medical offices have the perfect storm of information collection, personal, credit, banking,health, and insurance. Thieves have realized that medical facilities have as much economic value asbanks and the security is much easier to crack. Mostly committed by insiders, medical identity theft is awell-hidden information crime. In spite of its covert nature, the catastrophic ramification to the victims isovert. This information crime involves stealing patients’ records to impersonate the patients in an effort ofobtaining health care services or claiming Medicare on the patients’ behalf. Unlike financial identity theft,there is a lack of recourse for the victims to recover from damages. Medical identity theft undermines thequality of health care information systems and enervates the information security of electronic patientrecord.

  9. Conceptualizing energy security

    International Nuclear Information System (INIS)

    Energy security is one of the main targets of energy policy. However, the term has not been clearly defined, which makes it hard to measure and difficult to balance against other policy objectives. We review the multitude of definitions of energy security. They can be characterized according to the sources of risk, the scope of the impacts, and the severity filters in the form of the speed, size, sustention, spread, singularity and sureness of impacts. Using a stylized case study for three European countries, we illustrate how the selection of conceptual boundaries along these dimensions determines the outcome. This can be avoided by more clearly separating between security of supply and other policy objectives. This leads us to the definition of energy security as the continuity of energy supplies relative to demand. - Highlights: ► The widest energy security concept includes all risks that are caused by or have an impact on the energy supply chain. ► Authors narrow this down by choosing different risk sources, impact measures and subjective severity filters in their definitions. ► The selection of conceptual boundaries determines outcome of quantitative studies.

  10. A secure open system?

    Science.gov (United States)

    Crowe, James A.

    1993-08-01

    The notion of a large distributed computing system in support of a program like EOSDIS, carries with it the requirement that the system provide the user with guarantees about the integrity of the data and certain assurances about the security of the network of computing systems. This paper examines the challenges of providing a `secure' open system and how these challenges may be addressed from both an architectural as well as functional viewpoint. The role of discretionary access control, mandatory access control, and detection and control of computer viruses is discussed. It has often been observed that the role of the security engineer is one of restricting access to data, whereas the role of the system architect, of an open system that is encouraging research, should make data easy to obtain and utilize. This paradox is manifest in a system such a EOSDIS where to be useful, the systems data must be easy to obtain, but to ensure the integrity of the data it must exercise some level of security. This paper address the use and role of the Security Services of the OSF Distributed Computing Environment in support of networked applications, such as those that may be used in the implementation of the EOS Science Network. It further examines the role of mandatory access control mechanisms to provide data integrity guarantees. The paper further discusses how a system like EOSDIS may prevent computer viruses using a system of automated detection mechanisms and configuration control.

  11. Diasporic security and Jewish identity.

    OpenAIRE

    Baron, Ilan Zvi

    2014-01-01

    This paper explores the relationship between identity and security through an investigation into Jewish diasporic identity. The paper argues that the convention of treating identity as an objective referent of security is problematic, as the Jewish diaspora experience demonstrates. The paper presents a new way of conceptualizing identity and security by introducing the concept of diasporic security. Diasporic security reflects the geographical experience of being a member of a trans-state com...

  12. Security Dynamics of Cloud Computing

    OpenAIRE

    Khaled M. Khan

    2009-01-01

    This paper explores various dimensions of cloud computing security. It argues that security concerns of cloud computing need to be addressed from the perspective of individual stakeholder. Security focuses of cloud computing are essentially different in terms of its characteristics and business model. Conventional way of viewing as well as addressing security such as ‘bolting-in’ on the top of cloud computing may not work well. The paper attempts to portray the security spectrum necessary for...

  13. Evaluation of Linux Security Frameworks

    OpenAIRE

    Karlsson, Erik

    2010-01-01

      The number of threats to computers attached to networks continually increases. The focus of preventing security exploits has been on the network, while local exploits has been mostly overlooked. Many security problems in Unix systems stem from the way security is managed; by delegating all security decisions to object owners. There are a number of security frameworks which aim to remedy this in Linux by restricting access to kernel objects, such as files. Ericsson is interested in finding t...

  14. Do job security guarantees work?

    OpenAIRE

    Bryson, Alex; Cappellari, Lorenzo; Lucifora, Claudio

    2004-01-01

    We investigate the effect of employer job security guarantees on employee perceptions of job security. Using linked employer-employee data from the 1998 British Workplace Employee Relations Survey, we find job security guarantees reduce employee perceptions of job insecurity. This finding is robust to endogenous selection of job security guarantees by employers engaging in organisational change and workforce reductions. Furthermore, there is no evidence that increased job security through job...

  15. VMware vCloud security

    CERN Document Server

    Sarkar, Prasenjit

    2013-01-01

    VMware vCloud Security provides the reader with in depth knowledge and practical exercises sufficient to implement a secured private cloud using VMware vCloud Director and vCloud Networking and Security.This book is primarily for technical professionals with system administration and security administration skills with significant VMware vCloud experience who want to learn about advanced concepts of vCloud security and compliance.

  16. Maritime security laboratory for maritime security research

    Science.gov (United States)

    Bunin, Barry J.; Sutin, Alexander; Bruno, Michael S.

    2007-04-01

    Stevens Institute of Technology has established a new Maritime Security Laboratory (MSL) to facilitate advances in methods and technologies relevant to maritime security. MSL is designed to enable system-level experiments and data-driven modeling in the complex environment of an urban tidal estuary. The initial focus of the laboratory is on the threats posed by divers and small craft with hostile intent. The laboratory is, however, evolvable to future threats as yet unidentified. Initially, the laboratory utilizes acoustic, environmental, and video sensors deployed in and around the Hudson River estuary. Experimental data associated with boats and SCUBA divers are collected on a computer deployed on board a boat specifically designed and equipped for these experiments and are remotely transferred to a Visualization Center on campus. Early experiments utilizing this laboratory have gathered data to characterize the relevant parameters of the estuary, acoustic signals produced by divers, and water and air traffic. Hydrophones were deployed to collect data to enable the development of passive acoustic methodologies for maximizing SCUBA diver detection distance. Initial results involving characteristics of the estuary, acoustic signatures of divers, ambient acoustic noise in an urban estuary, and transmission loss of acoustic signals in a wide frequency band are presented. These results can also be used for the characterization of abnormal traffic and improvement of underwater communication in a shallow water estuary.

  17. Computer Security: professionalism in security, too

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    At CERN, we apply a great deal of dedication and professionalism to all the work we do. This is necessary because of the complexity and sophistication of the devices we deal with. However, when it comes to computer security, we can all agree that there is room for improvement.   In some cases, we’ve observed devices that are connected to our Intranet networks without the adequate level of protection. Also, in order to allow it to be disseminated easily with peers, information is often disclosed on public webpages, sometimes without appropriate consideration of important security-related aspects. Program code is lost due to a lack of proper version control or the use of central storage systems. Systems are brought down by “finger trouble”, confusing the right and wrong IP addresses. Software or system development is done directly on production devices, impinging on their proper operation up to the point where the system grinds to a halt. Applications full of useful fe...

  18. Network security defence methods in IHEP

    International Nuclear Information System (INIS)

    This article is about the network security defence method and technique at IHEP. Including: the experience, research result and application in network outlet security, server security, local network security, network security monitoring and collecting evidence, anti-virus etc

  19. Computer Security: Security operations at CERN (4/4)

    CERN Document Server

    CERN. Geneva

    2012-01-01

    Stefan Lueders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and infrastructure control systems against cyber-threats. Subsequently, he joined the CERN Computer Security Incident Response Team and is today heading this team as CERN's Computer Security Officer with the mandate to coordinate all aspects of CERN's computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN's operational needs. Dr. Lueders has presented on these topics at many different occasions to international bodies, governments, and companies, and published several articles. With the prevalence of modern information technologies and...

  20. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriat...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development.......When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...

  1. Design of secure operating systems with high security levels

    Institute of Scientific and Technical Information of China (English)

    QING SiHan; SHEN ChangXiang

    2007-01-01

    Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality,integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated.Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.

  2. Dying for Security

    Directory of Open Access Journals (Sweden)

    Bruce Buchan

    2011-03-01

    Full Text Available If political statements and media coverage are any guide, it seems Australians today are dying for security. At no other moment in our history has the spectre of war and terrorism so haunted popular, political and scholarly perceptions of Australia’s colonial past and of its geopolitical future. And yet, debates over colonial war or genocide and contemporary terrorism have been conducted in more or less complete isolation. In this article I argue that our contemporary obsession with ‘security’ is premised on the perennial threat of ‘insecurity’. This is the problem of in/security, and it has played a central role in the development of Western political thought. More importantly, its formulation in Western political thought provided a powerful justification for the violence of the early decades of Australia’s colonisation during which Indigenous Australians could also be said to have been dying for security.

  3. Dying for security

    Directory of Open Access Journals (Sweden)

    Buchan, Bruce

    2011-01-01

    Full Text Available If political statements and media coverage are any guide, it seems Australians today are dying for security. At no other moment in our history has the spectre of war and terrorism so haunted popular, political and scholarly perceptions of Australia’s colonial past and of its geopolitical future. And yet, debates over colonial war or genocide and contemporary terrorism have been conducted in more or less complete isolation. In this article I argue that our contemporary obsession with ‘security’ is premised on the perennial threat of ‘insecurity’. This is the problem of in/security, and it has played a central role in the development of Western political thought. More importantly, its formulation in Western political thought provided a powerful justification for the violence of the early decades of Australia’s colonisation during which Indigenous Australians could also be said to have been dying for security.

  4. What Price Security?

    Directory of Open Access Journals (Sweden)

    Donald C. Masters

    2009-01-01

    Full Text Available This article presents a critique of the Copenhagen Consensus Center's(CCC exhaustive study on transnational terrorism, published in 2008.The implications of this study are controversial, yet highly relevant in today's economic environment. The Obama administration must come toterms with fiscal realities that will challenge budget priorities and invigorate what will undoubtedly prove to be tough negotiations on Capitol Hill for homeland security dollars. It is proposed here that standard economic tools such as benefit cost analysis, cost effectiveness criteria, and simulation models can help identify areas where security can be either extended or improved using fewer resources. Greater movement towards competitive procurement practices will also result in lower costs and higher returns on security investments.

  5. Ethics and European security

    Energy Technology Data Exchange (ETDEWEB)

    Paskins, B.

    1986-01-01

    The alliance between the United States and her NATO partners has been strained severely in the last few years. American perceptions of European disloyalty and European impressions of American assertiveness and lack of judgment have played a large part in generating tensions between the allies and emphasising the new peace movements. This book is an attempt to develop a broader understanding of the problem of European security based on Christian ethics. There are disagreements and differences of emphasis among the contributors but they have in common the view that an exclusive preoccupation with the military dimension is damagingly one-sided. Instead the contributors argue that moral and theological concerns are a vital part of the politics and mechanics of European security and must be incorporated in any effort to devise new policies for security in Europe and the West.

  6. Port and Harbor Security

    Energy Technology Data Exchange (ETDEWEB)

    Saito, T; Guthmuller, H; DeWeert, M

    2004-12-15

    Port and Harbor Security is a daunting task to which optics and photonics offers significant solutions. We are pleased to report that the 2005 Defense and Security Symposium (DSS, Orlando, FL) will include reports on active and passive photonic systems operating from both airborne and subsurface platforms. In addition to imaging techniques, there are various photonic applications, such as total internal reflection fluorescence (TIRF), which can be used to ''sniff'' for traces of explosives or contaminants in marine. These non-imaging technologies are beyond the scope of this article, but will also be represented at DSS 2005. We encourage colleagues to join our technical group to help us to make our ports and harbors safer and more secure.

  7. Machine Learning for Security

    CERN Document Server

    CERN. Geneva

    2015-01-01

    Applied statistics, aka ‘Machine Learning’, offers a wealth of techniques for answering security questions. It’s a much hyped topic in the big data world, with many companies now providing machine learning as a service. This talk will demystify these techniques, explain the math, and demonstrate their application to security problems. The presentation will include how-to’s on classifying malware, looking into encrypted tunnels, and finding botnets in DNS data. About the speaker Josiah is a security researcher with HP TippingPoint DVLabs Research Group. He has over 15 years of professional software development experience. Josiah used to do AI, with work focused on graph theory, search, and deductive inference on large knowledge bases. As rules only get you so far, he moved from AI to using machine learning techniques identifying failure modes in email traffic. There followed digressions into clustered data storage and later integrated control systems. Current ...

  8. Social Influence for Security

    Directory of Open Access Journals (Sweden)

    Florin Iftode

    2014-08-01

    Full Text Available The main aim of this work marks the reveling of scientific premises intended to structure the issue of social influence for security. The approach has as aim the identification of those elements that define and characterize the social influence in order to manage conflict, from the perspective of public communication. The proposed approach establishes some synthetic, clear boundaries through the method of research and analysis of the concept of security, social influence, revealing the specifics of public communication in conflict management.

  9. Security of sensor networks

    OpenAIRE

    Teo, Hong-Siang

    2006-01-01

    This thesis discusses the security of sensor networks. First, an overview of the security architectures of two dominant implementations of sensor networks in the market today is presented: the TinyOS stack and the IEEE 802.15.4 stack. Their similarities and differences are explored and their strength and limitations are discussed. Where applicable, comparisons are made with IEEE 802.11 Wireless LAN to highlight improvements and lessons learned. It is pointed out that in general, IEEE 802.15.4...

  10. E-commerce security

    OpenAIRE

    Giri, Bimal

    2013-01-01

    With the ever increasing cyber threats and the rapid expansion of e-commerce globally, the security of the Internet and e-commerce in general will become more paramount. The aim of the thesis is to find out the current e-commerce user perception regarding online transaction and security issues in e-commerce from the user’s perspective. The research is divided into two parts. Firstly, the research tries to find out current e-commerce user’s perception. The social media (Facebook) has been appl...

  11. Towards Sustainable Nuclear Security

    International Nuclear Information System (INIS)

    The paper has three parts. It will first of all briefly trace the development of the current threat of nuclear terrorism that has created the need for a global capability in nuclear security, focusing on radioactive sources. It will then briefly assess the work that has been done internationally, by the IAEA, States and others to meet the threat. Having outlined the need for security of radioactive sources, the final and main part will propose ways of ensuring that the global capability can be assured into the future. (author)

  12. Security electronics circuits manual

    CERN Document Server

    MARSTON, R M

    1998-01-01

    Security Electronics Circuits Manual is an invaluable guide for engineers and technicians in the security industry. It will also prove to be a useful guide for students and experimenters, as well as providing experienced amateurs and DIY enthusiasts with numerous ideas to protect their homes, businesses and properties.As with all Ray Marston's Circuits Manuals, the style is easy-to-read and non-mathematical, with the emphasis firmly on practical applications, circuits and design ideas. The ICs and other devices used in the practical circuits are modestly priced and readily available ty

  13. Drones InSecurity

    OpenAIRE

    Kramer, Manuel; Schmeisser, Martin

    2015-01-01

    This project is about testing the security of casual/commercial drones. For this, we tested drones from the company Parrot, but the conclusions apply to all drones based on WiFi controllers. To test drones security, the project was divided in two parts. The first part is stream sniffing. This means capturing the video stream that a drone transmits to its connected user and afterwards reconstructing it, to see the actual video footage. The second part of the project is the hi- jacking of drone...

