WorldWideScience

Sample records for cabig security whitepaper

  1. Whitepaper on the DAEdALUS Program

    CERN Document Server

    Aberle, C; Alonso, J; Barletta, W A; Barlow, R; Bartoszek, L; Bungau, A; Calanna, A; Campo, D; Calabretta, L; Celona, L; Collin, G; Conrad, J M; de Gouvea, A; Djurcic, Z; Gammino, S; Garisto, D; Gutierrez, R; Johnson, R R; Kamyshkov, Y; Karagiorgi, G; Kolano, A; Labrecque, F; Loinaz, W; Okuno, H; Papavassiliou, V; Scholberg, K; Shaevitz, M H; Shimizu, I; Spitz, J; Skuhersky, M; Terao, K; Toups, M; Vagins, M; Winklehner, D; Winslow, L A; Yang, J J

    2013-01-01

    This whitepaper describes the status of the DAEdALUS program for development of high power cyclotrons as of the time of the final meeting of the Division of Particles and Fields 2013 Community Study ("Snowmass"). We report several new results, including a measurement capability between 4 and 12 degrees on the CP violating parameter in the neutrino sector. Past results, including the capability of the IsoDAR high Dm^2 antielectron neutrino disappearance search, are reviewed. A discussion of the R&D successes, including construction of a beamline teststand, and future plans are provided. This text incorporates short whitepapers written for subgroups in the Intensity Frontier and Frontier Capabilities Working Groups that are available on the Snowmass website.

  2. Development of the Lymphoma Enterprise Architecture Database: a caBIG Silver level compliant system.

    Science.gov (United States)

    Huang, Taoying; Shenoy, Pareen J; Sinha, Rajni; Graiser, Michael; Bumpers, Kevin W; Flowers, Christopher R

    2009-04-03

    Lymphomas are the fifth most common cancer in United States with numerous histological subtypes. Integrating existing clinical information on lymphoma patients provides a platform for understanding biological variability in presentation and treatment response and aids development of novel therapies. We developed a cancer Biomedical Informatics Grid (caBIG) Silver level compliant lymphoma database, called the Lymphoma Enterprise Architecture Data-system (LEAD), which integrates the pathology, pharmacy, laboratory, cancer registry, clinical trials, and clinical data from institutional databases. We utilized the Cancer Common Ontological Representation Environment Software Development Kit (caCORE SDK) provided by National Cancer Institute's Center for Bioinformatics to establish the LEAD platform for data management. The caCORE SDK generated system utilizes an n-tier architecture with open Application Programming Interfaces, controlled vocabularies, and registered metadata to achieve semantic integration across multiple cancer databases. We demonstrated that the data elements and structures within LEAD could be used to manage clinical research data from phase 1 clinical trials, cohort studies, and registry data from the Surveillance Epidemiology and End Results database. This work provides a clear example of how semantic technologies from caBIG can be applied to support a wide range of clinical and research tasks, and integrate data from disparate systems into a single architecture. This illustrates the central importance of caBIG to the management of clinical and biological data.

  3. Managing the masses with contactless payment technologies - whitepaper

    NARCIS (Netherlands)

    Smit, M.; Huitema, G.B.

    2007-01-01

    n 2007, hundreds of contactless payment trials are being conducted across Europe varying in focus and size. One of the most common first-time uses is in public transport; a well-known example is the Oyster (smart-)card for the London Transport system. This whitepaper shares research on contactless p

  4. ASC Predictive Science Academic Alliance Program Verification and Validation Whitepaper

    Energy Technology Data Exchange (ETDEWEB)

    Klein, R; Graziani, F; Trucano, T

    2006-03-31

    The purpose of this whitepaper is to provide a framework for understanding the role that verification and validation (V&V) are expected to play in successful ASC Predictive Science Academic Alliance (PSAA) Centers and projects. V&V have been emphasized in the recent specification of the PSAA (NNSA, 2006): (1) The resulting simulation models lend themselves to practical verification and validation methodologies and strategies that should include the integrated use of experimental and/or observational data as a key part of model and sub-model validation, as well as demonstrations of numerical convergence and accuracy for code verification. (2) Verification, validation and prediction methodologies and results must be much more strongly emphasized as research topics and demonstrated via the proposed simulations. (3) It is mandatory that proposals address the following two topics: (a) Predictability in science & engineering; and (b) Verification & validation strategies for large-scale simulations, including quantification of uncertainty and numerical convergence. We especially call attention to the explicit coupling of computational predictability and V&V in the third bullet above. In this whitepaper we emphasize this coupling, and provide concentrated guidance for addressing item 2. The whitepaper has two main components. First, we provide a brief and high-level tutorial on V&V that emphasizes critical elements of the program. Second, we state a set of V&V-related requirements that successful PSAA proposals must address.

  5. CERN openlab Whitepaper on Future IT Challenges in Scientific Research

    CERN Document Server

    Di Meglio, Alberto; Purcell, Andrew

    2014-01-01

    This whitepaper describes the major IT challenges in scientific research at CERN and several other European and international research laboratories and projects. Each challenge is exemplified through a set of concrete use cases drawn from the requirements of large-scale scientific programs. The paper is based on contributions from many researchers and IT experts of the participating laboratories and also input from the existing CERN openlab industrial sponsors. The views expressed in this document are those of the individual contributors and do not necessarily reflect the view of their organisations and/or affiliates.

  6. Beyond RFID : the NFC Security Landscape

    NARCIS (Netherlands)

    Hoepman, J.H.; Siljee, B.I.J.

    2007-01-01

    For applications like mobile payments for which the use of NFC technology is considered, security is of paramount importance. This whitepaper discusses the main risks associated with using NFC technology, and the possible countermeasures that can be used to mitigate those risks.

  7. Passive transdermal systems whitepaper incorporating current chemistry, manufacturing and controls (CMC) development principles.

    Science.gov (United States)

    Van Buskirk, Glenn A; Arsulowicz, Daniel; Basu, Prabir; Block, Lawrence; Cai, Bing; Cleary, Gary W; Ghosh, Tapash; González, Mario A; Kanios, David; Marques, Margareth; Noonan, Patrick K; Ocheltree, Terrance; Schwarz, Peter; Shah, Vinod; Spencer, Thomas S; Tavares, Lino; Ulman, Katherine; Uppoor, Rajendra; Yeoh, Thean

    2012-03-01

    In this whitepaper, the Manufacturing Technical Committee (MTC) of the Product Quality Research Institute has updated the 1997 Transdermal Drug Delivery Systems Scale-Up and Post Approval Change workshop report findings to add important new product development and control principles. Important topics reviewed include ICH harmonization, quality by design, process analytical technologies, product and process validation, improvements to control of critical excipients, and discussion of Food and Drug Administration's Guidance on Residual Drug in Transdermal and Related Drug Delivery Systems as well as current thinking and trends on in vitro-in vivo correlation considerations for transdermal systems.

  8. Astro2010 Decadal Survey Whitepaper: Coordinated Science in the Gravitational and Electromagnetic Skies

    CERN Document Server

    Bloom, Joshua S; Hughes, Scott A; Menou, Kristen; Adams, Allan; Anderson, Scott F; Becker, Andy; Bower, Geoffrey C; Brandt, Niel; Cobb, Bethany; Cook, Kem; Corsi, Alessandra; Covino, Stefano; Fox, Derek; Fruchter, Andrew; Fryer, Chris; Grindlay, Jonathan; Hartmann, Dieter; Haiman, Zoltan; Kocsis, Bence; Jones, Lynne; Loeb, Abraham; Marka, Szabolcs; Metzger, Brian; Nakar, Ehud; Nissanke, Samaya; Perley, Daniel A; Piran, Tsvi; Poznanski, Dovi; Prince, Tom; Schnittman, Jeremy; Soderberg, Alicia; Strauss, Michael; Shawhan, Peter S; Shoemaker, David H; Sievers, Jonathan; Stubbs, Christopher; Tagliaferri, Gianpiero; Ubertini, Pietro; Wozniak, Przemyslaw

    2009-01-01

    It is widely expected that the coming decade will witness the first direct detection of gravitational waves (GWs). The ground-based LIGO and Virgo GW observatories are being upgraded to advanced sensitivity, and are expected to observe a significant binary merger rate. The launch of The Laser Interferometer Space Antenna (LISA) would extend the GW window to low frequencies, opening new vistas on dynamical processes involving massive (M >~ 10^5 M_Sun) black holes. GW events are likely to be accompanied by electromagnetic (EM) counterparts and, since information carried electromagnetically is complementary to that carried gravitationally, a great deal can be learned about an event and its environment if it becomes possible to measure both forms of radiation in concert. Measurements of this kind will mark the dawn of trans-spectral astrophysics, bridging two distinct spectral bands of information. The aim of this whitepaper is to articulate future directions in both theory and observation that are likely to impa...

  9. US National Climate Assessment (NCA) Scenarios for Assessing Our Climate Future: Issues and Methodological Perspectives Background Whitepaper for Participants

    Energy Technology Data Exchange (ETDEWEB)

    Moss, Richard H.; Engle, Nathan L.; Hall, John; Jacobs, Kathy; Lempert, Rob; Mearns, L. O.; Melillo, Jerry; Mote, Phil; O' Brien, Sheila; Rosenzweig, C.; Ruane, Alex; Sheppard, Stephen; Vallario, Robert W.; Wiek, Arnim; Wilbanks, Thomas

    2011-10-01

    This whitepaper is intended to provide a starting point for discussion at a workshop for the National Climate Assessment (NCA) that focuses on the use and development of scenarios. The paper will provide background needed by participants in the workshop in order to review options for developing and using scenarios in NCA. The paper briefly defines key terms and establishes a conceptual framework for developing consistent scenarios across different end uses and spatial scales. It reviews uses of scenarios in past U.S. national assessments and identifies potential users of and needs for scenarios for both the report scheduled for release in June 2013 and to support an ongoing distributed assessment process in sectors and regions around the country. Because scenarios prepared for the NCA will need to leverage existing research, the paper takes account of recent scientific advances and activities that could provide needed inputs. Finally, it considers potential approaches for providing methods, data, and other tools for assessment participants. We note that the term 'scenarios' has many meanings. An important goal of the whitepaper (and portions of the workshop agenda) is pedagogical (i.e., to compare different meanings and uses of the term and make assessment participants aware of the need to be explicit about types and uses of scenarios). In climate change research, scenarios have been used to establish bounds for future climate conditions and resulting effects on human and natural systems, given a defined level of greenhouse gas emissions. This quasi-predictive use contrasts with the way decision analysts typically use scenarios (i.e., to consider how robust alternative decisions or strategies may be to variation in key aspects of the future that are uncertain). As will be discussed, in climate change research and assessment, scenarios describe a range of aspects of the future, including major driving forces (both human activities and natural processes

  10. Security

    Science.gov (United States)

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  11. Status Summary of 3He and Neutron Detection Alternatives for Homeland Security

    Energy Technology Data Exchange (ETDEWEB)

    Kouzes, Richard T.; Ely, James H.

    2010-04-28

    This is a short summary whitepaper on results of our alternatives work: Neutron detection is an important aspect of interdiction of radiological threats for homeland security purposes since plutonium, a material used for nuclear weapons, is a significant source of fission neutrons [Kouzes 2005]. Because of the imminent shortage of 3He, which is used in the most commonly deployed neutron detectors, a replacement technology for neutron detection is required for most detection systems in the very near future [Kouzes 2009a]. For homeland security applications, neutron false alarms from a detector can result in significant impact. This puts a strong requirement on any neutron detection technology not to generate false neutron counts in the presence of a large gamma ray-only source [Kouzes et al. 2008].

  12. Sensor Compendium - A Snowmass Whitepaper-

    Energy Technology Data Exchange (ETDEWEB)

    Artuso, M. [Syracuse Univ., NY (United States); Battaglia, M. [Univ. of California, Santa Cruz, CA (United States); Bolla, G. [Purdue Univ., West Lafayette, IN (United States); Bortoletto, D. [Purdue Univ., West Lafayette, IN (United States); Caberera, B. [Stanford Univ., CA (United States); Carlstrom, J E [Univ. of Chicago, IL (United States); Argonne National Lab. (ANL), Argonne, IL (United States); Chang, C. L. [Univ. of Chicago, IL (United States); Argonne National Lab. (ANL), Argonne, IL (United States); Cooper, W. [Fermi National Accelerator Lab. (FNAL), Batavia, IL (United States); Da Via, C. [Univ. of Manchester (United Kingdom); Demarteau, M. [Argonne National Lab. (ANL), Argonne, IL (United States); Fast, J. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Frisch, H. [Univ. of Chicago, IL (United States), et al.

    2013-10-01

    Sensors play a key role in detecting both charged particles and photons for all three frontiers in Particle Physics. The signals from an individual sensor that can be used include ionization deposited, phonons created, or light emitted from excitations of the material. The individual sensors are then typically arrayed for detection of individual particles or groups of particles. Mounting of new, ever higher performance experiments, often depend on advances in sensors in a range of performance characteristics. These performance metrics can include position resolution for passing particles, time resolution on particles impacting the sensor, and overall rate capabilities. In addition the feasible detector area and cost frequently provides a limit to what can be built and therefore is often another area where improvements are important. Finally, radiation tolerance is becoming a requirement in a broad array of devices. We present a status report on a broad category of sensors, including challenges for the future and work in progress to solve those challenges.

  13. ALUMINUM AND CHROMIUM LEACHING WORKSHOP WHITEPAPER

    Energy Technology Data Exchange (ETDEWEB)

    McCabe, D; Jeff Pike, J; Bill Wilmarth, B

    2007-04-25

    A workshop was held on January 23-24, 2007 to discuss the status of processes to leach constituents from High Level Waste (HLW) sludges at the Hanford and Savannah River Sites. The objective of the workshop was to examine the needs and requirements for the HLW flowsheet for each site, discuss the status of knowledge of the leaching processes, communicate the research plans, and identify opportunities for synergy to address knowledge gaps. The purpose of leaching of non-radioactive constituents from the sludge waste is to reduce the burden of material that must be vitrified in the HLW melter systems, resulting in reduced HLW glass waste volume, reduced disposal costs, shorter process schedules, and higher facility throughput rates. The leaching process is estimated to reduce the operating life cycle of SRS by seven years and decrease the number of HLW canisters to be disposed in the Repository by 1000 [Gillam et al., 2006]. Comparably at Hanford, the aluminum and chromium leaching processes are estimated to reduce the operating life cycle of the Waste Treatment Plant by 20 years and decrease the number of canisters to the Repository by 15,000-30,000 [Gilbert, 2007]. These leaching processes will save the Department of Energy (DOE) billions of dollars in clean up and disposal costs. The primary constituents targeted for removal by leaching are aluminum and chromium. It is desirable to have some aluminum in glass to improve its durability; however, too much aluminum can increase the sludge viscosity, glass viscosity, and reduce overall process throughput. Chromium leaching is necessary to prevent formation of crystalline compounds in the glass, but is only needed at Hanford because of differences in the sludge waste chemistry at the two sites. Improving glass formulations to increase tolerance of aluminum and chromium is another approach to decrease HLW glass volume. It is likely that an optimum condition can be found by both performing leaching and improving formulations. Disposal of the resulting aluminum and chromium-rich streams are different at the two sites, with vitrification into Low Activity Waste (LAW) glass at Hanford, and solidification in Saltstone at SRS. Prior to disposal, the leachate solutions must be treated to remove radionuclides, resulting in increased operating costs and extended facility processing schedules. Interim storage of leachate can also add costs and delay tank closure. Recent projections at Hanford indicate that up to 40,000 metric tons of sodium would be needed to dissolve the aluminum and maintain it in solution, which nearly doubles the amount of sodium in the entire current waste tank inventory. This underscores the dramatic impact that the aluminum leaching can have on the entire system. A comprehensive view of leaching and the downstream impacts must therefore be considered prior to implementation. Many laboratory scale tests for aluminum and chromium dissolution have been run on Hanford wastes, with samples from 46 tanks tested. Three samples from SRS tanks have been tested, out of seven tanks containing high aluminum sludge. One full-scale aluminum dissolution was successfully performed on waste at SRS in 1982, but generated a very large quantity of liquid waste ({approx}3,000,000 gallons). No large-scale tests have been done on Hanford wastes. Although the data to date give a generally positive indication that aluminum dissolution will work, many issues remain, predominantly because of variable waste compositions and changes in process conditions, downstream processing, or storage limitations. Better approaches are needed to deal with the waste volumes and limitations on disposal methods. To develop a better approach requires a more extensive understanding of the kinetics of dissolution, as well as the factors that effect rates, effectiveness, and secondary species. Models of the dissolution rate that have been developed are useful, but suffer from limitations on applicable compositional ranges, mineral phases, and particle properties that are difficult to measure. The experimental bases for the models contain very few data points.

  14. Whitepaper on Uncertainty Quantification for MPACT

    Energy Technology Data Exchange (ETDEWEB)

    Williams, Mark L. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

    2015-12-17

    The MPACT code provides the ability to perform high-fidelity deterministic calculations to obtain a wide variety of detailed results for very complex reactor core models. However MPACT currently does not have the capability to propagate the effects of input data uncertainties to provide uncertainties in the calculated results. This white paper discusses a potential method for MPACT uncertainty quantification (UQ) based on stochastic sampling.

  15. Security Expertise

    DEFF Research Database (Denmark)

    and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...

  16. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  17. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  18. LTE security

    CERN Document Server

    Forsberg, Dan; Moeller, Wolf-Dietrich

    2010-01-01

    Addressing the security solutions for LTE, a cellular technology from Third Generation Partnership Project (3GPP), this book shows how LTE security substantially extends GSM and 3G security. It also encompasses the architectural aspects, known as SAE, to give a comprehensive resource on the topic. Although the security for SAE/LTE evolved from the security for GSM and 3G, due to different architectural and business requirements of fourth generation systems the SAE/LTE security architecture is substantially different from its predecessors. This book presents in detail the security mechanisms em

  19. Being Secure

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    As the world wrestles with challenges from nontraditional security threats, a new concept of security management is emerging Security has traditionally been seen as the means of defending a territory, primarily through the use of military power. However, as the world evolves through the process of globalization, so too does the concept of security. It now incorporates military, political, economic, societal and environmental issues, as well as the many links that bind them. Yet for most people in the wor...

  20. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  1. Node security

    CERN Document Server

    Barnes, Dominic

    2013-01-01

    A practical and fast-paced guide that will give you all the information you need to secure your Node applications.If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

  2. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  3. Security Engineering

    Science.gov (United States)

    2012-01-31

    attacks cannot be completely addressed by traditional perimeter security solutions [ Wulf and Jones, 2009], as they have been in the past. A new...the mainstay of the current cyber security solution space [ Wulf and Jones, 2009]. This has enabled the system engineering and security communities...Number: H98230-08-D-0171 DO 002 TO 002 RT 028 Report No. SERC-2012-TR-028 January 31, 2012 UNCLASSIFIED 37 W. A. Wulf and A. K. Jones, Reflections on cyber security, Science Magazine, vol. 326, 2009, pp. 943-944.

  4. Grid Security

    CERN Document Server

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  5. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  6. Social Security.

    Science.gov (United States)

    Social and Labour Bulletin, 1983

    1983-01-01

    This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

  7. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  8. Secure Objectives for School Security

    Science.gov (United States)

    Dalton-Noblitt, April

    2012-01-01

    In a study conducted among more than 980 American four-year and two-year colleges and universities, including institutions such as the University of Michigan, MIT, UCLA and Columbia, security staff and other administrators identified the five leading goals for their security systems: (1) Preventing unauthorized people from entering their…

  9. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  10. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  11. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  12. Wireless Security

    CERN Document Server

    Osterhage, Wolfgang

    2011-01-01

    In the wake of the growing use of wireless communications, new types of security risks have evolved. Wireless Security covers the major topic of wireless communications with relevance both to organizations and private users. The technological background of these applications and protocols is laid out and presented in detail. Special emphasis is placed on the IEEE 802.11x-Standards that have been introduced for WLAN technology. Other technologies covered besides WLAN include: mobile phones, bluetooth and infrared. In each chapter a major part is devoted to security risks and provisions includin

  13. Security an introduction

    CERN Document Server

    Purpura, Philip P

    2011-01-01

    Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

  14. Security Studies

    OpenAIRE

    ,

    2005-01-01

    Security Studies has firmly established itself as a leading journal on international security issues. The journal publishes theoretical, historical and policy-oriented articles on the causes and consequences of war, and the sources and conditions of peace. The journal has published articles on balancing vs. bandwagoning, deterrence in enduring rivalries, the Domino theory, nuclear weapons proliferation, civil-military relations, political reforms in China, strategic culture in Asia and the P...

  15. European Security

    DEFF Research Database (Denmark)

    Møller, Bjørn

    Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"......Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"...

  16. Secure portal.

    Energy Technology Data Exchange (ETDEWEB)

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing

  17. Energy Security

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    With an increasing number of countries becoming industrialized, energy, the so-called blood of modern economies, is becoming increasingly important Energy security has become an important factor that directly influences world economic stability and international relations. In an article posted on People's Daily Online, Liu Jianfei, professor at the International Strategic Research Center of the Party School of the Central Committee of the Communist Party of China, shares his opinions on energy security.

  18. Citizen Security

    OpenAIRE

    Beatriz Abizanda

    2011-01-01

    This is a presentation for the Caribbean Regional ConSoc Retreat held on June 16, 2011 in Kingston, Jamaica. This document outlines crime and violence as major roadblocks to development in the Caribbean; citing statistics and providing examples of the economic costs to the region. This presentation then goes on to describe the IDB's strategy with regard to citizen security and highlights IDB Funded security programs in the region. The presentation also identifies Civil Society as a potentiall...

  19. FOOD SECURITY

    Directory of Open Access Journals (Sweden)

    Dorina Ardelean

    2013-12-01

    Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

  20. DIRAC Security

    CERN Document Server

    Casajús Ramo, A

    2006-01-01

    DIRAC is the LHCb Workload and Data Management System. Based on a service-oriented architecture, it enables generic distributed computing with lightweight Agents and Clients for job execution and data transfers. DIRAC implements a client-server architecture exposing server methods through XML Remote Procedure Call (XML-RPC) protocol. DIRAC is mostly coded in python. DIRAC security infrastructure has been designed to be a completely generic XML-RPC transport over a SSL tunnel. This new security layer is able to handle standard X509 certificates as well as grid-proxies to authenticate both sides of the connection. Serve and client authentication relies over OpenSSL and py-Open SSL, but to be able to handle grid proxies some modifications have been added to those libraries. DIRAC security infrastructure handles authorization and authorization as well as provides extended capabilities like secure connection tunneling and file transfer. Using this new security infrastructure all LHCb users can safely make use o...

  1. Data security.

    Science.gov (United States)

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement.

  2. Privatising Security

    Directory of Open Access Journals (Sweden)

    Irina Mindova-Docheva

    2016-06-01

    Full Text Available The article proposes an analysis of the different approaches towards employing the international legal framework in the regulation and oversight of private military and security companies’ operation in armed conflicts and in peace time security systems. It proposes a partnership-based approach for public and private actors aiming at creating and sharing common values under the principles of solidarity, protection of human rights and rule of law. A focus of further research should be the process of shaping those common values.

  3. Opinions about Component Energetic Security

    OpenAIRE

    Elena GOLUMBEANU (GEORGESCU)

    2012-01-01

    Collective security (international) represent the morphological expression of individual security components. According to the Report presented at the United Nations Development Programme, collective security (international) as well as national security, is the expression of seven synergistic dimensions as follows: economic security, food security, environmental security, personal security, community security, political security and individual security. As part of economic security, energy an...

  4. Secure Ties

    NARCIS (Netherlands)

    Joep de Hart; Frans Knol; Cora Maas - de Waal; Theo Roes

    2002-01-01

    Original title: Zekere banden. Discussions about the Netherlands of today often throw up terms such as 'social cohesion', 'social integration', 'liveability' and 'security'. The Netherlands Institute for Social Research/SCP has carried out a study of this phenomenon and presents the results in this

  5. Secured transactions

    NARCIS (Netherlands)

    Beale, H.

    2008-01-01

    In this paper I describe the work that is currently under way, within the Network of Excellence charged with creating a draft Common Frame of Reference, to draft rules on security over moveable assets. After a brief introduction, I deal with two broad questions: (1) the general aims and scope of the

  6. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  7. Arctic Security

    DEFF Research Database (Denmark)

    Wang, Nils

    2013-01-01

    of the general security situation and to identify both the explicit and the implicit agendas of the primary state actors. The region contains all the ingredients for confrontation and conflict but the economical potential for all the parties concerned creates a general interest in dialogue and cooperation...

  8. Food security

    NARCIS (Netherlands)

    Ridder, M. de

    2011-01-01

    Food security is back on the agenda as a top priority for policy makers. In January 2011, record high food prices resulted in protests in Tunisia, which subsequently led to the spread of the revolutions in other North African and Middle Eastern countries. Although experts have asserted that no state

  9. Security Investigation Database (SID)

    Data.gov (United States)

    US Agency for International Development — Security Investigation & Personnel Security Clearance - COTS personnel security application in a USAID virtualized environement that can support USAID's business...

  10. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  11. Image Security

    Science.gov (United States)

    2007-11-02

    popularity, contemplates the cru- cial needs for protecting intellectual property rights on multimedia content like images, video, audio , and oth- ers...protection for still images, audio , video, and multimedia products.’ The networking environment of the future will require tools that provide m secure and fast...technique known as steganography ? Steganography , or “covered writing,” George Voyatzis and Ioannis Pitas University of Thessaloniki has a long

  12. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  13. Security of supply

    OpenAIRE

    2007-01-01

    Paul Isbell revisits the energy security debate; John Gault considers European security and natural gas supplies; William C. Ramsay discusses security of energy supplies in a global market; Hasan M. Qabazard outlines OPEC’s abiding commitment to energy security.

  14. Statistical security for Social Security.

    Science.gov (United States)

    Soneji, Samir; King, Gary

    2012-08-01

    The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

  15. Information Security

    OpenAIRE

    Hartel, Pieter; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W. Ph.

    2005-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is trusted to actually handle an asset. Two concepts complement authorisation. Authentication deter-mines who makes a request to handle an asset. To decide who is authorised, a system needs to au-the...

  16. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  17. Security Verification of Secure MANET Routing Protocols

    Science.gov (United States)

    2012-03-22

    the destination. The route discovery phase is complete upon receipt of the RREP at the requesting node. The DYMO protocol is a simpler version of AODV ...described in this appendix. The protocols are Secure AODV (SAODV), Secure Efficient Distance Vector (SEAD), and Secure Link State Routing Protocol (SLSP...SECURITY VERIFICATION OF SECURE MANET ROUTING PROTOCOLS THESIS Matthew F. Steele, Captain, USAF AFIT/GCS/ENG/12-03 DEPARTMENT OF THE AIR FORCE AIR

  18. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  19. Computer Security: the security marathon, part 2

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

  20. Information Systems Security Audit

    Directory of Open Access Journals (Sweden)

    Gheorghe Popescu

    2007-12-01

    Full Text Available The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  1. Security for grids

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  2. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  3. Transforming Homeland Security [video

    OpenAIRE

    McIntyre, David; Center for Homeland Defense and Security Naval Postgraduate School

    2011-01-01

    A pioneer in homeland security, and homeland security education, David McIntyre discusses the complexities in transforming homeland security from a national program in its inception, to also include state and local agencies and other public and private parties.

  4. Social Security Administration

    Science.gov (United States)

    ... Languages Sign in / up The United States Social Security Administration Cost-Of-Living Adjustment (COLA) Information about ... replacement Medicare card Change of Address my Social Security Check out your Social Security Statement , change your ...

  5. Transportation Security Administration

    Science.gov (United States)

    ... content Official website of the Department of Homeland Security Transportation Security Administration A - Z Index What Can I Bring? ... form Search the Site Main menu Administrator Travel Security Screening Special Procedures TSA Pre✓® Passenger Support Travel ...

  6. Security and Security Complex: Operational Concepts

    OpenAIRE

    Luis Tomé

    2010-01-01

    Security is one of the most ambiguous, contested, and debated ideas in the conceptual framework of international relations. The "traditional" perspective has been severely contested as new approaches develop, and the concept of security has been reworked in all its fundamental components and dimensions, from object and reference to range and security instruments. Likewise, the discussion over the definition and characterization of international security systems, namely regarding competitive s...

  7. Institutionalizing information security.

    OpenAIRE

    2008-01-01

    Information security has become a much discussed subject all over the world in the last few years. This is because information security is no longer a luxury, but a necessity in all organisations. The securing of information is not an easy task because information security is flexible and always seems to be in a state of development. This means that information security has undergone different development changes due to new technologies in the past few years. Information security became promi...

  8. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  9. Foundational aspects of security

    DEFF Research Database (Denmark)

    Chatzikokolakis, Konstantinos; Mödersheim, Sebastian Alexander; Palamidessi, Catuscia

    2014-01-01

    This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security.......This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security....

  10. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1991-01-01

    This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

  11. Personnel Security Investigations -

    Data.gov (United States)

    Department of Transportation — This data set contains the types of background investigations, decisions, level of security clearance, date of security clearance training, and credentials issued to...

  12. Redefining security.

    Science.gov (United States)

    Mathews, J T

    1989-01-01

    The concept of US national security was redefined in the 1970s to include international economics, and lately environmental degradation has also become a factor, as pollution transcends boundaries. By 2100 another 5-6 billion people may be added to the world's population requiring dramatic production and technology transformation with the resultant expanded energy use, emissions, and waste impacting the ecosystem. Climate change through global warming is in the offing. The exponential growth of the population in the developing world poses a crucial challenge for food production, housing, and employment. At a 1% growth rate population doubles in 72 years, while at 3% it doubles in 24 years. Africa's growth rate is almost 3%, it is close to 2% in Latin America, and it is somewhat less in Asia. Renewable resources such as overfished fishing grounds can become nonrenewable, and vanished species can never be resurrected. Deforestation leads to soil erosion, damage to water resources through floods and silting of irrigation networks, and accelerated loss of species. 20% of species could disappear by 2000 thereby losing genetic resources for chemicals, drugs, and food sources. Overcultivation has caused major erosion and decline of agricultural productivity in Haiti, Guatemala, Turkey, and India. Lopsided land ownership in Latin America requires land reform for sustainable agricultural production in the face of the majority of people cultivating plots for bare subsistence. Human practices that have caused environmental damage include concessions granted to logging companies in the Philippines, mismanagement of natural resources in sub-Saharan Africa, the ozone hole, and the greenhouse effect with potential climate changes. Solutions include family planning, efficient energy use, sustainable agroforestry techniques, and environmental accounting of goods and services.

