WorldWideScience

Sample records for defense security service

  1. Home - Defense Technology Security Administration

    Science.gov (United States)

    by @dtsamil Defense Technology Security Administration Mission, Culture, and History Executive Official seal of Defense Technology Security Administration Official seal of Defense Technology Security Administration OFFICE of the SECRETARY of DEFENSE Defense Technology Security Administration

  2. Latvian Security and Defense Policy within the Twenty-First Century Security Environment

    Directory of Open Access Journals (Sweden)

    Rublovskis Raimonds

    2014-12-01

    Full Text Available The aim of this paper is to analyze fundamental factors which form and profoundly shape security and defense policy of the Republic of Latvia. One can argue that historical background, geographical location, common institutional history within the former Soviet Union, the Russia factor, the relative smallness of the territory of state and the population, the ethnic composition of the population, the low density of the population and rather limited financial and manpower resources available for the defense of the Republic of Latvia are the key factors of influence on the state security and defense policy. The core principles of the security and defense policy of Latvia are the membership in powerful global military alliance of NATO and bilateral strategic partnership with the United States. However, security and defense cooperation among the three Baltic States as well as enhanced cooperation within the Baltic-Nordic framework is seen as an important supplementary factor for the increased security of the Republic of Latvia. Latvia has developed a sustainable legal and institutional framework in order to contribute to state security and defense; however, security challenges and significant changes within the global security environment of the twenty-first century will further challenge the ability of the Republic of Latvia to sustain its current legal framework, and more importantly, current institutional structure of Latvian security and defense architecture. Significant internal and external challenges will impact the fundamental pillars of Latvian security and defense policy, such as American strategic shift to the Pacific, and lack of political will to increase defense budgets in European part of NATO. It has to be clear that very independence, security and defense of the Republic of Latvia depend on the ability of NATO to remain an effective organization with timely and efficient decision-making, and the ability of the United States to remain

  3. Metrology network: a case study on the metrology network of defense and security from SIBRATEC

    International Nuclear Information System (INIS)

    Pereira, Marisa Ferraz Figueira

    2016-01-01

    This study is focused on understanding the effects of the infrastructure improvement of these laboratories and the role of network management in offering support and metrological services to the defense and security sector enterprises, within the project purposes. It is also aimed identify gaps on offering calibration and, or testing services to supply demands of the defense and security industries, and analyze adequacy of RDS project to demands of defense and security industries, with the purpose to contribute with information for future actions. The experimental research is qualitative type, with exploratory research characteristics, based on case study. It was structured in two parts, involving primary data collection and secondary data. In order to collect the primary data two questionnaires were prepared, one (Questionnaire A) to the five RDS laboratories representatives and other (Questionnaire B) to the contacts of 63 defense and security enterprises which need calibration and test services, possible customers of RDS laboratories. Answers from four representatives of RDS laboratories and from 26 defense and security enterprises were obtained. The collection of secondary data was obtained from documentary research. The analysis was made based on five dimensions defined in order to organize and improve the understanding of the research setting. They are RDS project coverage, regional, network management, metrological traceability and importance and visibility of RDS. The results indicated that the performance of RDS does not interfere, by that time, in the metrological traceability of the products of the defense and security enterprises that participated in the research. (author)

  4. Study on defensive security concepts and policies

    International Nuclear Information System (INIS)

    1993-01-01

    The report begins by describing the background against which the proposal for the study emerged-the welcome developments brought about by the end of the cold war but also the emergence of new threats and the reappearance of long-standing problems. The study proceeds to examine current trends in the international security environment and how they may influence the peaceful settlement of dispute and the effecting of restraint and a defensive orientation in the development, maintenance and use of armed forces. A discussion of the substance and main features of defensive security concepts and policies follows. Existing studies and models designed to eliminate the offensive character of military force postures by effecting a defensive orientation of capabilities are surveyed. In addition, the study discusses political and military aspects of defensive security, pointing out how defensive security differs from those existing models

  5. 6th Annual Homeland Security and Defense Education Summit, Developing an Adaptive Homeland Security Environment

    OpenAIRE

    2013-01-01

    6th Annual Homeland Security and Defense Education Summit Developing an Adaptive Homeland Security Environment, Burlington, MA, September 26-28, 2013 2013 Summit Agenda Naval Postgraduate School Center for Homeland Defense and Security In Partnership With Northeastern University, Department of Homeland Security, Federal Emergency Management Agency, National Guard Homeland Security Institute, National Homeland Defense Foundation Naval Postgraduate School Center for Homeland Defense and S...

  6. Center for Homeland Defense and Security Homeland Security Affairs Journal

    OpenAIRE

    2015-01-01

    Homeland Security Affairs is the peer-reviewed online journal of the Center for Homeland Defense and Security (CHDS). The journal provides a forum to propose and debate strategies, policies and organizational arrangements to strengthen U.S. homeland security.

  7. Controls Over Operating System and Security Software Supporting the Defense Finance and Accounting Service

    National Research Council Canada - National Science Library

    McKinney, Terry

    1994-01-01

    This is the final in a series of three audits of management controls over the operating systems and security software used by the information processing centers that support the Defense Finance and Accounting Centers (DFAS...

  8. Sandia National Laboratories: National Security Missions: Defense Systems

    Science.gov (United States)

    ; Technology Defense Systems & Assessments About Defense Systems & Assessments Program Areas Audit Sandia's Economic Impact Licensing & Technology Transfer Browse Technology Portfolios ; Culture Work-Life Balance Special Programs Nuclear Weapons Defense Systems Global Security Energy Facebook

  9. Overview of Accelerator Applications for Security and Defense

    Science.gov (United States)

    Antolak, Arlyn J.

    Particle accelerators play a key role in a broad set of defense and security applications, including war-fighter and asset protection, cargo inspection, nonproliferation, materials characterization, and stockpile stewardship. Accelerators can replace the high activity radioactive sources that pose a security threat to developing a radiological dispersal device, and, can be used to produce isotopes for medical, industrial, and research purposes. An overview of current and emerging accelerator technologies relevant to addressing the needs of defense and security is presented.

  10. ADTool: Security Analysis with Attack-Defense Trees

    NARCIS (Netherlands)

    Kordy, Barbara; Kordy, P.T.; Mauw, Sjouke; Schweitzer, Patrick; Joshi, Kaustubh; Siegle, Markus; Stoelinga, Mariëlle Ida Antoinette; d' Argenio, P.R.