  14. Secure cloud computing

    CERN Document Server

    Jajodia, Sushil; Samarati, Pierangela; Singhal, Anoop; Swarup, Vipin; Wang, Cliff

    2014-01-01

    This book presents a range of cloud computing security challenges and promising solution paths. The first two chapters focus on practical considerations of cloud computing. In Chapter 1, Chandramouli, Iorga, and Chokani describe the evolution of cloud computing and the current state of practice, followed by the challenges of cryptographic key management in the cloud. In Chapter 2, Chen and Sion present a dollar cost model of cloud computing and explore the economic viability of cloud computing with and without security mechanisms involving cryptographic mechanisms. The next two chapters addres

  15. Nuclear security culture

    International Nuclear Information System (INIS)

    By document referenced GOV/2001/41 of the 15th of August 2001, the Board of Governors of the IAEA ratified twelve fundamental principles of physical protection of nuclear material and nuclear facilities. These principles will be integrated in the future revision of the International Convention on Physical Protection of Nuclear Material. The fundamental principle F proposes a definition of security culture and recommends that its implementation and its maintenance are a priority in the concerned organizations. It thus appears necessary to specify the concept of security culture. (author)

  16. Enterprise security IT security solutions : concepts, practical experiences, technologies

    CERN Document Server

    Fumy, Walter

    2013-01-01

    Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr

  17. Enterprise Mac Security Mac OS X Snow Leopard Security

    CERN Document Server

    Edge, Stephen Charles; Hunter, Beau; Sullivan, Gene; LeBlanc, Dee-Ann

    2010-01-01

    A common misconception in the Mac community is that Mac's operating system is more secure than others. While this might be true in certain cases, security on the Mac is still a crucial issue. When sharing is enabled or remote control applications are installed, Mac OS X faces a variety of security threats. Enterprise Mac Security: Mac OS X Snow Leopard is a definitive, expert-driven update of the popular, slash-dotted first edition and was written in part as a companion to the SANS Institute course for Mac OS X. It contains detailed Mac OS X security information, and walkthroughs on securing s

  18. Process Expression of Security Automaton

    Institute of Scientific and Technical Information of China (English)

    2007-01-01

    Security is an essential aspect for mobile systems. Usually, mobile system modeling and its security policies specification are realized in different techniques. So when constructed a mobile system using formal methods it is difficult to verify if the system comply with any given security policies. A method was introduced to express security automata which specifying enforceable security policies as processes in an extended π-calculus. In this extended π-calculus, an exception termination process was introduced, called bad. Any input which violating a security automaton will correspond to a step of transformation of the process that specifying the security automaton to exception termination process. Our method shows that any security automata which specifying enforceable security policies would decide a process in the extended π-calculus.

  19. Web security a whitehat perspective

    CERN Document Server

    Wu, Hanqing

    2015-01-01

    MY VIEW OF THE SECURITY WORLDView of the IT Security WorldBrief History of Web SecurityBrief History of Chinese HackersDevelopment Process of Hacking TechniquesRise of Web SecurityBlack Hat, White HatBack to Nature: The Essence of Secret SecuritySuperstition: There Is No Silver BulletSecurity Is an Ongoing ProcessSecurity ElementsHow to Implement Safety AssessmentAsset ClassificationThreat AnalysisRisk AnalysisDesign of Security ProgramsArt of War of White HatPrinciples of Secure by DefaultBlacklist, WhitelistPrinciple of Least PrivilegePrinciple of Defense in DepthPrinciples of Data and Code

  20. Miniatlas of Human Security

    OpenAIRE

    World Bank, (WB); Human Security Report Project

    2008-01-01

    An at-a-glance illustrated guide to global and regional trends in human insecurity, the miniAtlas provides a succinct introduction to today's most pressing security challenges. It maps political violence, the links between poverty and conflict, assaults on human rights including the use of child soldiers and the causes of war and peace.

  1. Computer Science Security

    OpenAIRE

    Ocotlan Diaz-Parra; Ruiz-Vanoye, Jorge A.; Barrera-Cámara, Ricardo A.; Alejandro Fuentes-Penna; Natalia Sandoval

    2014-01-01

    Soft Systems Methodology (SSM) is a problem-solving methodology employing systems thinking. SSM has been applied to the management, planning, health and medical systems, information systems planning, human resource management, analysis of the logistics systems, knowledge management, project management, construction management and engineering, and development of expert systems. This paper proposes using SSM for strategic planning of Enterprise Computer Security.

  2. Application Security Automation

    Science.gov (United States)

    Malaika, Majid A.

    2011-01-01

    With today's high demand for online applications and services running on the Internet, software has become a vital component in our lives. With every revolutionary technology comes challenges unique to its characteristics; for online applications, security is one huge concern and challenge. Currently, there are several schemes that address…

  3. Politics, Security, Theory

    DEFF Research Database (Denmark)

    Wæver, Ole

    2011-01-01

    distinct from both the study of political practices of securitization and explorations of competing concepts of politics among security theories. It means tracking what kinds of analysis the theory can produce and whether such analysis systematically impacts real-life political struggles. Securitization...

  4. Identity Security Awareness

    OpenAIRE

    Philipsen, Nayna C.

    2004-01-01

    Identity theft is an increasing concern when organizations, businesses, and even childbirth educators ask for a client's Social Security number for identification purposes. In this column, the author suggests ways to protect one's identity and, more importantly, decrease the opportunities for identity theft.

  5. Attachment Security and Pain

    DEFF Research Database (Denmark)

    Andersen, Tonny Elmose; Lahav, Yael; Defrin, Ruth;

    2015-01-01

    The present study assesses for the first time, the possible disruption effect of posttraumatic stress symptoms (PTSS) with regard to the protective role of attachment on pain, among ex-POWs. While secure attachment seems to serve as a buffer, decreasing the perception of pain, this function may be...

  6. Security for Mobility

    DEFF Research Database (Denmark)

    Nielson, Hanne Riis; Nielson, Flemming; Buchholtz, Mikael

    2004-01-01

    We show how to use static analysis to provide information about security issues related to mobility. First the syntax and semantics of Mobile Ambients is reviewed and we show how to obtain a so-called 0CFA analysis that can be implemented in polynomial time. Next we consider discretionary access...

  7. Biometric Template Security

    Directory of Open Access Journals (Sweden)

    Abhishek Nagar

    2008-03-01

    Full Text Available Biometric recognition offers a reliable solution to the problem of user authentication in identity management systems. With the widespread deployment of biometric systems in various applications, there are increasing concerns about the security and privacy of biometric technology. Public acceptance of biometrics technology will depend on the ability of system designers to demonstrate that these systems are robust, have low error rates, and are tamper proof. We present a high-level categorization of the various vulnerabilities of a biometric system and discuss countermeasures that have been proposed to address these vulnerabilities. In particular, we focus on biometric template security which is an important issue because, unlike passwords and tokens, compromised biometric templates cannot be revoked and reissued. Protecting the template is a challenging task due to intrauser variability in the acquired biometric traits. We present an overview of various biometric template protection schemes and discuss their advantages and limitations in terms of security, revocability, and impact on matching accuracy. A template protection scheme with provable security and acceptable recognition performance has thus far remained elusive. Development of such a scheme is crucial as biometric systems are beginning to proliferate into the core physical and information infrastructure of our society.

  8. Transatlantic Homeland Security

    DEFF Research Database (Denmark)

    Dalgaard-Nielsen, Anja; Hamilton, Daniel

    This major new study presents both conceptual and practical guidance at a crucial time when intellectual and practical efforts to protect against the new terrorism should move beyond a purely domestic focus. Creating an effective and integrated national homeland security effort is a significant...

  9. Security Situation in Afghanistan

    Institute of Scientific and Technical Information of China (English)

    Fang Jinying

    2006-01-01

    @@ Since the beginning of 2006, the Taliban has intensified its attacks in Afghanistan in various forms, especially in the south.The U.S.-led coalition forces, the NATO-led International Security Assistance Force (ISAF) , and the Afghan Army found themselves constantly be the victims of ambushes, suicide bombings, and roadside blasts.

  10. CYBER SECURITY FOR AIRPORTS

    Directory of Open Access Journals (Sweden)

    Kasthurirangan Gopalakrishnan

    2013-12-01

    Full Text Available In today’s information age, government organizations and business enterprises are heavily relying on interconnected computer systems to manage a variety of public services including energy, transportation, water, etc. While this increased connectivity has many operational advantages benefitting the public, they have also become vulnerable to cyber attacks such as Corporate Security Breaches, Spear Phishing, and Social Media Fraud. The aviation sector is one the critical infrastructure systems that is not only vulnerable to physical threats, but also cyber threats, especially with the increased use of Bring Your Own Device (BYOD at airports. It has been recognized that there is currently no cyber security standards established for airports in the United States as the existing standards have mainly focused on aircraft Control System (CS. This paper summarizes the need, background, ongoing developments and research efforts with respect to the establishment of cyber-security standards and best practices at U.S. airports with special emphasis on cyber security education and literacy.

  11. Concepts of Human Security

    NARCIS (Netherlands)

    D.R. Gasper (Des)

    2011-01-01

    markdownabstract__Abstract__ Concepts of human security have been debated and disputed at length during the past twenty years or more. Many lists of definitions exist and various comparative analyses of definitions.1 These reveal not a single concept but a family with many variants, all of which mi

  12. Cryptographic Combinatorial Securities Exchanges

    Science.gov (United States)

    Thorpe, Christopher; Parkes, David C.

    We present a useful new mechanism that facilitates the atomic exchange of many large baskets of securities in a combinatorial exchange. Cryptography prevents information about the securities in the baskets from being exploited, enhancing trust. Our exchange offers institutions who wish to trade large positions a new alternative to existing methods of block trading: they can reduce transaction costs by taking advantage of other institutions’ available liquidity, while third party liquidity providers guarantee execution—preserving their desired portfolio composition at all times. In our exchange, institutions submit encrypted orders which are crossed, leaving a “remainder”. The exchange proves facts about the portfolio risk of this remainder to third party liquidity providers without revealing the securities in the remainder, the knowledge of which could also be exploited. The third parties learn either (depending on the setting) the portfolio risk parameters of the remainder itself, or how their own portfolio risk would change if they were to incorporate the remainder into a portfolio they submit. In one setting, these third parties submit bids on the commission, and the winner supplies necessary liquidity for the entire exchange to clear. This guaranteed clearing, coupled with external price discovery from the primary markets for the securities, sidesteps difficult combinatorial optimization problems. This latter method of proving how taking on the remainder would change risk parameters of one’s own portfolio, without revealing the remainder’s contents or its own risk parameters, is a useful protocol of independent interest.

  13. Secured Ontology Mapping

    Directory of Open Access Journals (Sweden)

    Manjula Shenoy.K

    2012-11-01

    Full Text Available Today’s market evolution and high volatility of business requirements put an increasing emphasis on theability for systems to accommodate the changes required by new organizational needs while maintainingsecurity objectives satisfiability. This is all the more true in case of collaboration and interoperabilitybetween different organizations and thus between their information systems. Ontology mapping has beenused for interoperability and several mapping systems have evolved to support the same. Usual solutionsdo not take care of security. That is almost all systems do a mapping of ontologies which are unsecured.We have developed a system for mapping secured ontologies using graph similarity concept. Here we giveno importance to the strings that describe ontology concepts ,properties etc. Because these strings may beencrypted in the secured ontology. Instead we use the pure graphical structure to determine mappingbetween various concepts of given two secured ontologies. The paper also gives the measure of accuracyof experiment in a tabular form in terms of precision, recall and F-measure.

  14. Security Tools: cops & tiger

    OpenAIRE

    Lehle, Bernd; Reutter, Oliver

    1996-01-01

    Nachdem in der vorletzten BI.-Ausgabe SATAN als Security Check Tool für komplette Netzwerke vorgestellt wurde, kommen nun zwei 'Kollegen' an die Reihe, die einzelne Rechner lokal auf Sicherheitslöcher testen. Insbesondere wollen wir hier auch Wert auf die Einschätzung dieser Tools legen und Einsatzrichtlinien für den Gebrauch in typischen Arbeitsumgebungen vorstellen.

  15. Mastering Mobile Security

    Science.gov (United States)

    Panettieri, Joseph C.

    2007-01-01

    Without proper security, mobile devices are easy targets for worms, viruses, and so-called robot ("bot") networks. Hackers increasingly use bot networks to launch massive attacks against eCommerce websites--potentially targeting one's online tuition payment or fundraising/financial development systems. How can one defend his mobile systems against…

  16. Collusion Secure Fingerprint Watermarking

    OpenAIRE

    Schäfer, Marcel

    2016-01-01

    Identifying perpetrators via watermarking technology has proven of value in media copyright infringements. To enable tracing back unauthorizedly re-distributed media copies that were manipulated by a collusion attack, collusion secure fingerprinting codes are embedded into the copies via watermarking technology. Fingerprinting codes are mathematical codes designed to resist collusion attacks by means of probabilistically generated codewords and suitable tracing algorithms. However, embedd...

  17. Metaphors for cyber security.

    Energy Technology Data Exchange (ETDEWEB)

    Moore, Judy Hennessey; Parrott, Lori K.; Karas, Thomas H.

    2008-08-01

    This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a variety of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health).

  18. Gaming security by obscurity

    NARCIS (Netherlands)

    Pavlovic, Dusko

    2011-01-01

    Shannon sought security against the attacker with unlimited computational powers: if an information source conveys some information, then Shannon's attacker will surely extract that information. Diffie and Hellman refined Shannon's attacker model by taking into account the fact that the real attacke

  19. Gaming security by obscurity

    NARCIS (Netherlands)

    Pavlovic, Dusko

    2011-01-01

    Shannon [40] sought security against the attacker with unlimited computational powers: if an information source conveys some information, then Shannon’s attacker will surely extract that information. Diffie and Hellman [13] refined Shannon’s attacker model by taking into account the fact that the re

  20. Security for Mobility

    DEFF Research Database (Denmark)

    Nielson, Hanne Riis; Nielson, Flemming; Buchholtz, Mikael

    2002-01-01

    We show how to use static analysis to provide information about security issues related to mobility. First the syntax and semantics of Mobile Ambients is reviewed and we show how to obtain a so-called 0CFA analysis that can be implemented in polynomial time. Next we consider discretionary access...

  1. Securing Major Events

    International Nuclear Information System (INIS)

    When asked why the IAEA should provide nuclear security support to countries that organize large public events, Nuclear Security Officer Sophia Miaw answers quickly and without hesitation. ''Imagine any major public event such as the Olympics, a football championship, or an Expo. If a dirty bomb were to be exploded at a site where tens of thousands of people congregate, the radioactive contamination would worsen the effects of the bomb, increase the number of casualties, impede a rapid emergency response, and cause long term disruption in the vicinity,'' she said. Avoiding such nightmarish scenarios is the driving purpose behind the assistance the IAEA offers States that host major sporting or other public events. The support can range from a single training course to a comprehensive programme that includes threat assessment, training, loaned equipment and exercises. The type and scope of assistance depends on the host country's needs. ''We incorporate nuclear security measures into their security plan. We don't create anything new,'' Miaw said

  2. Unconditionally Secure Quantum Signatures

    Directory of Open Access Journals (Sweden)

    Ryan Amiri

    2015-08-01

    Full Text Available Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols—signatures based on the Rivest–Adleman–Shamir (RSA algorithm, the digital signature algorithm (DSA, and the elliptic curve digital signature algorithm (ECDSA—are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.