  13. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  14. Protein security and food security in China

    Directory of Open Access Journals (Sweden)

    Zheng RUAN,Shumei MI,Yan ZHOU,Zeyuan DENG,Xiangfeng KONG,Tiejun LI,Yulong YIN

    2015-06-01

    Full Text Available Food security, the need to meet nutritional requirements, and four main problems for food protein security in China are analyzed. From the perspective of residentsrsquo; nutritional requirements and balanced dietary patterns, the conclusion is that food security in China is in essence dependent on protein production and security of supply and that fat and carbohydrates supply in China can reach self-sufficiency. Considering the situation of food protein production and consumption in China, policy suggestions are made, which could ensure a balanced supply and demand for food protein and food security in China.

  15. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1993-06-01

    This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

  16. The corporate security professional

    DEFF Research Database (Denmark)

    Petersen, Karen Lund

    2013-01-01

    In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

  17. Untangle network security

    CERN Document Server

    El-Bawab, Abd El-Monem A

    2014-01-01

    If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.

  18. Chapter 3: Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    Foust, Thomas D.; Arent, Doug; de Carvalho Macedo, Isaias; Goldemberg, Jose; Hoysala, Chanakya; Filho, Rubens Maciel; Nigro, Francisco E. B.; Richard, Tom L.; Saddler, Jack; Samseth, Jon; Somerville, Chris R.

    2015-04-01

    This chapter considers the energy security implications and impacts of bioenergy. We provide an assessment to answer the following questions: What are the implications for bioenergy and energy security within the broader policy environment that includes food and water security, development, economic productivity, and multiple foreign policy aspects? What are the conditions under which bioenergy contributes positively to energy security?

  19. Survey of information security

    Institute of Scientific and Technical Information of China (English)

    SHEN ChangXiang; ZHANG HuangGuo; FENG DengGuo; CAO ZhenFu; HUANG JiWu

    2007-01-01

    The 21st century is the age of information when information becomes an important strategic resource. The information obtaining, processing and security guarantee capability are playing critical roles in comprehensive national power, and information security is related to the national security and social stability. Therefore, we should take measures to ensure the information security of our country. In recent years, momentous accomplishments have been obtained with the rapid development of jnformation security technology. There are extensive theories about information security and technology. However, due to the limitation of length, this article mainly focuses on the research and development of cryptology, trusted computing, security of network, and information hiding, etc.

  20. Professional Cocoa Application Security

    CERN Document Server

    Lee, Graham J

    2010-01-01

    The first comprehensive security resource for Mac and iPhone developers. The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development.: While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first

  1. Lecture 2: Software Security

    CERN Document Server

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development, testing and deployment. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and ...

  2. Network Security Scanner

    OpenAIRE

    2011-01-01

    Network Security Scanner (NSS) is a tool that allows auditing and monitoring remote network computers for possible vulnerabilities, checks your network for all potential methods that a hacker might use to attack it. Network Security Scanner is a complete networking utilities package that includes a wide range of tools for network security auditing, vulnerability Auditing, scanning, monitoring and more. Network Security Scanner (NSS) is an easy to use, intuitive network security scanner that c...

  3. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  4. Android apps security

    CERN Document Server

    Gunasekera, Sheran

    2012-01-01

    Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible.  Overview of Android OS versions, features, architecture and security.  Detailed examination of areas where attacks on applications can take place and what controls should b

  5. Arguing Against Security Communitarianism

    DEFF Research Database (Denmark)

    Bilgin, Pinar

    2016-01-01

    as a particular approach that seeks to limit the scope of security to one’s community – be it the ‘nation-state’ or ‘civilization’. I will suggest that arguing against ‘security communitarianism’ requires paying further attention to the postcolonial critique of cosmopolitanism.......Anthony Burke’s ‘security cosmopolitanism’ is a fresh and thought-provoking contribution to critical theorizing about security. In this discussion piece, I would like to join Burke’s call for ‘security cosmopolitanism’ by way of arguing against ‘security communitarianism’. I understand the latter...

  6. Securing the Vista Environment

    CERN Document Server

    Gregory, Peter

    2007-01-01

    "Securing the Vista Environment" takes you on a quick tour of the most significant security features in Vista, Microsoft's first revision of Windows in almost six years. You'll get background on threats and vulnerabilities that will make you think differently about security. Security is more than just the technology and configurations--it's about how we use the system that makes it secure or not. Then we'll cover Vista's security features, from user privileges to Windows Defender, User Account Control, and BitLocker, as well as strategies for protecting your information from unwanted disclo

  7. Securing abundance : The politics of energy security

    NARCIS (Netherlands)

    Kester, Johannes

    2016-01-01

    Energy Security is a concept that is known in the literature for its ‘slippery’ nature and subsequent wide range of definitions. Instead of another attempt at grasping the essence of this concept, Securing Abundance reformulates the problem and moves away from a definitional problem to a theoretical

  8. Hybrid-secure MPC 

    DEFF Research Database (Denmark)

    Lucas, Christoph; Raub, Dominik; Maurer, Ueli

    2010-01-01

    of the adversary, without being aware of the actual adversarial setting. Thus, hybrid-secure MPC protocols allow for graceful degradation of security. We present a hybrid-secure MPC protocol that provides an optimal trade-off between IT robustness and computational privacy: For any robustness parameter ρ ...Most protocols for distributed, fault-tolerant computation, or multi-party computation (MPC), provide security guarantees in an all-or-nothing fashion. In contrast, a hybrid-secure protocol provides different security guarantees depending on the set of corrupted parties and the computational power...... obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t privacy and correctness only) for up to t

  9. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

  10. Checking Security Policy Compliance

    CERN Document Server

    Gowadia, Vaibhav; Kudo, Michiharu

    2008-01-01

    Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our compliance checking framework is based on organizational and security metadata to support refinement of high-level concepts to implementation specific instances. Our work uses the results of refinement calculus to express valid refinement patterns and their properties. Intuitively, a low-level security policy is compliant to a high-level security policy if there is a valid refinement path from the high-level security policy to the low-level security policy. Our model is capable of detecting violations of security policies, failures to meet obligations, and capability and modal conflicts.

  11. Secure DTN Communications Project

    Data.gov (United States)

    National Aeronautics and Space Administration — Innoflight proposes to implement and perform an on-orbit demonstration of a Secure DTN communications suite on the SCaN Testbed aboard the ISS. Secure DTN is a...

  12. Security in Computer Applications

    CERN Document Server

    CERN. Geneva

    2004-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

  13. Department of Homeland Security

    Science.gov (United States)

    ... Content Official website of the Department of Homeland Security Contact Us Quick Links Site Map A-Z ... HP - 2016 CISRM HP - 2016 CISRM Critical Infrastructure Security HP - Surge Capacity Force HP - Surge Capacity Force ...

  14. Wireshark network security

    CERN Document Server

    Verma, Piyush

    2015-01-01

    If you are network administrator or a security analyst with an interest in using Wireshark for security analysis, then this is the book for you. Basic familiarity with common network and application services terms and technologies is assumed.

  15. Mobile platform security

    CERN Document Server

    Asokan, N; Dmitrienko, Alexandra

    2013-01-01

    Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrat

  16. Information Security Management

    OpenAIRE

    Huang, Lu

    2015-01-01

    The main purpose of the thesis was to present different areas of information security controls based on the international information security standard ISO 27001. The thesis also describes the methods of risk analysis and how to establish, implement, maintain and improve information security system in organizations. Most of the material was collected from books and various online resources. Some information was taken also from the teaching materials of the information security course. ...

  17. Medical Information Security

    OpenAIRE

    William C. Figg, Ph.D.; Hwee Joo Kam, M.S.

    2011-01-01

    Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs an...

  18. Electronic healthcare information security

    CERN Document Server

    Dube, Kudakwashe; Shoniregun, Charles A

    2010-01-01

    The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

  19. Understanding global security

    OpenAIRE

    Hough, Peter

    2013-01-01

    Fully revised to incorporate recent developments, this third edition of Understanding Global Security analyzes the variety of ways in which peoples lives are threatened and / or secured in contemporary global politics. The traditional focus of Security Studies texts: war, deterrence and terrorism are analyzed alongside non-military security issues such as famine, crime, disease, disasters, environmental degradation and human rights abuses to provide a comprehensive survey of how and why peopl...

  20. Hybrid Security Policies

    Directory of Open Access Journals (Sweden)

    Radu CONSTANTINESCU

    2006-01-01

    Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

  1. Web Security Testing Cookbook

    CERN Document Server

    Hope, Paco

    2008-01-01

    Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

  2. Android application security essentials

    CERN Document Server

    Rai, Pragati

    2013-01-01

    Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

  3. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables, ... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  4. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables, ... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  5. Windows Security patch required

    CERN Multimedia

    3004-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  6. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  7. Mobile communication security

    NARCIS (Netherlands)

    Broek, F.M.J. van den

    2016-01-01

    Security of the mobile network Fabian van den Broek We looked at the security of the wireless connection between mobile phone and cell towers and suggested possible improvements. The security was analysed on a design level, by looking at the protocols and encryption techniques, but also on an impl

  8. Quantum secure circuit evaluation

    Institute of Scientific and Technical Information of China (English)

    CHEN Huanhuan; LI Bin; ZHUANG Zhenquan

    2004-01-01

    In order to solve the problem of classical secure circuit evaluation, this paper proposes a quantum approach. In this approach, the method of inserting redundant entangled particles and quantum signature has been employed to strengthen the security of the system. Theoretical analysis shows that our solution is secure against classical and quantum attacks.

  9. Secure Disk Mixed System

    Directory of Open Access Journals (Sweden)

    Myongchol Ri

    2013-01-01

    Full Text Available We propose a disk encryption method, called Secure Disk Mixed System (SDMS in this paper, for data protection of disk storages such as USB flash memory, USB hard disk and CD/DVD. It is aimed to solve temporal and spatial limitations of existing disk encryption methods and to control security performance flexibly according to the security requirement of system.

  10. Indicators for energy security

    NARCIS (Netherlands)

    Kruyt, B.; van Vuuren, D.P.; de Vries, H.J.M.; Groenenberg, H.

    2009-01-01

    The concept of energy security is widely used, yet there is no consensus on its precise interpretation. In this research, we have provided an overview of available indicators for long-term security of supply (SOS). We distinguished four dimensions of energy security that relate to the availability,

  11. Crayons and security

    OpenAIRE

    Sue Dwyer

    1999-01-01

    Until recently I have thought of security in terms of guards, radios, grilled windows and doors, close coordination with other internationalNGOs and a strong organisational security policy. This was until I attended the InterAction/OFDA security training course in London inSeptember 1998.

  12. Crayons and security

    Directory of Open Access Journals (Sweden)

    Sue Dwyer

    1999-04-01

    Full Text Available Until recently I have thought of security in terms of guards, radios, grilled windows and doors, close coordination with other internationalNGOs and a strong organisational security policy. This was until I attended the InterAction/OFDA security training course in London inSeptember 1998.

  13. Learning Puppet security

    CERN Document Server

    Slagle, Jason

    2015-01-01

    If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

  14. Lemnos interoperable security project.

    Energy Technology Data Exchange (ETDEWEB)

    Halbgewachs, Ronald D.

    2010-03-01

    With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance in a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.

  15. Microsoft Azure security

    CERN Document Server

    Freato, Roberto

    2015-01-01

    This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

  16. Homeland Security and Information.

    Science.gov (United States)

    Relyea, Harold C.

    2002-01-01

    Reviews the development of two similar policy concepts, national security and internal security, before exploring the new phrase homeland security that has become popular since the September 11 terrorist attacks. Discusses the significance of each for information policy and practice. (Author/LRW)

  17. EMI Security Architecture

    CERN Document Server

    White, J.; Schuller, B.; Qiang, W.; Groep, D.; Koeroo, O.; Salle, M.; Sustr, Z.; Kouril, D.; Millar, P.; Benedyczak, K.; Ceccanti, A.; Leinen, S.; Tschopp, V.; Fuhrmann, P.; Heyman, E.; Konstantinov, A.

    2013-01-01

    This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project.

  18. Computer Security Systems Enable Access.

    Science.gov (United States)

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  19. Pro Spring security

    CERN Document Server

    Scarioni, Carlo

    2013-01-01

    Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

  20. Network Security Using Firewalls

    Directory of Open Access Journals (Sweden)

    Radu Lucaciu

    2008-05-01

    Full Text Available As networks increase in size and complexity, security products are growing in sophistication and security threats are becoming more ingenious. The usage of security solutions has become inevitable for all modern organisations. There is no perfect security, but the idea is to make a network so hard to access, that it doesn’t worth trying. One of the crucial components that contribute to this security are firewalls. It is important to prevent undesired data before it ever gets into the target system. This is the job of firewalls and the article covers this topic.

  1. Information security fundamentals

    CERN Document Server

    Blackley, John A; Peltier, Justin

    2004-01-01

    Effective security rules and procedures do not exist for their own sake-they are put in place to protect critical assets, thereby supporting overall business objectives. Recognizing security as a business enabler is the first step in building a successful program.Information Security Fundamentals allows future security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables students to understand the key elements that comprise a successful information security program and eventually apply thes

  2. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  3. Android security cookbook

    CERN Document Server

    Makan, Keith

    2013-01-01

    Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.""Android Security Cookbook"" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from

  4. Medical database security evaluation.

    Science.gov (United States)

    Pangalos, G J

    1993-01-01

    Users of medical information systems need confidence in the security of the system they are using. They also need a method to evaluate and compare its security capabilities. Every system has its own requirements for maintaining confidentiality, integrity and availability. In order to meet these requirements a number of security functions must be specified covering areas such as access control, auditing, error recovery, etc. Appropriate confidence in these functions is also required. The 'trust' in trusted computer systems rests on their ability to prove that their secure mechanisms work as advertised and cannot be disabled or diverted. The general framework and requirements for medical database security and a number of parameters of the evaluation problem are presented and discussed. The problem of database security evaluation is then discussed, and a number of specific proposals are presented, based on a number of existing medical database security systems.

  5. Social Security: Theoretical Aspects

    Directory of Open Access Journals (Sweden)

    O. I. Kashnik

    2013-01-01

    Full Text Available The paper looks at the phenomena of security and social security from the philosophical, sociological and psychological perspective. The undertaken analysis of domestic and foreign scientific materials demonstrates the need for interdisciplinary studies, including pedagogy and education, aimed at developing the guidelines for protecting the social system from destruction. The paper defines the indicators, security level indices and their assessment methods singled out from the analytical reports and security studies by the leading Russian sociological centers and international expert organizations, including the United Nations.The research is aimed at finding out the adequate models of personal and social security control systems at various social levels. The theoretical concepts can be applied by the teachers of the Bases of Life Safety course, the managers and researches developing the assessment criteria and security indices of educational environment evaluation, as well as the methods of diagnostics and expertise of educational establishments from the security standpoint. 

  6. Unconditionally Secure Protocols

    DEFF Research Database (Denmark)

    Meldgaard, Sigurd Torkel

    the secure computation. Especially we look at the communication complexity of protocols in this model, and perfectly secure protocols. We show general protocols for any finite functionality with statistical security and optimal communication complexity (but exponential amount of preprocessing). And for two......This thesis contains research on the theory of secure multi-party computation (MPC). Especially information theoretically (as opposed to computationally) secure protocols. It contains results from two main lines of work. One line on Information Theoretically Secure Oblivious RAMS, and how...... they are used to speed up secure computation. An Oblivious RAM is a construction for a client with a small $O(1)$ internal memory to store $N$ pieces of data on a server while revealing nothing more than the size of the memory $N$, and the number of accesses. This specifically includes hiding the access pattern...

  7. Information security cost management

    CERN Document Server

    Bazavan, Ioana V

    2006-01-01

    While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

  8. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Directory of Open Access Journals (Sweden)

    Weems William A

    2009-06-01

    Full Text Available Abstract Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31 individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31 individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and

  9. Human Security Agendas

    Institute of Scientific and Technical Information of China (English)

    Alan Hunter

    2012-01-01

    Ⅰ.IntroductionThe need for governments and international organisations to gain a better understanding of "security" is ever more urgent.For example in the conflict in Libya in early 2011,many security dilemmas were visible:the protection of Libyan civilians,the security of the regime,whether and how the UN or NATO should intervene,whether Europe would be threatened with a massive refugee flow,how to protect or evacuate foreign citizens (including Chinese),how to secure food and medical supplies in the midst of armed conflict.Such events may be termed "complex emergencies" which often raise legal, military and humanitarian issues simultaneously.International law and practice do not provide clear guidelines on such situations,and responses can be random,contingent on a variety of factors.Traditional concepts of security,for example protection of national borders,are certainly still relevant and legally enforceable,but more sophisticated concepts are needed to respond to security dilemmas in today's globalised world.Human security as a concept was first developed within the UN system in the 1990s,and set out,for example,in Human Security Now [1] The first section of this paper tracks the development of Human Security discourse,and also examines the broadening of the "security"concept in recent years.The second section reports on institutions with a specific interest in Human Security,for example within the UN system and in universities.The third section acknowledges some critiques of the Human Security paradigm.The last section reports on new directions that may enrich the Human Security agenda.

  10. While working around security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg; Bødker, Susanne; Petersen, Marianne Graves

    This paper describes our work at two levels. First of all the paper discusses how users of IT deal with issues of IT security in their everyday life. Secondly, we discuss how the kind of understanding of IT security that comes out of careful analyses of use confronts the ways in which usable...... IT security is established in the literature. Recent literature has called for better conceptual models as a starting point for improving IT security. In contrast to such models we propose to dress up designers by helping them better understand the work that goes into everyday security. The result...... is a methodological toolbox that helps address and design for usable and useful IT security. We deploy examples of analyses and design, carried out by ourselves and by others to fine-tune our design perspective; in particular we use examples from three current research projects....

  11. EU Security Strategy

    Institute of Scientific and Technical Information of China (English)

    Hong Jianjun

    2007-01-01

    The European Security and Defence Policy (ESDP) comprises an important part of the EU's Common Foreign and Security Policy (CFSP). The aim of ESDP is to strengthen the EU's external ability to act through the development of civilian and military capabilities for international conflict prevention and crisis management. In December 2003, the EU adopted its first European Security Strategy (ESS). Ever since then, the implementation of the ESS has been regarded as one of the biggest challenges for the EU in CFSP/ESDP matters. Although much progress has been made in its independent security and defence-building process, EU still faces serious problems and difficulties in this policy area. This paper tries to examine these recent developments, assess their impacts in regional-global security, and analyze existing problems and future trends. Finally, the author also examines EU-China engagements in recent years and explores possibilities for their future cooperation in the area of international security.

  12. While Working Around Security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg

    Users of technology encounter various IT security mechanisms in their everyday lives. If these mechanisms fail to support everyday activities, they either get in the way, or the users find a way to work around them. Even though users manage to carry out everyday activities by using substandard...... of security experiences in design. The methods: Mobile probing, Prompted exploration workshops, and Acting out security involve potential future users in the process of designing IT security sensitive IT artifacts. Mobile probing collects narratives of user encounters with IT security. Prompted exploration...... of a research through design process. An everyday mobile digital signature solution has been designed, and the design problem, the design process, and the design results are presented in this dissertation. Several of my empirical findings show that the way users experience security does matter. Users...

  13. Securing Wireless Sensor Networks: Security Architectures

    Directory of Open Access Journals (Sweden)

    David Boyle

    2008-01-01

    Full Text Available Wireless sensor networking remains one of the most exciting and challenging research domains of our time. As technology progresses, so do the capabilities of sensor networks. Limited only by what can be technologically sensed, it is envisaged that wireless sensor networks will play an important part in our daily lives in the foreseeable future. Privy to many types of sensitive information, both sensed and disseminated, there is a critical need for security in a number of applications related to this technology. Resulting from the continuous debate over the most effective means of securing wireless sensor networks, this paper considers a number of the security architectures employed, and proposed, to date, with this goal in sight. They are presented such that the various characteristics of each protocol are easily identifiable to potential network designers, allowing a more informed decision to be made when implementing a security protocol for their intended application. Authentication is the primary focus, as the most malicious attacks on a network are the work of imposters, such as DOS attacks, packet insertion etc. Authentication can be defined as a security mechanism, whereby, the identity of a node in the network can be identified as a valid node of the network. Subsequently, data authenticity can be achieved; once the integrity of the message sender/receiver has been established.

  14. Towards Information Security Awareness

    OpenAIRE

    Marius Petrescu; Delia Mioara Popescu; Nicoleta Sirbu

    2010-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  15. Information security culture.

    OpenAIRE

    2008-01-01

    The current study originated from the realisation that information security is no longer solely dependent on technology. Information security breaches are often caused by users, most of the time internal to the organisation, who compromise the technology-driven solutions. This interaction between people and the information systems is seemingly the weakest link in information security. A people-oriented approach is needed to address this problem. Incorporating the human element into informatio...

  16. Information security factors systematization

    OpenAIRE

    Янченко, Вадим Николавевич; Ивченко, Александр Владимирович; Залога, Вильям Александрович; Дынник, Оксана Дмитриевна

    2015-01-01

    In this article the necessity of solving the theoretical and practical task, aimed on development the methodological basis for elaboration and implementation of information security management system, has been considered. Based on research results of scientific works and the requirements in the field of information security management the universal multilevel system of information security factors of organizations (enterprises) in the wood properties form was offered by using quality control ...

  17. Addressing Software Security

    Science.gov (United States)

    Bailey, Brandon

    2015-01-01

    Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

  18. Design for Security Workshop

    Science.gov (United States)

    2014-09-30

    devices and systems  Tools for secure interplay between hardware and software  Design environment for modeling and simulating hardware attacks and...and email  Improperly secured devices – no PIN lock  User intervention – jailbreaking, unlocking  Mobile has become the enterprise security...Apps  Content providers  DRM for movies, songs, etc.  Finance companies  Account data, passwords  IOT  home automation, health, etc

  19. Vehicle Tracking and Security

    Science.gov (United States)

    Scorer, A. G.

    1998-09-01

    This paper covers the wide area and short range locational technologies that are available for vehicle tracking in particular and mobile user security in general. It also summarises the radio communications services that can deliver information to the user. It considers the use that can be made of these technologies, when combined with procedures for delivering a response, in the security field, notably in relation to personal security, high-value load protection and the after-theft tracking markets.

  20. Automated security management

    CERN Document Server

    Al-Shaer, Ehab; Xie, Geoffrey

    2013-01-01

    In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

  1. Outsourcing information security

    CERN Document Server

    Axelrod, Warren

    2004-01-01

    This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

  2. Microsoft Windows Security Essentials

    CERN Document Server

    Gibson, Darril

    2011-01-01

    Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed,

  3. Laser security systems

    Science.gov (United States)

    Kolev, Ivan S.; Stoeva, Ivelina S.

    2004-06-01

    This report presents the development of single-beam barrier laser security system. The system utilizes the near infrared (IR) range λ=(850-900)nm. The security system consists of several blocks: Transmitter; Receiver; Logical Unit; Indication; Power Supply. There are four individually software programmable security zones Z1 - Z4. The control logic is implemented on a PIC16F84 MCU. The infrared beam is a pulse pack, coded and modulated in the transmitter with frequency of 36 kHz. The receiver demodulates and decodes the beam. The software for the MCU is developed along with the electrical circuits of the security system.

  4. Operating System Security

    CERN Document Server

    Jaeger, Trent

    2008-01-01

    Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

  5. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2003-01-01

    Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

  6. Linux Security Cookbook

    CERN Document Server

    Barrett, Daniel J; Byrnes, Robert G

    2003-01-01

    Computer security is an ongoing process, a relentless contest between system administrators and intruders. A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education. If you're grounded in the basics of security, however, you won't necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you want to get straight to the point. That's exactly what the new Linux Security Cookbook does. Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-fol

  7. Chemical Security Analysis Center

    Data.gov (United States)

    Federal Laboratory Consortium — In 2006, by Presidential Directive, DHS established the Chemical Security Analysis Center (CSAC) to identify and assess chemical threats and vulnerabilities in the...

  8. Beginning ASPNET Security

    CERN Document Server

    Dorrans, Barry

    2010-01-01

    Beginning ASP.NET 3.5 Security is geared for novice to intermediate ASP.NET programmers who wish to protect and defend their web sites against attack and exploitation. Beginning with a discussion of why we need security and the things that may occur when it is ignored and an overview of how ASP.NET works, readers are taken through the common steps in developing a web site, the security problems each area exposes and how these can be exploited. Visual Studio Security MVP Barry Dorrans teaches readers how they can defend their applications using the standard .NET framework, industry patterns and

  9. Software Security Requirements Gathering Instrument

    OpenAIRE

    2011-01-01

    Security breaches are largely caused by the vulnerable software. Since individuals and organizations mostly depend on softwares, it is important to produce in secured manner. The first step towards producing secured software is through gathering security requirements. This paper describes Software Security Requirements Gathering Instrument (SSRGI) that helps gather security requirements from the various stakeholders. This will guide the developers to gather security requirements along with th...

  10. Cyberspace security: How to develop a security strategy

    CERN Document Server

    Raggad, Bel G

    2007-01-01

    Despite all visible dividers, the Internet is getting us closer and closer, but with a great price. Our security is the price. The internatl. community is fully aware of the urgent need to secure the cyberspace as you see the multiplication of security standards and national schemes interpreting them beyond borders: ISO 15408, ISO 17799, and ISO 27001. Even though some countries, incl. the Security Big Six (SB6), are equipped with their security books and may feel relatively safe; this remains a wrong sense of security as long as they share their networks with entities of less security. The standards impose security best practices and system specifications for the development of information security management systems. Partners beyond borders have to be secure as this is only possible if all entities connected to the partnership remain secure. Unfortunately, there is no way to verify the continuous security of partners without periodic security auditing and certification, and members who do not comply should ...

  11. Relaxing Chosen-Ciphertext Security

    DEFF Research Database (Denmark)

    Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

    2003-01-01

    Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...

  12. Human factors in network security

    OpenAIRE

    Jones, Francis B.

    1991-01-01

    Human factors, such as ethics and education, are important factors in network information security. This thesis determines which human factors have significant influence on network security. Those factors are examined in relation to current security devices and procedures. Methods are introduced to evaluate security effectiveness by incorporating the appropriate human factors into network security controls

  13. Google - Security Testing Tool

    OpenAIRE

    Staykov, Georgi

    2007-01-01

    Using Google as a security testing tool, basic and advanced search techniques using advanced google search operators. Examples of obtaining control over security cameras, VoIP systems, web servers and collecting valuable information as: Credit card details, cvv codes – only using Google.

  14. Security Embedding Codes

    CERN Document Server

    Ly, Hung D; Blankenship, Yufei

    2011-01-01

    This paper considers the problem of simultaneously communicating two messages, a high-security message and a low-security message, to a legitimate receiver, referred to as the security embedding problem. An information-theoretic formulation of the problem is presented. A coding scheme that combines rate splitting, superposition coding, nested binning and channel prefixing is considered and is shown to achieve the secrecy capacity region of the channel in several scenarios. Specifying these results to both scalar and independent parallel Gaussian channels (under an average individual per-subchannel power constraint), it is shown that the high-security message can be embedded into the low-security message at full rate (as if the low-security message does not exist) without incurring any loss on the overall rate of communication (as if both messages are low-security messages). Extensions to the wiretap channel II setting of Ozarow and Wyner are also considered, where it is shown that "perfect" security embedding...

  15. Securing personal network clusters

    NARCIS (Netherlands)

    Jehangir, Assed; Heemstra de Groot, Sonia M.

    2007-01-01

    A Personal Network is a self-organizing, secure and private network of a user’s devices notwithstanding their geographic location. It aims to utilize pervasive computing to provide users with new and improved services. In this paper we propose a model for securing Personal Network clusters. Clusters

  16. Generalized Software Security Framework

    Directory of Open Access Journals (Sweden)

    Smriti Jain

    2011-01-01

    Full Text Available Security of information has become a major concern in today's digitized world. As a result, effective techniques to secure information are required. The most effective way is to incorporate security in the development process itself thereby resulting into secured product. In this paper, we propose a framework that enables security to be included in the software development process. The framework consists of three layers namely; control layer, aspect layer and development layer. The control layer illustrates the managerial control of the entire software development process with the help of governance whereas aspect layer recognizes the security mechanisms that can be incorporated during the software development to identify the various security features. The development layer helps to integrate the various security aspects as well as the controls identified in the above layers during the development process. The layers are further verified by a survey amongst the IT professionals. The professionals concluded that the developed framework is easy to use due to its layered architecture and, can be customized for various types of softwares.

  17. INDECT Advanced Security Requirements

    CERN Document Server

    Uruena, Manuel; Martinez, Maria; Niemiec, Marcin; Stoianov, Nikolai

    2010-01-01

    This paper reviews the requirements for the security mechanisms that are currently being developed in the framework of the European research project INDECT. An overview of features for integrated technologies such as Virtual Private Networks (VPNs), Cryptographic Algorithms, Quantum Cryptography, Federated ID Management and Secure Mobile Ad-hoc networking are described together with their expected use in INDECT.

  18. Security in the cloud.

    Science.gov (United States)

    Degaspari, John

    2011-08-01

    As more provider organizations look to the cloud computing model, they face a host of security-related questions. What are the appropriate applications for the cloud, what is the best cloud model, and what do they need to know to choose the best vendor? Hospital CIOs and security experts weigh in.

  19. Hydrological extremes and security

    Science.gov (United States)

    Kundzewicz, Z. W.; Matczak, P.

    2015-04-01

    Economic losses caused by hydrological extremes - floods and droughts - have been on the rise. Hydrological extremes jeopardize human security and impact on societal livelihood and welfare. Security can be generally understood as freedom from threat and the ability of societies to maintain their independent identity and their functional integrity against forces of change. Several dimensions of security are reviewed in the context of hydrological extremes. The traditional interpretation of security, focused on the state military capabilities, has been replaced by a wider understanding, including economic, societal and environmental aspects that get increasing attention. Floods and droughts pose a burden and serious challenges to the state that is responsible for sustaining economic development, and societal and environmental security. The latter can be regarded as the maintenance of ecosystem services, on which a society depends. An important part of it is water security, which can be defined as the availability of an adequate quantity and quality of water for health, livelihoods, ecosystems and production, coupled with an acceptable level of water-related risks to people, environments and economies. Security concerns arise because, over large areas, hydrological extremes - floods and droughts - are becoming more frequent and more severe. In terms of dealing with water-related risks, climate change can increase uncertainties, which makes the state's task to deliver security more difficult and more expensive. However, changes in population size and development, and level of protection, drive exposure to hydrological hazards.