    ADTool is free, open source software assisting graphical modeling and quantitative analysis of security, using attack–defense trees. The main features of ADTool are easy creation, efficient editing, and automated bottom-up evaluation of security-relevant measures. The tool also supports the usage of

  11. 22 CFR 120.9 - Defense service.

    Science.gov (United States)

    2010-04-01

    ... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Defense service. 120.9 Section 120.9 Foreign... Defense service. (a) Defense service means: (1) The furnishing of assistance (including training) to..., educational, or information publications and media of all kinds, training aid, orientation, training exercise...

  12. Offices of Industrial Security International: A Review

    National Research Council Canada - National Science Library

    Sands, W

    1998-01-01

    The Defense Security Service (DSS), formerly the Defense Investigative Service (DIS), handles many of its overseas industrial security issues through its Offices of Industrial Security International...

  13. European security and defense policy and its implications for Turkey

    OpenAIRE

    Özköse, Ö Faruk

    2002-01-01

    Cataloged from PDF version of article. The “European Security and Defense Policy” is an evolving process. Since the Maastricht Treaty (1991), the European Union members have been trying to constitute a common security and defense policy within the framework of Common Foreign and Security Policy, second pillar of the European Union. The efforts to create “separable but not separate” European forces within NATO have increased speed in the last years and changed direction towar...

  14. Pro PHP Security From Application Security Principles to the Implementation of XSS Defenses

    CERN Document Server

    Snyder, Chris; Southwell, Michael

    2010-01-01

    PHP security, just like PHP itself, has advanced. Updated for PHP 5.3, the second edition of this authoritative PHP security book covers foundational PHP security topics like SQL injection, XSS, user authentication, and secure PHP development. Chris Snyder and Tom Myer also dive into recent developments like mobile security, the impact of Javascript, and the advantages of recent PHP hardening efforts. Pro PHP Security, Second Edition will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. Beginners in secure programming will find a l

  15. Ballistic Missile Defense: National Security and the High Frontier of Space.

    Science.gov (United States)

    Adragna, Steven P.

    1985-01-01

    Ballistic missile defense is discussed, and the rationale behind the proposal to place defensive weapons in space is examined. Strategic defense is a national security, political, and moral imperative. (RM)

  16. In Support of the Common Defense: A Homeland Defense and Security Journal. Volume 2

    Science.gov (United States)

    2013-06-01

    create a coast-to-coast, interoperable digital emergency communications network.36 Accordingly, Homeland Security Act 2002 and Homeland Security...or fixed monitor that depicts friendly forces on an easy-to-read digitized geospatial map. The number of assets being tracked directly determines...Common Defense diminished since Colombian security forces killed notorious Medellin cartel leader Pablo Escobar in 1993.74 There undeniably is an

  17. Capitalization of Defense Technology Security Administration Equipment

    National Research Council Canada - National Science Library

    Gimble, Thomas

    1996-01-01

    ... $5.2 million in the Equipment in Use account on its trial balance. Starting with FY 1996, Defense Technology Security Administration financial data will be included in consolidated DoD financial statements...

  18. The Spanish Contribution to European Security and Defense

    Directory of Open Access Journals (Sweden)

    Félix Sanz

    2000-05-01

    Full Text Available The author examines Spain’s material and intellectual contributions to European security and defense. In the first place, he provides an overview of the changes in the personal qualifications of the Spanish Armed Forces and in the mentality of the military officials in adapting to the work of international organisms and to cooperation in broadlydefined schemes of security. On this point, he highlights the Spanish contribution to the missions carried out by the United Nations, OSCE and the WEU. With respect to NATO, Félix Sanz analyzes the Spanish participation before and after this country’s integrationin military structure and in the operative plans of the Alliance. Sanz also underscores the contribution made to multinational forces such as Eurocorps, Eurofor/Euromarfor, the Italian-Spanish amphibious force and, in the future, the European air group. He discussesSpain’s support for other bilateral forums for security, in particular the relation with the United States. In the area of intellectual contributions, the author underlines this country’sinterest in bringing about a convergence of defense forces, Spain’s support for a multinational military and its willingness to collaborate in the design of European defense.

  19. Recent advances in computational intelligence in defense and security

    CERN Document Server

    Falcon, Rafael; Zincir-Heywood, Nur; Abbass, Hussein

    2016-01-01

    This volume is an initiative undertaken by the IEEE Computational Intelligence Society’s Task Force on Security, Surveillance and Defense to consolidate and disseminate the role of CI techniques in the design, development and deployment of security and defense solutions. Applications range from the detection of buried explosive hazards in a battlefield to the control of unmanned underwater vehicles, the delivery of superior video analytics for protecting critical infrastructures or the development of stronger intrusion detection systems and the design of military surveillance networks. Defense scientists, industry experts, academicians and practitioners alike will all benefit from the wide spectrum of successful applications compiled in this volume. Senior undergraduate or graduate students may also discover uncharted territory for their own research endeavors.

  20. DIFFiCULTIES FOR THE CONCEPTUALIZATION OF SECURITY AND DEFENSE

    Directory of Open Access Journals (Sweden)

    JAIME GARCÍA COVARRUBIAS

    2017-12-01

    Full Text Available The purpose of this essay is to assist to make clear the current confusion when conceptualizing Security and Defense, a fact that impacts the production of educational plans and programs in this issues, taking at the same time a position regarding these concepts. In fact, one of the reasons in the theoretical arena of this difficulty is the existence of a grey zone between each of them, that impacts the security planning process that somehow looses its most important feature, that is, to be clear, precise and focused. To achieve this objective, a relationship between democracy and security is settled, and then differences between both of them will be established. After that, an analysis between “real security” and the one perceived, as well as between effects and conditions will be done in order to conclude that National Security integrates the different sectors’ securities and is vital for the prevailing of the State and its citizens, while citizen security is oriented toward the individuals and must not be confused with National Security. Also, that Defense is another sector of Security, and finally that governments must understood that there will be an space between the current situation or objective security and the perception of how the people believe to live.