  3. Securing smart grid technology

    Science.gov (United States)

    Chaitanya Krishna, E.; Kosaleswara Reddy, T.; Reddy, M. YogaTeja; Reddy G. M., Sreerama; Madhusudhan, E.; AlMuhteb, Sulaiman

    2013-03-01

    In the developing countries electrical energy is very important for its all-round improvement by saving thousands of dollars and investing them in other sector for development. For Growing needs of power existing hierarchical, centrally controlled grid of the 20th Century is not sufficient. To produce and utilize effective power supply for industries or people we should have Smarter Electrical grids that address the challenges of the existing power grid. The Smart grid can be considered as a modern electric power grid infrastructure for enhanced efficiency and reliability through automated control, high-power converters, modern communications infrastructure along with modern IT services, sensing and metering technologies, and modern energy management techniques based on the optimization of demand, energy and network availability and so on. The main objective of this paper is to provide a contemporary look at the current state of the art in smart grid communications as well as critical issues on smart grid technologies primarily in terms of information and communication technology (ICT) issues like security, efficiency to communications layer field. In this paper we propose new model for security in Smart Grid Technology that contains Security Module(SM) along with DEM which will enhance security in Grid. It is expected that this paper will provide a better understanding of the technologies, potential advantages and research challenges of the smart grid and provoke interest among the research community to further explore this promising research area.

  4. Computer Science Security

    Directory of Open Access Journals (Sweden)

    Ocotlan Diaz-Parra

    2014-01-01

    Full Text Available Soft Systems Methodology (SSM is a problem-solving methodology employing systems thinking. SSM has been applied to the management, planning, health and medical systems, information systems planning, human resource management, analysis of the logistics systems, knowledge management, project management, construction management and engineering, and development of expert systems. This paper proposes using SSM for strategic planning of Enterprise Computer Security.

  5. Network security using honeypot

    OpenAIRE

    Sahraie Kalejahi, Masumeh

    2005-01-01

    We always hear news about hacker's being arrested or a group of internet saboteurs discovered. Hacking techniques have improved to the point that little or no traces of unauthorized access is left. Computer security experts often use a tool called honeypot to entrap intruders. The present paper outlines honeypot techniques, its variants and various technologies applied to this effect.

  6. Security of learning management systems

    OpenAIRE

    Demirci, Yılmaz

    2013-01-01

    ABSTRACT: In this thesis I discuss the security issues of the Moodle Learning Management System. Therefore first the security vulnerabilities of web applications in general are discussed and then the security risks of Moodle and its solutions are presented. Furthermore a complete step-by-step installation guideline is proposed in order to create a Moodle installation with maximum security. Keywords: Moodle, security of Moodle, security risks of 2013. …………………………………………………………………………………………...

  7. The Extended Concept of Security and the Czech Security Practice

    OpenAIRE

    Libor Stejskal; Antonín Rašek; Miloš Balabán

    2008-01-01

    According to the extended concept of security, the nation state is no longer the sole privileged reference object of security. The traditional model of national security is developing from military terms to a broader concept which embraces the international, economic, social, environmental, and human rights dimensions of security. The meaning and relevance of the concept is being extended “upwards”, to international organisations, and “downwards”, to regional and local authorities, non-govern...

  8. Social Infrastructure for Hometown Security: Advancing the Homeland Security Paradigm

    OpenAIRE

    Bach, Robert; Kaufman, David J.

    2009-01-01

    This article appeared in Homeland Security Affairs (May 2009), v.5 no.2 The nation's homeland security strategy calls on federal, state, and local governments, businesses, communities and individuals across the country to work together to achieve a shared vision of a secure way of life. Yet true involvement on the part of individual citizens remains elusive, due largely to a misdiagnosis of the way the American people experience homeland security practices, inappropriate application of bor...

  9. Secure Scrum: Development of Secure Software with Scrum

    OpenAIRE

    Pohl, Christoph; Hof, Hans-Joachim

    2015-01-01

    Nowadays, the use of agile software development methods like Scrum is common in industry and academia. Considering the current attacking landscape, it is clear that developing secure software should be a main concern in all software development projects. In traditional software projects, security issues require detailed planning in an initial planning phase, typically resulting in a detailed security analysis (e.g., threat and risk analysis), a security architecture, and instructions for secu...

  10. Development and analysis of security policies in security enhanced Android

    OpenAIRE

    Rimando, Ryan A.

    2012-01-01

    This thesis examines Security Enhanced Android. Both its policy and its additional security features are explored. The policy is examined in depth, providing a better understanding of the security provided by SE Android. We analyze the default SE Android policy. We identify a potential weakness and change the policy to facilitate control over communication channels. A proof-of-concept set of applications is developed to demonstrate how SE Android can be used to improve application security. T...

  11. Security and Reliability Requirements for Advanced Security Event Management

    OpenAIRE

    RIEKE, Roland; COPPOLINO, Luigi; Hutchinson, Andrew; PRIETO, Elsa; Gaber, Chrystel

    2012-01-01

    This paper addresses security information management in complex application scenarios. Security Information and Event Management (SIEM) systems collect and examine security related events, with the goal of providing a unified view of the monitored systems' security status. While various SIEMs are in production, there is scope to extend the capability and resilience of these systems. The use of SIEM technology in four disparate scenario areas is used in this paper as a catalyst for the develop...

  12. Security and Feminism: Common Denominator, Zonaro Feminism and Gender Security

    OpenAIRE

    Roxana APALAGHIE

    2015-01-01

    Issue and purpose, in this paper, the feminist paradigm brought together the two concepts of security and feminism, to sketch the common denominator of both, representing a direction of actions for security, gender equality, extension of the rights and the role of women, integration of women`s perspectives and experiences in the decision-making process. The article is mainly intended to define two new concepts, gender security and zonaro feminism, where gender security is an expression that g...

  13. Network Security : Securing Network Equipment and Network Users’ Environment

    OpenAIRE

    Mbah, Mbah

    2010-01-01

    The purpose of this final year project is to research on new network security products and implementation techniques in order to enhance the current network security structure of Savonia University of Applied Sciences. This is very important because, it will avoid the university from suffering any major network attack associated with the present network security architecture. At the time this final project was approved, the university network security architecture was optimized...

  14. Calling Out Cheaters : Covert Security with Public VerifiabilitySecurity

    DEFF Research Database (Denmark)

    Asharov, Gilad; Orlandi, Claudio

    2012-01-01

    We introduce the notion of covert security with public verifiability, building on the covert security model introduced by Aumann and Lindell (TCC 2007). Protocols that satisfy covert security guarantee that the honest parties involved in the protocol will notice any cheating attempt with some...

  15. Secure key storage and distribution

    Science.gov (United States)

    Agrawal, Punit

    2015-06-02

    This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

  16. International and European Security Law

    Directory of Open Access Journals (Sweden)

    Jonathan Herbach

    2012-02-01

    Full Text Available Security law, or more comprehensively conflict and security law, on the international level represents the intersection of three distinct but interrelated fields: international humanitarian law (the law of armed conflict, jus in bello, the law of collective security (most identified with the United Nations (UN system, jus ad bellum and arms control law (including non-proliferation. Security in this sense is multifaceted - interest security, military security and, as is often referred to in the context of the EU, human security. As such, the law covers a wide range of specific topics with respect to conflict, encompassing the use of force, including choice of weapons and fighting techniques, extending to the rules applicable in peacekeeping and peace enforcement, and yet also dictating obligations outside the context of conflict, such as safeguarding and securing dual-use materials (those with both peaceful and military applications to prevent malicious use.

  17. Securing mobile code.

    Energy Technology Data Exchange (ETDEWEB)

    Link, Hamilton E.; Schroeppel, Richard Crabtree; Neumann, William Douglas; Campbell, Philip LaRoche; Beaver, Cheryl Lynn; Pierson, Lyndon George; Anderson, William Erik

    2004-10-01

    If software is designed so that the software can issue functions that will move that software from one computing platform to another, then the software is said to be 'mobile'. There are two general areas of security problems associated with mobile code. The 'secure host' problem involves protecting the host from malicious mobile code. The 'secure mobile code' problem, on the other hand, involves protecting the code from malicious hosts. This report focuses on the latter problem. We have found three distinct camps of opinions regarding how to secure mobile code. There are those who believe special distributed hardware is necessary, those who believe special distributed software is necessary, and those who believe neither is necessary. We examine all three camps, with a focus on the third. In the distributed software camp we examine some commonly proposed techniques including Java, D'Agents and Flask. For the specialized hardware camp, we propose a cryptographic technique for 'tamper-proofing' code over a large portion of the software/hardware life cycle by careful modification of current architectures. This method culminates by decrypting/authenticating each instruction within a physically protected CPU, thereby protecting against subversion by malicious code. Our main focus is on the camp that believes that neither specialized software nor hardware is necessary. We concentrate on methods of code obfuscation to render an entire program or a data segment on which a program depends incomprehensible. The hope is to prevent or at least slow down reverse engineering efforts and to prevent goal-oriented attacks on the software and execution. The field of obfuscation is still in a state of development with the central problem being the lack of a basis for evaluating the protection schemes. We give a brief introduction to some of the main ideas in the field, followed by an in depth analysis of a technique called &apos

  18. Homeland Security Master's Degree Program

    OpenAIRE

    Naval Postgraduate School (U.S.); Center for Homeland Defense and Security

    2013-01-01

    The U.S. Department of Homeland Security's National Preparedness Directorate, FEMA, and the Naval Postgraduate School Center for Homeland Defense and Security have partnered to offer the nation’s premier master’s degree program in homeland security. The Master of Arts in Security Studies is accredited by the Western Association of Schools and Colleges and is awarded by the Naval Postgraduate School.

  19. Security for service oriented architectures

    CERN Document Server

    Williams, Walter

    2014-01-01

    Although integrating security into the design of applications has proven to deliver resilient products, there are few books available that provide guidance on how to incorporate security into the design of an application. Filling this need, Security for Service Oriented Architectures examines both application and security architectures and illustrates the relationship between the two. Supplying authoritative guidance on how to design distributed and resilient applications, the book provides an overview of the various standards that service oriented and distributed applications leverage, includ

  20. Security Measures in Data Mining

    OpenAIRE

    Anish Gupta; Vimal Bibhu; Rashid Hussain

    2012-01-01

    Data mining is a technique to dig the data from the large databases for analysis and executive decision making. Security aspect is one of the measure requirement for data mining applications. In this paper we present security requirement measures for the data mining. We summarize the requirements of security for data mining in tabular format. The summarization is performed by the requirements with different aspects of security measure of data mining. The performances and outcomes are determin...

  1. Design Methods for Embedded Security

    Directory of Open Access Journals (Sweden)

    I. Verbauwhede

    2009-11-01

    Full Text Available Embedded devices need both an efficient and a secure implementation of cryptographic algorithms. In this overview paper we show a typical top-down approach for secure and efficient implementation of embedded systems. We outline the security pyramid by illustrating the five primary abstraction levels in an embedded system. Focusing only on two levels - architecture and circuit level - we show how the design can be implemented to be both efficient and secure.

  2. Coping with Security in Programming

    OpenAIRE

    Frank Schindler

    2006-01-01

    This article deals with importance of security issues in computer programming.Secure software can only be designed with security as a primary goal. To achieve that wewould have to redesign our computer systems with security in our mind including entirecomputer environment, e.g. hardware, programming languages and, of course, operatingsystems. In software development process the quality of resulting computer code should bethe most important aspect during the whole program development process. ...

  3. The Privatization of International Security

    OpenAIRE

    Leander, Anna

    2009-01-01

    The integration of private international security into Security Studies reflects the relatively recent nature of the market. The literature on the topic revolves around the basics of placing private international security on the agenda (1a); explaining and understanding the market (1b) and problematizing its relationship to central questions in international security (1c). The current trend in the field is to face the—still largely open—challenge of taking research further, both by completing...

  4. The Equity Securities Lending Market

    OpenAIRE

    Jonathan Carroll; Ashwin Clarke

    2014-01-01

    An equity securities loan is an arrangement in which one party (the lender) agrees to transfer an equity security to another party (the borrower) temporarily, usually in exchange for collateral and a fee. The market for securities loans is an important component of Australia’s equity market and contributes to its efficiency and smooth functioning. Regulatory developments since the global financial crisis are contributing to significant changes to the equity securities lending market globally,...

  5. Security Information System Digital Simulation

    OpenAIRE

    Tao Kuang; Shanhong Zhu

    2015-01-01

    The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

  6. Design Methods for Embedded Security

    OpenAIRE

    Verbauwhede, I.; V. Rožić; Knežević, M.

    2009-01-01

    Embedded devices need both an efficient and a secure implementation of cryptographic algorithms. In this overview paper we show a typical top-down approach for secure and efficient implementation of embedded systems. We outline the security pyramid by illustrating the five primary abstraction levels in an embedded system. Focusing only on two levels - architecture and circuit level - we show how the design can be implemented to be both efficient and secure.

  7. Security Information System Digital Simulation

    Directory of Open Access Journals (Sweden)

    Tao Kuang

    2015-01-01

    Full Text Available The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protection is effective and feasible.

  8. Security Issues on Wimax Netwok

    OpenAIRE

    S. S.Dwivedi ,S. Mishra ,V.K.Mishra

    2012-01-01

    This paper present an new authentication method on Wimax Security. Now a day’s, it is hot research point for telecommunication and computer network. Wimax considered the security issues during the design of the protocol. Wimax does not deployed widely to the evidence of threats, vulnerability in real situation. Security is very essential for any communication network. Security support is even an important to protect the users as well as network. Wireless medium is available to all, the attack...

  9. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    The purpose of this report is to clarify the challenges associated with storage for secure enclaves. The major focus areas for the report are: - review of relevant parallel filesystem technologies to identify assets and gaps; - review of filesystem isolation/protection mechanisms, to include native filesystem capabilities and auxiliary/layered techniques; - definition of storage architectures that can be used for customizable compute enclaves (i.e., clarification of use-cases that must be supported for shared storage scenarios); - investigate vendor products related to secure storage. This study provides technical details on the storage and filesystem used for HPC with particular attention on elements that contribute to creating secure storage. We outline the pieces for a a shared storage architecture that balances protection and performance by leveraging the isolation capabilities available in filesystems and virtualization technologies to maintain the integrity of the data. Key Points: There are a few existing and in-progress protection features in Lustre related to secure storage, which are discussed in (Chapter 3.1). These include authentication capabilities like GSSAPI/Kerberos and the in-progress work for GSSAPI/Host-keys. The GPFS filesystem provides native support for encryption, which is not directly available in Lustre. Additionally, GPFS includes authentication/authorization mechanisms for inter-cluster sharing of filesystems (Chapter 3.2). The limitations of key importance for secure storage/filesystems are: (i) restricting sub-tree mounts for parallel filesystem (which is not directly supported in Lustre or GPFS), and (ii) segregation of hosts on the storage network and practical complications with dynamic additions to the storage network, e.g., LNET. A challenge for VM based use cases will be to provide efficient IO forwarding of the parallel filessytem from the host to the guest (VM). There are promising options like para-virtualized filesystems to

  10. Security force effectiveness and technology

    International Nuclear Information System (INIS)

    No one would propose ineffective security forces. Applied technology always has, as its purpose, to increase effectiveness. Evidence exists, however, that poorly conceived or executed technological solutions can actually do more harm than good. The author argues for improved human factor considerations in physical security applied technology -- especially in the area of security console operations

  11. The Underbelly of Global Security

    DEFF Research Database (Denmark)

    Mynster Christensen, Maya

    2015-01-01

    In the aftermath of the Sierra Leone civil war, demobilized militia soldiers have become an attractive resource to private security companies. Based on extensive ethnographic fieldwork, this article traces the outsourcing of security at American military bases in Iraq to Sierra Leonean ex-militia...... they find themselves embedded, in the context of security outsourcing in a global economy....

  12. Communications and information infrastructure security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Communication and Information Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering strategies for protecting the telecommunications sector, wireless security, advanced web based technology for emergency situations. Science and technology for critical infrastructure consequence mitigation are also discussed.