  20. School Security Technologies

    Science.gov (United States)

    Schneider, Tod

    2010-01-01

    Over the past decade electronic security technology has evolved from an exotic possibility into an essential safety consideration. Before resorting to high-tech security solutions, school officials should think carefully about the potential for unintended consequences. Technological fixes may be mismatched to the problems being addressed. They can…

  1. Smart grid security

    Energy Technology Data Exchange (ETDEWEB)

    Cuellar, Jorge (ed.) [Siemens AG, Muenchen (Germany). Corporate Technology

    2013-11-01

    The engineering, deployment and security of the future smart grid will be an enormous project requiring the consensus of many stakeholders with different views on the security and privacy requirements, not to mention methods and solutions. The fragmentation of research agendas and proposed approaches or solutions for securing the future smart grid becomes apparent observing the results from different projects, standards, committees, etc, in different countries. The different approaches and views of the papers in this collection also witness this fragmentation. This book contains the following papers: 1. IT Security Architecture Approaches for Smart Metering and Smart Grid. 2. Smart Grid Information Exchange - Securing the Smart Grid from the Ground. 3. A Tool Set for the Evaluation of Security and Reliability in Smart Grids. 4. A Holistic View of Security and Privacy Issues in Smart Grids. 5. Hardware Security for Device Authentication in the Smart Grid. 6. Maintaining Privacy in Data Rich Demand Response Applications. 7. Data Protection in a Cloud-Enabled Smart Grid. 8. Formal Analysis of a Privacy-Preserving Billing Protocol. 9. Privacy in Smart Metering Ecosystems. 10. Energy rate at home Leveraging ZigBee to Enable Smart Grid in Residential Environment.

  2. Security the human factor

    CERN Document Server

    Kearney, Paul

    2010-01-01

    This pocket guide is based on the approach used by BT to protect its own data security – one that draws on the capabilities of both people and technology. The guide will prove invaluable for IT managers, information security officers and business executives.

  3. VMware view security essentials

    CERN Document Server

    Langenhan, Daniel

    2013-01-01

    A practical and fast-paced guide that gives you all the information you need to secure your virtual environment.This book is a ""how-to"" for the novice, a ""reference guide"" for the advanced user, and a ""go to"" for the experienced user in all the aspects of VMware View desktop virtualization security.

  4. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  5. Secure Link Middleware

    Science.gov (United States)

    2008-08-01

    Secure Link middleware as specified by the circled ‘sld’, sld . Using a network traffic analyzer (e.g., tcpdump) at router bulldog and tiger, ARL...or nfs (remote accessing file systems) to be securely operated and used among networked computer systems without any bulldog (router3) bear (router2

  6. Network Security Is Manageable

    Science.gov (United States)

    Roberts, Gary

    2006-01-01

    An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…

  7. Information security management principles

    CERN Document Server

    Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy

    2013-01-01

    In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.

  8. Indirection and computer security.

    Energy Technology Data Exchange (ETDEWEB)

    Berg, Michael J.

    2011-09-01

    The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyze common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.

  9. Moving towards Cloud Security

    Directory of Open Access Journals (Sweden)

    Edit Szilvia Rubóczki

    2015-01-01

    Full Text Available Cloud computing hosts and delivers many different services via Internet. There are a lot of reasons why people opt for using cloud resources. Cloud development is increasing fast while a lot of related services drop behind, for example the mass awareness of cloud security. However the new generation upload videos and pictures without reason to a cloud storage, but only few know about data privacy, data management and the proprietary of stored data in the cloud. In an enterprise environment the users have to know the rule of cloud usage, however they have little knowledge about traditional IT security. It is important to measure the level of their knowledge, and evolve the training system to develop the security awareness. The article proves the importance of suggesting new metrics and algorithms for measuring security awareness of corporate users and employees to include the requirements of emerging cloud security.

  10. Wireless physical layer security

    Science.gov (United States)

    Poor, H. Vincent; Schaefer, Rafael F.

    2017-01-01

    Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

  11. Energy security in Yemen

    Energy Technology Data Exchange (ETDEWEB)

    Torosyan, Emil

    2009-09-15

    Yemen, situated in the Arab world, has considerable energy resources. However, its history of repeated revolts, civil wars and terrorism and also the presence of the Wahabi movement and al Qaeda in the country constitute security issues for the energy industry and its infrastructure. The aim of this paper is to assess the impact level on the security of the energy sector in Yemen and the effect that the threats to that sector could have on global energy security. Analyses of the political environment, the security threats and the measures taken to respond to these threats have been carried out. Results showed that Yemen's resources are depleting and that the government is having trouble containing the escalation of conflicts; this situation could lead to Yemen's political collapse which could have an important impact on global energy security.

  12. International Nuclear Security

    Energy Technology Data Exchange (ETDEWEB)

    Doyle, James E. [Los Alamos National Laboratory

    2012-08-14

    This presentation discusses: (1) Definitions of international nuclear security; (2) What degree of security do we have now; (3) Limitations of a nuclear security strategy focused on national lock-downs of fissile materials and weapons; (4) What do current trends say about the future; and (5) How can nuclear security be strengthened? Nuclear security can be strengthened by: (1) More accurate baseline inventories; (2) Better physical protection, control and accounting; (3) Effective personnel reliability programs; (4) Minimize weapons-usable materials and consolidate to fewer locations; (5) Consider local threat environment when siting facilities; (6) Implement pledges made in the NSS process; and (7) More robust interdiction, emergency response and special operations capabilities. International cooperation is desirable, but not always possible.

  13. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development....

  14. Security Dialogues: Building Better Relationships between Security and Business

    OpenAIRE

    Ashenden, D.; Lawrence, D.

    2016-01-01

    In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes. By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff. Published in IEEE Security and Privacy (2016) vol 14/3 pp 82-87 (http://doi.ieeecomputers...

  15. Security intelligence a practitioner's guide to solving enterprise security challenges

    CERN Document Server

    Li, Qing

    2015-01-01

    Identify, deploy, and secure your enterprise Security Intelligence, A Practitioner's Guide to Solving Enterprise Security Challenges is a handbook for security in modern times, against modern adversaries. As leaders in the design and creation of security products that are deployed globally across a range of industries and market sectors, authors Qing Li and Gregory Clark deliver unparalleled insight into the development of comprehensive and focused enterprise security solutions. They walk you through the process of translating your security goals into specific security technology domains, fo

  16. DEMOGRAPHIC SECURITY: THEORY, METHODOLOGY, EVALUATION

    Directory of Open Access Journals (Sweden)

    Mikhail V. Karmanov

    2015-01-01

    Full Text Available The paper analyzes the theoretical aspects of demographic security. Reviewed and analyzed the point of view of various scholars to the definition of demographic security. The main directions of statistical analysis of demographic security.

  17. Security Components of Globalization

    Directory of Open Access Journals (Sweden)

    Florin Iftode

    2015-05-01

    Full Text Available The objective of this paper is our intention to present what are the main connections between globalization and international security. In terms of global security we can perceive the globalization as a process by which global state is represented by the UN, with a single world system, represented by major security organizations and with global effects. We will present from the beginning the main theoretical aspects that define the phenomenon of globalization, and then our contribution in assessing the implications of this phenomenon on the regional and global security. The results of our research are materialized in the last part of the paper. They emphasize the personal assessments on how the phenomenon of globalization has direct effect on global security. When talking about government, we think of norms, rules and decisionmaking procedures in the management of international life. The value that we add to the new scientific interpretation of the definition of globalization is represented, primarily, by the valuable bibliographic used resources and the original approach on the concept that refers to the links between globalization and security. This article may be, at any time, a starting point in an interesting research direction in the field of global security.

  18. Secure Cloud Architecture

    Directory of Open Access Journals (Sweden)

    Kashif Munir

    2013-02-01

    Full Text Available Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centers located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. The biggest challenge in cloud computing is the security and privacy problems caused by its multi-tenancy nature and the outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting cloud services for their businesses, measures need to be developed so that organizations can be assured of security in their businesses and can choose a suitable vendor for their computing needs. Cloud computing depends on the internet as a medium for users to access the required services at any time on pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers from threats and vulnerabilities that prevent the users from trusting it. Various malicious activitiesfrom illegal users have threatened this technology such as data misuse, inflexible access control and limited monitoring. The occurrence of these threats may result into damaging or illegal access of critical and confidential data of users. In this paper we identify the most vulnerable security threats/attacks in cloud computing, which will enable both end users and vendors to know a bout the k ey security threats associated with cloud computing and propose relevant solution directives to strengthen security in the Cloud environment. We also propose secure cloud architecture for organizations to strengthen the security.

  19. Security for multihop wireless networks

    CERN Document Server

    Khan, Shafiullah

    2014-01-01

    Security for Multihop Wireless Networks provides broad coverage of the security issues facing multihop wireless networks. Presenting the work of a different group of expert contributors in each chapter, it explores security in mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and personal area networks.Detailing technologies and processes that can help you secure your wireless networks, the book covers cryptographic coprocessors, encryption, authentication, key management, attacks and countermeasures, secure routing, secure medium access control, intrusion detection, ep

  20. Agile IT Security Implementation Methodology

    CERN Document Server

    Laskowski, Jeff

    2011-01-01

    The book is a tutorial that goes from basic to professional level for Agile IT security. It begins by assuming little knowledge of agile security. Readers should hold a good knowledge of security methods and agile development. The book is targeted at IT security managers, directors, and architects. It is useful for anyone responsible for the deployment of IT security countermeasures. Security people with a strong knowledge of agile software development will find this book to be a good review of agile concepts.

  1. Threats or threads: from usable security to secure experience

    DEFF Research Database (Denmark)

    Bødker, Susanne; Mathiasen, Niels Raabjerg

    2008-01-01

    While the domain of security dependent technologies brings new challenges to HCI research it seems that the results and breakthroughs of HCI have not been used in design of security dependent technologies. With exceptions, work in the research field of usable security may be criticized for focusing...... mainly on adjusting user behavior to behave securely. With our background in newer HCI perspectives we address secure interaction from the perspective of security technology as experience. We analyze a number of collected user stories to understand what happens when everyday users encounter security...... dependent technologies. We apply McCarthy & Wright's [12] experience framework to the security domain and our collected stories. We point out that there are significant differences between being secure and having a secure experience, and conclude that classical usable security, focus on people's immediate...

  2. Security and Emergency Management Division

    Data.gov (United States)

    Federal Laboratory Consortium — Volpe's Security and Emergency Management Division identifies vulnerabilities, risks, and opportunities to improve the security of transportation systems, critical...

  3. Transmission grid security

    CERN Document Server

    Haarla, Liisa; Hirvonen, Ritva; Labeau, Pierre-Etienne

    2011-01-01

    In response to the growing importance of power system security and reliability, ""Transmission Grid Security"" proposes a systematic and probabilistic approach for transmission grid security analysis. The analysis presented uses probabilistic safety assessment (PSA) and takes into account the power system dynamics after severe faults. In the method shown in this book the power system states (stable, not stable, system breakdown, etc.) are connected with the substation reliability model. In this way it is possible to: estimate the system-wide consequences of grid faults; identify a chain of eve

  4. Software Safety and Security

    CERN Document Server

    Nipkow, T; Hauptmann, B

    2012-01-01

    Recent decades have seen major advances in methods and tools for checking the safety and security of software systems. Automatic tools can now detect security flaws not only in programs of the order of a million lines of code, but also in high-level protocol descriptions. There has also been something of a breakthrough in the area of operating system verification. This book presents the lectures from the NATO Advanced Study Institute on Tools for Analysis and Verification of Software Safety and Security; a summer school held at Bayrischzell, Germany, in 2011. This Advanced Study Institute was

  5. Smart grid security

    CERN Document Server

    Goel, Sanjay; Papakonstantinou, Vagelis; Kloza, Dariusz

    2015-01-01

    This book on smart grid security is meant for a broad audience from managers to technical experts. It highlights security challenges that are faced in the smart grid as we widely deploy it across the landscape. It starts with a brief overview of the smart grid and then discusses some of the reported attacks on the grid. It covers network threats, cyber physical threats, smart metering threats, as well as privacy issues in the smart grid. Along with the threats the book discusses the means to improve smart grid security and the standards that are emerging in the field. The second part of the b

  6. Linux Server Security

    CERN Document Server

    Bauer, Michael D

    2005-01-01

    Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well. This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--

  7. Privacy vs security

    CERN Document Server

    Stalla-Bourdillon, Sophie; Ryan, Mark D

    2014-01-01

    Securing privacy in the current environment is one of the great challenges of today's democracies. Privacy vs. Security explores the issues of privacy and security and their complicated interplay, from a legal and a technical point of view. Sophie Stalla-Bourdillon provides a thorough account of the legal underpinnings of the European approach to privacy and examines their implementation through privacy, data protection and data retention laws. Joshua Philips and Mark D. Ryan focus on the technological aspects of privacy, in particular, on today's attacks on privacy by the simple use of today'

  8. Information Security Standards

    Directory of Open Access Journals (Sweden)

    Dan Constantin Tofan

    2011-09-01

    Full Text Available The use of standards is unanimously accepted and gives the possibility of comparing a personal security system with a given frame of reference adopted at an international level. A good example is the ISO 9000 set of standards regarding the quality management system, which is a common reference regardless of the industry in which a certain company activates. Just like quality control standards for other industrial processes such as manufacturing and customer service, information security standards demonstrate in a methodical and certifiable manner that an organization conforms to industry best practices and procedures. This article offers a review of the world’s most used information security standards.

  9. Web Security, Privacy & Commerce

    CERN Document Server

    Garfinkel, Simson

    2011-01-01

    Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites. Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Exp

  10. Android Applications Security

    Directory of Open Access Journals (Sweden)

    Paul POCATILU

    2011-01-01

    Full Text Available The use of smartphones worldwide is growing very fast and also the malicious attacks have increased. The mobile security applications development keeps the pace with this trend. The paper presents the vulnerabilities of mobile applications. The Android applications and devices are analyzed through the security perspective. The usage of restricted API is also presented. The paper also focuses on how users can prevent these malicious attacks and propose some prevention measures, including the architecture of a mobile security system for Android devices.

  11. Elements of social security

    DEFF Research Database (Denmark)

    Hansen, Hans

    (Alte Länder). This is the 9th and last edition of the publication,covering income levels and rules for social security and personal taxation for 1999. Basis for the projections to 1999 income levels is the 1998 data (in some cases 1999 data)for OECD's Taxing Wages as reported by national experts.......Elements of Social Security is a comparative study of important elements of the social security systems in Denmark (DK), Sweden (S), Finland (FIN), Austria (A), Germany (D), the Netherlands (NL), Great Britain (GB) and Canada (CAN). It should be emphasized that Germany is the former West Germany...

  12. Computer Security Handbook

    CERN Document Server

    Bosworth, Seymour; Whyne, Eric

    2012-01-01

    The classic and authoritative reference in the field of computer security, now completely updated and revised With the continued presence of large-scale computers; the proliferation of desktop, laptop, and handheld computers; and the vast international networks that interconnect them, the nature and extent of threats to computer security have grown enormously. Now in its fifth edition, Computer Security Handbook continues to provide authoritative guidance to identify and to eliminate these threats where possible, as well as to lessen any losses attributable to them. With seventy-seven chapter

  13. Securing BGP Using External Security Monitors

    Science.gov (United States)

    2006-01-01

    using the actual Internet AS topology, as represented by the CAIDA AS Relation- ships Dataset [1]. We measured the time to detect an in- valid...examine BGP security using the AS-level topology from the CAIDA AS Relationships Dataset [1]. We enu- merated all AS pairs and counted which pairs had...infrastructure using trusted computing hardware. References [1] The CAIDA AS Relationships Dataset, June 26th, 2006. http://www.caida.org/data/ active

  14. CHANGES IN THE SECURITY AGENDA: CRITICAL SECURITY STUDIES AND HUMAN SECURITY. THE CASE OF CHINA

    OpenAIRE

    Nguyen THI THUY HANG

    2012-01-01

    Since the end of the Cold War the meaning of security has fundamentally changed. Issues which are labeled as non-traditional security namely human development, economic crises, environmental degradation, natural disaster, poverty, epidemics… have become a crucial part of the security agenda. These changes have been intensified with the development of the two approaches: Critical Security Studies and Human Security. This article explores how the meaning of security has change...

  15. Gaming security by obscurity

    CERN Document Server

    Pavlovic, Dusko

    2011-01-01

    Shannon sought security against the attacker with unlimited computational powers: *if an information source conveys some information, then Shannon's attacker will surely extract that information*. Diffie and Hellman refined Shannon's attacker model by taking into account the fact that the real attackers are computationally limited. This idea became one of the greatest new paradigms in computer science, and led to modern cryptography. Shannon also sought security against the attacker with unlimited logical and observational powers, expressed through the maxim that "the enemy knows the system". This view is still endorsed in cryptography. The popular formulation, going back to Kerckhoffs, is that "there is no security by obscurity", meaning that the algorithms cannot be kept obscured from the attacker, and that security should only rely upon the secret keys. In fact, modern cryptography goes even further than Shannon or Kerckhoffs in tacitly assuming that *if there is an algorithm that can break the system, the...

  16. NGO field security

    Directory of Open Access Journals (Sweden)

    Randolph Martin

    1999-04-01

    Full Text Available In an environment of increased exposure, deterioration in the rules of war and loss of perceived neutrality, the community of NGOs operating incomplex emergencies is facing significantly increased risks to staff safety and security.

  17. Media and Security Team

    Data.gov (United States)

    Federal Laboratory Consortium — The Media And Security Team led by Prof. Min Wu was established in Fall 2001 at University of Maryland, College Park. A number of research and education activities...

  18. Social Security Umbrella Expanded

    Institute of Scientific and Technical Information of China (English)

    2009-01-01

    The government issues a draft law to improve the country’s social security system Zhao Yanfang, 25, is an engineer at a designing institute in Beijing.After she graduated from a university in Jiangsu Province in 2005,

  19. Banking Software Applications Security

    Directory of Open Access Journals (Sweden)

    Ioan Alexandru Bubu

    2015-03-01

    Full Text Available Computer software products are among the most complex artifacts, if not the most complex artifacts mankind has created. Securing those artifacts against intelligent attackers who try to exploit flaws in software design and construct is a great challenge too.The purpose of this paper is to introduce a secure alternative to banking software applications that are currently in use. This new application aims to cover most of the well-known vulnerabilities that plague the majority of current software.First we will take a quick look at current security methods that are in use, and a few known vulnerabilities. After this, we will discuss the security measures implemented in my application, and finally, we will the results of implementing them.

  20. Aggression And Attachment Security

    Directory of Open Access Journals (Sweden)

    Prem Verma

    2007-06-01

    Full Text Available Objective:The aim of the present study is to examine the factors related aggression in Iranian and Indian school children. Method: Attachment security (dependency, availability, and total considered as the variable. The KSS questionnaire was administrated students in the 5th grade; 300 were Iranian and 300 were Indian consisted of 150 boys and 150 girls. Results: Attachment security demonstrated significant negative correlations with aggression in the boys, girls and the total Iranian sample. The dependency on mothers was the only case with insignificant correlation.In the Indian sample, attachment security was also found to be significantly negatively correlated with aggression. The only exception was the correlation between mother's availability and aggression in girls, which was not significant Conclusion: It is important that parents treat their children in a tender, manner so that a secure attachment develop between them.

  1. IS (Iris Security)

    OpenAIRE

    Iovane, G.; Tortoriello, F. S.

    2003-01-01

    In the paper will be presented a safety system based on iridology. The results suggest a new scenario where the security problem in supervised and unsupervised areas can be treat with the present system and the iris image recognition.

  2. Intelligent Sensors Security

    Directory of Open Access Journals (Sweden)

    Andrzej Bialas

    2010-01-01

    Full Text Available The paper is focused on the security issues of sensors provided with processors and software and used for high-risk applications. Common IT related threats may cause serious consequences for sensor system users. To improve their robustness, sensor systems should be developed in a restricted way that would provide them with assurance. One assurance creation methodology is Common Criteria (ISO/IEC 15408 used for IT products and systems. The paper begins with a primer on the Common Criteria, and then a general security model of the intelligent sensor as an IT product is discussed. The paper presents how the security problem of the intelligent sensor is defined and solved. The contribution of the paper is to provide Common Criteria (CC related security design patterns and to improve the effectiveness of the sensor development process.

  3. Secure Processing Lab

    Data.gov (United States)

    Federal Laboratory Consortium — The Secure Processing Lab is the center of excellence for new and novel processing techniques for the formation, calibration and analysis of radar. In addition, this...

  4. Data Security : An Analysis

    Directory of Open Access Journals (Sweden)

    Dr.S.B.Thorat

    2010-07-01

    Full Text Available There is intense of cyber attach through electronic media, so it calls for data security practice. Internet technology becomes very pervasive to exchange data through online. Various Government and private sectors mostly depends on Information Technology and facing problem of security breach. The precious thing on internet is the data. This data need to be protected from any damage and errors. The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them. There are many way to protect from the cyber space. The data can be protected using various techniques such as Anti-viruses, antimalware,spyware, encryption, access control, physical security, keep backup of data regularly, and good security habit.

  5. Railway infrastructure security

    CERN Document Server

    Sforza, Antonio; Vittorini, Valeria; Pragliola, Concetta

    2015-01-01

    This comprehensive monograph addresses crucial issues in the protection of railway systems, with the objective of enhancing the understanding of railway infrastructure security. Based on analyses by academics, technology providers, and railway operators, it explains how to assess terrorist and criminal threats, design countermeasures, and implement effective security strategies. In so doing, it draws upon a range of experiences from different countries in Europe and beyond. The book is the first to be devoted entirely to this subject. It will serve as a timely reminder of the attractiveness of the railway infrastructure system as a target for criminals and terrorists and, more importantly, as a valuable resource for stakeholders and professionals in the railway security field aiming to develop effective security based on a mix of methodological, technological, and organizational tools. Besides researchers and decision makers in the field, the book will appeal to students interested in critical infrastructur...

  6. VMware vsphere security cookbook

    CERN Document Server

    Greer, Mike

    2014-01-01

    This book is intended for virtualization professionals who are experienced with the setup and configuration of VMware vSphere, but didn't get the opportunity to learn how to secure the environment properly.

  7. SECURITY MECHANISM FOR MANETS

    Directory of Open Access Journals (Sweden)

    YASIR ABDELGADIR MOHAMED

    2009-06-01

    Full Text Available Be short of well-defined networks boundaries, shared medium, collaborative services, and dynamic nature, all are representing some of the key characteristics that distinguish mobile ad hoc networks from the conventional ones. Besides, each node is a possible part of the essential support infrastructure, cooperate with each other to make basic communication services available. Forwarding packets or participating in routing process, either of each can directly affect the network security state. Nevertheless, ad hoc networks are suspectable to the same vulnerabilities and prone to the same types of failures as conventional networks. Even though immune-inspired approaches aren’t essentially new to the research domain, the percentage of applying immune features in solving security problems fluctuates. In this paper, security approach based on both immunity and multi-agent paradigm is presented. Distributability, second response, and self recovery, are the hallmarks of the proposed security model which put a consideration on high nodes mobility.

  8. Tools for Computer Security

    CERN Document Server

    Lecoeuche, Denis

    2015-01-01

    This report describes several scripts developed in order to facilitate and automate security-related tests and tasks for the CMS Group at CERN. They will be integrated in the release cycle of specific web services.

  9. Mobile IP: Security & application

    NARCIS (Netherlands)

    Tuquerres, Gloria; Salvador, Marcos Rogério; Sprenkels, Ron

    1999-01-01

    As required in the TGS Mobile IP Advanced Module, this paper presents a survey of common security threats which mobile IP networks are exposed to as well as some proposed solutions to deal with such threats.

  10. Cognitive Computing for Security.

    Energy Technology Data Exchange (ETDEWEB)

    Debenedictis, Erik [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rothganger, Fredrick [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Aimone, James Bradley [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Marinella, Matthew [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Evans, Brian Robert [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Warrender, Christina E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Mickel, Patrick [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2015-12-01

    Final report for Cognitive Computing for Security LDRD 165613. It reports on the development of hybrid of general purpose/ne uromorphic computer architecture, with an emphasis on potential implementation with memristors.

  11. CHANGES IN THE SECURITY AGENDA: CRITICAL SECURITY STUDIES AND HUMAN SECURITY. THE CASE OF CHINA

    Directory of Open Access Journals (Sweden)

    Nguyen THI THUY HANG

    2012-06-01

    Full Text Available Since the end of the Cold War the meaning of security has fundamentally changed. Issues which are labeled as non-traditional security namely human development, economic crises, environmental degradation, natural disaster, poverty, epidemics… have become a crucial part of the security agenda. These changes have been intensified with the development of the two approaches: Critical Security Studies and Human Security. This article explores how the meaning of security has changed and how the boundaries between traditional and non-traditional security have become blurred. The case of China is taken as empirical evidence to support the assertion that security has evolved beyond its traditional focus on the state.

  12. Security in Internet

    Directory of Open Access Journals (Sweden)

    Felician ALECU

    2006-01-01

    Full Text Available A very good method that can be used to protect a private network is the implementation of a firewall between Internet and Intranet. This firewall will filter the packets that transit the network according with the security policy defined at the system level. The SSL protocol allows verifying the identity of a WEB server based on a digital certificate issued by a certification authority. Secure data transport over the Internet is done by using encryption methods.

  13. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  14. Energy Security in Yemen

    Science.gov (United States)

    2009-09-01

    entreprises de construction et de service pour les faire participer à l‘exploitation des ressources pétrolières. Des membres de tribus assurent aussi...army units to Yemen to help suppress the Monarchists rebellion while Saudis financed and armed the Monarchists. However, Egypt‘s defeat in the...revenue curtail the government‘s ability to finance its security operations, likely worsening the security situation in Yemen

  15. Information Security Standards

    OpenAIRE

    Dan Constantin Tofan

    2011-01-01

    The use of standards is unanimously accepted and gives the possibility of comparing a personal security system with a given frame of reference adopted at an international level. A good example is the ISO 9000 set of standards regarding the quality management system, which is a common reference regardless of the industry in which a certain company activates. Just like quality control standards for other industrial processes such as manufacturing and customer service, information security stand...

  16. Analogies of Information Security

    OpenAIRE

    Sole, Amund Bauck

    2016-01-01

    In this thesis it will be tested wither analogies and metaphors would make it easier to teach the fundamental subjects of information security and hacking to people with no previous background in computer science and only basic computer skills. This will be done by conducting interview on people with no background in computer science to see what analogies work the best for different topics in information security. From the analogy getting the best response, a small game will be designed with ...

  17. Reusable Security Requirements

    Science.gov (United States)

    2016-06-13

    2003 by Carnegie Mellon University page 1 Carnegie Mellon Software Engineering Institute Reusable Security Requirements RE’2003 RHAS’03 Workshop...PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Carnegie Mellon University , Software Engineering Institute,Pittsburgh,PA,15213 8. PERFORMING...Carnegie Mellon University page 2 Carnegie Mellon Software Engineering Institute In a Nut Shell • Similar Assets, Attackers, and Threats • Security

  18. Data port security lock

    Science.gov (United States)

    Quinby, Joseph D.; Hall, Clarence S.

    2008-06-24

    In a security apparatus for securing an electrical connector, a plug may be fitted for insertion into a connector receptacle compliant with a connector standard. The plug has at least one aperture adapted to engage at least one latch in the connector receptacle. An engagement member is adapted to partially extend through at least one aperture and lock to at least one structure within the connector receptacle.

  19. CLOUD COMPUTING SECURITY

    Directory of Open Access Journals (Sweden)

    DANISH JAMIL,

    2011-04-01

    Full Text Available It is no secret that cloud computing is becoming more and more popular today and is ever increasing inpopularity with large companies as they share valuable resources in a cost effective way. Due to this increasingdemand for more clouds there is an ever growing threat of security becoming a major issue. This paper shalllook at ways in which security threats can be a danger to cloud computing and how they can be avoided.

  20. [Food security in Mexico].

    Science.gov (United States)

    Urquía-Fernández, Nuria

    2014-01-01

    An overview of food security and nutrition in Mexico is presented, based on the analysis of the four pillars of food security: availability, access, utilization of food, and stability of the food supply. In addition, the two faces of malnutrition in Mexico were analyzed: obesity and undernourishment. Data were gathered from the food security indicators of the United Nations's Food and Agriculture Organization, from the Mexican Scale of Food Security, and from the National Health and Nutrition Survey. Mexico presents an index of availability of 3 145 kilocalories per person per day, one of the highest indexes in the world, including both food production and imports. In contrast, Mexico is affected by a double burden of malnutrition: whereas children under five present 14% of stunt, 30% of the adult population is obese. Also, more than 18% of the population cannot afford the basic food basket (food poverty). Using perception surveys, people reports important levels of food insecurity, which concentrates in seven states of the Mexican Federation. The production structure underlying these indicators shows a very heterogeneous landscape, which translates in to a low productivity growth across the last years. Food security being a multidimensional concept, to ensure food security for the Mexican population requires a revision and redesign of public productive and social policies, placing a particular focus on strengthening the mechanisms of institutional governance.

  1. Microsoft Security Bible A Collection of Practical Security Techniques

    CERN Document Server

    Mullen, Timothy "Thor"

    2011-01-01

    Thor's Microsoft® Security Bible provides a "one-stop-shop" for Microsoft-related security techniques and procedures as applied to the typical deployment of a Microsoft-based infrastructure. The book contains detailed security concepts and methodologies described at every level: Server, Client, Organizational Structure, Platform-specific security options, application specific security (IIS, SQL, Active Directory, etc.) and also includes new, never-before-published security tools complete with source code. Detailed technical information on security processes for all major Microsoft applications

  2. Database and applications security integrating information security and data management

    CERN Document Server

    Thuraisingham, Bhavani

    2005-01-01

    This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

  3. Security patterns in practice designing secure architectures using software patterns

    CERN Document Server

    Fernandez-Buglioni, Eduardo

    2013-01-01

    Learn to combine security theory and code to produce secure systems Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML. Provides

  4. Roadmap on optical security

    Science.gov (United States)

    Javidi, Bahram; Carnicer, Artur; Yamaguchi, Masahiro; Nomura, Takanori; Pérez-Cabré, Elisabet; Millán, María S.; Nishchal, Naveen K.; Torroba, Roberto; Fredy Barrera, John; He, Wenqi; Peng, Xiang; Stern, Adrian; Rivenson, Yair; Alfalou, A.; Brosseau, C.; Guo, Changliang; Sheridan, John T.; Situ, Guohai; Naruse, Makoto; Matsumoto, Tsutomu; Juvells, Ignasi; Tajahuerce, Enrique; Lancis, Jesús; Chen, Wen; Chen, Xudong; Pinkse, Pepijn W. H.; Mosk, Allard P.; Markman, Adam

    2016-08-01

    Information security and authentication are important challenges facing society. Recent attacks by hackers on the databases of large commercial and financial companies have demonstrated that more research and development of advanced approaches are necessary to deny unauthorized access to critical data. Free space optical technology has been investigated by many researchers in information security, encryption, and authentication. The main motivation for using optics and photonics for information security is that optical waveforms possess many complex degrees of freedom such as amplitude, phase, polarization, large bandwidth, nonlinear transformations, quantum properties of photons, and multiplexing that can be combined in many ways to make information encryption more secure and more difficult to attack. This roadmap article presents an overview of the potential, recent advances, and challenges of optical security and encryption using free space optics. The roadmap on optical security is comprised of six categories that together include 16 short sections written by authors who have made relevant contributions in this field. The first category of this roadmap describes novel encryption approaches, including secure optical sensing which summarizes double random phase encryption applications and flaws [Yamaguchi], the digital holographic encryption in free space optical technique which describes encryption using multidimensional digital holography [Nomura], simultaneous encryption of multiple signals [Pérez-Cabré], asymmetric methods based on information truncation [Nishchal], and dynamic encryption of video sequences [Torroba]. Asymmetric and one-way cryptosystems are analyzed by Peng. The second category is on compression for encryption. In their respective contributions, Alfalou and Stern propose similar goals involving compressed data and compressive sensing encryption. The very important area of cryptanalysis is the topic of the third category with two sections

  5. Considerations for Cloud Security Operations

    OpenAIRE

    Cusick, James

    2016-01-01

    Information Security in Cloud Computing environments is explored. Cloud Computing is presented, security needs are discussed, and mitigation approaches are listed. Topics covered include Information Security, Cloud Computing, Private Cloud, Public Cloud, SaaS, PaaS, IaaS, ISO 27001, OWASP, Secure SDLC.