  1. Other Defense Organizations and Defense Finance and Accounting Service Controls Over High-Risk Transactions Were Not Effective

    Science.gov (United States)

    2016-03-28

    Defense Organizations and Defense Finance and Accounting Service Controls Over High-Risk Transactions Were Not Effective M A R C H 2 8 , 2 0 1 6...Defense Organizations and Defense Finance and Accounting Service Controls Over High-Risk Transactions Were Not Effective Visit us at www.dodig.mil... FINANCE AND ACCOUNTING SERVICE DIRECTOR, DEFENSE HEALTH AGENCY SUBJECT: Other Defense Organizations and Defense Finance and Accounting Service

  2. Cyber Security Research Frameworks For Coevolutionary Network Defense

    Energy Technology Data Exchange (ETDEWEB)

    Rush, George D. [Missouri Univ. of Science and Technology, Rolla, MO (United States); Tauritz, Daniel Remy [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2015-12-03

    Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger, more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.

  3. Ukraine's Foreign Policy: from Military Doctrine to Defense Security One

    Directory of Open Access Journals (Sweden)

    Александр Иванович Кузьмук

    2013-12-01

    Full Text Available The article considers the problem of reforming and developing Ukraine’s Armed Forces on the basis of the analysis of the key provisions of the Strategic defense bulletin adopted in 2012. The author proposes the ways of solving this problem and substantiates the transition in the defense planning from the military doctrine to the doctrine of Ukraine’s security and defense.

  4. Quality of Security Service: Adaptive Security

    National Research Council Canada - National Science Library

    Levin, Timothy E; Irvine, Cynthia E; Spyropoulou, Evdoxia

    2004-01-01

    The premise of Quality of Security Service is that system and network management functions can be more effective if variable levels of security services and requirements can be presented to users or network tasks...

  5. 77 FR 76938 - Defense Federal Acquisition Regulation Supplement: Contracting Activity Updates (DFARS Case 2012...

    Science.gov (United States)

    2012-12-31

    ... Security Cooperation Agency, the Defense Security Service, the Defense Threat Reduction Agency, the Missile... DEPARTMENT OF DEFENSE Defense Acquisition Regulations System 48 CFR Part 202 RIN 0750-AH81 Defense...: Defense Acquisition Regulations System, Department of Defense (DoD). ACTION: Final rule. SUMMARY: DoD is...

  6. Defense Finance and Accounting Service Commercial Activities Program

    National Research Council Canada - National Science Library

    1999-01-01

    .... This report evaluated the Defense Finance and Accounting Service competitive sourcing process and reviewed the adequacy of the Defense Finance and Accounting Service management control program...

  7. ORDER SECURITY – NATIONAL SECURITY ADMINISTRATION. NATIONAL SECURITY DEFENSE AS SPECIAL ADMINISTRATION

    OpenAIRE

    Zoltán BALLA

    2009-01-01

    National security administration is the special executivedisposal activity of the national security agencies, the section of the state administration that helps the governmental work by reconnoitering and preventing with secret-servicing methods of the risks that shall harm or endanger the national security’s interests. The main operational principles of national security governing are the followings among others: - controlling the operation of national security organization belongs to the ex...

  8. Defense Agency Travel Payments at Defense Finance and Accounting Service Indianapolis Center

    National Research Council Canada - National Science Library

    1997-01-01

    The audit objective was to assess the effectiveness of Defense Finance and Accounting Service Indianapolis Center management controls over payments to Defense agency personnel for temporary duty and local travel...

  9. A changing European Security and defense architecture and its impact on Turkey

    OpenAIRE

    Yikilkan, Orhan.

    2001-01-01

    Since the 1991 Maastricht Treaty, the European Union countries have been trying to form a common security and defense identity as one facet of the European Union unification process. The efforts to create "separable but not separate" European forces within NATO have accelerated in the last three years and changed direction toward creating an autonomous "European Security and Defense Policy (ESDP)" within the framework of the EU. This policy concerns some non-EU European NATO allies, such as T...

  10. The Concept of Defense Management in the 21st Century within Indonesia Maritime Security Framework

    Directory of Open Access Journals (Sweden)

    Herlina Juni Risma Saragih

    2018-03-01

    Full Text Available Conflict of Maritime Security in the Asia Pacific region, especially South China Sea is a conflict that has long occurred and a problem that is often raised both in a regional and international level. Related to the conflict takes Strategy and Management of the State's defense to anticipate the impact of the conflict situations on defense and security of the region. The purpose of this study is to analyze the concept of Defence Management Indonesia in the 21st century in the context of Indonesian Maritime Security, Case Studies U.S Rebalancing in Asia Pacific and South China Sea conflict, as well as to determine the readiness of Defence Management capabilities in the face of threats. The method used is a qualitative method of data collection methods through in-depth interview to the informant. The results showed that in order to improve maritime security in Indonesia has not been implemented in a structured and comprehensive defense in accordance with the management perspective of the countries more advanced, especially on defense preparedness in logistics management as a managing and defense equipment avaible owned by Indonesia government. Based on these results it is suggested the need for socialization implementation of Defense Management in Asia Pacific by Indonesia government in the context of Maritime Security comprehensively.

  11. 48 CFR 53.303-DD-441 - Department of Defense DD Form 441, Security Agreement.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Department of Defense DD Form 441, Security Agreement. 53.303-DD-441 Section 53.303-DD-441 Federal Acquisition Regulations...-DD-441 Department of Defense DD Form 441, Security Agreement. EC01MY91.163 EC01MY91.164 ...

  12. Control Systems Cyber Security:Defense in Depth Strategies

    Energy Technology Data Exchange (ETDEWEB)

    David Kuipers; Mark Fabro

    2006-05-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  13. Bayes, not Naïve: Security Bounds on Website Fingerprinting Defenses

    Directory of Open Access Journals (Sweden)

    Cherubin Giovanni

    2017-10-01

    Full Text Available Website Fingerprinting (WF attacks raise major concerns about users’ privacy. They employ Machine Learning (ML techniques to allow a local passive adversary to uncover the Web browsing behavior of a user, even if she browses through an encrypted tunnel (e.g. Tor, VPN. Numerous defenses have been proposed in the past; however, it is typically difficult to have formal guarantees on their security, which is most often evaluated empirically against state-of-the-art attacks. In this paper, we present a practical method to derive security bounds for any WF defense, where the bounds depend on a chosen feature set. This result derives from reducing WF attacks to an ML classification task, where we can determine the smallest achievable error (the Bayes error. Such error can be estimated in practice, and is a lower bound for a WF adversary, for any classification algorithm he may use. Our work has two main consequences: i it allows determining the security of WF defenses, in a black-box manner, with respect to the state-of-the-art feature set and ii it favors shifting the focus of future WF research to identifying optimal feature sets. The generality of this approach further suggests that the method could be used to define security bounds for other ML-based attacks.