  13. Monterey Security Enhanced Architecture Project

    OpenAIRE

    Irvine, Cynthia E.; Shifflett, David; Clark, Paul C.; Levin, Timothy E.; Dinolt, George

    2003-01-01

    This research project has produced an innovative architecture and corresponding engineering prototype consisting of trusted security services and integrated operating system mechanisms for the protection of distributed multi-domain computing environments from malicious code and other attacks. These security services and mechanisms extend and interoperate with existing workstations, applications and open source operating systems, providing new capabilities for composing secure distributed ...

  14. National Security Series, User's Guide.

    Science.gov (United States)

    Jones, Saundra L.

    This document is a guide to using the "National Security Series", which consists of seven books designed for teaching about national security issues in high school social studies classes. Five of the series books contain lessons designed to supplement specific courses by relating national security issues to U.S. government, U.S. history,…

  15. Economic Security in Nova Scotia

    OpenAIRE

    Lars Osberg; Andrew Sharpe

    2008-01-01

    The report uses an aggregate index, based on security from the economic risks imposed by four key factors – unemployment, illness, old age, and single parenthood – to examine trends in economic security in Nova Scotia from 1981 to 2007. It concludes that economic security in Nova Scotia decreased during the 1981-2007 period.

  16. Secure computing, economy, and trust

    DEFF Research Database (Denmark)

    Bogetoft, Peter; Damgård, Ivan B.; Jakobsen, Thomas;

    In this paper we consider the problem of constructing secure auctions based on techniques from modern cryptography. We combine knowledge from economics, cryptography and security engineering and develop and implement secure auctions for practical real-world problems. In essence this paper is an o...

  17. Nanotechnology in the Security

    CERN Document Server

    Kruchinin, Sergei

    2015-01-01

    The topics discussed at the NATO Advanced Research Workshop "Nanotechnology in the Security Systems" included nanophysics,   nanotechnology,  nanomaterials, sensors, biosensors security systems, explosive  detection . There have been many significant advances in the past two years and some entirely new directions of research are just opening up. Recent advances in nanoscience have demonstrated that fundamentally new physical phenomena  are found when systems are reduced in size with  dimensions, comparable to the fundamental microscopic  length scales of the investigated material. Recent developments in nanotechnology and measurement techniques now allow experimental investigation of transport properties of nanodevices. This work will be of interest to researchers working in spintronics, molecular electronics and quantum information processing.

  18. Digital Watermarking Security

    Directory of Open Access Journals (Sweden)

    Jonathan Blake

    2011-09-01

    Full Text Available As creative works (e.g. books, films, music, photographs become increasingly available in digital formats in a highly connected world, it also becomes increasingly difficult to secure intellectual property rights. Digital watermarking is one potential technology to aid intellectual property owners in controlling and tracking the use of their works. Surveys the state of digital watermarking research and examines the attacks that the technology faces and how it fares against them. Digital watermarking is an inherently difficult design problem subject to many constraints. The technology currently faces an uphill battle to be secure against relatively simple attacks.Defence Science Journal, 2011, 61(5, pp.408-414, DOI:http://dx.doi.org/10.14429/dsj.61.1176

  19. Society and Security

    Directory of Open Access Journals (Sweden)

    FLORENTINA FUNIERU

    2011-01-01

    Full Text Available The study emphasizes the most important theories in the field of security studies and is concerned with the threats directed at the supportive elements of human communities which are less visible than the traditional ones. They are accompanied by a force that conquers mental spaces and changes the individual's self-awareness, namely that of the social will. This study discusses the societal security of the social will on a historical time axis, beginning with the 12th century (when social authority, temporal power, is separated from the authority of the Church, from spiritual power, followed by a second historical moment of the deconstruction of social frames, which occurred in the 19th century (that of the romantic culture, as reaction to the rationalist individualist trend, and by the year 1989, a third moment of rupture analyzed in comparison with the others.

  20. Less reality, more security

    Science.gov (United States)

    Ekert, Artur; Kay, Alastair; Pope, James

    2012-09-01

    The concept of nonlocality, whereby a local operation on one state can instantaneously affect the properties of another spatially-separated state, has been investigated through the violation of Bell inequalities. Realisations of such violations in the laboratory paved the way for not only experimental justification of quantum theory, but also one of the subject's first significant applications in cryptography. The violation of Bell inequalities can be used as an indicator for security in the task of key distribution. Furthermore, it has more recently been shown that such security is guaranteed by the violations alone, regardless of assumptions about the workings and trustworthiness of the devices provided for the task. We provide a brief history of Bell inequalities and their use in the development of device-independent key distribution, which is less reliant on the validity of quantum theory than previously thought.

  1. Securing the Digital Economy

    Directory of Open Access Journals (Sweden)

    Valentin P. MĂZĂREANU

    2010-01-01

    Full Text Available The Digital economy has naturally led to thereconfiguration of communication and information processes.These processes are depending on the computer, starting fromthe personal one and reaching to computer networks, whetherlocal, metropolitan or global. These led to the development ofsuch information systems able to communicate information,systems that must also ensure the security of communicationsbetween computers within the company, but also betweencomputers of different parties, outside the company. As thecommunication between computers in the network has evolvedto electronic funds transfer (EFT, digital money andcommunication of personal data, internet banking, etc., theimportance of security issues of data transmitted over thenetwork also has increased. Even more as the network hasevolved into a “wireless” one.

  2. Strengthening nuclear security

    International Nuclear Information System (INIS)

    The international situation after the end of the Cold-War has been quite unstable, due to the occurrence of frequent regional conflicts and domestic wars based on ethnic, religious or racial reasons. Further, threats to the would peace and security by non-state actors, like international terrorist groups, have been recognized after 9.11 terrorist attacks to the World Trade Center buildings and to the Pentagon. Utilization of nuclear energy, which encompasses both peaceful uses and military ones, required an establishment of regulatory system, by which risks associated with the development of nuclear energy can be controlled. Accordingly, nuclear safety control system, and then non-proliferation control system has been developed, both in the international level and notional level. In recognition of the present unstable international situations, it is required to establish, maintain and strengthen a system which control nuclear security aspect, in addition to the present systems. (author)

  3. THz and Security Applications

    CERN Document Server

    Sizov, Fedir; Detectors, Sources and Associated Electronics for THz Applications

    2014-01-01

    These proceedings comprise invited papers from highly experienced researchers in THz technology and security applications. THz detection of explosives represents one of the most appealing technologies to have recently emerged in dealing with terrorist attacks encountered by civil security and military forces throughout the world. Discussed are the most advanced technologies and developments, the various points of operational strength and weaknesses as well as are suggestions and predictions the best technological solutions to  overcome current operational limits.  The current status of various levels of cooling in THz detectors, sources and associated electronics are also addressed. The goal was to provide a clear view on the current technologies available and the required advances needed in order to achieve more efficient systems. This goal was outlined in part by establishing the baseline of current uncertainty estimations in physics-based modelling and the identification of key areas which require additi...

  4. CLOUD COMPUTING AND SECURITY

    Directory of Open Access Journals (Sweden)

    Asharani Shinde

    2015-10-01

    Full Text Available This document gives an insight into Cloud Computing giving an overview of key features as well as the detail study of exact working of Cloud computing. Cloud Computing lets you access all your application and documents from anywhere in the world, freeing you from the confines of the desktop thus making it easier for group members in different locations to collaborate. Certainly cloud computing can bring about strategic, transformational and even revolutionary benefits fundamental to future enterprise computing but it also offers immediate and pragmatic opportunities to improve efficiencies today while cost effectively and systematically setting the stage for the strategic change. As this technology makes the computing, sharing, networking easy and interesting, we should think about the security and privacy of information too. Thus the key points we are going to be discussed are what is cloud, what are its key features, current applications, future status and the security issues and the possible solutions.

  5. Securing energy equity

    International Nuclear Information System (INIS)

    Addressing energy poverty rather than energy equity conveniently evades the problem of the gap in energy consumption per capita in the developed and developing world. For energy security policies to adequately address energy poverty it requires a widening of scope from national to global. This is a comment to the forthcoming presentation of IEA's proposition for a new architecture for financing universal modern energy access to be presented at the conference 'Energy for all-Financing access for the poor' held in Oslo in October 2011. - Highlights: → Addressing energy poverty may elude the disparity in energy consumption between rich and poor. → A minimum threshold of energy for the poor does not itself address inequity in energy consumption. → Energy equity may be secured by widening scope from national to global, from the poorest to us all.

  6. CYBER SECURITY FOR AIRPORTS

    OpenAIRE

    Kasthurirangan Gopalakrishnan; Manimaran Govindarasu; Doug W. Jacobson; Brent M. Phares

    2013-01-01

    In today’s information age, government organizations and business enterprises are heavily relying on interconnected computer systems to manage a variety of public services including energy, transportation, water, etc. While this increased connectivity has many operational advantages benefitting the public, they have also become vulnerable to cyber attacks such as Corporate Security Breaches, Spear Phishing, and Social Media Fraud. The aviation sector is one the critical infrastructure systems...

  7. Biofuels and Food Security

    OpenAIRE

    Fischer, G; Hizsnyik, E.; Prieler, S.; Shah, M; van Velthuizen, H.T.

    2009-01-01

    Biofuels development has received increased attention in recent times as a means to mitigate climate change, alleviate global energy concerns and foster rural development. Its perceived importance in these three areas has seen biofuels feature prominently on the international agenda. Nevertheless, the rapid growth of biofuels production has raised many concerns among experts worldwide, in particular with regard to sustainability issues and the threat posed to food security. The UN Secretary G...

  8. Secure the Clones

    OpenAIRE

    Jensen, Thomas; Kirchner, Florent; Pichardie, David

    2012-01-01

    Exchanging mutable data objects with untrusted code is a delicate matter because of the risk of creating a data space that is accessible by an attacker. Consequently, secure programming guidelines for Java stress the importance of using defensive copying before accepting or handing out references to an internal mutable object. However, implementation of a copy method (like clone()) is entirely left to the programmer. It may not provide a sufficiently deep copy of an object and is subject to o...

  9. Virtual World Security Inspection

    Directory of Open Access Journals (Sweden)

    Nicholas Charles Patterson

    2012-06-01

    Full Text Available Virtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.

  10. Security aspects of PFBR

    International Nuclear Information System (INIS)

    With five decades of research and development in the nuclear energy for application areas like medicine, agriculture, besides the major thrust area of power production, India is marching ahead with a highly ambitious nuclear energy program. The program spans to all nuclear fuel cycle activities starting from exploration and mining, fuel fabrication, power production to managing spent fuel and nuclear waste. The Primary objectives of the nuclear security system of PFBR is to protect the nuclear facility and nuclear fuel against acts which may endanger public by radiation exposure, protect the nuclear material against theft, prevent malevolent acts, permit only authorized activities in the protected areas, protect proprietary information, material and finally protection of employees and public around the nuclear facilities. The systems are devised on the principle of 4 Ds-deter, detect, delay and defeat and are realized by well defined technical, operative and administration measures suitably backed by our national law. There are well developed contingency plans to handle emergencies arising out of incidents related to radiological sabotage, theft of nuclear material, Intrusion into the facility, nuclear and other industrial accidents, fire and natural calamities. The contingency plan stipulates periodic emergency drills and reporting and corrective measures required for observed deficiencies. PFBR attaches a great importance to security of nuclear material and facilities from the very beginning. An integrated multipronged approach for security of PFBR is adopted. These systems are constantly reviewed and updated taking into account the complex and dynamic changes in security scenario and making them an integral part of our nuclear energy program. (author)

  11. Securing the Digital Economy

    OpenAIRE

    Valentin P. MĂZĂREANU; Alina MARIN

    2010-01-01

    The Digital economy has naturally led to thereconfiguration of communication and information processes.These processes are depending on the computer, starting fromthe personal one and reaching to computer networks, whetherlocal, metropolitan or global. These led to the development ofsuch information systems able to communicate information,systems that must also ensure the security of communicationsbetween computers within the company, but also betweencomputers of different parties, outside th...

  12. Air Cargo Security

    OpenAIRE

    Constantin Georgescu

    2012-01-01

    Homeland security is all activities to protect, guard and protect people, communities of people, infrastructure and property against asymmetric threats of military or non- military, and those generated by geo-physical, weather-related or other natural and threatening human life, liberty, property and activities of the people and communities, infrastructure and socio-economic activities, and other values at a level of intensity and scope significantly different from the usual state. Internal s...

  13. Coal Mines Security System

    OpenAIRE

    Ankita Guhe; Shruti Deshmukh; Bhagyashree Borekar; Apoorva Kailaswar; Milind E. Rane

    2012-01-01

    Geological circumstances of mine seem to be extremely complicated and there are many hidden troubles. Coal is wrongly lifted by the musclemen from coal stocks, coal washeries, coal transfer and loading points and also in the transport routes by malfunctioning the weighing of trucks. CIL —Coal India Ltd is under the control of mafia and a large number of irregularities can be contributed to coal mafia. An Intelligent Coal Mine Security System using data acquisition method utilizes sensor, auto...

  14. Security today and tomorrow

    International Nuclear Information System (INIS)

    This year, in July 2007, the IAEA marks its first half century of international service as the world's atoms for peace organization and chief inspectorate to help brake the spread of nuclear weapons. What lies in store for the IAEA? What role should and can it play to help lay a firmer foundation for global security and development? In this article, IAEA Director General and Nobel Laureate Mohamed ElBaradei reviews the major challenges and opportunities he sees ahead

  15. Fuel supply security

    International Nuclear Information System (INIS)

    Stable fuel supply is a prerequisite for any nuclear power program including ISER-PIUS. It encompasses procurement of uranium ore, enriched uranium and fuel elements. Uranium is different from oil in that it can be stockpiled for more than a decade besides the fact that the core residence time is as long as six years, for example in the case of ISER-PIUS. These basic fuel characteristics are favoring nuclear fuel over others in terms of supply security. The central concern will be a gradual increase in prices of uranium and enrichment. Under the present glut situation with the worldwide prevalence of LWRs, fuel supply security seems ensured for the time being till the middle of 21st century. It is estimated that by the turn of the century, the free world will have roughly 450 GWe capacity of nuclear power. If 10 % is supplied for ISER-PIUS, more than 200 modules of 200 MWe ISER-PIUS may be deployed all over the world probably starting around 2000. As part of the fuel supply security consideration, heavy water reactor (HWR) may seem interesting to such a country as Indonesia where there is uranium resources but no enrichment capability. But it needs heavy water instead and the operation is not so easy as of LWR, because of the positive void coefficient as was seen at the Chernobyl-4. Safeguarding of the fuel is also difficult, because it lends itself to on line refueling. The current and future situation of the fuel supply security for LWR seem well founded and established long into the future. (Nogami, K.)

  16. Security in Industrial Networks

    OpenAIRE

    Sørensen, Jan Tore

    2007-01-01

    A major trend in the automation and power industries is the transition from closed proprietary network solutions to open TCP/IP protocols running on Ethernet technologies. As these industries converge on an all IP platform, new challenges and requirements on the security level of the devices arise. The introduction of integrated operations in the oil and gas industry has provided many benefits for the industry, but it has also opened up the information flow between Distributed Control Systems...

  17. Food Security in Azerbaijan

    Institute of Scientific and Technical Information of China (English)

    Kamran Ismayilov

    2009-01-01

    @@ In the 21st century the society got some achievements in technological,education,economic,social-political,cultural and etc.sectors.But society couldn't solve fully the food security problem yet.According to the information given by FAO if in 1970 there were 400 billion hungry people in the world,in 2008 the number of hungry people was doubled and increased to 800 billion people.