  6. EPICS: Channel Access security design

    Energy Technology Data Exchange (ETDEWEB)

    Kraimer, M.; Hill, J.

    1994-05-01

    This document presents the design for implementing the requirements specified in: EPICS -- Channel Access Security -- functional requirements, Ned. D. Arnold, 03/09/92. Use of the access security system is described along with a summary of the functional requirements. The programmer`s interface is given. Security protocol is described and finally aids for reading the access security code are provided.

  7. Modified Small Business Network Security

    Directory of Open Access Journals (Sweden)

    Md. Belayet Ali

    2012-02-01

    Full Text Available This paper covers some likely threats and effectivesteps for a secure small business. It also involves a flowchart tocomprehend the overall small business network security easilyand we identify a set of security issues and applyappropriate techniques to satisfy the correspondingsecurity requirements. In respect of all, this document isstrong enough for any small business network security.

  8. A Portable Computer Security Workshop

    Science.gov (United States)

    Wagner, Paul J.; Phillips, Andrew T.

    2006-01-01

    We have developed a computer security workshop designed to instruct post-secondary instructors who want to start a course or laboratory exercise sequence in computer security. This workshop has also been used to provide computer security education to IT professionals and students. It is effective in communicating basic computer security principles…

  9. Security planning an applied approach

    CERN Document Server

    Lincke, Susan

    2015-01-01

    This book guides readers through building an IT security plan. Offering a template, it helps readers to prioritize risks, conform to regulation, plan their defense and secure proprietary/confidential information. The process is documented in the supplemental online security workbook. Security Planning is designed for the busy IT practitioner, who does not have time to become a security expert, but needs a security plan now. It also serves to educate the reader of a broader set of concepts related to the security environment through the Introductory Concepts and Advanced sections. The book serv

  10. Asset protection through security awareness

    CERN Document Server

    Speed, Tyler Justin

    2011-01-01

    Introduction: What Is Information Security? Creating a Culture of Security Awareness Protecting Corporate Assets Protective MeasuresA Culture of Security AwarenessRemaining DynamicOverview of Security Awareness Categories Overview Industry StandardsPrivacy ConcernsPassword Management Credit Card Compliance (PCI) General File ManagementExamples of Security Regulations and LawsWho Is an IS Professional?Introduction Empowering Security Professionals Top-Down ApproachDiplomacyThe People Portion of Information SecurityThe IS SpecialistDiplomacy-The IS Professional's Best FriendEnd Users Are Great N

  11. Gross anatomy of network security

    Science.gov (United States)

    Siu, Thomas J.

    2002-01-01

    Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

  12. Securing Web Services using Service Token Security

    Directory of Open Access Journals (Sweden)

    Stelian Dumitra

    2014-06-01

    Full Text Available Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 Web services are distributed components that enable interaction of software componentsacross organizational boundaries. The main advantages of web services are related to the flexibility and versatility: they support a variety of architectures and are independent of platforms and models. Also, they can expose valuable data, applications and systems of organizations to a variety of external threats. Securing web services is one of the most important topics related to them. This paper describes the core web services specifications, the top threats facing web services and the security fundamentals. At the end of the paper is presented a custom authentication and authorization model (brokered authentication to ensure a robust protection, a model that shows how to authenticate and authorize callers to perform operations and how to access resources. This model uses the following frameworks/standards: Windows Identity Foundation (WIF to apply the principles of claims-based identity, Windows Communication Foundation (WCF, to develop services/client services and integrate with WIF, and Service Token Security (STS, to issue security tokens.The conclusions and the future proposed developments are presented in the end of the paper. /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso

  13. VMware vCloud security

    CERN Document Server

    Sarkar, Prasenjit

    2013-01-01

    VMware vCloud Security provides the reader with in depth knowledge and practical exercises sufficient to implement a secured private cloud using VMware vCloud Director and vCloud Networking and Security.This book is primarily for technical professionals with system administration and security administration skills with significant VMware vCloud experience who want to learn about advanced concepts of vCloud security and compliance.

  14. The Economics of Energy Security

    OpenAIRE

    2014-01-01

    Energy security is the ability of households, businesses, and government to accommodate disruptions in supply in energy markets. This survey considers the economic dimensions of energy security and political and other noneconomic security concerns and discusses policy approaches that could enhance US energy security. A number of points emerge. First, energy security is enhanced by reducing consumption, not imports. A policy to eliminate oil imports, for example, will not enhance US energy sec...

  15. Security Dynamics of Cloud Computing

    OpenAIRE

    Khaled M. Khan

    2009-01-01

    This paper explores various dimensions of cloud computing security. It argues that security concerns of cloud computing need to be addressed from the perspective of individual stakeholder. Security focuses of cloud computing are essentially different in terms of its characteristics and business model. Conventional way of viewing as well as addressing security such as ‘bolting-in’ on the top of cloud computing may not work well. The paper attempts to portray the security spectrum necessary for...

  16. Security Policy and Developments in Central Asia : Security Documents Compared with Security Challenges

    NARCIS (Netherlands)

    Haas, de M.

    2016-01-01

    This article examines the security policy of the Central Asian (CA) states, by comparing theory (security documents) with practice (the actual security challenges). The lack of CA regional (security) cooperation and authoritarian rule puts political and economic stability at stake. The internal and

  17. Biological and Chemical Security

    Energy Technology Data Exchange (ETDEWEB)

    Fitch, P J

    2002-12-19

    The LLNL Chemical & Biological National Security Program (CBNP) provides science, technology and integrated systems for chemical and biological security. Our approach is to develop and field advanced strategies that dramatically improve the nation's capabilities to prevent, prepare for, detect, and respond to terrorist use of chemical or biological weapons. Recent events show the importance of civilian defense against terrorism. The 1995 nerve gas attack in Tokyo's subway served to catalyze and focus the early LLNL program on civilian counter terrorism. In the same year, LLNL began CBNP using Laboratory-Directed R&D investments and a focus on biodetection. The Nunn-Lugar-Domenici Defense Against Weapons of Mass Destruction Act, passed in 1996, initiated a number of U.S. nonproliferation and counter-terrorism programs including the DOE (now NNSA) Chemical and Biological Nonproliferation Program (also known as CBNP). In 2002, the Department of Homeland Security was formed. The NNSA CBNP and many of the LLNL CBNP activities are being transferred as the new Department becomes operational. LLNL has a long history in national security including nonproliferation of weapons of mass destruction. In biology, LLNL had a key role in starting and implementing the Human Genome Project and, more recently, the Microbial Genome Program. LLNL has over 1,000 scientists and engineers with relevant expertise in biology, chemistry, decontamination, instrumentation, microtechnologies, atmospheric modeling, and field experimentation. Over 150 LLNL scientists and engineers work full time on chemical and biological national security projects.

  18. Energy and national security.

    Energy Technology Data Exchange (ETDEWEB)

    Karas, Thomas H.

    2003-09-01

    On May 19 and 20, 2003, thirty-some members of Sandia staff and management met to discuss the long-term connections between energy and national security. Three broad security topics were explored: I. Global and U.S. economic dependence on oil (and gas); II. Potential security implications of global climate change; and III. Vulnerabilities of the U.S. domestic energy infrastructure. This report, rather than being a transcript of the workshop, represents a synthesis of background information used in the workshop, ideas that emerged in the discussions, and ex post facto analysis of the discussions. Each of the three subjects discussed at this workshop has significant U.S. national security implications. Each has substantial technology components. Each appears a legitimate area of concern for a national security laboratory with relevant technology capabilities. For the laboratory to play a meaningful role in contributing to solutions to national problems such as these, it needs to understand the political, economic, and social environments in which it expects its work to be accepted and used. In addition, it should be noted that the problems of oil dependency and climate change are not amenable to solution by the policies of any one nation--even the one that is currently the largest single energy consumer. Therefore, views, concerns, policies, and plans of other countries will do much to determine which solutions might work and which might not.

  19. Security bingo for administrators

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Have you ever thought about the security of your service(s) or system(s)? Show us and win one of three marvellous books on computer security! Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us at Computer.Security@cern.ch or P.O. Box G19710, by November 14th 2011.   Winners[1] must show us that they follow at least five good practices in a continuous horizontal row, vertical column or diagonal. For details on CERN Computer Security, please consult http://cern.ch/security. My service or system…   …is following a software development life-cycle. …is patched in an automatic and timely fashion. …runs a tightened local ingress/egress firewall. …uses CERN Single-Sign-On (SSO). …has physical access protections in place. …runs all processes / services / applications with least privileges. …has ...

  20. Practical secure quantum communications

    Science.gov (United States)

    Diamanti, Eleni

    2015-05-01

    We review recent advances in the field of quantum cryptography, focusing in particular on practical implementations of two central protocols for quantum network applications, namely key distribution and coin flipping. The former allows two parties to share secret messages with information-theoretic security, even in the presence of a malicious eavesdropper in the communication channel, which is impossible with classical resources alone. The latter enables two distrustful parties to agree on a random bit, again with information-theoretic security, and with a cheating probability lower than the one that can be reached in a classical scenario. Our implementations rely on continuous-variable technology for quantum key distribution and on a plug and play discrete-variable system for coin flipping, and necessitate a rigorous security analysis adapted to the experimental schemes and their imperfections. In both cases, we demonstrate the protocols with provable security over record long distances in optical fibers and assess the performance of our systems as well as their limitations. The reported advances offer a powerful toolbox for practical applications of secure communications within future quantum networks.

  1. Computer Security: Security operations at CERN (4/4)

    CERN Document Server

    CERN. Geneva

    2012-01-01

    Stefan Lueders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and infrastructure control systems against cyber-threats. Subsequently, he joined the CERN Computer Security Incident Response Team and is today heading this team as CERN's Computer Security Officer with the mandate to coordinate all aspects of CERN's computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN's operational needs. Dr. Lueders has presented on these topics at many different occasions to international bodies, governments, and companies, and published several articles. With the prevalence of modern information technologies and...

  2. Design of secure operating systems with high security levels

    Institute of Scientific and Technical Information of China (English)

    QING SiHan; SHEN ChangXiang

    2007-01-01

    Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality,integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated.Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.

  3. Computer Security: professionalism in security, too

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    At CERN, we apply a great deal of dedication and professionalism to all the work we do. This is necessary because of the complexity and sophistication of the devices we deal with. However, when it comes to computer security, we can all agree that there is room for improvement.   In some cases, we’ve observed devices that are connected to our Intranet networks without the adequate level of protection. Also, in order to allow it to be disseminated easily with peers, information is often disclosed on public webpages, sometimes without appropriate consideration of important security-related aspects. Program code is lost due to a lack of proper version control or the use of central storage systems. Systems are brought down by “finger trouble”, confusing the right and wrong IP addresses. Software or system development is done directly on production devices, impinging on their proper operation up to the point where the system grinds to a halt. Applications full of useful fe...

  4. Ethics and European security

    Energy Technology Data Exchange (ETDEWEB)

    Paskins, B.

    1986-01-01

    The alliance between the United States and her NATO partners has been strained severely in the last few years. American perceptions of European disloyalty and European impressions of American assertiveness and lack of judgment have played a large part in generating tensions between the allies and emphasising the new peace movements. This book is an attempt to develop a broader understanding of the problem of European security based on Christian ethics. There are disagreements and differences of emphasis among the contributors but they have in common the view that an exclusive preoccupation with the military dimension is damagingly one-sided. Instead the contributors argue that moral and theological concerns are a vital part of the politics and mechanics of European security and must be incorporated in any effort to devise new policies for security in Europe and the West.

  5. FOOD SECURITY IN ROMANIA

    Directory of Open Access Journals (Sweden)

    Silviu STANCIU

    2015-12-01

    Full Text Available The increasing world population, the limitation of the natural availability for food production, the climate issues and the food consumption need for modification imposed a continuous updating of the food security concept. Although Romania has sufficient natural resources, which may ensure, by means of proper exploitation, the population’s food needs, the lack of a unitary approach at the government level, materialized in the dependence on imports and in fluctuations in the agro-food production, leads to a re-evaluation of national food needs. National food security may be affected by a series of risks and threats, which appeared due to an imbalance connected with the availability, the utility and the stability of the agro-food sector, interdependent elements that must be functional. The present article proposes an analysis of food security in Romania, with a short presentation of the concept in an international context.

  6. Machine Learning for Security

    CERN Document Server

    CERN. Geneva

    2015-01-01

    Applied statistics, aka ‘Machine Learning’, offers a wealth of techniques for answering security questions. It’s a much hyped topic in the big data world, with many companies now providing machine learning as a service. This talk will demystify these techniques, explain the math, and demonstrate their application to security problems. The presentation will include how-to’s on classifying malware, looking into encrypted tunnels, and finding botnets in DNS data. About the speaker Josiah is a security researcher with HP TippingPoint DVLabs Research Group. He has over 15 years of professional software development experience. Josiah used to do AI, with work focused on graph theory, search, and deductive inference on large knowledge bases. As rules only get you so far, he moved from AI to using machine learning techniques identifying failure modes in email traffic. There followed digressions into clustered data storage and later integrated control systems. Current ...

  7. Dying for security

    Directory of Open Access Journals (Sweden)

    Buchan, Bruce

    2011-01-01

    Full Text Available If political statements and media coverage are any guide, it seems Australians today are dying for security. At no other moment in our history has the spectre of war and terrorism so haunted popular, political and scholarly perceptions of Australia’s colonial past and of its geopolitical future. And yet, debates over colonial war or genocide and contemporary terrorism have been conducted in more or less complete isolation. In this article I argue that our contemporary obsession with ‘security’ is premised on the perennial threat of ‘insecurity’. This is the problem of in/security, and it has played a central role in the development of Western political thought. More importantly, its formulation in Western political thought provided a powerful justification for the violence of the early decades of Australia’s colonisation during which Indigenous Australians could also be said to have been dying for security.

  8. Dying for Security

    Directory of Open Access Journals (Sweden)

    Bruce Buchan

    2011-03-01

    Full Text Available If political statements and media coverage are any guide, it seems Australians today are dying for security. At no other moment in our history has the spectre of war and terrorism so haunted popular, political and scholarly perceptions of Australia’s colonial past and of its geopolitical future. And yet, debates over colonial war or genocide and contemporary terrorism have been conducted in more or less complete isolation. In this article I argue that our contemporary obsession with ‘security’ is premised on the perennial threat of ‘insecurity’. This is the problem of in/security, and it has played a central role in the development of Western political thought. More importantly, its formulation in Western political thought provided a powerful justification for the violence of the early decades of Australia’s colonisation during which Indigenous Australians could also be said to have been dying for security.

  9. What Price Security?

    Directory of Open Access Journals (Sweden)

    Donald C. Masters

    2009-01-01

    Full Text Available This article presents a critique of the Copenhagen Consensus Center's(CCC exhaustive study on transnational terrorism, published in 2008.The implications of this study are controversial, yet highly relevant in today's economic environment. The Obama administration must come toterms with fiscal realities that will challenge budget priorities and invigorate what will undoubtedly prove to be tough negotiations on Capitol Hill for homeland security dollars. It is proposed here that standard economic tools such as benefit cost analysis, cost effectiveness criteria, and simulation models can help identify areas where security can be either extended or improved using fewer resources. Greater movement towards competitive procurement practices will also result in lower costs and higher returns on security investments.

  10. Secure medical digital libraries.

    Science.gov (United States)

    Papadakis, I; Chrissikopoulos, V; Polemi, D

    2001-12-01

    In this paper, a secure medical digital library is presented. It is based on the CORBA specifications for distributed systems. The described approach relies on a three-tier architecture. Interaction between the medical digital library and its users is achieved through a Web server. The choice of employing Web technology for the dissemination of medical data has many advantages compared to older approaches, but also poses extra requirements that need to be fulfilled. Thus, special attention is paid to the distinguished nature of such medical data, whose integrity and confidentiality should be preserved at all costs. This is achieved through the employment of Trusted Third Parties (TTP) technology for the support of the required security services. Additionally, the proposed digital library employs smartcards for the management of the various security tokens that are used from the above services.

  11. Unfalsifiability of security claims.

    Science.gov (United States)

    Herley, Cormac

    2016-06-01

    There is an inherent asymmetry in computer security: Things can be declared insecure by observation, but not the reverse. There is no observation that allows us to declare an arbitrary system or technique secure. We show that this implies that claims of necessary conditions for security (and sufficient conditions for insecurity) are unfalsifiable. This in turn implies an asymmetry in self-correction: Whereas the claim that countermeasures are sufficient is always subject to correction, the claim that they are necessary is not. Thus, the response to new information can only be to ratchet upward: Newly observed or speculated attack capabilities can argue a countermeasure in, but no possible observation argues one out. Further, when justifications are unfalsifiable, deciding the relative importance of defensive measures reduces to a subjective comparison of assumptions. Relying on such claims is the source of two problems: once we go wrong we stay wrong and errors accumulate, and we have no systematic way to rank or prioritize measures.

  12. Port and Harbor Security

    Energy Technology Data Exchange (ETDEWEB)

    Saito, T; Guthmuller, H; DeWeert, M

    2004-12-15

    Port and Harbor Security is a daunting task to which optics and photonics offers significant solutions. We are pleased to report that the 2005 Defense and Security Symposium (DSS, Orlando, FL) will include reports on active and passive photonic systems operating from both airborne and subsurface platforms. In addition to imaging techniques, there are various photonic applications, such as total internal reflection fluorescence (TIRF), which can be used to ''sniff'' for traces of explosives or contaminants in marine. These non-imaging technologies are beyond the scope of this article, but will also be represented at DSS 2005. We encourage colleagues to join our technical group to help us to make our ports and harbors safer and more secure.

  13. Pragmatic security metrics applying metametrics to information security

    CERN Document Server

    Brotby, W Krag

    2013-01-01

    Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to

  14. Enterprise Mac Security Mac OS X Snow Leopard Security

    CERN Document Server

    Edge, Stephen Charles; Hunter, Beau; Sullivan, Gene; LeBlanc, Dee-Ann

    2010-01-01

    A common misconception in the Mac community is that Mac's operating system is more secure than others. While this might be true in certain cases, security on the Mac is still a crucial issue. When sharing is enabled or remote control applications are installed, Mac OS X faces a variety of security threats. Enterprise Mac Security: Mac OS X Snow Leopard is a definitive, expert-driven update of the popular, slash-dotted first edition and was written in part as a companion to the SANS Institute course for Mac OS X. It contains detailed Mac OS X security information, and walkthroughs on securing s

  15. Enterprise security IT security solutions : concepts, practical experiences, technologies

    CERN Document Server

    Fumy, Walter

    2013-01-01

    Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr

  16. Cyber Security Evaluation Tool

    Energy Technology Data Exchange (ETDEWEB)

    2009-08-03

    CSET is a desktop software tool that guides users through a step-by-step process to assess their control system network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cyber security posture of your organization’s ICS or enterprise network. CSET derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

  17. Security electronics circuits manual

    CERN Document Server

    MARSTON, R M

    1998-01-01

    Security Electronics Circuits Manual is an invaluable guide for engineers and technicians in the security industry. It will also prove to be a useful guide for students and experimenters, as well as providing experienced amateurs and DIY enthusiasts with numerous ideas to protect their homes, businesses and properties.As with all Ray Marston's Circuits Manuals, the style is easy-to-read and non-mathematical, with the emphasis firmly on practical applications, circuits and design ideas. The ICs and other devices used in the practical circuits are modestly priced and readily available ty

  18. Secure cloud computing

    CERN Document Server

    Jajodia, Sushil; Samarati, Pierangela; Singhal, Anoop; Swarup, Vipin; Wang, Cliff

    2014-01-01

    This book presents a range of cloud computing security challenges and promising solution paths. The first two chapters focus on practical considerations of cloud computing. In Chapter 1, Chandramouli, Iorga, and Chokani describe the evolution of cloud computing and the current state of practice, followed by the challenges of cryptographic key management in the cloud. In Chapter 2, Chen and Sion present a dollar cost model of cloud computing and explore the economic viability of cloud computing with and without security mechanisms involving cryptographic mechanisms. The next two chapters addres

  19. Web security a whitehat perspective

    CERN Document Server

    Wu, Hanqing

    2015-01-01

    MY VIEW OF THE SECURITY WORLDView of the IT Security WorldBrief History of Web SecurityBrief History of Chinese HackersDevelopment Process of Hacking TechniquesRise of Web SecurityBlack Hat, White HatBack to Nature: The Essence of Secret SecuritySuperstition: There Is No Silver BulletSecurity Is an Ongoing ProcessSecurity ElementsHow to Implement Safety AssessmentAsset ClassificationThreat AnalysisRisk AnalysisDesign of Security ProgramsArt of War of White HatPrinciples of Secure by DefaultBlacklist, WhitelistPrinciple of Least PrivilegePrinciple of Defense in DepthPrinciples of Data and Code

  20. Process Expression of Security Automaton

    Institute of Scientific and Technical Information of China (English)

    2007-01-01

    Security is an essential aspect for mobile systems. Usually, mobile system modeling and its security policies specification are realized in different techniques. So when constructed a mobile system using formal methods it is difficult to verify if the system comply with any given security policies. A method was introduced to express security automata which specifying enforceable security policies as processes in an extended π-calculus. In this extended π-calculus, an exception termination process was introduced, called bad. Any input which violating a security automaton will correspond to a step of transformation of the process that specifying the security automaton to exception termination process. Our method shows that any security automata which specifying enforceable security policies would decide a process in the extended π-calculus.

  1. Software Security Requirements Gathering Instrument

    Directory of Open Access Journals (Sweden)

    Smriti Jain

    2011-08-01

    Full Text Available Security breaches are largely caused by the vulnerable software. Since individuals and organizations mostly depend on softwares, it is important to produce in secured manner. The first step towards producing secured software is through gathering security requirements. This paper describes Software Security Requirements Gathering Instrument (SSRGI that helps gather security requirements from the various stakeholders. This will guide the developers to gather security requirements along with the functional requirements and further incorporate security during other phases of software development. We subsequently present case studies that describe the integration of the SSRGI instrument with Software Requirements Specification (SRS document as specified in standard IEEE 830-1998. Proposed SSRGI will support the software developers in gathering security requirements in detail during requirements gathering phase.

  2. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    The purpose of this report is to clarify the challenges associated with storage for secure enclaves. The major focus areas for the report are: - review of relevant parallel filesystem technologies to identify assets and gaps; - review of filesystem isolation/protection mechanisms, to include native filesystem capabilities and auxiliary/layered techniques; - definition of storage architectures that can be used for customizable compute enclaves (i.e., clarification of use-cases that must be supported for shared storage scenarios); - investigate vendor products related to secure storage. This study provides technical details on the storage and filesystem used for HPC with particular attention on elements that contribute to creating secure storage. We outline the pieces for a a shared storage architecture that balances protection and performance by leveraging the isolation capabilities available in filesystems and virtualization technologies to maintain the integrity of the data. Key Points: There are a few existing and in-progress protection features in Lustre related to secure storage, which are discussed in (Chapter 3.1). These include authentication capabilities like GSSAPI/Kerberos and the in-progress work for GSSAPI/Host-keys. The GPFS filesystem provides native support for encryption, which is not directly available in Lustre. Additionally, GPFS includes authentication/authorization mechanisms for inter-cluster sharing of filesystems (Chapter 3.2). The limitations of key importance for secure storage/filesystems are: (i) restricting sub-tree mounts for parallel filesystem (which is not directly supported in Lustre or GPFS), and (ii) segregation of hosts on the storage network and practical complications with dynamic additions to the storage network, e.g., LNET. A challenge for VM based use cases will be to provide efficient IO forwarding of the parallel filessytem from the host to the guest (VM). There are promising options like para-virtualized filesystems to

  3. Security Situation in Afghanistan

    Institute of Scientific and Technical Information of China (English)

    Fang Jinying

    2006-01-01

    @@ Since the beginning of 2006, the Taliban has intensified its attacks in Afghanistan in various forms, especially in the south.The U.S.-led coalition forces, the NATO-led International Security Assistance Force (ISAF) , and the Afghan Army found themselves constantly be the victims of ambushes, suicide bombings, and roadside blasts.

  4. Environmental Security in Botswana

    Science.gov (United States)

    2011-10-01

    take a generation to recover . For this reason the president of Botswana has made environmental security a national priority and is utilizing a...poachers in late June, 2010. CSL-4 The focus of these seminars has included conservation of ground water, collection of rainwater and overall water

  5. Mastering Mobile Security

    Science.gov (United States)

    Panettieri, Joseph C.

    2007-01-01

    Without proper security, mobile devices are easy targets for worms, viruses, and so-called robot ("bot") networks. Hackers increasingly use bot networks to launch massive attacks against eCommerce websites--potentially targeting one's online tuition payment or fundraising/financial development systems. How can one defend his mobile systems against…

  6. Securing smart grid technology

    Science.gov (United States)

    Chaitanya Krishna, E.; Kosaleswara Reddy, T.; Reddy, M. YogaTeja; Reddy G. M., Sreerama; Madhusudhan, E.; AlMuhteb, Sulaiman

    2013-03-01

    In the developing countries electrical energy is very important for its all-round improvement by saving thousands of dollars and investing them in other sector for development. For Growing needs of power existing hierarchical, centrally controlled grid of the 20th Century is not sufficient. To produce and utilize effective power supply for industries or people we should have Smarter Electrical grids that address the challenges of the existing power grid. The Smart grid can be considered as a modern electric power grid infrastructure for enhanced efficiency and reliability through automated control, high-power converters, modern communications infrastructure along with modern IT services, sensing and metering technologies, and modern energy management techniques based on the optimization of demand, energy and network availability and so on. The main objective of this paper is to provide a contemporary look at the current state of the art in smart grid communications as well as critical issues on smart grid technologies primarily in terms of information and communication technology (ICT) issues like security, efficiency to communications layer field. In this paper we propose new model for security in Smart Grid Technology that contains Security Module(SM) along with DEM which will enhance security in Grid. It is expected that this paper will provide a better understanding of the technologies, potential advantages and research challenges of the smart grid and provoke interest among the research community to further explore this promising research area.

  7. Metaphors for cyber security.

    Energy Technology Data Exchange (ETDEWEB)

    Moore, Judy Hennessey; Parrott, Lori K.; Karas, Thomas H.

    2008-08-01

    This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a variety of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health).

  8. Security for Mobility

    DEFF Research Database (Denmark)

    Nielson, Hanne Riis; Nielson, Flemming; Buchholtz, Mikael

    2004-01-01

    We show how to use static analysis to provide information about security issues related to mobility. First the syntax and semantics of Mobile Ambients is reviewed and we show how to obtain a so-called 0CFA analysis that can be implemented in polynomial time. Next we consider discretionary access...

  9. Security for Mobility

    DEFF Research Database (Denmark)

    Nielson, Hanne Riis; Nielson, Flemming; Buchholtz, Mikael

    2002-01-01

    We show how to use static analysis to provide information about security issues related to mobility. First the syntax and semantics of Mobile Ambients is reviewed and we show how to obtain a so-called 0CFA analysis that can be implemented in polynomial time. Next we consider discretionary access...

  10. Energy and National Security

    Science.gov (United States)

    Abelson, Philip H.

    1973-01-01

    Discussed in this editorial is the need for a broad and detailed government policy on energy use. Oil companies can not be given complete responsibility to demonstrate usage of different energy sources. The government should construct plants because energy is connected with national security. (PS)

  11. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1989-09-01

    Certain governmental information must be classified for national security reasons. However, the national security benefits from classifying information are usually accompanied by significant costs -- those due to a citizenry not fully informed on governmental activities, the extra costs of operating classified programs and procuring classified materials (e.g., weapons), the losses to our nation when advances made in classified programs cannot be utilized in unclassified programs. The goal of a classification system should be to clearly identify that information which must be protected for national security reasons and to ensure that information not needing such protection is not classified. This document was prepared to help attain that goal. This document is the first of a planned four-volume work that comprehensively discusses the security classification of information. Volume 1 broadly describes the need for classification, the basis for classification, and the history of classification in the United States from colonial times until World War 2. Classification of information since World War 2, under Executive Orders and the Atomic Energy Acts of 1946 and 1954, is discussed in more detail, with particular emphasis on the classification of atomic energy information. Adverse impacts of classification are also described. Subsequent volumes will discuss classification principles, classification management, and the control of certain unclassified scientific and technical information. 340 refs., 6 tabs.

  12. Unconditionally Secure Quantum Signatures

    Directory of Open Access Journals (Sweden)

    Ryan Amiri

    2015-08-01

    Full Text Available Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols—signatures based on the Rivest–Adleman–Shamir (RSA algorithm, the digital signature algorithm (DSA, and the elliptic curve digital signature algorithm (ECDSA—are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.

  13. Roadmap on optical security

    NARCIS (Netherlands)

    javidi, B.; Carnicer, A.; Yamaguchi, M.; Nomura, T.; Pérez-Cabré, E.; Millan, M.S.; Nishchal, N.K.; Torroba, R.; Barrera, J.F.; He, W.; Peng, X.; Stern, A.; Rivenson, Y.; Alfalou, A.; Brosseau, C.; Guo, C.; Sheridan, J.T.; Situ, G.; Naruse, M.; Matsumoto, T.; Juvells, I.; Tajahuerce, E.; Lancis, J.; Chen, W.; Chen, X.; Pinkse, P.W.H.; Mosk, A.P.; Markman, A.

    2016-01-01

    Information security and authentication are important challenges facing society. Recent attacks by hackers on the databases of large commercial and financial companies have demonstrated that more research and development of advanced approaches are necessary to deny unauthorized access to critical da

  14. Transatlantic Homeland Security

    DEFF Research Database (Denmark)

    Dalgaard-Nielsen, Anja; Hamilton, Daniel

    This major new study presents both conceptual and practical guidance at a crucial time when intellectual and practical efforts to protect against the new terrorism should move beyond a purely domestic focus. Creating an effective and integrated national homeland security effort is a significant...