  14. A Study of Security Awareness Information Delivery within the Defense Intelligence Community

    Science.gov (United States)

    Krasley, Paul F.

    2011-01-01

    Due to limited resources and inconsistent guidance from the U.S. Federal Government, Department of Defense, and multiple environments within the intelligence community, the defense intelligence agencies each developed their own methods to deliver security awareness information. These multiple delivery methods may be providing different levels of…

  15. Secure Sessions for Web Services

    NARCIS (Netherlands)

    Reiter, M.; Bhargavan, K.; Corin, R.J.; Fournet, C.; Gordon, A.D.

    2007-01-01

    We address the problem of securing sequences of SOAP messages exchanged between web services and their clients. The WS-Security standard defines basic mechanisms to secure SOAP traffic, one message at a time. For typical web services, however, using WS-Security independently for each message is

  16. Nano/micromotors for security/defense applications. A review

    Science.gov (United States)

    Singh, Virendra V.; Wang, Joseph

    2015-11-01

    The new capabilities of man-made micro/nanomotors open up considerable opportunities for diverse security and defense applications. This review highlights new micromotor-based strategies for enhanced security monitoring and detoxification of chemical and biological warfare agents (CBWA). The movement of receptor-functionalized nanomotors offers great potential for sensing and isolating target bio-threats from complex samples. New mobile reactive materials based on zeolite or activated carbon offer considerable promise for the accelerated removal of chemical warfare agents. A wide range of proof-of-concept motor-based approaches, including the detection and destruction of anthrax spores, `on-off' nerve-agent detection or effective neutralization of chemical warfare agents have thus been demonstrated. The propulsion of micromotors and their corresponding bubble tails impart significant mixing that greatly accelerates such detoxification processes. These nanomotors will thus empower sensing and destruction where stirring large quantities of decontaminating reagents and controlled mechanical agitation are impossible or undesired. New technological breakthroughs and greater sophistication of micro/nanoscale machines will lead to rapid translation of the micromotor research activity into practical defense applications, addressing the escalating threat of CBWA.

  17. Metric-Aware Secure Service Orchestration

    Directory of Open Access Journals (Sweden)

    Gabriele Costa

    2012-12-01

    Full Text Available Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process. In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.

  18. 5 CFR 842.211 - Senior Executive Service, Defense Intelligence Senior Executive Service, and Senior Cryptologic...

    Science.gov (United States)

    2010-01-01

    ... 5 Administrative Personnel 2 2010-01-01 2010-01-01 false Senior Executive Service, Defense Intelligence Senior Executive Service, and Senior Cryptologic Executive Service. 842.211 Section 842.211... EMPLOYEES RETIREMENT SYSTEM-BASIC ANNUITY Eligibility § 842.211 Senior Executive Service, Defense...

  19. 48 CFR 53.303-DD-254 - Department of Defense DD Form 254, Contract Security Classification Specification.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Department of Defense DD Form 254, Contract Security Classification Specification. 53.303-DD-254 Section 53.303-DD-254 Federal... Illustrations of Forms 53.303-DD-254 Department of Defense DD Form 254, Contract Security Classification...

  20. Followup Audit of Controls Over Operating System and Security Software and Other General Controls for Computer Systems Supporting the Defense Finance and Accounting Service

    National Research Council Canada - National Science Library

    1996-01-01

    This is the third in a series of followup audits made to evaluate the corrective actions taken by the Defense Finance and Accounting Service, the Defense Information Systems Agency, and the Defense...

  1. Defense Acquisitions Acronyms and Terms

    Science.gov (United States)

    2012-12-01

    DR Decision Review DRMO Defense Reutilization Marketing Office DRPM Direct Reporting Program Manager DSAA Defense Security Assistance Agency...STE Special Test Equipment STEP Simulation, Test, and Evaluation Process STLDD Software Top Level Design Document STP Software Test Plan STPR...established catalog or market prices for specific tasks under standard commercial terms and conditions; this does not include services sold based

  2. Security for service oriented architectures

    CERN Document Server

    Williams, Walter

    2014-01-01

    Although integrating security into the design of applications has proven to deliver resilient products, there are few books available that provide guidance on how to incorporate security into the design of an application. Filling this need, Security for Service Oriented Architectures examines both application and security architectures and illustrates the relationship between the two. Supplying authoritative guidance on how to design distributed and resilient applications, the book provides an overview of the various standards that service oriented and distributed applications leverage, includ

  3. The intelligence-security services and national security

    OpenAIRE

    Mijalković, Saša

    2011-01-01

    Since their inception, states have been trying to protect their vital interests and values more effectively, in which they are often impeded by other countries. At the same time, they seek to protect the internal order and security against the so-called internal enemy. Therefore, the states organize (national) security systems within their (state) systems, in which they form some specialized security entities. Among them, however, intelligence and security services are the ones that stand out...

  4. Leveraging State And Local Law Enforcement Maritime Homeland Security Practices

    Science.gov (United States)

    2016-03-01

    recreation, national defense, and tourism . To understand the maritime homeland security efforts put into place after 9/11 better, a study of the practices...fire service venturing beyond its fire suppression or emergency medical services role and asserted the value of having firefighters better integrated...national defense, and tourism , so too must be the approach to maritime homeland security. This research examined only the role of state and local law

  5. 76 FR 23641 - Proposed Information Collection: Export Declaration of Defense Technical Data or Services

    Science.gov (United States)

    2011-04-27

    ... Defense Technical Data or Services AGENCY: Department of State. ACTION: Notice of request for public... Declaration of Defense Technical Data or Services. OMB Control Number: 1405-0157. Type of Request: Extension... of defense technical data and defense services will be electronically reported directly to the...

  6. Department of Defense Agency Financial Report for FY 2011

    Science.gov (United States)

    2011-11-01

    able to distribute resources across hospitals and clinics within a market to meet the needs of the entire population of eligible beneficiaries. In...WRAMC), Washington, DC. This entailed construction of a new community hospital and a dental clinic at Fort Belvoir and an expansion of the National...Department of Defense DSB Defense Science Board DSS Defense Security Service DTM Directive-type Memorandum DTS Defense Travel System EBF Education

  7. Collaborative Decision Making Process for Complex Defense, Security and Stability Challenges

    NARCIS (Netherlands)

    Bemmel, I.E. van; Eikelboom, A.R.