  18. Trading privacy for security

    OpenAIRE

    Rob Van den Hoven van Genderen

    2009-01-01

    Personal information is available to anyone, anywhere at anytime. That includes the data subject itself, commercial users, social networks, governmental authorities and also parties with illegal intentions. Is the availability to authorities of our personal data necessary for the protection of our national security and protection against computer-criminality? Can we be certain that the processing of our personal data is done for solely legitimate purposes? And are we certain that our...

  19. Energy security in Jordan

    OpenAIRE

    Steiner, John R.

    2015-01-01

    Approved for public release; distribution is unlimited This thesis explores if the energy strategy of the Hashemite Kingdom of Jordan, as formulated and executed by the Ministry of Energy and Mineral Resources, will help the country achieve greater energy security. This work qualitatively analyzes the progress in each energy subsector—hydrocarbons, nuclear power, and renewables—on goals presented in the country’s strategy and provides further analysis to determine each subsector’s potentia...

  20. Extending Eurasia Security Cooperation

    Institute of Scientific and Technical Information of China (English)

    2015-01-01

    After 14 years of development, the Shanghai Cooperation Organization (SCO) , has set its sights on goals for the next de-cade at the 15th meeting of the Council of SCO Heads of State that was held in Ufa, the capital of Russia's Bashkortostan Republic, on July 9-10. The SCO, established in Shanghai in 2001, is committed to building fdendly neighbor rela- tions and maintaining security and stability in the Central Asian region through multilateral cooperation.

  1. Security and the incalculable.

    OpenAIRE

    Amoore, L.

    2014-01-01

    In this article, I explore a specific relation between mathematics and security calculations. Recalling the confrontations between the mathematician Alan Turing and the philosopher Ludwig Wittgenstein in the 1930s, I am interested in the relationship between intuition and ingenuity. During Wittgenstein’s 1930 lectures on the foundations of mathematics, Turing interjects in order to insist upon the capacity of number: ‘one can make predictions’. Wittgenstein replies that mathematics ‘makes no ...

  2. Noise Secured Internet

    OpenAIRE

    Barbosa, Geraldo A.

    2005-01-01

    This work shows how a secure Internet can be implemented through a fast key distribution system that uses physical noise to protect the transmitted information. Starting from a shared random sequence $K_0$ between two (or more) users, longsequences $R$ of random bits can be shared. The signals sent over the Internet are deterministic but have a built-in Nature-made uncertainty that protects the shared sequences. After privacy amplification the shared $R$ random bits --encrypted by noise-- are...

  3. Reagan's National Security Legacy

    OpenAIRE

    Dale L. Smith

    1988-01-01

    As the Reagan presidency draws to an end, speculation grows as to its legacy in various areas, from domestic economics to international politics. The current study takes as its focus the Reagan legacy in the area of national security policy: specifically, the possible effects of Reagan's defense spending and Soviet policies. Using the global political-economic simulation model GLOBUS, a set of Reagan-like budgeting and foreign policies are formally implemented within the model and the resulti...

  4. ENERGY SECURITY – A PART OF THE ECONOMIC SECURITY

    Directory of Open Access Journals (Sweden)

    Maria-Floriana POPESCU

    2014-11-01

    Full Text Available Energy is in the centre of the economic development of each country, setting into motion and fuelling factories, government buildings and offices, schools and hospitals, heating homes and keeping perishable foods cold. Its importance explains its complexity. Energy is source of wealth and competition, base for the political controversies and technological investments, and also the core of the epochal challenges of our global environment. Energy is essential for a sustainable development. Security of supplyis a priority for many countries. In this context, there are more ways through it can be achieved: effective management of the demand, diversification of energy sources and the locations of supply, or even using military presence. Energy security can best be defined as the overlap between economic security, national security and the environmental security. This paper will present the economic component of the energy security concept, its purpose being to analyse the concept of energy security in the world.

  5. Unfalsifiability of security claims.

    Science.gov (United States)

    Herley, Cormac

    2016-06-01

    There is an inherent asymmetry in computer security: Things can be declared insecure by observation, but not the reverse. There is no observation that allows us to declare an arbitrary system or technique secure. We show that this implies that claims of necessary conditions for security (and sufficient conditions for insecurity) are unfalsifiable. This in turn implies an asymmetry in self-correction: Whereas the claim that countermeasures are sufficient is always subject to correction, the claim that they are necessary is not. Thus, the response to new information can only be to ratchet upward: Newly observed or speculated attack capabilities can argue a countermeasure in, but no possible observation argues one out. Further, when justifications are unfalsifiable, deciding the relative importance of defensive measures reduces to a subjective comparison of assumptions. Relying on such claims is the source of two problems: once we go wrong we stay wrong and errors accumulate, and we have no systematic way to rank or prioritize measures. PMID:27217574

  6. Nuclear energy and security

    International Nuclear Information System (INIS)

    Nuclear power is an important and, the authors believe, essential component of a secure nuclear future. Although nuclear fuel cycles create materials that have some potential for use in nuclear weapons, with appropriate fuel cycles, nuclear power could reduce rather than increase real proliferation risk worldwide. Future fuel cycles could be designed to avoid plutonium production, generate minimal amounts of plutonium in proliferation-resistant amounts or configurations, and/or transparently and efficiently consume plutonium already created. Furthermore, a strong and viable US nuclear infrastructure, of which nuclear power is a large element, is essential if the US is to maintain a leadership or even participatory role in defining the global nuclear infrastructure and controlling the proliferation of nuclear weapons. By focusing on new fuel cycles and new reactor technologies, it is possible to advantageously burn and reduce nuclear materials that could be used for nuclear weapons rather than increase and/or dispose of these materials. Thus, the authors suggest that planners for a secure nuclear future use technology to design an ideal future. In this future, nuclear power creates large amounts of virtually atmospherically clean energy while significantly lowering the threat of proliferation through the thoughtful use, physical security, and agreed-upon transparency of nuclear materials. The authors must develop options for policy makers that bring them as close as practical to this ideal. Just as Atoms for Peace became the ideal for the first nuclear century, they see a potential nuclear future that contributes significantly to power for peace and prosperity

  7. Social security financing.

    Science.gov (United States)

    1980-05-01

    After nearly 2 years of study, the 1979 Advisory Council on Social Security submitted its findings and recommendations in December. In February the Bulletin published the Executive Summary of the Council's report. Because of the continuing wide public interest in the future of social security financing, the Council's detailed findings and recommendations on that subject are published below. The Council unanimously reports that all current and future beneficiaries can count on receiving the payments to which they are entitled. Among the recommendations it calls for are partial financing with nonpayroll-tax revenues. Suggested changes include hospital insurance (HI) financed through portins of personal and corporate income taxes and a part of the HI insurance payroll tax diverted to cash benefits with the balance of this tax repealed. The Council also recommends that the social security cash benefits program be brought into long-run actuarial balance--with a payroll-tax rate increase in the year 2005. It rejects the idea of a value-added tax as being inflationary. Parenthetical remarks represent additional views of the Council members cited. PMID:7423348

  8. New computer security campaign

    CERN Multimedia

    Alizée Dauvergne

    2010-01-01

    A new campaign is taking shape to promote computer security. The slogan “SEC_RITY is not complete without U!” reminds users of the importance of their contribution. The campaign kicks off on 10 June with a public awareness day in the Council Chamber.   The new campaign, organised by CERN’s computer security team, will focus on prevention and involving the user. “This is an education and awareness-raising campaign for all users at CERN,” explains Stefan Lueders, in charge of computer security. “Every day, we register thousands of computer attacks against CERN: there are attempts to tamper with web pages, hack into user accounts, take over servers, and much more. A successful attack could mean confidential user information being divulged, services being interrupted or data being lost. It could even affect operations at CERN. Another factor is the damage that a successful attack could inflict on the Organization’s reputation. &...

  9. Secure Web Developers Needed!

    CERN Multimedia

    Computer Security Team

    2012-01-01

    You’re about to launch a new website? Cool!! With today’s web programming languages like PHP, Java, Python or Perl, complex websites can be created, easily fulfilling all your use cases. But hold on. Did you ever think about how easily this can be abused? Attackers today are already using automatic tools which can quickly and easily find and exploit vulnerable web applications.   Web applications often suffer from security vulnerabilities, i.e. design flaws or programming bugs that remained undetected during the whole software development cycle. In production these vulnerabilities become security holes, providing an opportunity for exploitation, and can pose immense security risks (and there is no reason to believe that CERN is immune to this). The costs associated with eliminating these bugs could be loosely described by the "1:10:100 rule", i.e. the relative costs for fixing are 1:10:100 for fixing them in the programming:testing:production phases. Thus, the...

  10. International Nuclear Security Education Network (INSEN): Promoting nuclear security education

    International Nuclear Information System (INIS)

    Full-text: The need for human resource development programmes in nuclear security was underlined at several International Atomic Energy Agency (IAEA) General Conferences and Board of Governors Meetings. Successive IAEA Nuclear Security Plans, the most recent of which was agreed by the Board of Governors in September 2009, give high priority to assisting States in establishing educational programmes in nuclear security in order to ensure the sustainability of nuclear security improvements. The current Nuclear Security Plan 1 covering 2010-2013 emphasizes on the importance of considering existing capacities at international, regional and national levels while designing nuclear security academic programmes. In the course of implementing the Plan, the IAEA developed a guide entitled Educational Programme in Nuclear Security (IAEA Nuclear Security Series No. 12) that consists of a model of a MAster of Science (M.Sc.) and a Certificate Programme in Nuclear Security. This guide was aims at assisting universities or other educational institutes to developed academic programmes in nuclear security. Independently, some universities already offered academic programmes covering some areas of nuclear security, while other universities have asked the IAEA to support the implementation of these programmes. In order to better address current and future request for assistance in this area, the IAEA establish a collaboration network-International Nuclear Security Education Network (INSEN), among universities who are providing nuclear security education or who are interested in starting an academic programme/ course(s) in nuclear security. Universiti Kebangsaan Malaysia (UKM) is a first local university became a member of INSEN since the beginning of the establishment. (author)

  11. ORDER SECURITY – NATIONAL SECURITY ADMINISTRATION. NATIONAL SECURITY DEFENSE AS SPECIAL ADMINISTRATION

    OpenAIRE

    Zoltán BALLA

    2009-01-01

    National security administration is the special executivedisposal activity of the national security agencies, the section of the state administration that helps the governmental work by reconnoitering and preventing with secret-servicing methods of the risks that shall harm or endanger the national security’s interests. The main operational principles of national security governing are the followings among others: - controlling the operation of national security organization belongs to the ex...

  12. Security basics for computer architects

    CERN Document Server

    Lee, Ruby B

    2013-01-01

    Design for security is an essential aspect of the design of future computers. However, security is not well understood by the computer architecture community. Many important security aspects have evolved over the last several decades in the cryptography, operating systems, and networking communities. This book attempts to introduce the computer architecture student, researcher, or practitioner to the basic concepts of security and threat-based design. Past work in different security communities can inform our thinking and provide a rich set of technologies for building architectural support fo

  13. Secure E-Commerce Protocol

    Directory of Open Access Journals (Sweden)

    Khalid Haseeb, Muhammad Arshad, Shoukat Ali, Shazia Yasin

    2011-04-01

    Full Text Available E-commerce has presented a new way of doing business all over the world using internet.Organizations have changed their way of doing business from a traditional approach to embrace ecommerceprocesses. As individuals and businesses increase information sharing, a concernregarding the exchange of money securely and conveniently over the internet increases. Therefore,security is a necessity in an e-commerce transaction. The purpose of this paper is to present atoken based Secure E-commerce Protocol. The purpose of this paper is to present a paradigm thatis capable of satisfying security objectives by using token based security mechanism.

  14. Information security principles and practice

    CERN Document Server

    Stamp, Mark

    2011-01-01

    Now updated-your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a pract

  15. Computer Security at Nuclear Facilities

    International Nuclear Information System (INIS)

    The possibility that nuclear or other radioactive material could be used for malicious purposes cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear or other radioactive material is used or transported. Through its Nuclear Security Programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises Nuclear Security Fundamentals, which include objectives and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security, specifically: to provide for the security of nuclear and other radioactive material and associated facilities and activities; to ensure the security of such material in use, storage or in transport; to combat illicit trafficking and the inadvertent movement of such material; and to be prepared to respond to a nuclear security event. This publication is in the Technical Guidance

  16. Emerging trends in ICT security

    CERN Document Server

    Akhgar, Babak

    2013-01-01

    Emerging Trends in ICT Security, an edited volume, discusses the foundations and theoretical aspects of ICT security; covers trends, analytics, assessments and frameworks necessary for performance analysis and evaluation; and gives you the state-of-the-art knowledge needed for successful deployment of security solutions in many environments. Application scenarios provide you with an insider's look at security solutions deployed in real-life scenarios, including but limited to smart devices, biometrics, social media, big data security, and crowd sourcing. Provides a multidisciplinary approach

  17. The Quest for Sustainable Security

    Institute of Scientific and Technical Information of China (English)

    2010-01-01

    Since the beginning of the 21st century,non-tra-ditional security problems have become significant threats to world peace.These include economic,financial and information security,terrorism,drug trafficking,transnational crime and infectious dis-eases.In this article for Beijing Review,Liu Jiangyong,a professor with Tsinghua University’s Institute of International Studies,introduces a new security concept-"sustainable security." In his view,as traditional and non-traditional security threats become interwoven,the concept is gaining prominence on international agendas.Edited excerpts follow

  18. 76 FR 34761 - Classified National Security Information

    Science.gov (United States)

    2011-06-14

    ... Classified National Security Information AGENCY: Marine Mammal Commission. ACTION: Notice. SUMMARY: This... information, as directed by Information Security Oversight Office regulations. FOR FURTHER INFORMATION CONTACT..., ``Classified National Security Information,'' and 32 CFR part 2001, ``Classified National Security......

  19. Private Security Contractors in Darfur

    DEFF Research Database (Denmark)

    Leander, Anna

    2006-01-01

    This article argues that the role of Private Security Contractors in Darfur reflects and reinforces neo-liberal governmentality in contemporary security governance. It is an argument (in line with other articles in this special issue) which is more interested in discussing how the privatization of...... security alters security practices (including those involving states) than in thinking about their impact on an idealised public monopoly on the use of force. To make its point, the article begins by drawing on Foucauldian work to clarify the meaning of neo-liberal governmentality in security. It...... on a framework of analysis inspired by Bourdieu, we show that neo-liberal governmentality is reflected in the dispositions of security actors as well as in their relative positions. The resulting security practices reinforce dispositions and positions that reproduce neo-liberal governmentality...

  20. Health Security and Risk Aversion.

    Science.gov (United States)

    Herington, Jonathan

    2016-09-01

    Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. PMID:26990349

  1. The remote security station (RSS)

    International Nuclear Information System (INIS)

    This paper reports that, as an outgrowth of research into physical security systems, Sandia is investigating robotic technologies for improving physical security performance and flexibility. Robotic systems have the potential to allow more effective utilization of security personnel, especially in scenarios where they might be exposed to harm. They also can supplement fixed site installations where sensors have failed or where transient assets are present. The Remote Security Station (RSS) program for the defense Nuclear Agency is developing a proof-of-principle robotic system which will be used to evaluate the role, and associated cost, of robotic technologies in exterior physical security systems. The RSS consists of three primary elements: a fixed but quickly moveable tripod with intrusion detection sensors and assessment camera; a mobile robotic platform with a functionally identical security module; and a control console which allows an operator to perform security functions and teleoperate the mobile platform

  2. FOILFEST :community enabled security.

    Energy Technology Data Exchange (ETDEWEB)

    Moore, Judy Hennessey; Johnson, Curtis Martin; Whitley, John B.; Drayer, Darryl Donald; Cummings, John C., Jr. (.,; .)