  15. Identity Security Awareness

    OpenAIRE

    Philipsen, Nayna C.

    2004-01-01

    Identity theft is an increasing concern when organizations, businesses, and even childbirth educators ask for a client's Social Security number for identification purposes. In this column, the author suggests ways to protect one's identity and, more importantly, decrease the opportunities for identity theft.

  16. Unconditionally Secure Electronic Voting

    Science.gov (United States)

    Otsuka, Akira; Imai, Hideki

    In this chapter, we will show how to achieve unconditional or information-theoretic security in electronic voting with the following property: 1 Even all voters and tallying authorities have unbounded computing power, the distorted integrity of the voting results can be detected and proved incorrect by every honest voter,

  17. Nuclear Security Futures Scenarios.

    Energy Technology Data Exchange (ETDEWEB)

    Keller, Elizabeth James Kistin [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Warren, Drake Edward [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Hayden, Nancy Kay [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Passell, Howard D. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Malczynski, Leonard A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Backus, George A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-01-01

    This report provides an overview of the scenarios used in strategic futures workshops conducted at Sandia on September 21 and 29, 2016. The workshops, designed and facilitated by analysts in Center 100, used scenarios to enable thought leaders to think collectively about the changing aspects of global nuclear security and the potential implications for the US Government and Sandia National Laboratories.

  18. Application Security Automation

    Science.gov (United States)

    Malaika, Majid A.

    2011-01-01

    With today's high demand for online applications and services running on the Internet, software has become a vital component in our lives. With every revolutionary technology comes challenges unique to its characteristics; for online applications, security is one huge concern and challenge. Currently, there are several schemes that address…

  19. Macrosecuritization and Security Constellations

    DEFF Research Database (Denmark)

    Buzan, Barry; Wæver, Ole

    2009-01-01

    the middle and system levels, and asks whether there is not more of substance there than the existing Copenhagen school analyses suggests. It revisits the under-discussed concept of security constellations in Copenhagen school theory, and adds to it the idea of macrosecuritizations as ways of getting...

  20. CYBER SECURITY FOR AIRPORTS

    Directory of Open Access Journals (Sweden)

    Kasthurirangan Gopalakrishnan

    2013-12-01

    Full Text Available In today’s information age, government organizations and business enterprises are heavily relying on interconnected computer systems to manage a variety of public services including energy, transportation, water, etc. While this increased connectivity has many operational advantages benefitting the public, they have also become vulnerable to cyber attacks such as Corporate Security Breaches, Spear Phishing, and Social Media Fraud. The aviation sector is one the critical infrastructure systems that is not only vulnerable to physical threats, but also cyber threats, especially with the increased use of Bring Your Own Device (BYOD at airports. It has been recognized that there is currently no cyber security standards established for airports in the United States as the existing standards have mainly focused on aircraft Control System (CS. This paper summarizes the need, background, ongoing developments and research efforts with respect to the establishment of cyber-security standards and best practices at U.S. airports with special emphasis on cyber security education and literacy.

  1. Job security or employment security : What's in a name?

    NARCIS (Netherlands)

    Zekic, Nuna

    2016-01-01

    The main aim of the article is to survey and conceptualize the place of employment security in labour law, and to explore a number of important legal questions relating to this concept. After scrutinizing the notion of employment security, the author endorses the view that job security that exists o

  2. Model-Based Security Testing

    CERN Document Server

    Schieferdecker, Ina; Schneider, Martin; 10.4204/EPTCS.80.1

    2012-01-01

    Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing,...

  3. International and European Security Law

    Directory of Open Access Journals (Sweden)

    Jonathan Herbach

    2012-02-01

    Full Text Available Security law, or more comprehensively conflict and security law, on the international level represents the intersection of three distinct but interrelated fields: international humanitarian law (the law of armed conflict, jus in bello, the law of collective security (most identified with the United Nations (UN system, jus ad bellum and arms control law (including non-proliferation. Security in this sense is multifaceted - interest security, military security and, as is often referred to in the context of the EU, human security. As such, the law covers a wide range of specific topics with respect to conflict, encompassing the use of force, including choice of weapons and fighting techniques, extending to the rules applicable in peacekeeping and peace enforcement, and yet also dictating obligations outside the context of conflict, such as safeguarding and securing dual-use materials (those with both peaceful and military applications to prevent malicious use.

  4. The future of security training.

    Science.gov (United States)

    Slotnick, Jeffrey A

    2008-01-01

    This article reports on the brave new world of private security training, whether in healthcare or any other industry. It gives details and advice on new requirements, new approaches, and new resources for the forward-looking security director.

  5. Security Information System Digital Simulation

    Directory of Open Access Journals (Sweden)

    Tao Kuang

    2015-01-01

    Full Text Available The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protection is effective and feasible.

  6. Design Methods for Embedded Security

    Directory of Open Access Journals (Sweden)

    I. Verbauwhede

    2009-11-01

    Full Text Available Embedded devices need both an efficient and a secure implementation of cryptographic algorithms. In this overview paper we show a typical top-down approach for secure and efficient implementation of embedded systems. We outline the security pyramid by illustrating the five primary abstraction levels in an embedded system. Focusing only on two levels - architecture and circuit level - we show how the design can be implemented to be both efficient and secure.

  7. Private Security Contractors in Darfur

    OpenAIRE

    Leander, Anna

    2006-01-01

    This article argues that the role of Private Security Contractors in Darfur reflects and reinforces neo-liberal governmentality in contemporary security governance. It is an argument (in line with other articles in this special issue) which is more interested in discussing how the privatization of security alters security practices (including those involving states) than in thinking about their impact on an idealised public monopoly on the use of force. To make its point, the article begins b...

  8. Mobile security and trusted computing

    OpenAIRE

    Mitchell, Chris J.

    2006-01-01

    Some of the most significant security issues arising in the context of ubiquitous mobile computing are reviewed. Emerging technologies which may be able to help overcome these security problems are also described; in particular we consider methods for secure 'imprinting' of mobile devices, techniques proposed for establishing trust between devices with no prior relationship, and finally the relevence of trusted computing technology to mobile security issues.

  9. Security for service oriented architectures

    CERN Document Server

    Williams, Walter

    2014-01-01

    Although integrating security into the design of applications has proven to deliver resilient products, there are few books available that provide guidance on how to incorporate security into the design of an application. Filling this need, Security for Service Oriented Architectures examines both application and security architectures and illustrates the relationship between the two. Supplying authoritative guidance on how to design distributed and resilient applications, the book provides an overview of the various standards that service oriented and distributed applications leverage, includ

  10. Securing mobile code.

    Energy Technology Data Exchange (ETDEWEB)

    Link, Hamilton E.; Schroeppel, Richard Crabtree; Neumann, William Douglas; Campbell, Philip LaRoche; Beaver, Cheryl Lynn; Pierson, Lyndon George; Anderson, William Erik

    2004-10-01

    If software is designed so that the software can issue functions that will move that software from one computing platform to another, then the software is said to be 'mobile'. There are two general areas of security problems associated with mobile code. The 'secure host' problem involves protecting the host from malicious mobile code. The 'secure mobile code' problem, on the other hand, involves protecting the code from malicious hosts. This report focuses on the latter problem. We have found three distinct camps of opinions regarding how to secure mobile code. There are those who believe special distributed hardware is necessary, those who believe special distributed software is necessary, and those who believe neither is necessary. We examine all three camps, with a focus on the third. In the distributed software camp we examine some commonly proposed techniques including Java, D'Agents and Flask. For the specialized hardware camp, we propose a cryptographic technique for 'tamper-proofing' code over a large portion of the software/hardware life cycle by careful modification of current architectures. This method culminates by decrypting/authenticating each instruction within a physically protected CPU, thereby protecting against subversion by malicious code. Our main focus is on the camp that believes that neither specialized software nor hardware is necessary. We concentrate on methods of code obfuscation to render an entire program or a data segment on which a program depends incomprehensible. The hope is to prevent or at least slow down reverse engineering efforts and to prevent goal-oriented attacks on the software and execution. The field of obfuscation is still in a state of development with the central problem being the lack of a basis for evaluating the protection schemes. We give a brief introduction to some of the main ideas in the field, followed by an in depth analysis of a technique called &apos

  11. Securing the Cloud Cloud Computer Security Techniques and Tactics

    CERN Document Server

    Winkler, Vic (JR)

    2011-01-01

    As companies turn to cloud computing technology to streamline and save money, security is a fundamental concern. Loss of certain control and lack of trust make this transition difficult unless you know how to handle it. Securing the Cloud discusses making the move to the cloud while securing your peice of it! The cloud offers felxibility, adaptability, scalability, and in the case of security-resilience. This book details the strengths and weaknesses of securing your company's information with different cloud approaches. Attacks can focus on your infrastructure, communications network, data, o

  12. Communications and information infrastructure security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Communication and Information Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering strategies for protecting the telecommunications sector, wireless security, advanced web based technology for emergency situations. Science and technology for critical infrastructure consequence mitigation are also discussed.

  13. Secure Method Invocation in JASON

    NARCIS (Netherlands)

    Brinkman, Richard; Hoepman, Jaap-Henk

    2002-01-01

    We describe the Secure Method Invocation (SMI) framework implemented for Jason, our Javacard As Secure Objects Networks platform. Jason realises the secure object store paradigm, that reconciles the card-as-storage-element and card-as-processing-element views. In this paradigm, smart cards are viewe

  14. Secure Architectures for Mobile Applications

    Directory of Open Access Journals (Sweden)

    2007-01-01

    Full Text Available The paper presents security issues and architectures for mobile applications and GSM infrastructure. The article also introduces the idea of a new secure architecture for an inter-sector electronic wallet used in payments - STP4EW (Secure Transmission Protocol for Electronic Wallet

  15. Maritime Cyber Security University Research

    Science.gov (United States)

    2016-05-01

    security , the Coast Guard must “improve situational awareness of network operations and appropriately harden systems against cyber attacks” (USCG... security , it must “improve situational awareness of network operations and appropriately harden systems against cyber attacks” (USCG Cyber...i Classification | CG-926 RDC | author | audience | month year Maritime Cyber Security University Research Phase I - Final Report

  16. Security procedures in wireless networks

    Institute of Scientific and Technical Information of China (English)

    郑光

    2009-01-01

    In the paper, we will introduce the mechanisms and the weaknesses of the Wired Equivalent Privacy (WEP) and 802.1 li security procedures in the wireless networks. After that, the Wi-Fi Protected Access (WPA), a standards-based security mechanism that can eliminate most of 802.11 security problems will be introduced.

  17. Secure computing, economy, and trust

    DEFF Research Database (Denmark)

    Bogetoft, Peter; Damgård, Ivan B.; Jakobsen, Thomas

    In this paper we consider the problem of constructing secure auctions based on techniques from modern cryptography. We combine knowledge from economics, cryptography and security engineering and develop and implement secure auctions for practical real-world problems. In essence this paper is an o...

  18. 49 CFR 1542.205 - Security of the security identification display area (SIDA).

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Security of the security identification display... (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.205 Security of the security identification display area (SIDA)....

  19. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    The purpose of this report is to clarify the challenges associated with storage for secure enclaves. The major focus areas for the report are: - review of relevant parallel filesystem technologies to identify assets and gaps; - review of filesystem isolation/protection mechanisms, to include native filesystem capabilities and auxiliary/layered techniques; - definition of storage architectures that can be used for customizable compute enclaves (i.e., clarification of use-cases that must be supported for shared storage scenarios); - investigate vendor products related to secure storage. This study provides technical details on the storage and filesystem used for HPC with particular attention on elements that contribute to creating secure storage. We outline the pieces for a a shared storage architecture that balances protection and performance by leveraging the isolation capabilities available in filesystems and virtualization technologies to maintain the integrity of the data. Key Points: There are a few existing and in-progress protection features in Lustre related to secure storage, which are discussed in (Chapter 3.1). These include authentication capabilities like GSSAPI/Kerberos and the in-progress work for GSSAPI/Host-keys. The GPFS filesystem provides native support for encryption, which is not directly available in Lustre. Additionally, GPFS includes authentication/authorization mechanisms for inter-cluster sharing of filesystems (Chapter 3.2). The limitations of key importance for secure storage/filesystems are: (i) restricting sub-tree mounts for parallel filesystem (which is not directly supported in Lustre or GPFS), and (ii) segregation of hosts on the storage network and practical complications with dynamic additions to the storage network, e.g., LNET. A challenge for VM based use cases will be to provide efficient IO forwarding of the parallel filessytem from the host to the guest (VM). There are promising options like para-virtualized filesystems to

  20. Nanotechnology in the Security

    CERN Document Server

    Kruchinin, Sergei

    2015-01-01

    The topics discussed at the NATO Advanced Research Workshop "Nanotechnology in the Security Systems" included nanophysics,   nanotechnology,  nanomaterials, sensors, biosensors security systems, explosive  detection . There have been many significant advances in the past two years and some entirely new directions of research are just opening up. Recent advances in nanoscience have demonstrated that fundamentally new physical phenomena  are found when systems are reduced in size with  dimensions, comparable to the fundamental microscopic  length scales of the investigated material. Recent developments in nanotechnology and measurement techniques now allow experimental investigation of transport properties of nanodevices. This work will be of interest to researchers working in spintronics, molecular electronics and quantum information processing.

  1. Keeping electronic records secure.

    Science.gov (United States)

    Easton, David

    2013-10-01

    Are electronic engineering maintenance records relating to the hospital estate or a medical device as important as electronic patient records? Computer maintenance management systems (CMMS) are increasingly being used to manage all-round maintenance activities. However, the accuracy of the data held on them, and a level of security that prevents tampering with records, or other unauthorised changes to them to 'cover' poor practice, are both essential, so that, should an individual be injured or killed on hospital grounds, and a law suit follow, the estates team can be confident that it has accurate data to prove it has fulfilled its duty of care. Here David Easton MSc CEng FIHEEM MIET, director of Zener Engineering Services, and chair of IHEEM's Medical Devices Advisory Group, discusses the issues around maintenance databases, and the security and integrity of maintenance data.

  2. CLOUD COMPUTING AND SECURITY

    Directory of Open Access Journals (Sweden)

    Asharani Shinde

    2015-10-01

    Full Text Available This document gives an insight into Cloud Computing giving an overview of key features as well as the detail study of exact working of Cloud computing. Cloud Computing lets you access all your application and documents from anywhere in the world, freeing you from the confines of the desktop thus making it easier for group members in different locations to collaborate. Certainly cloud computing can bring about strategic, transformational and even revolutionary benefits fundamental to future enterprise computing but it also offers immediate and pragmatic opportunities to improve efficiencies today while cost effectively and systematically setting the stage for the strategic change. As this technology makes the computing, sharing, networking easy and interesting, we should think about the security and privacy of information too. Thus the key points we are going to be discussed are what is cloud, what are its key features, current applications, future status and the security issues and the possible solutions.

  3. Securing the Digital Economy

    Directory of Open Access Journals (Sweden)

    Valentin P. MĂZĂREANU

    2010-01-01

    Full Text Available The Digital economy has naturally led to thereconfiguration of communication and information processes.These processes are depending on the computer, starting fromthe personal one and reaching to computer networks, whetherlocal, metropolitan or global. These led to the development ofsuch information systems able to communicate information,systems that must also ensure the security of communicationsbetween computers within the company, but also betweencomputers of different parties, outside the company. As thecommunication between computers in the network has evolvedto electronic funds transfer (EFT, digital money andcommunication of personal data, internet banking, etc., theimportance of security issues of data transmitted over thenetwork also has increased. Even more as the network hasevolved into a “wireless” one.

  4. BUSINESS INTELLIGENCE SECURITY

    Directory of Open Access Journals (Sweden)

    Dragoş Ovidiu TOFAN

    2016-11-01

    Full Text Available Excess information characteristic to the current environment leads to the need for a change of the organizations’ perspective and strategy not only through the raw data processing, but also in terms of existing applications generating new information. The overwhelming evolution of digital technologies and web changes led to the adoption of new and adapted internal policies and the emergence of regulations at level of governments or different social organisms. Information security risks arising from the current dynamics demand fast solutions linked to hardware, software and also to education of human resources. Business Intelligence (BI solutions have their specific evolution in order to bring their contribution to ensure the protection of data through specific components (Big Data, cloud, analytics. The current trend of development of BI applications on mobile devices brings with it a number of shortcomings related to information security and require additional protective measure regarding flows, specific processing and data storage.

  5. Household food security, Ghana.

    Science.gov (United States)

    Tetebo, R

    1997-12-01

    Two major projects incorporating household food security components have been implemented since the ICN. The first is a UNICEF-funded project that addresses community participation in development. The second is a FAO-funded project: "Promoting Household Food Security and Improving Nutrition through Nutrition Education and Training." This project examines the effects of processing and storage procedures on the nutrient quality of traditional and indigenous fruits and vegetables. It is a young project, but much is being learned from it. Other projects aim to minimize food wastage during processing and storage by developing new processing machinery for use by rural households. Women's issues have become central since the ICN and there is increased support from both government and nongovernment sources to help women with food production and processing.

  6. THz and Security Applications

    CERN Document Server

    Sizov, Fedir; Detectors, Sources and Associated Electronics for THz Applications

    2014-01-01

    These proceedings comprise invited papers from highly experienced researchers in THz technology and security applications. THz detection of explosives represents one of the most appealing technologies to have recently emerged in dealing with terrorist attacks encountered by civil security and military forces throughout the world. Discussed are the most advanced technologies and developments, the various points of operational strength and weaknesses as well as are suggestions and predictions the best technological solutions to  overcome current operational limits.  The current status of various levels of cooling in THz detectors, sources and associated electronics are also addressed. The goal was to provide a clear view on the current technologies available and the required advances needed in order to achieve more efficient systems. This goal was outlined in part by establishing the baseline of current uncertainty estimations in physics-based modelling and the identification of key areas which require additi...

  7. Enhancing QR Code Security

    OpenAIRE

    Zhang, Linfan; Zheng, Shuang

    2015-01-01

    Quick Response code opens possibility to convey data in a unique way yet insufficient prevention and protection might lead into QR code being exploited on behalf of attackers. This thesis starts by presenting a general introduction of background and stating two problems regarding QR code security, which followed by a comprehensive research on both QR code itself and related issues. From the research a solution taking advantages of cloud and cryptography together with an implementation come af...

  8. Austrian Social Security Database

    OpenAIRE

    Zweimüller, Josef; Winter-Ebmer, Rudolf; Lalive, Rafael; Kuhn, Andreas; Wuellrich, Jean-Philippe; Ruf, Oliver; Büchi, Simon

    2009-01-01

    The Austrian Social Security Database (ASSD) is a matched firm-worker data set, which records the labor market history of almost 11 million individuals from January 1972 to April 2007. Moreover, more than 2.2 million firms can be identified. The individual labor market histories are described in the follow- ing dimensions: very detailed daily labor market states and yearly earnings at the firm-worker level, together with a limited set of demographic characteris- tics. Additionally the ASSD pr...

  9. Systems Security Engineering

    Science.gov (United States)

    2010-08-22

    Information Directorate Lori A. Clarke, University of Massachusetts John F. Clem, Sandia National Laboratories Germain Creamer , Stevens Institute...GMU Jo Ann Grout, MITRE Rebecca Horton, Sandia National Labs Havlicek Jeff, USAF Scott Lucero, OSD William Martin , National Security Agency...Frameworks – Peter Beling, University of Virginia 4:30 pm - 5:00 pm Forecasting Systemic Risk for US Financial Markets – German G. Creamer , Khaldoun M

  10. Energy Security In Jordan

    Science.gov (United States)

    2015-12-01

    Global .78 After all, Jordan possesses upwards of 70 billion tonnes of oil shale.79 According to its 2007 energy strategy document, Jordan had hoped oil...shipping, make resource allocation more efficient, and enhance energy security for the global market . Moreover, the potentiality of these... strategy of the Hashemite Kingdom of Jordan, as formulated and executed by the Ministry of Energy and Mineral Resources, will help the country achieve

  11. Information Technology and Security

    OpenAIRE

    Denning, Dorothy E.

    2003-01-01

    in Grave New World: Global Dangers in the 21st Century (Michael Brown ed.), Georgetown Press, 2003. (.pdf of prepublication version) This paper examines key trends and developments in information technology, and the implications of those developments on stability and security. Focus is on cyber threats to computer networks, including information theft and sabotage, and acts that disrupt or deny services. Seven trend areas are examined: ubiquity, mobility, hacking tools, perform...

  12. Virtual World Security Inspection

    Directory of Open Access Journals (Sweden)

    Nicholas Charles Patterson

    2012-06-01

    Full Text Available Virtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.

  13. Port Security Strategy 2012

    Science.gov (United States)

    2007-06-15

    Robert Harney Professor Wayne Hughes CAPT (Ret) Jeffrey Kline Professor Daniel Nussbaum Professor Bard Mansager Professor Doyle Daughtry...will use a mathematical model based on Mr. Robert Anthony’s analysis of the deterrence against the 9/11 terrorists was used [67]. For control access...Evaluating IT Security Investments. Communications of the ACM, 47(7), 87-92. [69] Jones, D.A., Davis, C.E., Turnquist, M.A., Nozick , L.K. (2006

  14. Allegiance: Egypt Security Forces

    Science.gov (United States)

    2013-12-01

    Georgia Southern University, 2001 Submitted in partial fulfillment of the requirements for the degree of MASTER OF ARTS IN SECURITY STUDIES...MIDDLE EAST, SOUTH ASIA , SUB-SAHARAN AFRICA) from the NAVAL POSTGRADUATE SCHOOL December 2013 Author: Christopher S. Read...population of mobilization. In 2013, the symbol of a raised hand with four fingers extended and a bent thumb crossing the palm has become a symbol of the

  15. Rethinking National Security

    Science.gov (United States)

    1990-10-01

    1989. (U 162 .H29 1989) Hanrieder. Wolfram F., ed. Global Peace and Security: Trend# and Challone . Boulder: Westvlew, 1987. (JX 1952 .G0538 1987...41. Haley. P. Iduard. and Jack Merritt. Nuclear Itratefl, &M Cotl. sA hs Lalut. Boulder: Uestview, 19868. (U 263 .1765 1988) Halloran. Bernard F.. ed...press, Stanford University, 1987. (UA 23 .W38934 1987) Weinberg, Alvin Martin, and Jack N. Barkenbus. Stratojlc Defenses adn AM Con New York: Paragon

  16. Energy Security and Turkey

    Science.gov (United States)

    2008-12-01

    Russia - Ukraine Gas Crisis,” Center for Eurasian Strategis Studies ( ASAM ), Ankara, Turkey, April 21, 2008, www.asam.org.tr/temp/temp111.doc...Necdet Pamir. “Energy in Security and the Most Recent Lesson: The Russia - Ukraine Gas Crisis,” Center for Eurasian Strategis Studies ( ASAM ), Ankara...Crisis,” Center for Eurasian Strategis Studies ( ASAM ), Ankara, Turkey, April 21, 2008, www.asam.org.tr/temp/temp111.doc (accessed May 21, 2008). 53

  17. Food Security in Azerbaijan

    Institute of Scientific and Technical Information of China (English)

    Kamran Ismayilov

    2009-01-01

    @@ In the 21st century the society got some achievements in technological,education,economic,social-political,cultural and etc.sectors.But society couldn't solve fully the food security problem yet.According to the information given by FAO if in 1970 there were 400 billion hungry people in the world,in 2008 the number of hungry people was doubled and increased to 800 billion people.

  18. Extending Eurasia Security Cooperation

    Institute of Scientific and Technical Information of China (English)

    2015-01-01

    After 14 years of development, the Shanghai Cooperation Organization (SCO) , has set its sights on goals for the next de-cade at the 15th meeting of the Council of SCO Heads of State that was held in Ufa, the capital of Russia's Bashkortostan Republic, on July 9-10. The SCO, established in Shanghai in 2001, is committed to building fdendly neighbor rela- tions and maintaining security and stability in the Central Asian region through multilateral cooperation.

  19. Mongolia's search for security

    OpenAIRE

    Donrov, Ganbaatar

    2001-01-01

    Approved for public release, distribution is unlimited Mongolia entered a new security environment with the end of the Cold War. The demise of the Soviet Union and withdrawal of Soviet troops from its territory have presented opportunities and challenges for Mongolia. On the positive side, Mongolia has broken free from its narrow geostrategic framework and is now charting its own future by pursuing a more balanced policy toward Russia and China and exploring the opportunities for closer ti...

  20. New computer security campaign

    CERN Multimedia

    Alizée Dauvergne

    2010-01-01

    A new campaign is taking shape to promote computer security. The slogan “SEC_RITY is not complete without U!” reminds users of the importance of their contribution. The campaign kicks off on 10 June with a public awareness day in the Council Chamber.   The new campaign, organised by CERN’s computer security team, will focus on prevention and involving the user. “This is an education and awareness-raising campaign for all users at CERN,” explains Stefan Lueders, in charge of computer security. “Every day, we register thousands of computer attacks against CERN: there are attempts to tamper with web pages, hack into user accounts, take over servers, and much more. A successful attack could mean confidential user information being divulged, services being interrupted or data being lost. It could even affect operations at CERN. Another factor is the damage that a successful attack could inflict on the Organization’s reputation. &...

  1. DIRAC distributed secure framework

    Science.gov (United States)

    Casajus, A.; Graciani, R.; LHCb DIRAC Team

    2010-04-01

    DIRAC, the LHCb community Grid solution, provides access to a vast amount of computing and storage resources to a large number of users. In DIRAC users are organized in groups with different needs and permissions. In order to ensure that only allowed users can access the resources and to enforce that there are no abuses, security is mandatory. All DIRAC services and clients use secure connections that are authenticated using certificates and grid proxies. Once a client has been authenticated, authorization rules are applied to the requested action based on the presented credentials. These authorization rules and the list of users and groups are centrally managed in the DIRAC Configuration Service. Users submit jobs to DIRAC using their local credentials. From then on, DIRAC has to interact with different Grid services on behalf of this user. DIRAC has a proxy management service where users upload short-lived proxies to be used when DIRAC needs to act on behalf of them. Long duration proxies are uploaded by users to a MyProxy service, and DIRAC retrieves new short delegated proxies when necessary. This contribution discusses the details of the implementation of this security infrastructure in DIRAC.

  2. Secure Web Developers Needed!

    CERN Multimedia

    Computer Security Team

    2012-01-01

    You’re about to launch a new website? Cool!! With today’s web programming languages like PHP, Java, Python or Perl, complex websites can be created, easily fulfilling all your use cases. But hold on. Did you ever think about how easily this can be abused? Attackers today are already using automatic tools which can quickly and easily find and exploit vulnerable web applications.   Web applications often suffer from security vulnerabilities, i.e. design flaws or programming bugs that remained undetected during the whole software development cycle. In production these vulnerabilities become security holes, providing an opportunity for exploitation, and can pose immense security risks (and there is no reason to believe that CERN is immune to this). The costs associated with eliminating these bugs could be loosely described by the "1:10:100 rule", i.e. the relative costs for fixing are 1:10:100 for fixing them in the programming:testing:production phases. Thus, the...

  3. 76 FR 34761 - Classified National Security Information

    Science.gov (United States)

    2011-06-14

    ... Classified National Security Information AGENCY: Marine Mammal Commission. ACTION: Notice. SUMMARY: This... information, as directed by Information Security Oversight Office regulations. FOR FURTHER INFORMATION CONTACT..., ``Classified National Security Information,'' and 32 CFR part 2001, ``Classified National Security......

  4. The cost of IT security.

    Science.gov (United States)

    McMillan, Mac

    2015-04-01

    Breaches in data security have become commonplace in health care, making IT security a necessary cost for healthcare organizations. Organizations that do not invest proactively in IT security face a significant risk of incurring much greater costs from incidents involving compromised data security. Direct costs of security breaches include the costs of discovery, response, investigation, and notification and also can include state or federal penalties and costs of compliance with corrective action plans and resolution agreements. Hidden costs can include damage to brand, loss of consumer confidence, reduced HCAHPS scores, and--by extension--reduced value-based purchasing payments.

  5. Emerging trends in ICT security

    CERN Document Server

    Akhgar, Babak

    2013-01-01

    Emerging Trends in ICT Security, an edited volume, discusses the foundations and theoretical aspects of ICT security; covers trends, analytics, assessments and frameworks necessary for performance analysis and evaluation; and gives you the state-of-the-art knowledge needed for successful deployment of security solutions in many environments. Application scenarios provide you with an insider's look at security solutions deployed in real-life scenarios, including but limited to smart devices, biometrics, social media, big data security, and crowd sourcing. Provides a multidisciplinary approach

  6. Security basics for computer architects

    CERN Document Server

    Lee, Ruby B

    2013-01-01

    Design for security is an essential aspect of the design of future computers. However, security is not well understood by the computer architecture community. Many important security aspects have evolved over the last several decades in the cryptography, operating systems, and networking communities. This book attempts to introduce the computer architecture student, researcher, or practitioner to the basic concepts of security and threat-based design. Past work in different security communities can inform our thinking and provide a rich set of technologies for building architectural support fo

  7. The Quest for Sustainable Security

    Institute of Scientific and Technical Information of China (English)

    2010-01-01

    Since the beginning of the 21st century,non-tra-ditional security problems have become significant threats to world peace.These include economic,financial and information security,terrorism,drug trafficking,transnational crime and infectious dis-eases.In this article for Beijing Review,Liu Jiangyong,a professor with Tsinghua University’s Institute of International Studies,introduces a new security concept-"sustainable security." In his view,as traditional and non-traditional security threats become interwoven,the concept is gaining prominence on international agendas.Edited excerpts follow

  8. Information security principles and practice

    CERN Document Server

    Stamp, Mark

    2011-01-01

    Now updated-your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a pract

  9. Croatian bank investments in securities

    Directory of Open Access Journals (Sweden)

    Antun Jurman

    2005-12-01

    Full Text Available In this paper the author presents the basic characteristics of debt securities and shares and analyses the amount, structure and characteristics of the securities portfolio in Croatian banks in period from 1993 to 2004. The analysis shows that in the entire analyzed period Republic of Croatia together with state funds and other public institutions was the main issuer of securities that banks have in their portfolios. The securities issued by banks and companies represent only a marginal part of banks’ portfolios but it is also true that banks have strongly supported the privatization process of state owned companies by providing credit for purchasing of shares and later on swapping their credit claims for shares. In this way banks acquired a significant portfolio of shares that they later sold on the open market. Data about the significant reduction of securities portfolio in the banking assets structure, from 46.1% in 1993 to only 10.6% in 2004, is indicative of a low level of trading in securities. This means that in the following years, central and local government should secure the necessary funds more by issuing securities than by credit, especially not by taking credit from abroad. Furthermore, in order to spread business with securities, banks should also substitute a portion of their credit portfolio with short and long term securities. In this way, the investors would be able to use the benefits of investing in securities instead of investing their funds in bank deposits as they have done until now.