    2014-01-01

    How to intervene in crises and conflicts? How to cope with complex challenges in the field of defense, security and stability? Questions like these are difficult to answer due to amongst others the involvement of multiple stakeholders that contribute to these complex challenges and need to cooperate

  8. Legal and regulatory aspects of optimization comprehensive support service and combat activity of the Security service of Ukraine and the National guard of Ukraine emergency social situation

    Directory of Open Access Journals (Sweden)

    В. В. Мацюк

    2015-05-01

    legislation regarding the classification of support types. A clear gradation of the support types is required for effective comprehensive support of the law enforcement forces service and combat activities while performing social emergencies response tasks. This question particularly arises during collateral execution of service and military tasks by different authorities, for example, joint duties of National Guard of Ukraine and Security Service of Ukraine personnel. The most problematic of the abovementioned now is the materiel support. The special operation materiel support should be headed by a National Guard of Ukraine officer, as National Guard military units and subdivisions, unlike the Security Service of Ukraine units or other law enforcement forces, have assigned materiel subdivisions, trained specialists and are able to rapidly deploy logistics objects. The use of contemporary IT is one of the means of comprehensive support optimization, in particular: use of mobile computer equipment in field conditions, application of modern geoinformational technologies, implementation of electronic data exchange, introduction of up-to-date digital communication. In order to augment the materiel support, effective public anti-corruption policy has to be established during tender supplies purchases for the security and defense sector; legislative environment on public-private partnership in the state defense field has to be improved, considering foreign experience and mistakes of outsourcing implementation in the Armed Forces of Ukraine. Conclusions of the research. Following regulatory and legal measures need to be taken: conduct a statutory regulation of centralization of comprehensive support of joint activities of Ukrainian security and defense sector authorities during social emergencies settlement; enhance the legislative environment of the tender purchases system in order to minimize corruptive abuse and reduce the bureaucratic component; form a unified legal framework

  9. Web Services Security - Implementation and Evaluation Issues

    Science.gov (United States)

    Pimenidis, Elias; Georgiadis, Christos K.; Bako, Peter; Zorkadis, Vassilis

    Web services development is a key theme in the utilization the commercial exploitation of the semantic web. Paramount to the development and offering of such services is the issue of security features and they way these are applied in instituting trust amongst participants and recipients of the service. Implementing such security features is a major challenge to developers as they need to balance these with performance and interoperability requirements. Being able to evaluate the level of security offered is a desirable feature for any prospective participant. The authors attempt to address the issues of security requirements and evaluation criteria, while they discuss the challenges of security implementation through a simple web service application case.

  10. Quality of Security Service: Adaptive Security

    National Research Council Canada - National Science Library

    Levin, Timothy E; Irvine, Cynthia E; Spyropoulou, Evdoxia

    2004-01-01

    .... In this approach, the "level of service" must be within an acceptable range, and can indicate degrees of security with respect to various aspects of assurance, mechanistic strength, administrative diligence, etc...

  11. FY 1997 Financial Reporting by The Defense Automated Printing Service

    National Research Council Canada - National Science Library

    1998-01-01

    .... The accuracy of information in the financial systems and reported on financial statements is the joint responsibility of the Defense Automated Printing Service and the Defense Logistics Agency...

  12. Procurement of Contract Reconciliation Services by the Defense Logistics Agency

    National Research Council Canada - National Science Library

    1991-01-01

    The audit objective was to evaluate DLA's procedures for contracting with NSI to reconcile contracts before their transfer from the Defense Contract Administration Services Regions to the Defense Finance Center...

  13. Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures (Dagstuhl Seminar 14292)

    NARCIS (Netherlands)

    Dacer, Marc; Kargl, Frank; König, Hartmut; Valdes, Alfonso

    2014-01-01

    This report documents the program and the outcomes of Dagstuhl Seminar 14292 “Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures”. The main objective of the seminar was to discuss new approaches and ideas for securing industrial control systems. It

  14. Service-Oriented Security Framework for Remote Medical Services in the Internet of Things Environment

    Science.gov (United States)

    Lee, Jae Dong; Yoon, Tae Sik; Chung, Seung Hyun

    2015-01-01

    Objectives Remote medical services have been expanding globally, and this is expansion is steadily increasing. It has had many positive effects, including medical access convenience, timeliness of service, and cost reduction. The speed of research and development in remote medical technology has been gradually accelerating. Therefore, it is expected to expand to enable various high-tech information and communications technology (ICT)-based remote medical services. However, the current state lacks an appropriate security framework that can resolve security issues centered on the Internet of things (IoT) environment that will be utilized significantly in telemedicine. Methods This study developed a medical service-oriented frame work for secure remote medical services, possessing flexibility regarding new service and security elements through its service-oriented structure. First, the common architecture of remote medical services is defined. Next medical-oriented secu rity threats and requirements within the IoT environment are identified. Finally, we propose a "service-oriented security frame work for remote medical services" based on previous work and requirements for secure remote medical services in the IoT. Results The proposed framework is a secure framework based on service-oriented cases in the medical environment. A com parative analysis focusing on the security elements (confidentiality, integrity, availability, privacy) was conducted, and the analysis results demonstrate the security of the proposed framework for remote medical services with IoT. Conclusions The proposed framework is service-oriented structure. It can support dynamic security elements in accordance with demands related to new remote medical services which will be diversely generated in the IoT environment. We anticipate that it will enable secure services to be provided that can guarantee confidentiality, integrity, and availability for all, including patients, non-patients, and medical

  15. Service-Oriented Security Framework for Remote Medical Services in the Internet of Things Environment.

    Science.gov (United States)

    Lee, Jae Dong; Yoon, Tae Sik; Chung, Seung Hyun; Cha, Hyo Soung

    2015-10-01

    Remote medical services have been expanding globally, and this is expansion is steadily increasing. It has had many positive effects, including medical access convenience, timeliness of service, and cost reduction. The speed of research and development in remote medical technology has been gradually accelerating. Therefore, it is expected to expand to enable various high-tech information and communications technology (ICT)-based remote medical services. However, the current state lacks an appropriate security framework that can resolve security issues centered on the Internet of things (IoT) environment that will be utilized significantly in telemedicine. This study developed a medical service-oriented frame work for secure remote medical services, possessing flexibility regarding new service and security elements through its service-oriented structure. First, the common architecture of remote medical services is defined. Next medical-oriented secu rity threats and requirements within the IoT environment are identified. Finally, we propose a "service-oriented security frame work for remote medical services" based on previous work and requirements for secure remote medical services in the IoT. The proposed framework is a secure framework based on service-oriented cases in the medical environment. A com parative analysis focusing on the security elements (confidentiality, integrity, availability, privacy) was conducted, and the analysis results demonstrate the security of the proposed framework for remote medical services with IoT. The proposed framework is service-oriented structure. It can support dynamic security elements in accordance with demands related to new remote medical services which will be diversely generated in the IoT environment. We anticipate that it will enable secure services to be provided that can guarantee confidentiality, integrity, and availability for all, including patients, non-patients, and medical staff.