    2005-09-01

    The Advanced Concepts Group of Sandia National Laboratories hosted a workshop, ''FOILFest: Community Enabled Security'', on July 18-21, 2005, in Albuquerque, NM. This was a far-reaching look into the future of physical protection consisting of a series of structured brainstorming sessions focused on preventing and foiling attacks on public places and soft targets such as airports, shopping malls, hotels, and public events. These facilities are difficult to protect using traditional security devices since they could easily be pushed out of business through the addition of arduous and expensive security measures. The idea behind this Fest was to explore how the public, which is vital to the function of these institutions, can be leveraged as part of a physical protection system. The workshop considered procedures, space design, and approaches for building community through technology. The workshop explored ways to make the ''good guys'' in public places feel safe and be vigilant while making potential perpetrators of harm feel exposed and convinced that they will not succeed. Participants in the Fest included operators of public places, social scientists, technology experts, representatives of government agencies including DHS and the intelligence community, writers and media experts. Many innovative ideas were explored during the fest with most of the time spent on airports, including consideration of the local airport, the Albuquerque Sunport. Some provocative ideas included: (1) sniffers installed in passage areas like revolving door, escalators, (2) a ''jumbotron'' showing current camera shots in the public space, (3) transparent portal screeners allowing viewing of the screening, (4) a layered open/funnel/open/funnel design where open spaces are used to encourage a sense of ''communitas'' and take advantage of citizen ''sensing'' and funnels are technological

  3. The Extended Concept of Security and the Czech Security Practice

    Directory of Open Access Journals (Sweden)

    Libor Stejskal

    2008-12-01

    Full Text Available According to the extended concept of security, the nation state is no longer the sole privileged reference object of security. The traditional model of national security is developing from military terms to a broader concept which embraces the international, economic, social, environmental, and human rights dimensions of security. The meaning and relevance of the concept is being extended “upwards”, to international organisations, and “downwards”, to regional and local authorities, non-governmental organisations, communities, and individual citizens. This has immediate bearing on the everyday security reality of the Czech Republic. In international context, the “security frontier” of the Czech Republic is expanding, e.g. through the country’s involvement in UN and NATO security missions in conflict-ridden regions of Europe and the world. The country also helps enhance the internal security of the European Union, whose strength depends on its Member States’ willingness to “harmonise” the pursuit of their respective national security interests. This approach is especially important with regard to the principal security threats Europe faces and will continue to face in the future: terrorism and organised crime. It is vital that the Czech Republic have a well-working security system capable of responding effectively to a broad range of threats. This requirement applies first and foremost to the Police, the Fire and Rescue Service, and intelligence services. Unfortunately, with the present effectiveness of the Czech security system, much remains wishful thinking and, due to the lack of a comprehensive framework, a comparatively low level of protection against emergencies exists. Fight against crime is hampered by inefficient operation of the Police and judiciary. A thorough analysis of the aforementioned problems could provide basis for a broader public debate over the priorities and goals of Czech security policy, which should

  4. Security Data Warehouse Application

    Science.gov (United States)

    Vernon, Lynn R.; Hennan, Robert; Ortiz, Chris; Gonzalez, Steve; Roane, John

    2012-01-01

    The Security Data Warehouse (SDW) is used to aggregate and correlate all JSC IT security data. This includes IT asset inventory such as operating systems and patch levels, users, user logins, remote access dial-in and VPN, and vulnerability tracking and reporting. The correlation of this data allows for an integrated understanding of current security issues and systems by providing this data in a format that associates it to an individual host. The cornerstone of the SDW is its unique host-mapping algorithm that has undergone extensive field tests, and provides a high degree of accuracy. The algorithm comprises two parts. The first part employs fuzzy logic to derive a best-guess host assignment using incomplete sensor data. The second part is logic to identify and correct errors in the database, based on subsequent, more complete data. Host records are automatically split or merged, as appropriate. The process had to be refined and thoroughly tested before the SDW deployment was feasible. Complexity was increased by adding the dimension of time. The SDW correlates all data with its relationship to time. This lends support to forensic investigations, audits, and overall situational awareness. Another important feature of the SDW architecture is that all of the underlying complexities of the data model and host-mapping algorithm are encapsulated in an easy-to-use and understandable Perl language Application Programming Interface (API). This allows the SDW to be quickly augmented with additional sensors using minimal coding and testing. It also supports rapid generation of ad hoc reports and integration with other information systems.

  5. Arab Spring and Security

    OpenAIRE

    Cudjoe, Joanna Thue; Justesen, Sara; Azzouz, Afnan; Holm, Annette; Fenni, Tarik; Gabriel, Monica

    2012-01-01

    The purpose of the project is gaining a deeper understanding of the specific reasons to why NATO have intervened militarily in Libya and dealt with their civil war and why they do not intervene militarily in the current Syrian civil war, even despite the human rights violations occurring. The two cases in Libya and Syria are partly similar, however the differences are what makes them interesting to compare to each other from a security-related point of view. It is therefore important to gain ...

  6. Cyberspace security system

    Energy Technology Data Exchange (ETDEWEB)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  7. Global food security

    OpenAIRE

    Teichmann, Isabel

    2015-01-01

    According to the current report on the Millennium Development Goals (UN 2015), the share of undernourished people living in the developing world has fallen from 23.3% in 1990-1992 to 12.9% in 2014-2016 (projection). Despite this progress towards global food security, about 795 million people worldwide (or 780 million people in developing regions) will remain undernourished in 2014-2016 (UN 2015). Put differently, more than 10% of the world population still suffers from chronic hunger (FAO et ...

  8. Eleventh Hour Security+

    CERN Document Server

    Dubrawsky, Ido

    2009-01-01

    This book will focus on just the essentials needed to pass the Security+ certification exam. It will be filled with critical information in a way that will be easy to remember and use for your quickly approaching exam. It will focus on the main objectives of the exam and include the following pedagogy for ease of use in those final hours. The book will include:. •Exam Objectives – Fast Track Review. •Key words/definitions. •Five Toughest questions and their answers. •Exam Warnings – What to pay attention to

  9. Cyberspace security system

    Science.gov (United States)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  10. Data Security in Biomedicine

    Czech Academy of Sciences Publication Activity Database

    Horňáková, Anna

    Praha: Ústav informatiky AV ČR, v. v. i. & MATFYZPRESS, 2011 - (Kuželová, D.; Hakl, F.), s. 29-34 ISBN 978-80-7378-170-5. [Doktorandské dny 2011 Ústavu informatiky AV ČR, v. v. i.. Jizerka (CZ), 05.10.2011-07.10.2011] R&D Projects: GA MŠk(CZ) 1M06014 Institutional research plan: CEZ:AV0Z10300504 Keywords : biometrics * data security * electronic health record Subject RIV: IN - Informatics, Computer Science

  11. Securing Assets with RFID

    OpenAIRE

    Oustad, Mats; Chanrasekaram, Santhakumar

    2008-01-01

    Loss of property is something every company has had to deal with at some point, without proper securing this is a problem that is very hard to get control of. RFID has been available for decades but it has been a technology which has been dormant without very much development. In the last years the interest has grown and new ideas to use it has surfaced. This thesis is set out to present a comprehensive solution proposal for a RFID asset management system. A case will be presented which will ...

  12. Securing the rural citizen

    OpenAIRE

    Anand Pandian

    2005-01-01

    This article concerns the politics of security and caste difference in the late nineteenth century Madras Presidency. Relying on a vernacular principle of interpretation emerging from the colonial archive itself—a Sanskrit ‘Law of Coincidence’—the article makes a case for collective identity in colonial India as a conjunctural attribution. I closely examine the trajectory of a widespread peasant movement that sought in 1896 to evict a single caste from hundreds of settlements altogeth...

  13. Security in mobile messaging

    OpenAIRE

    Nurtdinova, Daria

    2016-01-01

    Nowadays the Internet and smartphones are a substantial part of everyday life. It helps us to be in touch with others and to manage business projects more easily. IM immediately adapts to the possibili-ties of digital sphere and to human requirements. The academic purpose is to review the development of messaging applications and security features through the last 25 years. The main aim of the case is to find a free of charge cross-platform instant messenger with the end-to-end encrypted ...

  14. Secure Mobile Trade Agent

    Directory of Open Access Journals (Sweden)

    Musbah M. Aqe

    2007-01-01

    Full Text Available E-commerce on the internet has the ability to produce millions of transactions and a great number of merchants whose supply merchandise over the internet. As a result, it is difficult for entities to roam over every site on the internet and choose the best merchandise to trade. So, in this paper we introduced a mobile trade agent that visit the sites to gather and evaluate the information from merchant servers and decide to trade goods on behalf of the user. We observed that the combination of public key cryptosystem with distributed object technology make this proposed scheme more secure and efficient than the already existed schemes.

  15. Energy Security in Indonesia

    OpenAIRE

    Budy P. Resosudarmo; Ariana Alisjahbana; Ditya Agung Nurdianto

    2010-01-01

    The issue of energy security has been a subject of discussions in Indonesia for a long time. However, until the end of the 1990s, it had never been at the centre of the country's policy debates. The sharp depreciation of Rupiah during the 1997/98 Asian financial crisis and increase in the price of crude oil in the early 2000s made it very expensive to control domestic prices of fuel and electricity through subsidies. With approximately 43 percent of the country's energy sources derived from c...

  16. Trading Privacy for Security

    Directory of Open Access Journals (Sweden)

    Rob Van den Hoven van Genderen

    2009-08-01

    Full Text Available

    Personal information is available to anyone, anywhere at anytime. That includes the data subject itself, commercial users, social networks, governmental authorities and also parties with illegal intentions. Is the availability to authorities of our personal data necessary for the protection of our national security and protection against computer-criminality? Can we be certain that the processing of our personal data is done for solely legitimate purposes? And are we certain that our personal data is well protected when being processed? ...and do we really care? In this article Rob van den Hoven van Genderen discusses these issues.

  17. SDN Security: A Survey

    OpenAIRE

    Scott-Hayward, Sandra; O'Callaghan, Gemma; Sezer, Sakir

    2013-01-01

    The pull of Software-Defined Networking (SDN) is magnetic. There are few in the networking community who have escaped its impact. As the benefits of network visibility and network device programmability are discussed, the question could be asked as to who exactly will benefit? Will it be the network operator or will it, in fact, be the network intruder? As SDN devices and systems hit the market, security in SDN must be raised on the agenda. This paper presents a comprehensive survey of the re...

  18. Introduction to network security

    CERN Document Server

    Jacobson, Douglas

    2008-01-01

    … Students can easily understand how things work thanks to the different figures/definitions … students can see the different steps taken to build a secure environment and avoid most of the usual mistakes. … A website (http://www.dougj.net/textbook) is provided to support the book, where the reader can find additional content, like instructor materials, slides to support the book, on-line tutorials, help to start the programming parts. It is not mandatory at all to understand the book, but it is a really nice addition. … the book is really well written, and easily understandable without lackin

  19. SIE-SECURITY

    OpenAIRE

    Mircea Iosif NEAMÞU; Iulian ALEXE

    2010-01-01

    The purpose of this paper is to present the application named SIE-Security providing web programmers with a tool that searches vulnerable links within their web site (i.e. a product page), attempting to perform an SQL Injection and finally, trying to find the admin login page and crack the MD5 hashed password (inappropriately called “crack” because we are actually using Rainbow tables). The application is structured on three tabs, each corresponding to the actions performed by the application...

  20. ICAO safety and security

    International Nuclear Information System (INIS)

    In November 1944, 52 States attended a meeting in Chicago to discuss the problems facing international civil aviation. The outcome of this meeting was the Convention on International Civil Aviation, also known as the Chicago Convention. The International Civil Aviation Organization is the permanent body charged with administering the principles set by the Convention. One of its major tasks concerns the adoption of international standards and to act as arbiter between contracting States on matters concerning implementation of the Convention in order to maintain the safety, security and regularity of civil aviation operations. (author)

  1. Instant Spring security starter

    CERN Document Server

    Jagielski, Piotr

    2013-01-01

    Get to grips with a new technology, understand what it is and what it can do for you, and then get to work with the most important features and tasks. A concise guide written in an easy-to-follow format following the Starter guide approach.This book is for people who have not used Spring Security before and want to learn how to use it effectively in a short amount of time. It is assumed that readers know both Java and HTTP protocol at the level of basic web programming. The reader should also be familiar with Inversion-of-Control/Dependency Injection, preferably with the Spring framework itsel

  2. Software Security and the "Building Security in Maturity" Model

    CERN Document Server

    CERN. Geneva

    2011-01-01

    Using the framework described in my book "Software Security: Building Security In" I will discuss and describe the state of the practice in software security. This talk is peppered with real data from the field, based on my work with several large companies as a Cigital consultant. As a discipline, software security has made great progress over the last decade. Of the sixty large-scale software security initiatives we are aware of, thirty-two---all household names---are currently included in the BSIMM study. Those companies among the thirty-two who graciously agreed to be identified include: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo. The BSIMM was created by observing and analyzing real-world data from thirty-two leading software security initiatives. The BSIMM can...

  3. M-Banking Security - a futuristic improved security approach

    Directory of Open Access Journals (Sweden)

    Aaradhana A Deshmukh

    2010-01-01

    Full Text Available In last few decades large technology development raised various new needs. Financial sector has also no exception. People are approaching all over the world to fulfill there dreams. Any sector needs to understand changing need of customer. In order to satisfy financial need for customer banks are taking help of new technology such as internet. Only problem remain is of security. The aim of this work is to provide a secure environment in terms of security for transaction by various ways. In order to improve security we are making use of "Steganography" technique in the way never used before. Task of enhancing security include construction of formula for both data encryption and also for hiding pattern. Server should not process any fake request hence concept of custom "Session id" and "Request id" is introduced. Implementation of such a security constraints in banking sector not only help to serve customer in better way but also make customer confident and satisfy.

  4. Information Security Service Branding – beyond information security awareness

    Directory of Open Access Journals (Sweden)

    Rahul Rastogi

    2012-12-01

    Full Text Available End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, it is vital to improve the image of information security in the minds of end-users. This paper borrows the concepts of brands and branding from the domain of marketing to achieve this objective and applies these concepts to information security. The paper also describes a process for creating the information security service brand in the organization.

  5. M-Banking Security - a futuristic improved security approach

    CERN Document Server

    Navale, Geeta S; Deshmukh, Aaradhana A

    2010-01-01

    In last few decades large technology development raised various new needs. Financial sector has also no exception. People are approaching all over the world to fulfill there dreams. Any sector needs to understand changing need of customer. In order to satisfy financial need for customer banks are taking help of new technology such as internet. Only problem remain is of security. The aim of this work is to provide a secure environment in terms of security for transaction by various ways. In order to improve security we are making use of "Steganography" technique in the way never used before. Task of enhancing security include construction of formula for both data encryption and also for hiding pattern. Server should not process any fake request hence concept of custom "Session id" and "Request id" is introduced. Implementation of such a security constraints in banking sector not only help to serve customer in better way but also make customer confident and satisfy.

  6. Security and Architectural Patterns for Securing the Cloud Architecture

    OpenAIRE

    Golajapu Venu Madhava Rao; Venu Madhav Kuthadi; Rajalakshmi Selvaraj

    2015-01-01

    Operating a cloud securely and efficiently entails a great deal of advanceplanning. A data center and redundant internet connection is required at the beginning to connect to cloud. This can constitute the technology portion of an information security and some network devices that safely and securely serve the communication. National Institute of Standards and Technology states that the process of uniquely assigning the information resources to an information system will define the securit...