  10. Health Security and Risk Aversion.

    Science.gov (United States)

    Herington, Jonathan

    2016-09-01

    Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy.

  11. Medical network security and viruses.

    Science.gov (United States)

    Fernandez Del Val, C

    1991-01-01

    Medical network as connecting Hospital Information Systems are needed in order to exchange, compare and make accessible data. The use of OSI standard communication protocols (open-network environment) will allow to interconnect multiple vendor systems and to accommodate a wide range of underlaying of communication technologies. The security of information on a given host may become dependent of the security measures employed by the network and by other hosts. Computer viruses modifies the executable code and thrive in network environment filled with personal computers and third-party software. Most networks and computers, permit users to share files; this, let the viruses to bypass the security mechanisms of almost every commercial operating system. However, computer viruses axes not the only threat to the information in a network environment. Other as deliberate (passive attacks -wire-tapping-) and accidental threat (unauthorized access to the information) are potential risks to the security information. Cryptographic techniques that now are widely used can resolve the external security problems of the network and improve the internal security ones. This paper begins describing the threats to security that arise in an open-network environment, and goes to establish the security requirements of medical communication networks. This is followed by a description of security services as: confidentiality, integrity, authentication, access control, etc., that will be provided to include security mechanisms in such network. The integration of these security mechanisms into the communication protocols allows to implement secure communication systems that not only must provide the adequate security, but also must minimize the impact of security on other features as for example the efficiency. The remainder of the paper describes how the security mechanisms are formed using current cryptographic facilities as algorithms, one-way functions, cryptographic systems (symmetric

  12. Software Security and the "Building Security in Maturity" Model

    CERN Document Server

    CERN. Geneva

    2011-01-01

    Using the framework described in my book "Software Security: Building Security In" I will discuss and describe the state of the practice in software security. This talk is peppered with real data from the field, based on my work with several large companies as a Cigital consultant. As a discipline, software security has made great progress over the last decade. Of the sixty large-scale software security initiatives we are aware of, thirty-two---all household names---are currently included in the BSIMM study. Those companies among the thirty-two who graciously agreed to be identified include: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo. The BSIMM was created by observing and analyzing real-world data from thirty-two leading software security initiatives. The BSIMM can...

  13. Information Security Service Branding – beyond information security awareness

    Directory of Open Access Journals (Sweden)

    Rahul Rastogi

    2012-12-01

    Full Text Available End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, it is vital to improve the image of information security in the minds of end-users. This paper borrows the concepts of brands and branding from the domain of marketing to achieve this objective and applies these concepts to information security. The paper also describes a process for creating the information security service brand in the organization.

  14. M-Banking Security - a futuristic improved security approach

    Directory of Open Access Journals (Sweden)

    Aaradhana A Deshmukh

    2010-01-01

    Full Text Available In last few decades large technology development raised various new needs. Financial sector has also no exception. People are approaching all over the world to fulfill there dreams. Any sector needs to understand changing need of customer. In order to satisfy financial need for customer banks are taking help of new technology such as internet. Only problem remain is of security. The aim of this work is to provide a secure environment in terms of security for transaction by various ways. In order to improve security we are making use of "Steganography" technique in the way never used before. Task of enhancing security include construction of formula for both data encryption and also for hiding pattern. Server should not process any fake request hence concept of custom "Session id" and "Request id" is introduced. Implementation of such a security constraints in banking sector not only help to serve customer in better way but also make customer confident and satisfy.

  15. M-Banking Security - a futuristic improved security approach

    CERN Document Server

    Navale, Geeta S; Deshmukh, Aaradhana A

    2010-01-01

    In last few decades large technology development raised various new needs. Financial sector has also no exception. People are approaching all over the world to fulfill there dreams. Any sector needs to understand changing need of customer. In order to satisfy financial need for customer banks are taking help of new technology such as internet. Only problem remain is of security. The aim of this work is to provide a secure environment in terms of security for transaction by various ways. In order to improve security we are making use of "Steganography" technique in the way never used before. Task of enhancing security include construction of formula for both data encryption and also for hiding pattern. Server should not process any fake request hence concept of custom "Session id" and "Request id" is introduced. Implementation of such a security constraints in banking sector not only help to serve customer in better way but also make customer confident and satisfy.

  16. FOILFEST :community enabled security.

    Energy Technology Data Exchange (ETDEWEB)

    Moore, Judy Hennessey; Johnson, Curtis Martin; Whitley, John B.; Drayer, Darryl Donald; Cummings, John C., Jr. (.,; .)

    2005-09-01

    The Advanced Concepts Group of Sandia National Laboratories hosted a workshop, ''FOILFest: Community Enabled Security'', on July 18-21, 2005, in Albuquerque, NM. This was a far-reaching look into the future of physical protection consisting of a series of structured brainstorming sessions focused on preventing and foiling attacks on public places and soft targets such as airports, shopping malls, hotels, and public events. These facilities are difficult to protect using traditional security devices since they could easily be pushed out of business through the addition of arduous and expensive security measures. The idea behind this Fest was to explore how the public, which is vital to the function of these institutions, can be leveraged as part of a physical protection system. The workshop considered procedures, space design, and approaches for building community through technology. The workshop explored ways to make the ''good guys'' in public places feel safe and be vigilant while making potential perpetrators of harm feel exposed and convinced that they will not succeed. Participants in the Fest included operators of public places, social scientists, technology experts, representatives of government agencies including DHS and the intelligence community, writers and media experts. Many innovative ideas were explored during the fest with most of the time spent on airports, including consideration of the local airport, the Albuquerque Sunport. Some provocative ideas included: (1) sniffers installed in passage areas like revolving door, escalators, (2) a ''jumbotron'' showing current camera shots in the public space, (3) transparent portal screeners allowing viewing of the screening, (4) a layered open/funnel/open/funnel design where open spaces are used to encourage a sense of ''communitas'' and take advantage of citizen ''sensing'' and funnels are technological

  17. Cloud Computing Security: A Survey

    Directory of Open Access Journals (Sweden)

    Issa M. Khalil

    2014-02-01

    Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

  18. Security Data Warehouse Application

    Science.gov (United States)

    Vernon, Lynn R.; Hennan, Robert; Ortiz, Chris; Gonzalez, Steve; Roane, John

    2012-01-01

    The Security Data Warehouse (SDW) is used to aggregate and correlate all JSC IT security data. This includes IT asset inventory such as operating systems and patch levels, users, user logins, remote access dial-in and VPN, and vulnerability tracking and reporting. The correlation of this data allows for an integrated understanding of current security issues and systems by providing this data in a format that associates it to an individual host. The cornerstone of the SDW is its unique host-mapping algorithm that has undergone extensive field tests, and provides a high degree of accuracy. The algorithm comprises two parts. The first part employs fuzzy logic to derive a best-guess host assignment using incomplete sensor data. The second part is logic to identify and correct errors in the database, based on subsequent, more complete data. Host records are automatically split or merged, as appropriate. The process had to be refined and thoroughly tested before the SDW deployment was feasible. Complexity was increased by adding the dimension of time. The SDW correlates all data with its relationship to time. This lends support to forensic investigations, audits, and overall situational awareness. Another important feature of the SDW architecture is that all of the underlying complexities of the data model and host-mapping algorithm are encapsulated in an easy-to-use and understandable Perl language Application Programming Interface (API). This allows the SDW to be quickly augmented with additional sensors using minimal coding and testing. It also supports rapid generation of ad hoc reports and integration with other information systems.

  19. Information Security Service Branding – beyond information security awareness

    OpenAIRE

    Rahul Rastogi; Rossouw Von Solms

    2012-01-01

    End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, i...

  20. Information Security Governance: When Compliance Becomes More Important than Security

    OpenAIRE

    Tan, Terence C. C.; Ruighaver, Anthonie B.; Ahmad, Atif

    2010-01-01

    International audience; Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational secu...

  1. Data and Communication Security

    Directory of Open Access Journals (Sweden)

    Sadeq ALHAMOUZ

    2007-02-01

    Full Text Available The regional initiative was presented by the United Nations Economic and Social Commission for Western Asia in preparation for the world summit, Dec 2003. The Initiative by itself and away from regional trouble and differences between both the Arab countries and other countries in the regions is a good and noble Initiative. However with such differences and lack of trust the security issue should be the first issue tackled and resolved. In this paper it is aimed to look at present tools and techniques available, and then suggest alternatives when possible.

  2. Cyberspace security system

    Energy Technology Data Exchange (ETDEWEB)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  3. Eleventh Hour Security+

    CERN Document Server

    Dubrawsky, Ido

    2009-01-01

    This book will focus on just the essentials needed to pass the Security+ certification exam. It will be filled with critical information in a way that will be easy to remember and use for your quickly approaching exam. It will focus on the main objectives of the exam and include the following pedagogy for ease of use in those final hours. The book will include:. •Exam Objectives – Fast Track Review. •Key words/definitions. •Five Toughest questions and their answers. •Exam Warnings – What to pay attention to

  4. Secure Repayable Storage System

    Science.gov (United States)

    Alkharobi, T. M.

    This paper proposes a method to create a system that allows data to be stored in several locations in secure and reliable manner. The system should create several shares from the data such that only pre-specified subsets of these shares can be used to retrieve the original data. The shares then will be distributed to shareholders over a local and/or wide area network. The system should allow requesting some/all shares from shareholders and using them to rebuild the data.

  5. Security in Logistics

    Science.gov (United States)

    Cempírek, Václav; Nachtigall, Petr; Široký, Jaromír

    2016-12-01

    This paper deals with security of logistic chains according to incorrect declaration of transported goods, fraudulent transport and forwarding companies and possible threats caused by political influences. The main goal of this paper is to highlight possible logistic costs increase due to these fraudulent threats. An analysis of technological processes will beis provided, and an increase of these transport times considering the possible threatswhich will beis evaluated economic costs-wise. In the conclusion, possible threat of companies'` efficiency in logistics due to the costs`, means of transport and increase in human resources` increase will beare pointed out.

  6. Cyberspace security system

    Science.gov (United States)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  7. Instant Spring security starter

    CERN Document Server

    Jagielski, Piotr

    2013-01-01

    Get to grips with a new technology, understand what it is and what it can do for you, and then get to work with the most important features and tasks. A concise guide written in an easy-to-follow format following the Starter guide approach.This book is for people who have not used Spring Security before and want to learn how to use it effectively in a short amount of time. It is assumed that readers know both Java and HTTP protocol at the level of basic web programming. The reader should also be familiar with Inversion-of-Control/Dependency Injection, preferably with the Spring framework itsel

  8. Introduction to network security

    CERN Document Server

    Jacobson, Douglas

    2008-01-01

    … Students can easily understand how things work thanks to the different figures/definitions … students can see the different steps taken to build a secure environment and avoid most of the usual mistakes. … A website (http://www.dougj.net/textbook) is provided to support the book, where the reader can find additional content, like instructor materials, slides to support the book, on-line tutorials, help to start the programming parts. It is not mandatory at all to understand the book, but it is a really nice addition. … the book is really well written, and easily understandable without lackin

  9. Politics, Security, Theory

    DEFF Research Database (Denmark)

    Wæver, Ole

    2011-01-01

    ’ is distinct from both the study of political practices of securitization and explorations of competing concepts of politics among security theories. It means tracking what kinds of analysis the theory can produce and whether such analysis systematically impacts real-life political struggles. Securitization...... of securitization accordingly becomes sharpened. Instead of deducing the political quality of the theory from various empirical statements by its proponents, this approach zooms in on the very core of the theory: how does it structurally condition work done with it in systematically political ways?...

  10. Secure Mobile Trade Agent

    Directory of Open Access Journals (Sweden)

    Musbah M. Aqe

    2007-01-01

    Full Text Available E-commerce on the internet has the ability to produce millions of transactions and a great number of merchants whose supply merchandise over the internet. As a result, it is difficult for entities to roam over every site on the internet and choose the best merchandise to trade. So, in this paper we introduced a mobile trade agent that visit the sites to gather and evaluate the information from merchant servers and decide to trade goods on behalf of the user. We observed that the combination of public key cryptosystem with distributed object technology make this proposed scheme more secure and efficient than the already existed schemes.

  11. Network security risk level

    Directory of Open Access Journals (Sweden)

    Emil BURTESCU

    2006-01-01

    Full Text Available The advantages of the existence of a computers network within any company with pretensions are obvious. But the construction and the existence of a network without meeting some minimum security requirements, although it would be preferable to be optimal, can lead to bad functioning in the performance of the company’s business. The vulnerability of a grouping, such as a network, is given by the weakest point in its competence. The establishing of the risk level of each component of the network, and implicitly of the grouping, is highly necessary

  12. Why SCADA security is NOT like Computer Centre Security

    CERN Document Server

    CERN. Geneva

    2014-01-01

    Today, the industralized world lives in symbiosis with control systems (aka SCADA systems): it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and discuss the differences (or not) between computer center cyber-security and control system cyber-security.

  13. Computers, business, and security the new role for security

    CERN Document Server

    Schweitzer, James A

    1987-01-01

    Computers, Business, and Security: The New Role for Security addresses the professional security manager's responsibility to protect all business resources, with operating environments and high technology in mind. This book discusses the technological aspects of the total security programs.Organized into three parts encompassing 10 chapters, this book begins with an overview of how the developing information age is affecting business management, operations, and organization. This text then examines a number of vulnerabilities that arise in the process of using business computing and communicat

  14. Cloud Security A Comprehensive Guide to Secure Cloud Computing

    CERN Document Server

    Krutz, Ronald L

    2010-01-01

    Well-known security experts decipher the most challenging aspect of cloud computing-security. Cloud computing allows for both large and small organizations to have the opportunity to use Internet-based services so that they can reduce start-up costs, lower capital expenditures, use services on a pay-as-you-use basis, access applications only as needed, and quickly reduce or increase capacities. However, these benefits are accompanied by a myriad of security issues, and this valuable book tackles the most common security challenges that cloud computing faces. The authors offer you years of unpa

  15. Lecture 3: Web Application Security

    CERN Document Server

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture focuses on security aspects of Web application development. Various vulnerabilities typical to web applications (such as Cross-site scripting, SQL injection, cross-site request forgery etc.) are introduced and discussed. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support servic...

  16. CLOUD COMPUTING SECURITY

    Directory of Open Access Journals (Sweden)

    Ştefan IOVAN

    2016-05-01

    Full Text Available Cloud computing reprentes the software applications offered as a service online, but also the software and hardware components from the data center.In the case of wide offerd services for any type of client, we are dealing with a public cloud. In the other case, in wich a cloud is exclusively available for an organization and is not available to the open public, this is consider a private cloud [1]. There is also a third type, called hibrid in which case an user or an organization might use both services available in the public and private cloud. One of the main challenges of cloud computing are to build the trust and ofer information privacy in every aspect of service offerd by cloud computingle. The variety of existing standards, just like the lack of clarity in sustenability certificationis not a real help in building trust. Also appear some questions marks regarding the efficiency of traditionsecurity means that are applied in the cloud domain. Beside the economic and technology advantages offered by cloud, also are some advantages in security area if the information is migrated to cloud. Shared resources available in cloud includes the survey, use of the "best practices" and technology for advance security level, above all the solutions offered by the majority of medium and small businesses, big companies and even some guvermental organizations [2].

  17. CLOUD COMPUTING SECURITY ISSUES

    Directory of Open Access Journals (Sweden)

    Florin OGIGAU-NEAMTIU

    2012-01-01

    Full Text Available The term “cloud computing” has been in the spotlights of IT specialists the last years because of its potential to transform this industry. The promised benefits have determined companies to invest great sums of money in researching and developing this domain and great steps have been made towards implementing this technology. Managers have traditionally viewed IT as difficult and expensive and the promise of cloud computing leads many to think that IT will now be easy and cheap. The reality is that cloud computing has simplified some technical aspects of building computer systems, but the myriad challenges facing IT environment still remain. Organizations which consider adopting cloud based services must also understand the many major problems of information policy, including issues of privacy, security, reliability, access, and regulation. The goal of this article is to identify the main security issues and to draw the attention of both decision makers and users to the potential risks of moving data into “the cloud”.

  18. New computer security measures

    CERN Multimedia

    IT Department

    2008-01-01

    As a part of the long-term strategy to improve computer security at CERN, and especially given the attention focused to CERN by the start-up of the LHC, two additional security measures concerning DNS and Tor will shortly be introduced. These are described in the following texts and will affect only a small number of users. "PHISHING" ATTACKS CONTINUE CERN computer users continue to be subjected to attacks by people trying to infect our machines and obtain passwords and other confidential information by social engineering trickery. Recent examples include an e-mail message sent from "La Poste" entitled "Colis Postal" on 21 August, a fake mail sent from web and mail services on 8 September, and an e-mail purporting to come from Hallmark Cards announcing the arrival of an electronic postcard. However, there are many other examples and there are reports of compromised mail accounts being used for more realistic site-specific phishing attempts. Given the increased publicity rela...

  19. Security needs you

    CERN Multimedia

    2010-01-01

    Academic freedom is a valuable thing, but like any kind of freedom, it comes with responsibility. Here at CERN, and in the global particle physics community as a whole, we enjoy an open academic environment, which gives us freedom of choice and freedom of expression. It is a strong tradition at CERN, but it’s not something we can ever take for granted. This is particularly true in the area of IT, where our openness and our global visibility make us an attractive target. Attacks on our IT infrastructure in the past have had a negative impact on our reputation, and have even led to changes in the way we operate computing services. It is the responsibility of all of us, not just the experts in the IT Department, to protect our IT infrastructure while striking the right balance between security, academic freedom and the unfettered operation of our facilities. Everyone using CERN’s IT infrastructure is responsible for the security and protection of the computers they use, the operating...

  20. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  1. Extremely secure identification documents

    Energy Technology Data Exchange (ETDEWEB)

    Tolk, K.M. [Sandia National Labs., Albuquerque, NM (United States); Bell, M. [Sandia National Labs., Livermore, CA (United States)

    1997-09-01

    The technology developed in this project uses biometric information printed on the document and public key cryptography to ensure that an adversary cannot issue identification documents to unauthorized individuals or alter existing documents to allow their use by unauthorized individuals. This process can be used to produce many types of identification documents with much higher security than any currently in use. The system is demonstrated using a security badge as an example. This project focused on the technologies requiring development in order to make the approach viable with existing badge printing and laminating technologies. By far the most difficult was the image processing required to verify that the picture on the badge had not been altered. Another area that required considerable work was the high density printed data storage required to get sufficient data on the badge for verification of the picture. The image processing process was successfully tested, and recommendations are included to refine the badge system to ensure high reliability. A two dimensional data array suitable for printing the required data on the badge was proposed, but testing of the readability of the array had to be abandoned due to reallocation of the budgeted funds by the LDRD office.

  2. Secure the Clones

    CERN Document Server

    Jensen, Thomas; Pichardie, David

    2012-01-01

    Exchanging mutable data objects with untrusted code is a delicate matter because of the risk of creating a data space that is accessible by an attacker. Consequently, secure programming guidelines for Java stress the importance of using defensive copying before accepting or handing out references to an internal mutable object. However, implementation of a copy method (like clone()) is entirely left to the programmer. It may not provide a sufficiently deep copy of an object and is subject to overriding by a malicious sub-class. Currently no language-based mechanism supports secure object cloning. This paper proposes a type-based annotation system for defining modular copy policies for class-based object-oriented programs. A copy policy specifies the maximally allowed sharing between an object and its clone. We present a static enforcement mechanism that will guarantee that all classes fulfil their copy policy, even in the presence of overriding of copy methods, and establish the semantic correctness of the ove...

  3. A Survey on Mobile Payment Systems Security

    Directory of Open Access Journals (Sweden)

    Leila Esmaeili

    2012-09-01

    Full Text Available In recent years, increasing use of mobile devices and the emergence of new technologies have changed mobile commerce and mobile payment in all over the world. Although many attempts have been made to implement secure mobile payment systems and services, growing forgery, fraud and other related electronic crimes as well as security attacks and threats prove the necessity of paying special attention to security issues for development and extension of such systems. In this paper, we investigate classification of security threats and attacks in mobile payment and discuss security issues in three related areas of mobile payment; including network security, transmission security and mobile device security. Network security includes WLAN and WWAN security; transmission security includes WAP, SMS, wave channel and USSD security; and mobile device security includes hardware and software platforms and operating system security.

  4. China's Migrant Workers' Social Security

    Institute of Scientific and Technical Information of China (English)

    Zhang Sifeng; Zhang Wenxue; Wang Lijian; Zhang Li

    2010-01-01

    Based on the definition of migrant workers and migrant workers'social security,systems,policies and regulations and status quo of specific safeguard project of social security have been analyzed.Authors draw following conclusions: China's social security systems of migrant workers show diversification and differentiation trend; national-level policies take on diversification and local-level regulations take on differentiation; social welfare and social assistance have deficiency; coverage rate of social insurance items is extremely low.

  5. Spring security 3.x cookbook

    CERN Document Server

    Mankale, Anjana

    2013-01-01

    This book follows a cookbook style exploring various security solutions provided by Spring Security for various vulnerabilities and threat scenarios that web applications may be exposed to at the authentication and session level layers.This book is for all Spring-based application developers as well as Java web developers who wish to implement robust security mechanisms into web application development using Spring Security.Readers are assumed to have a working knowledge of Java web application development, a basic understanding of the Spring framework, and some knowledge of the fundamentals o

  6. Audit for Information Systems Security

    Directory of Open Access Journals (Sweden)

    Ana-Maria SUDUC

    2010-01-01

    Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

  7. Dynamic secrets in communication security

    CERN Document Server

    Xiao, Sheng; Towsley, Donald

    2013-01-01

    Dynamic secrets are constantly generated and updated from messages exchanged between two communication users. When dynamic secrets are used as a complement to existing secure communication systems, a stolen key or password can be quickly and automatically reverted to its secret status without disrupting communication. 'Dynamic Secrets in Communication Security' presents unique security properties and application studies for this technology. Password theft and key theft no longer pose serious security threats when parties frequently use dynamic secrets. This book also illustrates that a dynamic

  8. Mobile Communication Systems and Security

    CERN Document Server

    Rhee, Man Young

    2009-01-01

    Mobile Communication Systems and Security arms readers with a thorough understanding of all major cellular air-interface technologies and their security layer techniques. Rhee covers the technological development of wireless mobile communications in compliance with each iterative generation up to 3G systems and beyond, with an emphasis on wireless security aspects. By progressing in a systematic manner, presenting the theory and practice of wireless mobile technologies along with various security problems, readers will gain an intimate sense of how mobile systems operate and how to address com

  9. Experiencing Security in Interaction Design

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg; Bødker, Susanne

    2011-01-01

    Security is experienced differently in different contexts. This paper argues that in everyday situations, users base their security decisions on a mix of prior experiences. When approaching security and interaction design from an experience approach, tools that help bring out such relevant...... experiences for design are needed. This paper reports on how Prompted exploration workshops and Acting out security were developed to target such experiences when iteratively designing a mobile digital signature solution in a participatory design process. We discuss how these tools helped the design process...

  10. Practical Unix and Internet Security

    CERN Document Server

    Garfinkel, Simson; Spafford, Gene

    2003-01-01

    When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world. Focusing on the four most popular Unix varia

  11. Model-Based Security Testing

    Directory of Open Access Journals (Sweden)

    Ina Schieferdecker

    2012-02-01

    Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

  12. Secure integrated circuits and systems

    CERN Document Server

    Verbauwhede, Ingrid MR

    2010-01-01

    On any advanced integrated circuit or 'system-on-chip' there is a need for security. In many applications the actual implementation has become the weakest link in security rather than the algorithms or protocols. The purpose of the book is to give the integrated circuits and systems designer an insight into the basics of security and cryptography from the implementation point of view. As a designer of integrated circuits and systems it is important to know both the state-of-the-art attacks as well as the countermeasures. Optimizing for security is different from optimizations for speed, area,

  13. *New* CRITICAL Windows Security patch

    CERN Multimedia

    2003-01-01

    On 10 September 2003, Microsoft issued a new CRITICAL security patch, MS03-039. It must be URGENTLY applied on ALL WINDOWS systems, which are not centrally managed for security patches. This includes Experiment computers, Home computers and Windows Portable and Desktop systems not running NICE. Details of the security hole and patch for MS03-039 (which also includes MS03-026) are at: http://cern.ch/it-div/news/hotfix-MS03-039.asp http://www.microsoft.com/technet/security/bulletin/MS03-039.asp

  14. *New*: CRITICAL Windows Security patch

    CERN Multimedia

    2003-01-01

    On 10 September 2003, Microsoft issued a new CRITICAL security patch, MS03-039. It must be URGENTLY applied on ALL WINDOWS systems, which are not centrally managed for security patches. This includes Experiment computers, Home computers and Windows Portable and Desktop systems not running NICE. Details of the security hole and patch for MS03-039 (which also includes MS03-026) are at: http://cern.ch/it-div/news/hotfix-MS03-039.asp http://www.microsoft.com/technet/security/bulletin/MS03-039.asp

  15. Genesis of enterprise financial security

    Directory of Open Access Journals (Sweden)

    Davydenko N. M.

    2015-05-01

    Full Text Available The article analyzes the scientific approaches to the definition of «financial security of entities», advantages and disadvantages of these approaches are highlighted. The own definition of financial security of entities is given. The composition of elements of enterprise financial security and principles of its provision are defined. Тhe role of individual elements of financial security to ensure high efficiency operation and development of enterprises is significant and has a direct impact on their solvency, liquidity and profitability.

  16. Computer and information security handbook

    CERN Document Server

    Vacca, John R

    2012-01-01

    The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed

  17. DOT Cyber Security Assessment Management -

    Data.gov (United States)

    Department of Transportation — This data set contains information about the security and compliance status of FISMA systems within the Department. The information contains detailed descriptions of...

  18. Nuclear and radiological Security: Introduction.

    Energy Technology Data Exchange (ETDEWEB)

    Miller, James Christopher [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2016-02-24

    Nuclear security includes the prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer, or other malicious acts involving nuclear or other radioactive substances or their associated facilities. The presentation begins by discussing the concept and its importance, then moves on to consider threats--insider threat, sabotage, diversion of materials--with considerable emphasis on the former. The intrusion at Pelindaba, South Africa, is described as a case study. The distinction between nuclear security and security of radiological and portable sources is clarified, and the international legal framework is touched upon. The paper concludes by discussing the responsibilities of the various entities involved in nuclear security.

  19. Los Alamos Center for Computer Security formal computer security model

    Energy Technology Data Exchange (ETDEWEB)

    Dreicer, J.S.; Hunteman, W.J.; Markin, J.T.

    1989-01-01

    This paper provides a brief presentation of the formal computer security model currently being developed at the Los Alamos Department of Energy (DOE) Center for Computer Security (CCS). The need to test and verify DOE computer security policy implementation first motivated this effort. The actual analytical model was a result of the integration of current research in computer security and previous modeling and research experiences. The model is being developed to define a generic view of the computer and network security domains, to provide a theoretical basis for the design of a security model, and to address the limitations of present formal mathematical models for computer security. The fundamental objective of computer security is to prevent the unauthorized and unaccountable access to a system. The inherent vulnerabilities of computer systems result in various threats from unauthorized access. The foundation of the Los Alamos DOE CCS model is a series of functionally dependent probability equations, relations, and expressions. The model is undergoing continued discrimination and evolution. We expect to apply the model to the discipline of the Bell and LaPadula abstract sets of objects and subjects. 6 refs.

  20. National Security Policy and Security Challenges of Maldives

    Science.gov (United States)

    2014-06-13

    Constitution 2008. Translated by Dheena Hussein. Male’, Maldives: Republic of Maldives, 2008. Ministry of Tourism , Arts and Culture. Tourism Year... tourism . Maldives faces numerous challenges to its security manifest in economic, political, information, military, social and physical domains. In...threat of radical Islamist terrorism to the tourism industry, foreign influence and organized crime. 15. SUBJECT TERMS National Security Policy

  1. Secure NXT-the Next Level of Cloud Security

    Directory of Open Access Journals (Sweden)

    N. Venkata Subramanian

    2013-07-01

    Full Text Available The promise of the cloud is appealing: reduced costs, greater agility, flexibility, scalability and potentially greater security. At the same time, IT organizations recognize that the cloud introduces a number of issues related to security, data integrity, compliance, service level agreements and data architecture that must be addressed. Therefore, the adoption of cloud services is being tempered by a significant level of uncertainty. Numerous surveys indicate that the top concerns for moving to the cloud are security, performance and availability. In other words, enterprises are looking for assurances that they are not adding risk to the business by leveraging the cloud. For many, moving to the cloud is still a leap of faith. Different cloud deployment models-public, private, or hybrid have different security vulnerabilities and risks. Generally, risk increases from greater degrees of multitenancy among increasingly unknown participants. The objective of this article is to insist the fact that cloud security begins with and adds to, well-defined enterprise security; it also introduces a new cloud security model called Cloud Security NXT.

  2. Computer Security: SAHARA - Security As High As Reasonably Achievable

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    History has shown us time and again that our computer systems, computing services and control systems have digital security deficiencies. Too often we deploy stop-gap solutions and improvised hacks, or we just accept that it is too late to change things.    In my opinion, this blatantly contradicts the professionalism we show in our daily work. Other priorities and time pressure force us to ignore security or to consider it too late to do anything… but we can do better. Just look at how “safety” is dealt with at CERN! “ALARA” (As Low As Reasonably Achievable) is the objective set by the CERN HSE group when considering our individual radiological exposure. Following this paradigm, and shifting it from CERN safety to CERN computer security, would give us “SAHARA”: “Security As High As Reasonably Achievable”. In other words, all possible computer security measures must be applied, so long as ...

  3. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  4. Security Analysis of Secure Force Algorithm for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Shujaat Khan

    2014-09-01

    Full Text Available — In Wireless Sensor Networks, the sensor nodes are battery powered small devices designed for long battery life. These devices also lack in terms of processing capability and memory. In order to provide high confidentiality to these resource constrained network nodes, a suitable security algorithm is needed to be deployed that can establish a balance between security level and processing overhead. The objective of this research work is to perform a security analysis and performance evaluation of recently proposed Secure Force algorithm. This paper shows the comparison of Secure Force 64, 128, and 192 bit architecture on the basis of avalanche effect (key sensitivity, entropy change analysis, image histogram, and computational time. Moreover, based on the evaluation results,the paper also suggests the possible solutions for the weaknesses of the SF algorithm.