  16. Research on offense and defense technology for iOS kernel security mechanism

    Science.gov (United States)

    Chu, Sijun; Wu, Hao

    2018-04-01

    iOS is a strong and widely used mobile device system. It's annual profits make up about 90% of the total profits of all mobile phone brands. Though it is famous for its security, there have been many attacks on the iOS operating system, such as the Trident apt attack in 2016. So it is important to research the iOS security mechanism and understand its weaknesses and put forward targeted protection and security check framework. By studying these attacks and previous jailbreak tools, we can see that an attacker could only run a ROP code and gain kernel read and write permissions based on the ROP after exploiting kernel and user layer vulnerabilities. However, the iOS operating system is still protected by the code signing mechanism, the sandbox mechanism, and the not-writable mechanism of the system's disk area. This is far from the steady, long-lasting control that attackers expect. Before iOS 9, breaking these security mechanisms was usually done by modifying the kernel's important data structures and security mechanism code logic. However, after iOS 9, the kernel integrity protection mechanism was added to the 64-bit operating system and none of the previous methods were adapted to the new versions of iOS [1]. But this does not mean that attackers can not break through. Therefore, based on the analysis of the vulnerability of KPP security mechanism, this paper implements two possible breakthrough methods for kernel security mechanism for iOS9 and iOS10. Meanwhile, we propose a defense method based on kernel integrity detection and sensitive API call detection to defense breakthrough method mentioned above. And we make experiments to prove that this method can prevent and detect attack attempts or invaders effectively and timely.

  17. Secure Learning and Learning for Security: Research in the Intersection

    OpenAIRE

    Rubinstein, Benjamin

    2010-01-01

    Statistical Machine Learning is used in many real-world systems, such as web search, network and power management, online advertising, finance and health services, in which adversaries are incentivized to attack the learner, motivating the urgent need for a better understanding of the security vulnerabilities of adaptive systems. Conversely, research in Computer Security stands to reap great benefits by leveraging learning for building adaptive defenses and even designing intelligent attacks ...

  18. Control of Database Applications at the Defense Finance and Accounting Service Indianapolis Center

    National Research Council Canada - National Science Library

    1997-01-01

    The Defense Finance and Accounting Service Financial Systems Organization, under the control of the Deputy Director for Information Management, Defense Finance and Accounting Service, is responsible...

  19. Review of defense display research programs

    Science.gov (United States)

    Tulis, Robert W.; Hopper, Darrel G.; Morton, David C.; Shashidhar, Ranganathan

    2001-09-01

    Display research has comprised a substantial portion of the defense investment in new technology for national security for the past 13 years. These investments have been made by the separate service departments and, especially, via several Defense Research Projects Agency (DARPA) programs, known collectively as the High Definition Systems (HDS) Program (which ended in 2001) and via the Office of the Secretary of Defense (OSD) Defense Production Act (DPA) Title III Program (efforts ended in 2000). Using input from the Army, Navy, and Air Force to focus research and identify insertion opportunities, DARPA and the Title III Program Office have made investments to develop the national technology base and manufacturing infrastructure necessary to meet the twin challenge of providing affordable displays in current systems and enabling the DoD strategy of winning future conflicts by getting more information to all participants during the battle. These completed DARPA and DPA research and infrastructure programs are reviewed. Service investments have been and are being made to transition display technology; examples are described. Display science and technology (S&T) visions are documented for each service to assist the identification of areas meriting consideration for future defense research.

  20. Context aware adaptive security service model

    Science.gov (United States)

    Tunia, Marcin A.

    2015-09-01

    Present systems and devices are usually protected against different threats concerning digital data processing. The protection mechanisms consume resources, which are either highly limited or intensively utilized by many entities. The optimization of these resources usage is advantageous. The resources that are saved performing optimization may be utilized by other mechanisms or may be sufficient for longer time. It is usually assumed that protection has to provide specific quality and attack resistance. By interpreting context situation of business services - users and services themselves, it is possible to adapt security services parameters to countermeasure threats associated with current situation. This approach leads to optimization of used resources and maintains sufficient security level. This paper presents architecture of adaptive security service, which is context-aware and exploits quality of context data issue.

  1. Measuring relational security in forensic mental health services.

    Science.gov (United States)

    Chester, Verity; Alexander, Regi T; Morgan, Wendy

    2017-12-01

    Aims and method Relational security is an important component of care and risk assessment in mental health services, but the utility of available measures remains under-researched. This study analysed the psychometric properties of two relational security tools, the See Think Act (STA) scale and the Relational Security Explorer (RSE). Results The STA scale had good internal consistency and could highlight differences between occupational groups, whereas the RSE did not perform well as a psychometric measure. Clinical implications The measures provide unique and complimentary perspectives on the quality of relational security within secure services, but have some limitations. Use of the RSE should be restricted to its intended purpose; to guide team discussions about relational security, and services should refrain from collecting and aggregating this data. Until further research validates their use, relational security measurement should be multidimensional and form part of a wider process of service quality assessment.

  2. Measuring relational security in forensic mental health services

    Science.gov (United States)

    Chester, Verity; Alexander, Regi T.; Morgan, Wendy

    2017-01-01

    Aims and method Relational security is an important component of care and risk assessment in mental health services, but the utility of available measures remains under-researched. This study analysed the psychometric properties of two relational security tools, the See Think Act (STA) scale and the Relational Security Explorer (RSE). Results The STA scale had good internal consistency and could highlight differences between occupational groups, whereas the RSE did not perform well as a psychometric measure. Clinical implications The measures provide unique and complimentary perspectives on the quality of relational security within secure services, but have some limitations. Use of the RSE should be restricted to its intended purpose; to guide team discussions about relational security, and services should refrain from collecting and aggregating this data. Until further research validates their use, relational security measurement should be multidimensional and form part of a wider process of service quality assessment. PMID:29234515

  3. Defense Mechanisms of Pregnant Mothers Predict Attachment Security, Social-Emotional Competence, and Behavior Problems in Their Toddlers.