  7. Big Data Services Security and Security challenges in cloud environment

    OpenAIRE

    Alsufyani, Raed; Jama, Khursand; Yao, Yulin; Ramachandran, Muthu; Chang, Victor

    2016-01-01

    This paper explores security issues of storage in the cloud and the methodologies that can be used to improve the security level. This study is concluded with a discussion of current problems and the future direction of cloud computing. Big data analysis can also be classified into memory level analysis, business intelligence (BI) level analysis, and massive level analysis. This research paper is based on cloud computing security and data storage issues that organizations face when they uploa...

  8. Information Security Service Branding – beyond information security awareness

    OpenAIRE

    Rahul Rastogi; Rossouw Von Solms

    2012-01-01

    End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, i...

  9. Information Security Governance: When Compliance Becomes More Important than Security

    OpenAIRE

    Tan, Terence C. C.; Ruighaver, Anthonie B.; Ahmad, Atif

    2010-01-01

    International audience Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational se...

  10. Security Requirements and Security Solutions For Community Administrations

    OpenAIRE

    2003-01-01

    The Internet is slowly becoming a mirror of the society. Everything we do in the real world, we want to do out on the Net: conduct private conversations, keep personal papers, sign letters and contracts, shop, publish documents etc. All these things require security, but we go ahead using the net without asking too many questions. Today security issues are not a fundamental starting point. This also means that the limits of security are the limits of the Internet. There are several reaso...

  11. Computers, business, and security the new role for security

    CERN Document Server

    Schweitzer, James A

    1987-01-01

    Computers, Business, and Security: The New Role for Security addresses the professional security manager's responsibility to protect all business resources, with operating environments and high technology in mind. This book discusses the technological aspects of the total security programs.Organized into three parts encompassing 10 chapters, this book begins with an overview of how the developing information age is affecting business management, operations, and organization. This text then examines a number of vulnerabilities that arise in the process of using business computing and communicat

  12. Why SCADA security is NOT like Computer Centre Security

    CERN Document Server

    CERN. Geneva

    2014-01-01

    Today, the industralized world lives in symbiosis with control systems (aka SCADA systems): it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and discuss the differences (or not) between computer center cyber-security and control system cyber-security.

  13. Cloud Security A Comprehensive Guide to Secure Cloud Computing

    CERN Document Server

    Krutz, Ronald L

    2010-01-01

    Well-known security experts decipher the most challenging aspect of cloud computing-security. Cloud computing allows for both large and small organizations to have the opportunity to use Internet-based services so that they can reduce start-up costs, lower capital expenditures, use services on a pay-as-you-use basis, access applications only as needed, and quickly reduce or increase capacities. However, these benefits are accompanied by a myriad of security issues, and this valuable book tackles the most common security challenges that cloud computing faces. The authors offer you years of unpa

  14. International nuclear security

    International Nuclear Information System (INIS)

    Protection of Nuclear Material (CPPNM) was adopted in 1979 and entered into force in 1987. After the end of the Cold War the number of illicit trafficking cases in nuclear materials triggered an awareness of the need to strengthen the international physical protection regime. In 1999 an open-ended group of experts was convened by the IAEA Director General to examine the need to strengthen the Convention on the Physical Protection of Nuclear Material. The work of the group of legal and technical experts to draft an amendment to the CPPNM in 2003 resulted in a report proposing possible amendments to include: the extension of the scope to cover nuclear material in domestic use storage and transport as well as the protection of nuclear material and facilities from sabotage. The cases of illicit trafficking in the 90's have shown that international cooperation is a must to establish an effective system of prevention, detection of, and response to inadvertent and illicit trafficking. The events of September of 2001 in the USA demonstrated a new scale, dedication and organization of terrorist groups. The acquisition of a nuclear weapon or related materials remains the gravest concern. The threat of a radiological dispersal device (RDD) or sabotage of a nuclear facility or transport became also serious concern. The potential consequences of terrorist attacks resulting in a release of radioactive substances, which could affect neighbouring countries point to a transnational dimension of nuclear security. Thus in the post-9/11 period nuclear security must consider the potential of: a) the theft of a complete nuclear weapon; b) the theft of nuclear material for the purpose of constructing a crude nuclear explosive device with or without the active involvement of a State, c) the theft of nuclear and other radioactive materials to construct a radiological dispersal device (RDD); and d) attacks directed against nuclear facility or a nuclear transport. A global nuclear security regime is

  15. Cryptographically secure biometrics

    Science.gov (United States)

    Stoianov, A.

    2010-04-01

    Biometric systems usually do not possess a cryptographic level of security: it has been deemed impossible to perform a biometric authentication in the encrypted domain because of the natural variability of biometric samples and of the cryptographic intolerance even to a single bite error. Encrypted biometric data need to be decrypted on authentication, which creates privacy and security risks. On the other hand, the known solutions called "Biometric Encryption (BE)" or "Fuzzy Extractors" can be cracked by various attacks, for example, by running offline a database of images against the stored helper data in order to obtain a false match. In this paper, we present a novel approach which combines Biometric Encryption with classical Blum-Goldwasser cryptosystem. In the "Client - Service Provider (SP)" or in the "Client - Database - SP" architecture it is possible to keep the biometric data encrypted on all the stages of the storage and authentication, so that SP never has an access to unencrypted biometric data. It is shown that this approach is suitable for two of the most popular BE schemes, Fuzzy Commitment and Quantized Index Modulation (QIM). The approach has clear practical advantages over biometric systems using "homomorphic encryption". Future work will deal with the application of the proposed solution to one-to-many biometric systems.

  16. CLOUD COMPUTING SECURITY ISSUES

    Directory of Open Access Journals (Sweden)

    Florin OGIGAU-NEAMTIU

    2012-01-01

    Full Text Available The term “cloud computing” has been in the spotlights of IT specialists the last years because of its potential to transform this industry. The promised benefits have determined companies to invest great sums of money in researching and developing this domain and great steps have been made towards implementing this technology. Managers have traditionally viewed IT as difficult and expensive and the promise of cloud computing leads many to think that IT will now be easy and cheap. The reality is that cloud computing has simplified some technical aspects of building computer systems, but the myriad challenges facing IT environment still remain. Organizations which consider adopting cloud based services must also understand the many major problems of information policy, including issues of privacy, security, reliability, access, and regulation. The goal of this article is to identify the main security issues and to draw the attention of both decision makers and users to the potential risks of moving data into “the cloud”.

  17. New computer security measures

    CERN Document Server

    IT Department

    2008-01-01

    As a part of the long-term strategy to improve computer security at CERN, and especially given the attention focused to CERN by the start-up of the LHC, two additional security measures concerning DNS and Tor will shortly be introduced. These are described in the following texts and will affect only a small number of users. "PHISHING" ATTACKS CONTINUE CERN computer users continue to be subjected to attacks by people trying to infect our machines and obtain passwords and other confidential information by social engineering trickery. Recent examples include an e-mail message sent from "La Poste" entitled "Colis Postal" on 21 August, a fake mail sent from web and mail services on 8 September, and an e-mail purporting to come from Hallmark Cards announcing the arrival of an electronic postcard. However, there are many other examples and there are reports of compromised mail accounts being used for more realistic site-specific phishing attempts. Given the increased publicity rela...

  18. Electronic security device

    International Nuclear Information System (INIS)

    The present invention relates to a security device having a control box containing an electronic system and a communications loop over which the system transmits a signal. The device is constructed so that the communications loop can extend from the control box across the boundary of a portal such as a door into a sealed enclosure into which access is restricted whereby the loop must be damaged or moved in order for an entry to be made into the enclosure. The device is adapted for detecting unauthorized entries into such enclosures such as rooms or containers and for recording the time at which such entries occur for later reference. Additionally, the device detects attempts to tamper or interfere with the operation of the device itself and records the time at which such events take place. In the preferred embodiment, the security device includes a microprocessor-based electronic system and a detection module capable of registering changes in the voltage and phase of the signal transmitted over the loop. 11 figs

  19. Secure the Clones

    Science.gov (United States)

    Jensen, Thomas; Kirchner, Florent; Pichardie, David

    Exchanging mutable data objects with untrusted code is a delicate matter because of the risk of creating a data space that is accessible by an attacker. Consequently, secure programming guidelines for Java stress the importance of using defensive copying before accepting or handing out references to an internal mutable object. However, implementation of a copy method (like clone()) is entirely left to the programmer. It may not provide a sufficiently deep copy of an object and is subject to overriding by a malicious sub-class. Currently no language-based mechanism supports secure object cloning. This paper proposes a type-based annotation system for defining modular copy policies for class-based object-oriented programs. A copy policy specifies the maximally allowed sharing between an object and its clone. We present a static enforcement mechanism that will guarantee that all classes fulfill their copy policy, even in the presence of overriding of copy methods, and establish the semantic correctness of the overall approach in Coq. The mechanism has been implemented and experimentally evaluated on clone methods from several Java libraries.

  20. Secure the Clones

    CERN Document Server

    Jensen, Thomas; Pichardie, David

    2012-01-01

    Exchanging mutable data objects with untrusted code is a delicate matter because of the risk of creating a data space that is accessible by an attacker. Consequently, secure programming guidelines for Java stress the importance of using defensive copying before accepting or handing out references to an internal mutable object. However, implementation of a copy method (like clone()) is entirely left to the programmer. It may not provide a sufficiently deep copy of an object and is subject to overriding by a malicious sub-class. Currently no language-based mechanism supports secure object cloning. This paper proposes a type-based annotation system for defining modular copy policies for class-based object-oriented programs. A copy policy specifies the maximally allowed sharing between an object and its clone. We present a static enforcement mechanism that will guarantee that all classes fulfil their copy policy, even in the presence of overriding of copy methods, and establish the semantic correctness of the ove...

  1. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  2. Extremely secure identification documents

    International Nuclear Information System (INIS)

    The technology developed in this project uses biometric information printed on the document and public key cryptography to ensure that an adversary cannot issue identification documents to unauthorized individuals or alter existing documents to allow their use by unauthorized individuals. This process can be used to produce many types of identification documents with much higher security than any currently in use. The system is demonstrated using a security badge as an example. This project focused on the technologies requiring development in order to make the approach viable with existing badge printing and laminating technologies. By far the most difficult was the image processing required to verify that the picture on the badge had not been altered. Another area that required considerable work was the high density printed data storage required to get sufficient data on the badge for verification of the picture. The image processing process was successfully tested, and recommendations are included to refine the badge system to ensure high reliability. A two dimensional data array suitable for printing the required data on the badge was proposed, but testing of the readability of the array had to be abandoned due to reallocation of the budgeted funds by the LDRD office

  3. Security needs you

    CERN Multimedia

    2010-01-01

    Academic freedom is a valuable thing, but like any kind of freedom, it comes with responsibility. Here at CERN, and in the global particle physics community as a whole, we enjoy an open academic environment, which gives us freedom of choice and freedom of expression. It is a strong tradition at CERN, but it’s not something we can ever take for granted. This is particularly true in the area of IT, where our openness and our global visibility make us an attractive target. Attacks on our IT infrastructure in the past have had a negative impact on our reputation, and have even led to changes in the way we operate computing services. It is the responsibility of all of us, not just the experts in the IT Department, to protect our IT infrastructure while striking the right balance between security, academic freedom and the unfettered operation of our facilities. Everyone using CERN’s IT infrastructure is responsible for the security and protection of the computers they use, the operating...

  4. Security Consideration With Dynamic Routing

    Directory of Open Access Journals (Sweden)

    VISWESWARARAO BOLLA

    2012-03-01

    Full Text Available One of the major issues for data communication over wired and wireless networks is the security. the past work is on the designs of cryptography algorithms and system infrastructures. Dynamic routing algorithm called improved dynamic routing with security consideration, which is based on the concept of Zone Routing Protocol (ZRP that could randomize delivery paths for data transmission. The algorithm is easy to implement and compatible with popular routing protocols, such as the Routing Information Protocol (RIP in wired networks and Destination-Sequenced Distance Vector (DSDV protocol in wireless networks, without introducing extra control messages. This algorithm is mainly proposed to improve the and to overcome the limitations existing with the present cryptographic algorithms and protocols. Although some designs like IP security, Secure Socket Layer provide essential security, E-Mail security they unavoidably introduce substantial overheads in the Gateway/Host performance and effective network bandwidths.

  5. Lecture 3: Web Application Security

    CERN Document Server

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture focuses on security aspects of Web application development. Various vulnerabilities typical to web applications (such as Cross-site scripting, SQL injection, cross-site request forgery etc.) are introduced and discussed. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support servic...

  6. Computer Security at Nuclear Facilities

    International Nuclear Information System (INIS)

    This series of slides presents the IAEA policy concerning the development of recommendations and guidelines for computer security at nuclear facilities. A document of the Nuclear Security Series dedicated to this issue is on the final stage prior to publication. This document is the the first existing IAEA document specifically addressing computer security. This document was necessary for 3 mains reasons: first not all national infrastructures have recognized and standardized computer security, secondly existing international guidance is not industry specific and fails to capture some of the key issues, and thirdly the presence of more or less connected digital systems is increasing in the design of nuclear power plants. The security of computer system must be based on a graded approach: the assignment of computer system to different levels and zones should be based on their relevance to safety and security and the risk assessment process should be allowed to feed back into and influence the graded approach

  7. China's Migrant Workers' Social Security

    Institute of Scientific and Technical Information of China (English)

    Zhang Sifeng; Zhang Wenxue; Wang Lijian; Zhang Li

    2010-01-01

    Based on the definition of migrant workers and migrant workers'social security,systems,policies and regulations and status quo of specific safeguard project of social security have been analyzed.Authors draw following conclusions: China's social security systems of migrant workers show diversification and differentiation trend; national-level policies take on diversification and local-level regulations take on differentiation; social welfare and social assistance have deficiency; coverage rate of social insurance items is extremely low.

  8. Human security: Concept and practice

    OpenAIRE

    Venu Menon, Sudha

    2007-01-01

    In the era of multiplying and escalating risks, both at national and international level, security of individual –popularly known as human security- from pervasive threats and fears become an area of intellectual discourse and policy debate. This is especially significant after the end of cold war, emergence of multi-polarity and proliferation of global terrorism. However, there is no established concept of human security in mainstream social science debates across the world. In the absence o...

  9. Security: a supranational legal asset

    OpenAIRE

    Manuel Monteiro Guedes Valente

    2012-01-01

    This paper discusses the concept of security as a manysided, multifunctional and multilevel regulation topology which requires its several actors to view legal assets from a polygonal perspective worthy of legal protection from local to global and from global to local space. The concept of security as a supranational legal asset requires criminal legislation which defines the principles of criminal policy and the intervention of criminal Law, barriers to security trends and to the attempt to ...

  10. Social Security, Unemployment, and Growth

    OpenAIRE

    Bräuninger, Michael

    2004-01-01

    The paper develops an overlapping generations model that highlights interactions between social security, unemployment and growth. The social security system has two components: old age pensions and unemployment insurance. Pensions have a direct effect on economic growth. Both pensions and unemployment benefits influence equilibrium unemployment caused by wage bargaining. Since unemployment impairs growth, both types of social security have an indirect, negative effect on growth.