  5. Cloud management and security

    CERN Document Server

    Abbadi, Imad M

    2014-01-01

    Written by an expert with over 15 years' experience in the field, this book establishes the foundations of Cloud computing, building an in-depth and diverse understanding of the technologies behind Cloud computing. In this book, the author begins with an introduction to Cloud computing, presenting fundamental concepts such as analyzing Cloud definitions, Cloud evolution, Cloud services, Cloud deployment types and highlighting the main challenges. Following on from the introduction, the book is divided into three parts: Cloud management, Cloud security, and practical examples. Part one presents the main components constituting the Cloud and federated Cloud infrastructure(e.g., interactions and deployment), discusses management platforms (resources and services), identifies and analyzes the main properties of the Cloud infrastructure, and presents Cloud automated management services: virtual and application resource management services. Part two analyzes the problem of establishing trustworthy Cloud, discuss...

  6. Biometrics and Security

    Science.gov (United States)

    Govindaraju, Venu

    The science of Biometrics is concerned with recognizing people based on their physiological or behavioral characteristics. It has emerged as a vibrant field of research in today's security conscious society. In this talk we will introduce the important research challenges in Biometrics and specifically address the following topics: i) unobtrusive people tracking using a novel evolutionary recognition paradigm, ii) efficient indexing and searching of large fingerprint databases, iii) cancelability of templates where the task is to ensure that enrolled biometric templates can be revoked and new templates issued, and iv) fusion of fingerprints with other biometric modalities such as face where we will explore optimal trainable functions that operate on the scores returned by individual matchers.

  7. Handheld THz security imaging

    Science.gov (United States)

    Duling, Irl N.

    2016-05-01

    Terahertz energy, with its ability to penetrate clothing and non-conductive materials, has held much promise in the area of security scanning. Millimeter wave systems (300 GHz and below) have been widely deployed. These systems have used full two-dimensional surface imaging, and have resulted in privacy concerns. Pulsed terahertz imaging, can detect the presence of unwanted objects without the need for two-dimensional photographic imaging. With high-speed waveform acquisition it is possible to create handheld tools that can be used to locate anomalies under clothing or headgear looking exclusively at either single point waveforms or cross-sectional images which do not pose a privacy concern. Identification of the anomaly to classify it as a potential threat or a benign object is also possible.

  8. Biometrics Security using Steganography

    Directory of Open Access Journals (Sweden)

    Chander Kant

    2008-03-01

    Full Text Available A biometric system is at risk to a variety of attacks. These attacks are intended to either avoid thesecurity afforded by the system or to put off the normal functioning of the system. Various riskshave been discovered while using biometric system. Proper use of cryptography greatly reducesthe risks in biometric systems as the hackers have to find both secret key and template. It isnotified that still fraudrant goes on to some extent. Here in this paper a new idea is presented tomake system more secure by use of steganography. Here the secret key (which is in the form ofpixel intensities will be merged in the picture itself while encoding, and at decoding end only theauthentic user will be allowed to decode.

  9. Security of Patched DNS

    CERN Document Server

    Herzberg, Amir

    2012-01-01

    In spite of the availability of DNSSEC, which protects against cache poisoning even by MitM attackers, many caching DNS resolvers still rely for their security against poisoning on merely validating that DNS responses contain some 'unpredictable' values, copied from the re- quest. These values include the 16 bit identifier field, and other fields, randomised and validated by different 'patches' to DNS. We investigate the prominent patches, and show how attackers can circumvent all of them, namely: - We show how attackers can circumvent source port randomisation, in the (common) case where the resolver connects to the Internet via different NAT devices. - We show how attackers can circumvent IP address randomisation, using some (standard-conforming) resolvers. - We show how attackers can circumvent query randomisation, including both randomisation by prepending a random nonce and case randomisation (0x20 encoding). We present countermeasures preventing our attacks; however, we believe that our attacks provide ...

  10. Secure surface identification codes

    Science.gov (United States)

    Beekhof, F.; Voloshynovskiy, S.; Koval, O.; Villan, R.; Pun, T.

    2008-02-01

    This paper introduces an identification framework for random microstructures of material surfaces. These microstructures represent a kind of unique fingerprints that can be used to track and trace an item as well as for anti-counterfeiting. We first consider the architecture for mobile phone-based item identification and then introduce a practical identification algorithm enabling fast searching in large databases. The proposed algorithm is based on reference list decoding. The link to digital communications and robust perceptual hashing is shown. We consider a practical construction of reference list decoding, which comprizes computational complexity, security, memory storage and performance requirements. The efficiency of the proposed algorithm is demonstrated on experimental data obtained from natural paper surfaces.

  11. Attachment Security and Pain

    DEFF Research Database (Denmark)

    Andersen, Tonny Elmose; Lahav, Yael; Defrin, Ruth;

    2015-01-01

    The present study assesses for the first time, the possible disruption effect of posttraumatic stress symptoms (PTSS) with regard to the protective role of attachment on pain, among ex-POWs. While secure attachment seems to serve as a buffer, decreasing the perception of pain, this function may...... be disrupted by PTSS. The study sample included 104 subjects who were combat veterans of the 1973 Yom Kippur War comprising of 60 male ex-prisoners of war (ex-POWs) and 44 comparable male combat veterans. Both attachment and pain were investigated experimentally in the laboratory and via questionnaires. We...... found that ex-POWs showed higher levels of clinical pain and attachment insecurities compared to controls. Moreover, attachment avoidance and soothing effect of attachment (SEA) were both associated with lower levels of clinical pain. Most importantly, PTSS moderated the associations between attachment...

  12. Computer Security Day

    CERN Multimedia

    CERN Bulletin

    2010-01-01

      Viruses, phishing, malware and cyber-criminals can all threaten your computer and your data, even at CERN! Experts will share their experience with you and offer solutions to keep your computer secure. Thursday, 10 June 2010, 9.30, Council Chamber Make a note in your diary! Presentations in French and English: How do hackers break into your computer? Quels sont les enjeux et conséquences des attaques informatiques contre le CERN ? How so criminals steal your money on the Internet? Comment utiliser votre ordinateur de manière sécurisée ? and a quiz: test your knowledge and win one of the many prizes that will be on offer! For more information and to follow the day's events via a live webcast go to: http://cern.ch/SecDay.  

  13. Nuclear Threats and Security

    Directory of Open Access Journals (Sweden)

    Garry Jacobs

    2012-10-01

    Full Text Available This article presents highlights and insights from the International Conference on “Nuclear Threats and Security” organized by the World Academy of Art and Science in association with the European Leadership Network and the Dag Hammarskjöld University College of International Relations and Diplomacy and sponsored by NATO at the Inter-University Centre, Dubrovnik on September 14-16, 2012. The conference examined important issues related to nuclear non-proliferation and disarmament, the legality of nuclear weapons and their use, illicit trade in nuclear materials, the dangers of nuclear terrorism, nuclear- and cyber-security. Papers and video recordings of the major presentations and session summaries can be found here.

  14. 77 FR 26641 - Aviation Security Advisory Committee (ASAC) Meeting

    Science.gov (United States)

    2012-05-04

    ... 4, 2012 Part III Department of Homeland Security Transportation Security Administration Aviation... Aviation Security Advisory Committee (ASAC) Meeting AGENCY: Transportation Security Administration, DHS... Security Administration (TSA) will hold a meeting of the Aviation Security Advisory Committee (ASAC) on...

  15. 76 FR 67750 - Homeland Security Information Network Advisory Committee

    Science.gov (United States)

    2011-11-02

    ... SECURITY Homeland Security Information Network Advisory Committee AGENCY: Department of Homeland Security... Applicants for Appointment to Homeland Security Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information...

  16. 76 FR 4123 - Homeland Security Advisory Council

    Science.gov (United States)

    2011-01-24

    ... homeland security, results of a cyber security exercise, sharing information with others, and Southwest... would be a road map to those who wish to attack our cyber security, and hence, would certainly frustrate... SECURITY Homeland Security Advisory Council AGENCY: The Office of Policy, DHS. ACTION: Notice of...

  17. ATIP Report: Cyber Security Research in China

    Science.gov (United States)

    2015-06-05

    Security Technology previously, and affiliated with IIE in 2012 Web security technology , mobile wireless network security technology , TEMPEST...monitoring, Yuejin DU and his colleagues developed a security -enhanced mobile operating system named “RayDroid” based on the Android platform. The... Mobile Security • DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices It is becoming a global trend for company

  18. 7 CFR 1942.114 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 13 2010-01-01 2009-01-01 true Security. 1942.114 Section 1942.114 Agriculture... Security. Specific requirements for security for each loan will be included in the letter of conditions. Loans must be secured by the best security position practicable, in a manner which will...

  19. 6 CFR 37.41 - Security plan.

    Science.gov (United States)

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Security plan. 37.41 Section 37.41 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY REAL ID DRIVER'S LICENSES AND IDENTIFICATION CARDS Security at DMVs and Driver's License and Identification Card Production Facilities §...

  20. 25 CFR 101.13 - Security.

    Science.gov (United States)

    2010-04-01

    ... 25 Indians 1 2010-04-01 2010-04-01 false Security. 101.13 Section 101.13 Indians BUREAU OF INDIAN... § 101.13 Security. (a) United States direct loans shall be secured by such security as the Commissioner may require. A lack of security will not preclude the making of a loan if the proposed use of...

  1. Cyber Security Applications: Freeware & Shareware

    Science.gov (United States)

    Rogers, Gary; Ashford, Tina

    2015-01-01

    This paper will discuss some assignments using freeware/shareware instructors can find on the Web to use to provide students with hands-on experience in this arena. Also, the college, Palm Beach State College, via a grant with the U.S. Department of Labor, has recently purchased a unique cyber security device that simulates cyber security attacks…

  2. On Information System Security Architecture

    Institute of Scientific and Technical Information of China (English)

    ChunfangJiang; ChaoyuanYue; JianguoZuo

    2004-01-01

    The current studies on security architecture and information system security architecture (ISSA) are surveyed in this paper, and some types and their features of ISSA are discussed. Then, the structural elements of ISSA are analyzed, and the constructing steps for ISSA are proposed.

  3. GRID INFORMATION SECURITY FUNCTIONAL REQUIREMENT

    Directory of Open Access Journals (Sweden)

    Amy Poh Ai Ling

    2011-07-01

    Full Text Available This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application ofhermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them and its awareness of this information infrastructure has become critical to the reliability of the power system. Community benefits from of cost savings, flexibility and deployment along with the establishment of wireless communications. However, concern revolves around the security protections for easily accessible devices such as the smart meter and the related communications hardware. On the other hand, the changing points between traditional versus smart grid networking trend and the information security importance on the communication field reflects the criticality of grid information security functional requirement identification. The goal of this paper is to identify the functional requirement and relate its significance addresses to the consumer requirement of an information security of a smart grid. Vulnerabilities may bring forth possibility for an attacker to penetrate a network, make headway admission to control software, alter it to load conditions that destabilize the grid in unpredictable ways. Focusing on the grid information security functional requirement is stepping ahead in developing consumer trust and satisfaction towardsmart grid completeness.

  4. Security Requirements for Cryptographic Modules

    Science.gov (United States)

    1999-01-01

    module interfaces; roles, services, and authentication; finite state machine model ; physical security; operating system security; cryptographic key...15 4.4 Finite State Machine Model .......................................................................................................... 17...These areas include cryptographic module specification; module interfaces; roles, services, and authentication; finite state machine model ; physical

  5. Homomorphic encryption and secure comparison

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Geisler, Martin; Krøigaard, Mikkel

    2008-01-01

    We propose a protocol for secure comparison of integers based on homomorphic encryption.We also propose a homomorphic encryption scheme that can be used in our protocol, makes it more efficient than previous solutions, and can also be used as the basis of efficient and general secure Multiparty C...

  6. About Security in Contemporary World

    Directory of Open Access Journals (Sweden)

    Ladislav Hofreiter

    2015-06-01

    Full Text Available The task to ensure security in contemporary world is a complicated political, scientific-technological and socio-economic problem. As the security itself is complicated, multifactor and hierarchized phenomen also its investigation has to be of an interdisciplinary character. The character of security environment, the character of security risks and threats and also the character of tools for their elimination are essentially changing. The basis to security of social subject consisted in arrangement of the conditions for their existence, to surviving in the present time and advancement into the future. Assurance of this condition means it provided ability to the social subjects to eliminated threats that are defined. In situations of asymmetrical security, the threats are not always clearly defined. They often consist of their own structure systems, in relationships and status the subjects of internationals relations. Asymmetrical of security, by our opinion, presents a discrepancy, unbalance, non-parity between subjects of the international security environment. The unbalance, discrepancy, non-parity has political, military, economic, law, social and societal dimensions.

  7. Securing web-based exams

    NARCIS (Netherlands)

    Sessink, O.D.T.; Beeftink, H.H.; Tramper, J.; Hartog, R.J.M.

    2004-01-01

    Learning management systems may offer web-based exam facilities. Such facilities entail a higher risk to exams fraud than traditional paper-based exams. The article discusses security issues with web-based exams, and proposes precautionary measures to reduce the risks. A security model is presented

  8. Is Social Security Tax Feasible?

    Institute of Scientific and Technical Information of China (English)

    2010-01-01

    @@ China's Finance Minister Xie Xuren recently wrote an article for an official publication of the Central Committee of the Communist Party of China on deepening taxation reform.He said that China was considering phasing in a social security tax to improve the fund-raising system for social security programs.

  9. US-Africa Security Policy

    DEFF Research Database (Denmark)

    Møller, Nicolai Stahlfest

    This paper will discuss the United States security policy towards Africa based on the National Security Strategy from 2006 and the founding of US Africa Command, the new military combatant command that is supposed to unify US military efforts on the African continent. The paper will discuss whether...

  10. Social Security at the Crossroads.

    Science.gov (United States)

    International Labour Review, 1980

    1980-01-01

    Social security schemes need to be streamlined and the underlying policies made more coherent to obtain the fullest possible return on expenditure. Third World countries need to reflect very seriously on the role of social security in the development process and on the management problems involved. (CT)

  11. Efficient and provable security amplifications

    NARCIS (Netherlands)

    Cramer, R.J.F.; Pedersen, T.P.

    1995-01-01

    Even, Goldreich and Micali showed at Crypto'89 that the existence of signature schemes secure against known message attacks implies the existence of schemes secure against adaptively chosen message attacks. Unfortunately, this transformation leads to a rather impractical scheme. We exhibit a similar

  12. Software Security Rules: SDLC Perspective

    Directory of Open Access Journals (Sweden)

    S. K. Pandey

    2009-10-01

    Full Text Available Software has become an integral part of everyday life. Everyday, millions of people perform transaction through internet, ATM, mobile phone, they send email & e-greetings, and use word processing and spreadsheet for various purpose. People use software bearing in mind that it is reliable and can be trust upon and the operation they perform is secured. Now, if these software have exploitable security hole then how can they be safe for use. Security brings value to software in terms of people’s trust. The value provided by secure software is of vital importance because many critical functions are entirely dependent on the software. That is why security is a serious topic which should be given proper attention during the entire SDLC, ‘right from the beginning’. For the proper implementation of security in the software, twenty one security rules are proposed in this paper along with validation results. It is found that by applying these rules as per given implementation mechanism, most of the vulnerabilities are eliminated in the software and a more secure software can be built.

  13. Campus network security model study

    Science.gov (United States)

    Zhang, Yong-ku; Song, Li-ren

    2011-12-01

    Campus network security is growing importance, Design a very effective defense hacker attacks, viruses, data theft, and internal defense system, is the focus of the study in this paper. This paper compared the firewall; IDS based on the integrated, then design of a campus network security model, and detail the specific implementation principle.

  14. Security and Network Operations [video

    OpenAIRE

    2012-01-01

    Senior Security Engineer, Matthew Myrick discusses the current cyber threats that we are all facing, the five W's (who, what, when, where, and how) of cyber security, past and present cyber-attack trends, and ways you can help protect yourself and your enterprise from cyber-attack.

  15. Honeynet Learning: Discovering IT Security

    Science.gov (United States)

    del Moral Talabis, Mark Ryan

    2007-01-01

    Learning IT Security in a classroom setting has often been a frustrating endeavor for both instructors and students alike. From our experience, traditional instructional methods like direct instruction and lectures though widely used and effective in most other areas have significant shortcomings when applied in IT security learning. In this…

  16. Secure computing on reconfigurable systems

    NARCIS (Netherlands)

    Fernandes Chaves, R.J.

    2007-01-01

    This thesis proposes a Secure Computing Module (SCM) for reconfigurable computing systems. SC provides a protected and reliable computational environment, where data security and protection against malicious attacks to the system is assured. SC is strongly based on encryption algorithms and on the a

  17. Hardware IP security and trust

    CERN Document Server

    Bhunia, Swarup; Tehranipoor, Mark

    2017-01-01

    This book provides an overview of current Intellectual Property (IP) based System-on-Chip (SoC) design methodology and highlights how security of IP can be compromised at various stages in the overall SoC design-fabrication-deployment cycle. Readers will gain a comprehensive understanding of the security vulnerabilities of different types of IPs. This book would enable readers to overcome these vulnerabilities through an efficient combination of proactive countermeasures and design-for-security solutions, as well as a wide variety of IP security and trust assessment and validation techniques. This book serves as a single-source of reference for system designers and practitioners for designing secure, reliable and trustworthy SoCs.

  18. Reminder: Mandatory Computer Security Course

    CERN Multimedia

    IT Department

    2011-01-01

    Just like any other organization, CERN is permanently under attack – even right now. Consequently it's important to be vigilant about security risks, protecting CERN's reputation - and your work. The availability, integrity and confidentiality of CERN's computing services and the unhindered operation of its accelerators and experiments come down to the combined efforts of the CERN Security Team and you. In order to remain par with the attack trends, the Security Team regularly reminds CERN users about the computer security risks, and about the rules for using CERN’s computing facilities. Therefore, a new dedicated basic computer security course has been designed informing you about the “Do’s” and “Dont’s” when using CERN's computing facilities. This course is mandatory for all person owning a CERN computer account and must be followed once every three years. Users who have never done the course, or whose course needs to be renewe...

  19. New Mandatory Computer Security Course

    CERN Multimedia

    CERN Bulletin

    2010-01-01

    Just like any other organization, CERN is permanently under attack - even right now. Consequently it's important to be vigilant about security risks, protecting CERN's reputation - and your work. The availability, integrity and confidentiality of CERN's computing services and the unhindered operation of its accelerators and experiments come down to the combined efforts of the CERN Security Team and you. In order to remain par with the attack trends, the Security Team regularly reminds CERN users about the computer security risks, and about the rules for using CERN’s computing facilities. Since 2007, newcomers have to follow a dedicated basic computer security course informing them about the “Do’s” and “Dont’s” when using CERNs computing facilities. This course has recently been redesigned. It is now mandatory for all CERN members (users and staff) owning a CERN computer account and must be followed once every three years. Members who...

  20. Global security in the Mediterranean

    Directory of Open Access Journals (Sweden)

    Elvira Sánchez Mateos

    2002-06-01

    Full Text Available In the last decade, the WEU, NATO and specially the European Union (in the framework of the Barcelona process initiated security dialogues with countries East and South of the Mediterranean Basin. Those processes are far to achieve significant progress. Some arguments help to explain the present situation: on the one hand, European countries and organizations lack clear strategic goals and consistent policies. On the other, difficulties to create a security dialogue in the Mediterranean, which is a precondition to generateboth a common language and security culture, are the result of differences between the European and the Arab security cultures. Nevertheless, the geopolitical environment, the Euro-Mediterranean process itself and the development of the European Union demanda strategic revision on how to implement the objectives of the Barcelona Declaration, reformulating the idea of Euro-Mediterranean Partnership towards a new concept of shared security that integrates Southern interests and concerns.

  1. IT Convergence and Security 2012

    CERN Document Server

    Chung, Kyung-Yong

    2013-01-01

    The proceedings approaches the subject matter with problems in technical convergence and convergences of security technology. This approach is new because we look at new issues that arise from techniques converging. The general scope of the proceedings content is convergence security and the latest information technology. The intended readership are societies, enterprises, and research institutes, and intended content level is mid- to highly educated personals. The most important features and benefits of the proceedings are the introduction of the most recent information technology and its related ideas, applications and problems related to technology convergence, and its case studies and finally an introduction of converging existing security techniques through convergence security. Overall, through the proceedings, authors will be able to understand the most state of the art information strategies and technologies of convergence security.

  2. Experimental unconditionally secure bit commitment

    Science.gov (United States)

    Liu, Yang; Cao, Yuan; Curty, Marcos; Liao, Sheng-Kai; Wang, Jian; Cui, Ke; Li, Yu-Huai; Lin, Ze-Hong; Sun, Qi-Chao; Li, Dong-Dong; Zhang, Hong-Fei; Zhao, Yong; Chen, Teng-Yun; Peng, Cheng-Zhi; Zhang, Qiang; Cabello, Adan; Pan, Jian-Wei

    2014-03-01

    Quantum physics allows unconditionally secure communication between parties that trust each other. However, when they do not trust each other such as in the bit commitment, quantum physics is not enough to guarantee security. Only when relativistic causality constraints combined, the unconditional secure bit commitment becomes feasible. Here we experimentally implement a quantum bit commitment with relativistic constraints that offers unconditional security. The commitment is made through quantum measurements in two quantum key distribution systems in which the results are transmitted via free-space optical communication to two agents separated with more than 20 km. Bits are successfully committed with less than 5 . 68 ×10-2 cheating probability. This provides an experimental proof of unconditional secure bit commitment and demonstrates the feasibility of relativistic quantum communication.

  3. Private Security Contractors in Darfur

    DEFF Research Database (Denmark)

    Leander, Anna

    2006-01-01

    on a framework of analysis inspired by Bourdieu, we show that neo-liberal governmentality is reflected in the dispositions of security actors as well as in their relative positions. The resulting security practices reinforce dispositions and positions that reproduce neo-liberal governmentality. Looking......This article argues that the role of Private Security Contractors in Darfur reflects and reinforces neo-liberal governmentality in contemporary security governance. It is an argument (in line with other articles in this special issue) which is more interested in discussing how the privatization....... It underlines that governance is increasingly taking place through a set of (quasi-) markets, it is marked by entrepreneurial values, and a hands off approach to governance. We then discuss the way this overall change is reflected in and reinforced by the role of private security contractors in Darfur. Drawing...

  4. *NEW* CRITICAL Windows Security patches

    CERN Multimedia

    2003-01-01

    On 3 October and 10 September 2003, Microsoft issued new CRITICAL security patches MS03-040 and MS03-039. They must be URGENTLY applied on ALL WINDOWS systems, which are not centrally managed for security patches. This includes Experiment computers, Home computers and Windows Portable and Desktop systems not running NICE. Details of the security holes and patches are at: MS03-039: http://cern.ch/it-div/news/hotfix-MS03-039.asp http://www.microsoft.com/technet/security/bulletin/MS03-039.asp MS03-040: http://cern.ch/it-div/news/hotfix-MS03-040.asp http://www.microsoft.com/technet/security/bulletin/MS03-040.asp

  5. Social security for seafarers globally

    DEFF Research Database (Denmark)

    Jensen, Olaf; Canals, Luisa; Haarløv, Erik

    2013-01-01

    Social security for seafarers globally Background: Social security protection is one of the essential elements of decent work. The issue is complex and no previous epidemiological studies of the coverage among seafarers have yet been performed. Objectives: The aim was to overcome the gap...... of knowledge to promote the discussion and planning of the implementation of social security for all seafarers. Methods: The seafarers completed a short questionnaire concerning their knowledge about their social security status. Results: Significant disparities of coverage of social security were pointed out...... among the nationalities. Especially it is worth mentioning that more than half of the respondents believe they are uncovered economically for disability from an injury on board and from a work related disease. Conclusions: The results confirm the ILO statements that a significant part of the seafarers...

  6. Securing Applications in Windows Phone

    Directory of Open Access Journals (Sweden)

    B. Venkat Sandeep

    2012-06-01

    Full Text Available Windows Phone 7 has been planned with speed in mind. Windows phone is the new baby from Microsoft which is impressed by its features. More than 80,000 apps have now been published in the Windows Phone Marketplace and new content is currently being added at the rate of 340 apps per day [1]. Although there are many benefits, these are not without risks. Most of today’s mobile applications are transaction based, the security is even greater. In this paper we will discuss about the security in mobile devices, and how the windows phone has supported in developing secure applications. Also discuss about the isolated storage feature in windows phone. As security is more important for the Mobile devices, this also discusses how the additional security is provided to the apps.

  7. Security Problems in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Rola Motawie

    2016-12-01

    Full Text Available Cloud is a pool of computing resources which are distributed among cloud users. Cloud computing has many benefits like scalability, flexibility, cost savings, reliability, maintenance and mobile accessibility. Since cloud-computing technology is growing day by day, it comes with many security problems. Securing the data in the cloud environment is most critical challenges which act as a barrier when implementing the cloud. There are many new concepts that cloud introduces, such as resource sharing, multi-tenancy, and outsourcing, create new challenges for the security community. In this work, we provide a comparable study of cloud computing privacy and security concerns. We identify and classify known security threats, cloud vulnerabilities, and attacks.

  8. Security Architecture of Cloud Computing

    Directory of Open Access Journals (Sweden)

    V.KRISHNA REDDY

    2011-09-01

    Full Text Available The Cloud Computing offers service over internet with dynamically scalable resources. Cloud Computing services provides benefits to the users in terms of cost and ease of use. Cloud Computing services need to address the security during the transmission of sensitive data and critical applications to shared and public cloud environments. The cloud environments are scaling large for data processing and storage needs. Cloud computing environment have various advantages as well as disadvantages on the data security of service consumers. This paper aims to emphasize the main security issues existing in cloud computing environments. The security issues at various levels of cloud computing environment is identified in this paper and categorized based on cloud computing architecture. This paper focuses on the usage of Cloud services and security issues to build these cross-domain Internet-connected collaborations.

  9. 75 FR 18867 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-011...

    Science.gov (United States)

    2010-04-13

    ... Security Administration--011, Transportation Security Intelligence Service Operations Files Systems of... Administration--011 Transportation Security Intelligence Service Operations Files previously published on... Security Intelligence Service (TSIS) Operations Files System of Records (69 FR 71828, December 10,...

  10. Privacy and security in teleradiology.

    Science.gov (United States)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  11. A Security Audit Framework to Manage Information System Security

    Science.gov (United States)

    Pereira, Teresa; Santos, Henrique

    The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

  12. IT security governance guidebook with security program metrics

    CERN Document Server

    Cohen, Fred

    2006-01-01

    The IT Security Governance Guidebook with Security Program Metrics on CD-ROM provides clear and concise explanations of key issues in information protection, describing the basic structure of information protection and enterprise protection programs. Including graphics to support the information in the text, this book includes both an overview of material as well as detailed explanations of specific issues. The accompanying CD-ROM offers a collection of metrics, formed from repeatable and comparable measurement, that are designed to correspond to the enterprise security governance model provid

  13. Computer Network Security- The Challenges of Securing a Computer Network

    Science.gov (United States)

    Scotti, Vincent, Jr.

    2011-01-01

    This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

  14. 75 FR 707 - Classified National Security Information

    Science.gov (United States)

    2010-01-05

    ... National Security Information Memorandum of December 29, 2009--Implementation of the Executive Order ``Classified National Security Information'' Order of December 29, 2009--Original Classification Authority #0... 13526 of December 29, 2009 Classified National Security Information This order prescribes a...

  15. 78 FR 5116 - NASA Information Security Protection

    Science.gov (United States)

    2013-01-24

    ... SPACE ADMINISTRATION 14 CFR Part 1203 RIN 2700-AD61 NASA Information Security Protection AGENCY..., Classified National Security Information, and appropriately to correspond with NASA's internal requirements, NPR 1600.2, Classified National Security Information, that establishes the Agency's requirements...

  16. 78 FR 66318 - Securities Investor Protection Corporation

    Science.gov (United States)

    2013-11-05

    ... COMMISSION 17 CFR Part 300 Securities Investor Protection Corporation AGENCY: Securities and Exchange Commission. ACTION: Proposed rule. SUMMARY: The Securities Investor Protection Corporation (``SIPC'') filed a..., the Options Clearing Corporation (``OCC'') proposed, and the Commission approved, a rule change...

  17. System Security Management in SNMP

    Directory of Open Access Journals (Sweden)

    P. Deivendran

    2010-05-01

    Full Text Available We present a framework for managing system security, based on a SNMP Management Information Base (MIB, namely the System Security MIB (SSEC MIB, We have defined managed objects and completed the ASN.1 description of the MIB that embeds them. The related security management functions are mainly focused on monitoring external script execution for system security scanning and access control. The main goal of this work is to introduce the semantics and a standard interface that will allow the realization of specific system security management functions independently of the underlying architecture. Our definitions pertain to multi-user; multi-tasking operating systems that support TCP/IP communications and a prototype of the SSEC MIB are under development for UNIX system. The proposed management framework follows the manager agent paradigm: an agent is installed on every system connected to the network, communicating with one or more central managers through a management protocol. We have tried not to heavily rely on polling for the manager-agent interaction by using as much as possible asynchronous notification mechanisms and allowing some limited delegated functionality for the agent (scheduling and handling of local scripts. The manager scans the agents for security information, sets specific parameters for monitoring and script execution and receives asynchronous notifications on specific events, whereas the agent maintains a MIB that provides the system-independent interface semantics, executes scripts for security scanning, performs monitoring & logging and generates the asynchronous notification PDUs.

  18. Information security management with ITIL V3

    CERN Document Server

    Cazemier, Jacques A; Peters, Louk

    2010-01-01

    This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

  19. Commission on Social Security

    CERN Multimedia

    Staff Association

    2010-01-01

    A commission studying past, present, and future social stakes ! For many years we have been hearing about the problems of funding of health insurance benefits in our different Member States. At CERN we are not totally immune from this problem.  To start with, let us recall that we have a mutual-benefit scheme which covers everyone for the consequences of the uncertainties in life (illness and accidents). The rules of our scheme are established by CERN in the framework of a sub-group of the Standing Concertation Committee, the CERN Health Insurance Scheme Board (CHISB), which is also in charge of managing the scheme.  The work of the “ProtSoc” (Protection Sociale – Social Security) commission, as we like to call it at the Staff Association, is to help your representatives on the CHISB, by preparing together with them the subjects and positions to be put forward and defended. This commission, which groups together the staff delegates who wish to invest their ...

  20. Security affects us all!

    CERN Multimedia

    SMB Department

    2016-01-01

    In the hope of minimising the number of thefts of the Organization’s property, which can lead to months of work going to waste on certain projects, you are reminded of the importance that CERN attaches to the rules concerning the protection of equipment for which we are responsible. If you see any unusual behaviour or if you are the victim of a theft, don’t hesitate to report it by submitting a ticket through the CERN Portal or calling the CSA. Security affects us all!   CERN is attractive in more ways than one, and it remains as attractive as ever to thieves. With the nice weather and with the holiday season in full swing, the number of thefts recorded at CERN is on the rise. Items stolen include money, computers, electronic equipment, cable drums and copper antennae.   There are a few basic precautions that you should take to protect both your own and the Organization’s property: lock your door, don’t leave valuable items in your office, st...