    Science.gov (United States)

    Porcerelli, John H; Huth-Bocks, Alissa; Huprich, Steven K; Richardson, Laura

    2016-02-01

    For at-risk (single parent, low income, low support) mothers, healthy adaptation and the ability to manage stress have clear implications for parenting and the social-emotional well-being of their young offspring. The purpose of this longitudinal study was to examine associations between defense mechanisms in pregnant women and their toddlers' attachment security, social-emotional, and behavioral adjustment. Participants were 84 pregnant women during their last trimester of pregnancy, recruited from community agencies primarily serving low-income families. Women were followed prospectively from pregnancy through 2 years after birth and completed several multimethod assessments during that period. Observations of mother-child interactions were also coded after the postnatal visits. Multiple regression analyses revealed that mothers' defense mechanisms were significantly associated with several toddler outcomes. Mature, healthy defenses were significantly associated with greater toddler attachment security and social-emotional competence and fewer behavior problems, and less mature defenses (disavowal in particular) were associated with lower levels of attachment security and social-emotional competence. Associations remained significant, or were only slightly attenuated, after controlling for demographic variables and partner abuse during pregnancy. The study findings suggest that defensive functioning in parents preparing for and parenting toddlers influences the parent-child attachment relationship and social-emotional adjustment in the earliest years of life. Possible mechanisms for these associations may include parental attunement and mentalization, as well as specific caregiving behavior toward the child. Defensive functioning during times of increased stress (such as the prenatal to postnatal period) may be especially important for understanding parental influences on the child.

  4. Towards an integrated defense system for cyber security situation awareness experiment

    Science.gov (United States)

    Zhang, Hanlin; Wei, Sixiao; Ge, Linqiang; Shen, Dan; Yu, Wei; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe

    2015-05-01

    In this paper, an implemented defense system is demonstrated to carry out cyber security situation awareness. The developed system consists of distributed passive and active network sensors designed to effectively capture suspicious information associated with cyber threats, effective detection schemes to accurately distinguish attacks, and network actors to rapidly mitigate attacks. Based on the collected data from network sensors, image-based and signals-based detection schemes are implemented to detect attacks. To further mitigate attacks, deployed dynamic firewalls on hosts dynamically update detection information reported from the detection schemes and block attacks. The experimental results show the effectiveness of the proposed system. A future plan to design an effective defense system is also discussed based on system theory.

  5. Defense Trade: Data Collection and Coordination on Offsets

    National Research Council Canada - National Science Library

    2000-01-01

    ... on the U.S. economy and national security. Defense offsets are the full range of industrial and commercial benefits that firms provide to foreign governments as inducements or conditions for the purchase of military goods and services...

  6. The Security and Defense of America's Ports: An Assessment of Coast Guard and Navy Roles, Capabilities and Synchronization

    National Research Council Canada - National Science Library

    Richardt, Timothy P

    2006-01-01

    .... The United States must thus act to increase security for seaborne commerce and create depth of enforcement through the assets of the Department of Homeland Security and the Department of Defense...

  7. Outsourcing of Defense Supply Center, Columbus, Bus and Taxi Service Operations

    National Research Council Canada - National Science Library

    Granetto, Paul

    1999-01-01

    Introduction. We performed the audit in response to allegations to the Defense Hotline that the Defense Supply Center, Columbus, outsourcing study for bus and taxi service operations was based on incorrect methodology...

  8. Planning Security Services for IT Systems

    OpenAIRE

    Henderson, Marie; Page, Howard Philip

    2014-01-01

    Often the hardest job is to get business representatives to look at security as something that makes managing their risks and achieving their objectives easier, with security compliance as just part of that journey. This paper addresses that by making planning for security services a 'business tool'.

  9. Safe and Secure Services Based on NGN

    Science.gov (United States)

    Fukazawa, Tomoo; Nisase, Takemi; Kawashima, Masahisa; Hariu, Takeo; Oshima, Yoshihito

    Next Generation Network (NGN), which has been undergoing standardization as it has developed, is expected to create new services that converge the fixed and mobile networks. This paper introduces the basic requirements for NGN in terms of security and explains the standardization activities, in particular, the requirements for the security function described in Y.2701 discussed in ITU-T SG-13. In addition to the basic NGN security function, requirements for NGN authentication are also described from three aspects: security, deployability, and service. As examples of authentication implementation, three profiles-namely, fixed, nomadic, and mobile-are defined in this paper. That is, the “fixed profile” is typically for fixed-line subscribers, the “nomadic profile” basically utilizes WiFi access points, and the “mobile profile” provides ideal NGN mobility for mobile subscribers. All three of these profiles satisfy the requirements from security aspects. The three profiles are compared from the viewpoint of requirements for deployability and service. After showing that none of the three profiles can fulfill all of the requirements, we propose that multiple profiles should be used by NGN providers. As service and application examples, two promising NGN applications are proposed. The first is a strong authentication mechanism that makes Web applications more safe and secure even against password theft. It is based on NGN ID federation function. The second provides an easy peer-to-peer broadband virtual private network service aimed at safe and secure communication for personal/SOHO (small office, home office) users, based on NGN SIP (session initiation protocol) session control.

  10. Unfolding Green Defense

    DEFF Research Database (Denmark)

    Larsen, Kristian Knus

    2015-01-01

    In recent years, many states have developed and implemented green solutions for defense. Building on these initiatives NATO formulated the NATO Green Defence Framework in 2014. The framework provides a broad basis for cooperation within the Alliance on green solutions for defense. This report aims...... to inform and support the further development of green solutions by unfolding how green technologies and green strategies have been developed and used to handle current security challenges. The report, initially, focuses on the security challenges that are being linked to green defense, namely fuel...... consumption in military operations, defense expenditure, energy security, and global climate change. The report then proceeds to introduce the NATO Green Defence Framework before exploring specific current uses of green technologies and green strategies for defense. The report concludes that a number...

  11. Information Security Service Branding – beyond information security awareness

    Directory of Open Access Journals (Sweden)

    Rahul Rastogi

    2012-12-01

    Full Text Available End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, it is vital to improve the image of information security in the minds of end-users. This paper borrows the concepts of brands and branding from the domain of marketing to achieve this objective and applies these concepts to information security. The paper also describes a process for creating the information security service brand in the organization.