  11. Managing information technology security risk

    Science.gov (United States)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  12. Flexible Models for Secure Systems /

    OpenAIRE

    Meiklejohn, Sarah

    2014-01-01

    Modern computing and interactions have become increasingly complex over the last decade, resulting in an online ecosystem with many more options for users, but less transparent information about their security and, in particular, their privacy. The resulting gap between security and functionality has given rise to various problems and concerns. While these problems\\dash e.g., the spread of malware, data breaches on (supposedly) secure servers, mining of private user data on social networks\\ d...

  13. DSA for Secured Optical Communication

    International Nuclear Information System (INIS)

    Novel system of dark soliton array (DSA) for secured communication is proposed. The DSA are obtained by using a series micro ring resonators where the input wavelengths of λ1= 1516 nm, λ2= 1518 nm and λ3 =1520 nm propagate inside the system and finally will be multiplexed. For security applications, the DSA can be tuned and amplified. The use of DSA for high capacity can be realized by using proposed secured system. (author)

  14. Secure refinements of communication channels

    OpenAIRE

    Cheval, Vincent; Cortier, Véronique; Le Morvan, Eric

    2015-01-01

    International audience It is a common practice to design a protocol (say Q) assuming some secure channels. Then the secure channels are implemented using any standard protocol, e.g. TLS. In this paper, we study when such a practice is indeed secure. We provide a characterization of both confidential and authenticated channels. As an application, we study several protocols of the literature including TLS and BAC protocols. Thanks to our result, we can consider a larger number of sessions wh...

  15. ITIL (R) and Information Security

    OpenAIRE

    Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

    2015-01-01

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

  16. STANDARDIZING SOURCE CODE SECURITY AUDITS

    OpenAIRE

    Suzanna Schmeelk; Bill Mills; Leif Hedstrom

    2012-01-01

    A source code security audit is a powerful methodology for locating and removing security vulnerabilities.An audit can be used to (1) pass potentially prioritized list of vulnerabilities to developers (2) exploitvulnerabilities or (3) provide proof-of-concepts for potential vulnerabilities. The security audit researchcurrently remains disjoint with minor discussion of methodologies utilized in the field. This paperassembles a broad array of literature to promote standardizing source code secu...

  17. Energy audit and energy security

    OpenAIRE

    Beata Agnieszka Kulessa

    2013-01-01

    In article, we present the issue of energy security. This article to answer the questions concerning the future of energy in Poland. These activities are directly related to energy security and the reduction of CO2 emissions. One element of this plan is the introduction in the EU energy certification of buildings. The energy certificates in Poland launched on 01.01.2009 and implements the objectives adopted by the European Union and contribute to energy security, increasing energy efficiency ...

  18. INFORMATION SYSTEM SECURITY THREATS CLASSIFICATIONS

    OpenAIRE

    Sandro Gerić; Željko Hutinski

    2007-01-01

    Information systems are exposed to different types of security risks. Theconsequences of information systems security (ISS) breaches can vary from e.g. damaging the data base integrity to physical "destruction" of entire information system facilities, and can result with minor disruptions in less important segments of information systems, or with significant interruptions in information systems functionality. The sources of security risks are different, and can origin from inside or outside o...

  19. GRID INFORMATION SECURITY FUNCTIONAL REQUIREMENT

    OpenAIRE

    Amy Poh Ai Ling; Mukaidono Masao

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application ofhermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them ...

  20. Secure E-Commerce Protocol

    OpenAIRE

    Khalid Haseeb, Muhammad Arshad, Shoukat Ali, Shazia Yasin

    2011-01-01

    E-commerce has presented a new way of doing business all over the world using internet.Organizations have changed their way of doing business from a traditional approach to embrace ecommerceprocesses. As individuals and businesses increase information sharing, a concernregarding the exchange of money securely and conveniently over the internet increases. Therefore,security is a necessity in an e-commerce transaction. The purpose of this paper is to present atoken based Secure E-commerce Proto...

  1. Liquidity risk in securities settlement

    OpenAIRE

    Johan Devriese; Janet Mitchell

    2005-01-01

    This paper studies the potential impact on securities settlement systems (SSSs) of a major market disruption, caused by the default of the largest player. A multi-period, multi-security model with intraday credit is used to simulate direct and second round settlement failures triggered by the default, as well as the dynamics of settlement failures, arising from a lag in settlement relative to the date of trades. The effects of the defaulter's net trade position, the numbers of securities and ...

  2. Market Structures and Shipping Security

    OpenAIRE

    Mary R. Brooks; Kenneth J Button

    2006-01-01

    The events of September 11th, 2001, in the US have brought a greater focus to the ways in which national security is viewed. International agencies such as the International Maritime Organisation and most national governments have been active in developing new security policies. Security, however, poses particular problems because, unlike safety where there is no conscious effort to cause harm, there is an inevitable gaming problem with potential perpetrators continually vying to circumvent s...

  3. Job security and job protection

    OpenAIRE

    Andrew E. Clark; Postel-Vinay, Fabien

    2005-01-01

    We construct indicators of the perception of job security for various types of jobs in 12 European countries using individual data from the European Community Household Panel (ECHP). We then consider the relation between reported job security and OECD summary measures of Employment Protection Legislation (EPL) strictness on one hand, and Unemployment Insurance Benefit (UIB) generosity on the other. We find that, after controlling for selection into job types, workers feel most secure in perma...

  4. Security Protocol for Active Networks

    OpenAIRE

    Cheng, L.; Galis, A.

    2006-01-01

    Active packets carrying management and control code have a dynamic nature and support dynamic routing. Thus, active packets must be protected in an end-to-end and hop-to-hop fashion. In this paper, we present a novel approach, known as security protocol for active networks (SPAN), which enables an active packet to be securely transmitted during (instead of after) Security Association (SA) and management negotiations along a new execution path

  5. Nuclear and radiological Security: Introduction

    International Nuclear Information System (INIS)

    Nuclear security includes the prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer, or other malicious acts involving nuclear or other radioactive substances or their associated facilities. The presentation begins by discussing the concept and its importance, then moves on to consider threats--insider threat, sabotage, diversion of materials--with considerable emphasis on the former. The intrusion at Pelindaba, South Africa, is described as a case study. The distinction between nuclear security and security of radiological and portable sources is clarified, and the international legal framework is touched upon. The paper concludes by discussing the responsibilities of the various entities involved in nuclear security.

  6. IAEA's activities on nuclear security

    International Nuclear Information System (INIS)

    Main activities of the IAEA are focused on three items; (1) promotion of peaceful uses of nuclear energy; technical cooperation, (2) nuclear safety and (3) safeguards. Since September 11, 2001 terrorist attack, IAEA's activities on nuclear security has been strengthened. Here nuclear security can be defined as the prevention and detection of and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear material, other radioactive substance or their associated facilities. Nuclear security has made a remarkable change and gained great importance. Recent trend of nuclear security was introduced and future perspective of IAEA's verification activities through the inspection including safeguards was described. (T. Tanaka)

  7. Practical Unix and Internet Security

    CERN Document Server

    Garfinkel, Simson; Spafford, Gene

    2003-01-01

    When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world. Focusing on the four most popular Unix varia

  8. Palm Biometrics: Testimony of Security

    OpenAIRE

    Nancy*, Abhilasha

    2014-01-01

    Now a days, whenever we think of developing a system or software, the first thing that comes in one’s mind is Security. We always think whether the given system is secure enough to use or not? This question arises because Security is no more secure word in today’s world because of unlawful persons. So, to provide assertion there comes an epoch i.e. BIOMETRICS. This field has gained wide popularity all over the universe, as it recognizes our Biological or Physiological characte...

  9. SELECTIVE OPENING SECURE FUNCTIONAL ENCRYPTION

    Directory of Open Access Journals (Sweden)

    Yuanyuan Ji

    2015-12-01

    Full Text Available Functional encryption (FE has more fine-grained control to encrypted data than traditional encryption schemes. The well-accepted security of FE is indistinguishability-based security (IND-FE and simulation-based security (SIMFE, but the security is not sufficient. For example, if an adversary has the ability to access a vector of ciphertexts and can ask to open some information of the messages, such as coins used in the encryption or secret key in multikey setting, whether the privacy of the unopened messages is guaranteed. This is called selective opening attack (SOA. In this paper, we propose a stronger security of FE which is secure against SOA (we call SOFE and propose a concrete construction of SO-FE scheme in the standard model. Our scheme is a non-adaptive IND-FE which satisfies selective opening secure in the simulation sense. In addition, the scheme can encrypt messages of any bit length other than bitwise and it is secure against SOA-C and SOAK simultaneously while the two attacks were appeared in different model before. According to the different functionality f, our scheme can specialize as IBE, ABE and even PE schemes secure against SOA.

  10. Audit for Information Systems Security

    Directory of Open Access Journals (Sweden)

    Ana-Maria SUDUC

    2010-01-01

    Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

  11. Genesis of enterprise financial security

    Directory of Open Access Journals (Sweden)

    Davydenko N. M.

    2015-05-01

    Full Text Available The article analyzes the scientific approaches to the definition of «financial security of entities», advantages and disadvantages of these approaches are highlighted. The own definition of financial security of entities is given. The composition of elements of enterprise financial security and principles of its provision are defined. Тhe role of individual elements of financial security to ensure high efficiency operation and development of enterprises is significant and has a direct impact on their solvency, liquidity and profitability.

  12. Dynamic secrets in communication security

    CERN Document Server

    Xiao, Sheng; Towsley, Donald

    2013-01-01

    Dynamic secrets are constantly generated and updated from messages exchanged between two communication users. When dynamic secrets are used as a complement to existing secure communication systems, a stolen key or password can be quickly and automatically reverted to its secret status without disrupting communication. 'Dynamic Secrets in Communication Security' presents unique security properties and application studies for this technology. Password theft and key theft no longer pose serious security threats when parties frequently use dynamic secrets. This book also illustrates that a dynamic

  13. Nuclear Security Culture: Implementing Guide

    International Nuclear Information System (INIS)

    This publication defines the basic concepts and elements of nuclear security culture, with the aim to provide Member States with international consensus guidance on planning and implementing a programme to improve nuclear security culture. Particular emphasis is placed on areas such as regulation, government institutions and general public awareness. The report provides an overview of the necessary attributes of an effective nuclear security culture and emphasizes that its success is ultimately dependent on individuals: policy makers, regulators, managers, individual employees and, to a certain extent, members of the general public. Practical methods to assess and improve the effectiveness of security culture are also included.

  14. Nuclear and radiological Security: Introduction.

    Energy Technology Data Exchange (ETDEWEB)

    Miller, James Christopher [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2016-02-24

    Nuclear security includes the prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer, or other malicious acts involving nuclear or other radioactive substances or their associated facilities. The presentation begins by discussing the concept and its importance, then moves on to consider threats--insider threat, sabotage, diversion of materials--with considerable emphasis on the former. The intrusion at Pelindaba, South Africa, is described as a case study. The distinction between nuclear security and security of radiological and portable sources is clarified, and the international legal framework is touched upon. The paper concludes by discussing the responsibilities of the various entities involved in nuclear security.

  15. Computer and information security handbook

    CERN Document Server

    Vacca, John R

    2012-01-01

    The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed

  16. Spring security 3.x cookbook

    CERN Document Server

    Mankale, Anjana

    2013-01-01

    This book follows a cookbook style exploring various security solutions provided by Spring Security for various vulnerabilities and threat scenarios that web applications may be exposed to at the authentication and session level layers.This book is for all Spring-based application developers as well as Java web developers who wish to implement robust security mechanisms into web application development using Spring Security.Readers are assumed to have a working knowledge of Java web application development, a basic understanding of the Spring framework, and some knowledge of the fundamentals o

  17. A Survey on Mobile Payment Systems Security

    Directory of Open Access Journals (Sweden)

    Leila Esmaeili

    2012-09-01

    Full Text Available In recent years, increasing use of mobile devices and the emergence of new technologies have changed mobile commerce and mobile payment in all over the world. Although many attempts have been made to implement secure mobile payment systems and services, growing forgery, fraud and other related electronic crimes as well as security attacks and threats prove the necessity of paying special attention to security issues for development and extension of such systems. In this paper, we investigate classification of security threats and attacks in mobile payment and discuss security issues in three related areas of mobile payment; including network security, transmission security and mobile device security. Network security includes WLAN and WWAN security; transmission security includes WAP, SMS, wave channel and USSD security; and mobile device security includes hardware and software platforms and operating system security.

  18. Summary Report on Unconditionally Secure Protocols

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Salvail, Louis; Cachin, Christian

    This document describes the state of the art snd some of the main open problems in the area of unconditionally secure cryptographic protocols. The most essential part of a cryptographic protocol is not its being secure. Imagine a cryptographic protocol which is secure, but where we do not know...... that it is secure. Such a protocol would do little in providing security. When all comes to all, cryptographic security is done for the sake of people, and the essential part of security is for people what it has always been, namely to feel secure. To feel secure employing a given cryptographic protocol we need...... to know that is is secure. I.e. we need a proof that it is secure. Today the proof of security of essentially all practically employed cryptographic protocols relies on computational assumptions. To prove that currently employed ways to communicate securely over the Internet are secure we e.g. need...

  19. Security of material

    International Nuclear Information System (INIS)

    Full text: From the early days of discovery and experimentation with nuclear science, nuclear and radioactive materials have held extraordinary potential for being of great benefit to humankind, as well as for causing significant harm. For the past forty years, the IAEA has played an important role in ensuring that nuclear technologies and materials are used only for peaceful purposes. The Agency's safeguards programme has been providing assurances that States honour their undertakings to use nuclear facilities and materials for peaceful purposes only. The potential of nuclear materials and other radioactive materials being used in subversive activities, such as theft, illicit trafficking, sabotage and threats thereof, has been recognized by the international community. The tragic events in New York have given new light to and increased concern for this potential. No target may be considered immune from terrorism. Since 1993, States have confirmed over 370 cases of illicit trafficking. Information is also available on potential attempts of and actual acts of sabotage. For any State, the first step in ensuring the security of their materials is an effective national system. Such a system must contain multiple elements, including physical protection measures, material accountability arrangements, reliable detection capabilities, and plans for rapid and effective response when material is found to be lost, stolen or otherwise not under proper control. The system must also cover illegal waste dumping and other activities that would result in the release of radioactive material into the environment. All these measures should be based on well founded legal and regulatory structures. In many cases, the responsibility for these various elements lies with different bodies, and co-operation between them is vital to the success of the national system. The Agency's programme Security of Material aims at being of service to States in their efforts to upgrade their security

  20. Security and Architectural Patterns for Securing the Cloud Architecture

    Directory of Open Access Journals (Sweden)

    Golajapu Venu Madhava Rao

    2015-09-01

    Full Text Available Operating a cloud securely and efficiently entails a great deal of advanceplanning. A data center and redundant internet connection is required at the beginning to connect to cloud. This can constitute the technology portion of an information security and some network devices that safely and securely serve the communication. National Institute of Standards and Technology states that the process of uniquely assigning the information resources to an information system will define the security boundary for that system. A massive amount of gear that is racked and cabled following defined patterns is enabled inside this boundary. Need for the infrastructure that is used to manage the cloud and its resources as it operates the cloud. Each component like server, network and storagerequires some degree of configuration. While designing or planning a complex systemit is important to look ahead the process and procedures required for operation of the system. Small cloud systems can be build without much of planning. But any Cloud system substantially bigger size needs significant planning and design. If we fail to plan it leads to higher cost due to inefficiency in design and process. In this paper we study on the architectural components that can be used to build a cloud with security as a priority. This can be achieved by identifying requirements for secured cloud architecture along with key patterns and architectural elements. This paper first discusses on security patterns and an architectural element required and also focuses on several different cloud architectures and secure cloud operation strategies.