  1. Securing XML Documents

    Directory of Open Access Journals (Sweden)

    Charles Shoniregun

    2004-11-01

    Full Text Available XML (extensible markup language is becoming the current standard for establishing interoperability on the Web. XML data are self-descriptive and syntax-extensible; this makes it very suitable for representation and exchange of semi-structured data, and allows users to define new elements for their specific applications. As a result, the number of documents incorporating this standard is continuously increasing over the Web. The processing of XML documents may require a traversal of all document structure and therefore, the cost could be very high. A strong demand for a means of efficient and effective XML processing has posed a new challenge for the database world. This paper discusses a fast and efficient indexing technique for XML documents, and introduces the XML graph numbering scheme. It can be used for indexing and securing graph structure of XML documents. This technique provides an efficient method to speed up XML data processing. Furthermore, the paper explores the classification of existing methods impact of query processing, and indexing.

  2. Biofuels and food security

    Directory of Open Access Journals (Sweden)

    Dmitry S. STREBKOV

    2015-03-01

    Full Text Available The major source of energy comes from fossil fuels. The current situation in the field of fuel and energy is becoming more problematic as world population continues to grow because of the limitation of fossil fuels reserve and its pressure on environment. This review aims to find economic, reliable, renewable and non-polluting energy sources to reduce high energy tariffs in Russian Federation. Biofuel is fuel derived directly from plants, or indirectly from agricultural, commercial, domestic, and/or industrial wastes. Other alternative energy sources including solar energy and electric power generation are also discussed. Over 100 Mt of biomass available for energy purposes is produced every year in Russian. One of the downsides of biomass energy is its potential threatens to food security and forage industries. An innovative approach proved that multicomponent fuel (80% diesel oil content for motor and 64% for in stove fuel can remarkably reduce the costs. This paper proposed that the most promising energy model for future is based on direct solar energy conversion and transcontinental terawatt power transmission with the use of resonant wave-guide technology.

  3. Coal Mines Security System

    Directory of Open Access Journals (Sweden)

    Ankita Guhe

    2012-05-01

    Full Text Available Geological circumstances of mine seem to be extremely complicated and there are many hidden troubles. Coal is wrongly lifted by the musclemen from coal stocks, coal washeries, coal transfer and loading points and also in the transport routes by malfunctioning the weighing of trucks. CIL —Coal India Ltd is under the control of mafia and a large number of irregularities can be contributed to coal mafia. An Intelligent Coal Mine Security System using data acquisition method utilizes sensor, automatic detection, communication and microcontroller technologies, to realize the operational parameters of the mining area. The data acquisition terminal take the PIC 16F877A chip integrated circuit as a core for sensing the data, which carries on the communication through the RS232 interface with the main control machine, which has realized the intelligent monitoring. Data management system uses EEPROM chip as a Black box to store data permanently and also use CCTV camera for recording internal situation. The system implements the real-time monitoring and displaying for data undermine, query, deletion and maintenance of history data, graphic statistic, report printing, expert diagnosis and decision-making support. The Research, development and Promote Application will provide the safeguard regarding the mine pit control in accuracy, real-time capacity and has high reliability.

  4. Calling Out Cheaters : Covert Security with Public VerifiabilitySecurity

    DEFF Research Database (Denmark)

    Asharov, Gilad; Orlandi, Claudio

    2012-01-01

    We introduce the notion of covert security with public verifiability, building on the covert security model introduced by Aumann and Lindell (TCC 2007). Protocols that satisfy covert security guarantee that the honest parties involved in the protocol will notice any cheating attempt with some...... constant probability ε. The idea behind the model is that the fear of being caught cheating will be enough of a deterrent to prevent any cheating attempt. However, in the basic covert security model, the honest parties are not able to persuade any third party (say, a judge) that a cheating occurred. We...... propose (and formally define) an extension of the model where, when an honest party detects cheating, it also receives a certificate that can be published and used to persuade other parties, without revealing any information about the honest party’s input. In addition, malicious parties cannot create fake...

  5. Tactical Automated Security System Air Force expeditionary security

    Science.gov (United States)

    Butler, Ken

    2002-08-01

    The US Air Force's TASS (Tactical Automated Security System) program has been in existence since 1996. The TASS program meets the growing need to supplement security personnel with modern technology, when these forces are deployed around the world. TASS combines five equipment elements into an integrated security solution, providing both a detection and an assessment capability. TASS does this in a way which maximizes the mobility and user friendliness objectives of the system. In this paper, we will take a closer look at TASS. We will examine the concepts that drive the TASS development process. We will provide an overview of the TASS technical elements, and provide a roadmap for further development of those elements. Finally, we will provide recommendations to security providers who aim to have their products included in the TASS baseline of equipment.

  6. Securing the Global Airspace System Via Identity-Based Security

    Science.gov (United States)

    Ivancic, William D.

    2015-01-01

    Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

  7. The Cloud's Core Virtual Infrastructure Security

    Science.gov (United States)

    Tolnai, Annette; von Solms, Sebastiaan

    Cloud service providers (CSPs) should institute the necessary security controls, including restricting physical and logical access to hypervisor and other forms of employed virtualization layers. To enact relevant security measures, the core elements communicating with the hypervisor need to be secured. A proposed security model will introduce some of the aspects that need to be secured in the virtual environment to ensure a secure and sound cloud computing environment. This paper will discuss the core aspects of the virtualized architecture explaining the security risks, including a discussion pertaining to the relevant security core concepts to mitigate the risks.

  8. The National Homeland Security Research Center

    Data.gov (United States)

    Federal Laboratory Consortium — The National Homeland Security Research Center advances our nation's security by providing scientific products and expertise to improve the ability to respond to and...

  9. 33 CFR 127.705 - Security systems.

    Science.gov (United States)

    2010-07-01

    ...) WATERFRONT FACILITIES WATERFRONT FACILITIES HANDLING LIQUEFIED NATURAL GAS AND LIQUEFIED HAZARDOUS GAS Waterfront Facilities Handling Liquefied Natural Gas Security § 127.705 Security systems. The operator...

  10. 33 CFR 127.707 - Security personnel.

    Science.gov (United States)

    2010-07-01

    ...) WATERFRONT FACILITIES WATERFRONT FACILITIES HANDLING LIQUEFIED NATURAL GAS AND LIQUEFIED HAZARDOUS GAS Waterfront Facilities Handling Liquefied Natural Gas Security § 127.707 Security personnel. The...

  11. Energy audit and energy security

    Directory of Open Access Journals (Sweden)

    Beata Agnieszka Kulessa

    2013-07-01

    Full Text Available In article, we present the issue of energy security. This article to answer the questions concerning the future of energy in Poland. These activities are directly related to energy security and the reduction of CO2 emissions. One element of this plan is the introduction in the EU energy certification of buildings. The energy certificates in Poland launched on 01.01.2009 and implements the objectives adopted by the European Union and contribute to energy security, increasing energy efficiency in construction and environmental protection.

  12. Secure messaging on the internet

    CERN Document Server

    Oppliger, Rolf

    2014-01-01

    This book offers a comprehensive understanding of secure Internet messaging, and brings together all the relevant and critical information needed to use OpenPGP and S/MIME-compliant software. It explores the conceptual and technical approaches followed by the developers of both OpenPGP and S/MIME, and gives a thorough treatment of the latest and most-effective technologies for secure messaging. Ideal for security and network managers, as well as professional system and network administrators, this easy-to-understand book is a complete guide to OpenPGP, S/MIME, Web-based and gateway solutions,

  13. Multilevel security for relational databases

    CERN Document Server

    Faragallah, Osama S; El-Samie, Fathi E Abd

    2014-01-01

    Concepts of Database Security Database Concepts Relational Database Security Concepts Access Control in Relational Databases      Discretionary Access Control      Mandatory Access Control      Role-Based Access Control Work Objectives Book Organization Basic Concept of Multilevel Database Security IntroductionMultilevel Database Relations Polyinstantiation      Invisible Polyinstantiation      Visible Polyinstantiation      Types of Polyinstantiation      Architectural Consideration

  14. Threat modeling designing for security

    CERN Document Server

    Shostack, Adam

    2014-01-01

    Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems secur

  15. Mobile device security for dummies

    CERN Document Server

    Campagna, Rich; Krishnan, Ashwin

    2011-01-01

    The information you need to avoid security threats on corporate mobile devices Mobile devices have essentially replaced computers for corporate users who are on the go and there are millions of networks that have little to no security. This essential guide walks you through the steps for securing a network and building a bulletproof framework that will protect and support mobile devices in the enterprise. Featuring real-world case scenarios, this straightforward guide shares invaluable advice for protecting mobile devices from the loss of sensitive and confidential corporate informati

  16. Federation for a Secure Enterprise

    Science.gov (United States)

    2016-09-10

    Countering the Futility of Network Security ," Air and Space Power Journal, Sep-Oct 2015, Vol 29, No.5, pg. 4. [8]. Coimbatore Chandersekaran and William...I N S T I T U T E F O R D E F E N S E A N A L Y S E S Federation for a Secure Enterprise William R. Simpson September 10, 2016 Approved for...252.227-7013 (a)(16) [Jun 2013]. Federation for a Secure Enterprise1 William R. Simpson and Kevin E. Foltz Institute for Defense Analyses

  17. Idology and Its Applications in Public Security and Network Security

    OpenAIRE

    Su, Shenghui; Zheng, Jianhua; Huang, Zhiqiu; Li, Zhoujun; Tang, Zhenmin; Wang, Jian; Lu, Shuwang

    2016-01-01

    Fraud (swindling money or property by fictional, counterfeit, forged, or imitative things or by impersonating other persons) forms its threats against public security and network security. Anti-fraud is essentially the identification of a person or thing. In this paper, the authors first propose the concept of idology - a systematic and scientific study of identifications of persons and things, and give the definitions of a symmetric identity and an asymmetric identity. Discuss the conversion...

  18. Bluetooth and security

    Science.gov (United States)

    Ivo, Penn

    2004-04-01

    frequency band, the Bluetooth radio typically hops faster and uses shorter packets. This is because short packages and fast hopping limit the impact of microwave ovens and other sources of disturbances. Use of Forward Error Correction (FEC) limits the impact of random noise on long-distance links. Bluetooth transmissions are secure in a business and home environment. Bluetooth has built in sufficient encryption and authentication and is thus very secure in any environment. In addition to this, a frequency-hopping scheme with 1600 hops/sec. is employed. This is far quicker than any other competing system. This, together with an automatic output power adaption to reduce the range exactly to requirement, makes the system extremely difficult to eavesdrop. Information Integrity in Bluetooth has these components: Random Number Generation, Encryption, Encryption Key Management and Authentication.

  19. Cryptology and Communication Security

    Directory of Open Access Journals (Sweden)

    Shri Kant

    2012-01-01

    Full Text Available Cryptology is the scientific study and practice of making (cryptography and breaking (cryptanalysis of codes andciphers. Code is a system of rephrasing parts of normal language meaningful with certain standard groups or symbols. Whereas cipher is a system of transforming fixed length group of language symbols at normally the single character of alphabet into code alphabet character. The science of making communications unintelligible to all except the intended recipient(s is known as cryptography. Until recently cryptography has been of interest primarily to the defence and diplomatic personnel of governments, guarded over and directed by their national crypto logic services. But now a day’s It has become the part of our daily life viz. providing electronic security to our house and offices, use of ATM, Credit Card, Smart Cards and RFID tags, etc. all of them needs cryptography in some form. Private business sectors, terrorist outfit and electronic communication agencies are using cryptographic methods to keep their data, valuable information and their developmental activities secret until they feel that it is important for their commercial interest, etc. Many cryptographic devices and algorithms are available for non-governmental application, such as M209, Hagelin machine, DES, AES, Public key cryptography (RSA system, and also varieties of crypto algorithms are available in the open literatures for any interested agency to implement their own system of encryptions.Defence Science Journal, 2012, 62(1, pp.3-5, DOI:http://dx.doi.org/10.14429/dsj.62.1434

  20. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy security definitions and security models. Although there is no inherent need to separate security and correctness requirements, practically, such separation is significant. It makes security analysis...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

  1. RFID security a lightweight paradigm

    CERN Document Server

    Khattab, Ahmed; Amini, Esmaeil; Bayoumi, Magdy

    2017-01-01

    This book provides a comprehensive treatment of security in the widely adopted, Radio Frequency Identification (RFID) technology. The authors present the fundamental principles of RFID cryptography in a manner accessible to a broad range of readers, enabling them to improve their RFID security design. This book also offers the reader a range of interesting topics portraying the current state-of-the-art in RFID technology and how it can be integrated with today’s Internet of Things (IoT) vision. The authors describe a first-of-its-kind, lightweight symmetric authenticated encryption cipher called Redundant Bit Security (RBS), which enables significant, multi-faceted performance improvements compared to existing cryptosystems. This book is a must-read for anyone aiming to overcome the constraints of practical implementation in RFID security technologies.

  2. Security of Quantum Key Distribution

    CERN Document Server

    Renner, R

    2005-01-01

    We propose various new techniques in quantum information theory, including a de Finetti style representation theorem for finite symmetric quantum states. As an application, we give a proof for the security of quantum key distribution which applies to arbitrary protocols.

  3. Social Security Number (SSN) Verification

    Data.gov (United States)

    U.S. Department of Health & Human Services — This report presents the results of a validation study of Social Security numbers (SSNs) in Medicaid Statistical Information System (MSIS) records for the fourth...

  4. Social Security and Medicare Benefits

    Data.gov (United States)

    Social Security Administration — Annual cash benefits and rehabilitation benefits paid in each year from the Old-Age and Survivors Insurance, and Disability Insurance Trust Funds, and benefits paid...

  5. CENTER FOR CYBER SECURITY STUDIES

    Data.gov (United States)

    Federal Laboratory Consortium — The mission of the Center for Cyber Security Studies is to enhance the education of midshipmen in all areas of cyber warfare, to facilitate the sharing of expertise...

  6. OWDP and Its Secure Implementation

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    Here we present one design based on OWDP for secure high-speed IP network performance monitor system. Based on the analysis of OWDP protocol and the high-speed IP network performance's real-time monitor infrastructure, the paper illustrates the potential security problems in OWDP and its possible weakness when applied in the monitor infrastructure. One secure improvement design based on Otway-Rees authentication protocol is put forward, which can improve the security of the implementation of OWDP and the monitor architecture. Having kept OWDP's simplicity and efficiency, the design satisfies the real-time demand of high-speed network performance monitor and will effectively safeguard the monitor procedure against intensive attacks.

  7. Global energy policy and security

    CERN Document Server

    Leal Filho, Walter

    2013-01-01

    This book offers a multidisciplinary perspective on issues about global energy policy and security. It integrates philosophical chapters with technical/modeling chapters and covers issues related to finance, economics, and environmental science.

  8. Resilience and (in)security

    DEFF Research Database (Denmark)

    dunn cavelty, myriam; Kaufmann, Mareile; Kristensen, Kristian Søby

    2015-01-01

    Diverse, sometimes even contradictory concepts and practices of resilience have proliferated into a wide range of security policies. In introducing this special issue, we problematize and critically discuss how these forms of resilience change environments, create subjects, link temporalities, an...

  9. Intellectual Bank Locker Security System

    Directory of Open Access Journals (Sweden)

    S.V.Tejesvi

    2016-02-01

    Full Text Available In today's modern world, security plays an important role. Every person has precious accessories like gold, documents or cash. The main goal of this project is to design and implement a bank locker security system based on fingerprint and GSM technology. It reduces wastage of time for both banker as well as customer and provides advanced security. In this system, only authentic persons can recover money or accessories from bank locker. In this system the user’s name, fingerprint and mobile number are enrolled. If the fingerprint matches, then four digit code will be sent to the authorized person’s mobile through GSM modem and the locker door will be opened then, otherwise it will be in locked position and gives an alarm when any mismatch occurs. The sensors will be active during night times to provide security against thefts.

  10. World Energy Security in Flux

    Institute of Scientific and Technical Information of China (English)

    Chen Fengying

    2006-01-01

    @@ The opening years of the 21 st century thus witness an acute energy security issue with a fluctuating international market, fierce contention, brisk diplomacy and a fluid energy configuration, all heralding the approaching new era.

  11. Security Issues on the Internet.

    Science.gov (United States)

    Bar-Ilan, Judit

    1996-01-01

    Discusses some basic notions of modern cryptography: public key systems and digital signatures. Describes how theoretical modern cryptography can help solve security problems on the Internet. (Author/JKP)

  12. Ditching U.S.Securities?

    Institute of Scientific and Technical Information of China (English)

    2010-01-01

    @@ Japan overtook China as the largest foreign holder of U.S.Treasury securities at the end of 2009 after China sold $34.2 billion in American securities last December.China had previously surpassed Japan as the largest holder in September 2008.Since then,China has increased and reduced its holding from time to time.The latest amount,however,accounted for 4 percent of all Chinese holdings and was the biggest single month reduction in years.

  13. Sino-EU Security Relations

    Institute of Scientific and Technical Information of China (English)

    Xia Liping

    2010-01-01

    @@ There are two levels of security relations between China and the EU.The first level is that of China and the EU as a whole.The second level is that between China and member states of the EU respectively.Because the Common Foreign and Security Policy of the EU is still in an initial phase,defense relations between China and the EU have mainly been at the second level.

  14. Secure High Dynamic Range Images

    OpenAIRE

    Med Amine Touil; Noureddine Ellouze

    2016-01-01

    In this paper, a tone mapping algorithm is proposed to produce LDR (Limited Dynamic Range) images from HDR (High Dynamic Range) images. In the approach, non-linear functions are applied to compress the dynamic range of HDR images. Security tools will be then applied to the resulting LDR images and their effectiveness will be tested on the reconstructed HDR images. Three specific examples of security tools are described in more details: integrity verification using hash function to compute loc...

  15. Heuristic Methods for Security Protocols

    Directory of Open Access Journals (Sweden)

    Qurat ul Ain Nizamani

    2009-10-01

    Full Text Available Model checking is an automatic verification technique to verify hardware and software systems. However it suffers from state-space explosion problem. In this paper we address this problem in the context of cryptographic protocols by proposing a security property-dependent heuristic. The heuristic weights the state space by exploiting the security formulae; the weights may then be used to explore the state space when searching for attacks.

  16. The Future of Transcaspian Security

    Science.gov (United States)

    2002-08-01

    international security and not only in the CIS. Dylan Hendrickson and Andrzej Karkoszka of SIPRI observe that, The international community is seeking to...Winter, 1999-2000, pp. 69-80; Anatol Lieven, “ Bobbing for Rotten Apples: Geopolitical Agendas in Ukraine and the Western CIS,” paper presented to the...Eavis and Kefford, pp. 3-14. 50. Dylan Hendrickson and Andrezj Karkoszka, “The Challenges of Security Sector Reform,” Relief Web: Highlights from

  17. Control E-commerce security

    OpenAIRE

    Wu, Yucheng

    2010-01-01

    Electronic commerce has been very popular in the recent years. However, security is one of the barriers, which affects the development of E-commerce. How should merchants of E-commerce solve this problem and maintain a secure environment for their customers? How do customers protect their confidential data when they are shopping on-line? This thesis discusses various common attacks, and presents the protection solutions according to those attacks. Because attacks may take place on the custome...

  18. Security Problems in Cloud Computing

    OpenAIRE

    Rola Motawie; Mahmoud M. El-Khouly; Samir Abou El-Seoud

    2016-01-01

    Cloud is a pool of computing resources which are distributed among cloud users. Cloud computing has many benefits like scalability, flexibility, cost savings, reliability, maintenance and mobile accessibility. Since cloud-computing technology is growing day by day, it comes with many security problems. Securing the data in the cloud environment is most critical challenges which act as a barrier when implementing the cloud. There are many new concepts that cloud introduces, such as resource sh...

  19. Security and policy driven computing

    CERN Document Server

    Liu, Lei

    2010-01-01

    Security and Policy Driven Computing covers recent advances in security, storage, parallelization, and computing as well as applications. The author incorporates a wealth of analysis, including studies on intrusion detection and key management, computer storage policy, and transactional management.The book first describes multiple variables and index structure derivation for high dimensional data distribution and applies numeric methods to proposed search methods. It also focuses on discovering relations, logic, and knowledge for policy management. To manage performance, the text discusses con

  20. Process Models for Security Architectures

    Directory of Open Access Journals (Sweden)

    Floarea NASTASE

    2006-01-01

    Full Text Available This paper presents a model for an integrated security system, which can be implemented in any organization. It is based on security-specific standards and taxonomies as ISO 7498-2 and Common Criteria. The functionalities are derived from the classes proposed in the Common Criteria document. In the paper we present the process model for each functionality and also we focus on the specific components.

  1. Heuristic Methods for Security Protocols

    OpenAIRE

    Qurat ul Ain Nizamani; Emilio Tuosto

    2009-01-01

    Model checking is an automatic verification technique to verify hardware and software systems. However it suffers from state-space explosion problem. In this paper we address this problem in the context of cryptographic protocols by proposing a security property-dependent heuristic. The heuristic weights the state space by exploiting the security formulae; the weights may then be used to explore the state space when searching for attacks.

  2. Design-Efficiency in Security

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    In this document, we present our applied results on balancing security and performance using a running example, which is based on sensor networks. These results are forming a basis for a new approach to balance security and performance, and therefore provide design-­efficiency of key updates. We...... employ probabilistic model checking approach and present our modelling and analysis study using PRISM model checker....

  3. Security in wireless sensor networks

    CERN Document Server

    Oreku, George S

    2016-01-01

    This monograph covers different aspects of sensor network security including new emerging technologies. The authors present a mathematical approach to the topic and give numerous practical examples as well as case studies to illustrate the theory. The target audience primarily comprises experts and practitioners in the field of sensor network security, but the book may also be beneficial for researchers in academia as well as for graduate students.

  4. Security in the Third World

    OpenAIRE

    Özgediz, Gülden

    2004-01-01

    Ankara : The Department of International Relations, Bilkent Univ., 2004. Thesis (Master's) -- Bilkent University, 2004. Includes bibliographical references leaves 134-144. This thesis traces the development of thinking about security in the Third World from its Cold War past to its post-Cold War present. For this purpose, it examines three main approaches (traditional. Third World and critical) to the study of security in the Third World. It begins with a critical overview o...

  5. Security and privacy in biometrics

    CERN Document Server

    Campisi, Patrizio

    2013-01-01

    This important text/reference presents the latest secure and privacy-compliant techniques in automatic human recognition. Featuring viewpoints from an international selection of experts in the field, the comprehensive coverage spans both theory and practical implementations, taking into consideration all ethical and legal issues. Topics and features: presents a unique focus on novel approaches and new architectures for unimodal and multimodal template protection; examines signal processing techniques in the encrypted domain, security and privacy leakage assessment, and aspects of standardizati

  6. INFORMATION SECURITY IN LOGISTICS COOPERATION

    Directory of Open Access Journals (Sweden)

    Tomasz Małkus

    2015-03-01

    Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

  7. China’s Security Perspective

    Science.gov (United States)

    2011-06-01

    Harold A. Trinkunas, PhD Chair , Department of National Security Affairs iv THIS PAGE INTENTIONALLY LEFT BLANK v ABSTRACT The current...67–103. 14 Dennis Blair, John Handley, “From Wheels to Webs: Reconstruction Asia-Pacific Security Arrangements” The Washington Quarterly (2001), 7...professional basketball player during a game, China’s military acquisition program is only part of its overall modernization program and poses little threat

  8. Secure positioning in wireless networks

    DEFF Research Database (Denmark)

    Capkun, Srdjan; Hubaux, Jean-Pierre

    2006-01-01

    So far, the problem of positioning in wireless networks has been studied mainly in a non-adversarial settings. In this work, we analyze the resistance of positioning techniques to position and distance spoofing attacks. We propose a mechanism for secure positioning of wireless devices, that we call...... Verifiable Multilateration. We then show how this mechanism can be used to secure positioning in sensor networks. We analyze our system through simulations....

  9. Multi-cultural network security

    Energy Technology Data Exchange (ETDEWEB)

    Stevens, D.F.

    1996-04-01

    Education and awareness are widely acknowledged to be among the fundamental issues of Internet security, but only in the sense of making Internet users more security conscious. For the Internet to achieve its promise as an information highway, however, a complementary education effort is needed. If adequate Internet security is to be achieved, we must also increase the awareness of the professional security community of the requirements, attitudes, and habits of the many different cultures that participate in the Internet. Discussions of {open_quotes}the Internet{close_quotes} encourage the misapprehension that there is a single, uniform user community instead of a loose alliance of many cultures that differ in many fundamental aspects. This is true even if we limit our consideration to ethical cultures. At this Workshop alone we have representatives of administrative and military cultures, Governmental and commercial cultures, profit-cultures and non-profit cultures, research and operational cultures. Internet cultures are united in their desire to exploit the connectivity, flexibility, and rapidity of communication provided by the net, but differ greatly in their motivations, their attitudes towards authority, their willingness to cooperate within their own communities, their interest in technical arcana, and the patience with which they will put up with - or the enthusiasm with which they will embrace - the growing list of procedures deemed necessary for acceptable security. They even differ in how they define {open_quotes}acceptable security{close_quotes}.

  10. Conducting an information security audit

    Directory of Open Access Journals (Sweden)

    Prof. Ph.D . Gheorghe Popescu

    2008-05-01

    Full Text Available The rapid and dramatic advances in information technology (IT in recent years have withoutquestion generated tremendous benefits. At the same time, information technology has created significant,nunprecedented risks to government and to entities operations. So, computer security has become muchmore important as all levels of government and entities utilize information systems security measures toavoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitiveinformation. Obviously, uses of computer security become essential in minimizing the risk of malicious attacksfrom individuals and groups, considering that there are many current computer systems with onlylimited security precautions in place.As we already know financial audits are the most common examinations that a business manager en-counters.This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical securityaudits. However, they are unlikely to be acquainted with information security audits; that is an audit ofhow the confidentiality, availability and integrity of an organization’s information are assured. Any way,if not, they should be, especially that an information security audit is one of the best ways to determine thesecurity of an organization’s information without incurring the cost and other associated damages of a securityincident.

  11. Motorola Secure Software Development Model

    Directory of Open Access Journals (Sweden)

    Francis Mahendran

    2008-08-01

    Full Text Available In today's world, the key to meeting the demand for improved security is to implement repeatable processes that reliably deliver measurably improved security. While many organizations have announced efforts to institutionalize a secure software development process, there is little or no industry acceptance for a common process improvement framework for secure software development. Motorola has taken the initiative to develop such a framework, and plans to share this with the Software Engineering Institute for possible inclusion into its Capability Maturity Model Integration (CMMI®. This paper will go into the details of how Motorola is addressing this issue. The model that is being developed is designed as an extension of the existing CMMI structure. The assumption is that the audience will have a basic understanding of the SEI CMM® / CMMI® process framework. The paper will not describe implementation details of a security process model or improvement framework, but will address WHAT security practices are required for a company with many organizations operating at different maturity levels. It is left to the implementing organization to answer the HOW, WHEN, WHO and WHERE aspects. The paper will discuss how the model is being implemented in the Motorola Software Group.

  12. Suggestions for better election security.

    Energy Technology Data Exchange (ETDEWEB)

    Johnston, R.G.; Warner, J.S. (Nuclear Engineering Division)

    2011-01-01

    Summary of Common Security Mistakes: (1) Electronic voting machines that fundamentally lack security thought and features, including an ability to detect tampering or intrusion, or to be reliably locked or sealed; (2) Failure to disassemble, inspect, and thoroughly inspect (not just test) a sufficient number of voting machines before and after elections in order to detect hardware or software tampering; (3) Assuming that tamper - indicating seals will either be blatantly ripped/smashed open, or else there is no tampering. In reality, even amateurs can spoof most seals leaving (at most) subtle evidence; (4) Inadequate seal use protocols and training of seal installers and inspectors. Failure to show examples of blatantly and subtly attacked seals to seal inspectors; (5) Over confidence in use of a voter verified paper record (VVPR), a VVPR is an excellent security countermeasure, but it is not a silver bullet, especially for an election organization with poor overall security; (6) Little or no insider thr at mitigation; and (7) A poor security culture, including denial and no a priori procedures for dealing with security questions or concerns.

  13. Security bingo for the paranoid

    CERN Multimedia

    Computer Security Team

    2011-01-01

    We have received complaints that the previous SECURITY BINGO was too easy… So, are you extremely cautious of computer security? Show us and win one of three marvellous books on computer security! Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us at Computer.Security@cern.ch or P.O. Box G19710, by October 31st 2011.   Winners[1] must show us that they follow at least five good practices in continuous horizontal row, vertical column or diagonal. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …encrypt all files on my computer. …have enabled Firefox’ NoScript plug-in. …will always call you back to verify your identity. …still employ a mobile phone without mail and Internet capabilities. …use multifactor authentication for logging into CERN. &h...

  14. Cyber Security and Resilient Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  15. Human Security: Concept, Disputes and Practice

    Institute of Scientific and Technical Information of China (English)

    HU YUAN

    2011-01-01

    @@ Human security is a new concept in the area of security and constitutes one of the important indicators for realizing human rights.It puts the point of concern about security on humans and therefore embodies a people-centered idea.It has become a major hallmark of the shift in security after the cold war.

  16. 77 FR 55218 - Homeland Security Advisory Council

    Science.gov (United States)

    2012-09-07

    ... violent extremism domestically; the current threat environment; evolving threats in cyber security... receive a briefing on evolving threats in cyber security. This will include lessons learned and potential... SECURITY Homeland Security Advisory Council AGENCY: The Office of Policy, DHS. ACTION: Notice of...

  17. 76 FR 81516 - Homeland Security Advisory Council

    Science.gov (United States)

    2011-12-28

    ...) Frequent Traveler Program; examine evolving threats in cyber security; and provide information on the... (EMP) Threat--Lessons Learned and Areas of Vulnerability, and Evolving Threats in Cyber Security. Basis... SECURITY Homeland Security Advisory Council AGENCY: The Office of Policy, DHS. ACTION: Closed...

  18. Security Management in a Multimedia System

    Science.gov (United States)

    Rednic, Emanuil; Toma, Andrei

    2009-01-01

    In database security, the issue of providing a level of security for multimedia information is getting more and more known. For the moment the security of multimedia information is done through the security of the database itself, in the same way, for all classic and multimedia records. So what is the reason for the creation of a security…

  19. 10 CFR 95.33 - Security education.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and...

  20. Incentive Issues in Information Security Management

    Science.gov (United States)

    Lee, Chul Ho

    2012-01-01

    This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…