  12. Security in Service Level Agreements for Cloud Computing

    OpenAIRE

    Bernsmed, Karin; JAATUN, Martin Gilje; Undheim, Astrid

    2011-01-01

    The Cloud computing paradigm promises reliable services, accessible from anywhere in the world, in an on-demand manner. Insufficient security has been identified as a major obstacle to adopting Cloud services. To deal with the risks associated with outsourcing data and applications to the Cloud, new methods for security assurance are urgently needed. This paper presents a framework for security in Service Level Agreements for Cloud computing. The purpose is twofold; to help potential Cloud cu...

  13. Cyber security for greater service reliability

    Energy Technology Data Exchange (ETDEWEB)

    Vickery, P. [N-Dimension Solutions Inc., Richmond Hill, ON (Canada)

    2008-05-15

    Service reliability in the electricity transmission and distribution (T and D) industry is being challenged by increased equipment failures, harsher climatic conditions, and computer hackers who aim to disrupt services by gaining access to transmission and distribution resources. This article discussed methods of ensuring the cyber-security of T and D operators. Weak points in the T and D industry include remote terminal units; intelligent electronic devices; distributed control systems; programmable logic controllers; and various intelligent field devices. An increasing number of interconnection points exist between an operator's service control system and external systems. The North American Electric Reliability Council (NERC) standards specify that cyber security strategies should ensure that all cyber assets are protected, and that access points must be monitored to detect intrusion attempts. The introduction of new advanced metering initiatives must also be considered. Comprehensive monitoring systems should be available to support compliance with cyber security standards. It was concluded that senior management should commit to a periodic cyber security re-assessment program in order to keep up-to-date.

  14. The Role of Corporate Defense Services in International Security Strategy

    National Research Council Canada - National Science Library

    Baroody, J. R

    2000-01-01

    National military strategy involves evaluating all elements of power, analyzing their capabilities and limitations, and incorporating these tools into a course of military action to secure political goals...

  15. The Role of Corporate Defense Services in International Security Strategy

    National Research Council Canada - National Science Library

    Baroody, J. R

    2000-01-01

    .... The privatization and outsourcing of activities that were once solely the province of sovereign governments provide challenges and opportunities to planners and analysts involved in national security strategy...

  16. 41 CFR 101-30.504 - Cataloging data from Defense Logistics Services Center (DLSC).

    Science.gov (United States)

    2010-07-01

    ... 41 Public Contracts and Property Management 2 2010-07-01 2010-07-01 true Cataloging data from Defense Logistics Services Center (DLSC). 101-30.504 Section 101-30.504 Public Contracts and Property... data from Defense Logistics Services Center (DLSC). Upon receipt of cataloging data from civil agencies...

  17. Technologies for distributed defense

    Science.gov (United States)

    Seiders, Barbara; Rybka, Anthony

    2002-07-01

    For Americans, the nature of warfare changed on September 11, 2001. Our national security henceforth will require distributed defense. One extreme of distributed defense is represented by fully deployed military troops responding to a threat from a hostile nation state. At the other extreme is a country of 'citizen soldiers', with families and communities securing their common defense through heightened awareness, engagement as good neighbors, and local support of and cooperation with local law enforcement, emergency and health care providers. Technologies - for information exploitation, biological agent detection, health care surveillance, and security - will be critical to ensuring success in distributed defense.

  18. Defense Logistics Agency Disposition Services Needs to Improve Demilitarization Program Self-Assessment Evaluations - Redacted

    Science.gov (United States)

    2016-12-20

    from mandatory disclosure under the Freedom of Information Act. Defense Logistics Agency Disposition Services Needs to Improve Demilitarization...Project No. D2016-D000RD-0057.000) │ i Results in Brief Defense Logistics Agency Disposition Services Needs to Improve Demilitarization Program Self...Assessment Evaluations Visit us at www.dodig.mil December 20, 2016 Objective Our audit objective was to determine whether the Defense Logistics Agency

  19. Innovative Secure Mobile Banking Services

    Directory of Open Access Journals (Sweden)

    Mousa T AL-Akhras

    2011-01-01

    Full Text Available Due to the widespread use of computer technologies in almost all aspects of life, organisations that are connected to the Internet started extending their services to their customers to include new applications and services that satisfy their customers’ desires to make better businesses. One of these emerging applications is mobile banking. The term mobile banking (or m-banking describes the banking services that the user can perform via a mobile device ubiquitously at anytime and from anywhere. In order for users to access their accounts, they need a mobile device and network connectivity. Therefore, sitting in front of a computer is not a requirement anymore; accessing accounts can occur while users are waiting their turn at the dentist clinic or relaxing at the beach! This paper explores the opportunities of using mobile technology in the electronic banking (e-banking sector to enhance existing banking services by moving toward m-banking using mobile devices and wireless media that can provide opportunities for ubiquitous access to the banking services as mobile technologies can be used at anytime and from anywhere. The technical problems encountered while using the mobile devices presents some technical difficulties and challenges for the m-banking. In this paper we introduce a mobile system that demonstrates the flexibility gained out of this technology and covers the major aspects of such kind of applications. The proposed system covers two parts: the customer services (user interface and the security aspects. In the user interface part, banking facility is provided to the user through the mobile device to implement banking transactions. The model provides customers with the services: billing payments, transferring of funds, viewing of customer’s accounts and transactions, allowing the user to change his/her password and request a cheque book. The application takes into consideration security aspects, it satisfies the following

  20. 49 CFR 1510.11 - Handling of security service fees.

    Science.gov (United States)

    2010-10-01

    ... air carrier holds neither legal nor equitable interest in the security service fees except for the... 49 Transportation 9 2010-10-01 2010-10-01 false Handling of security service fees. 1510.11 Section 1510.11 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY...

  1. Defense Treaty Inspection Readiness Program

    International Nuclear Information System (INIS)

    Cronin, J.J.; Kohen, M.D.; Rivers, J.D.

    1996-01-01

    The Defense Treaty Inspection Readiness Program (DTIRP) was established by the Department of Defense in 1990 to assist defense facilities in preparing for treaty verification activities. Led by the On-Site Inspection Agency (OSIA), an element of the Department of Defense, DTIRP''s membership includes representatives from other Department of Defense agencies, the Department of Energy (DOE), the Central Intelligence Agency, the Federal Bureau of Investigation, the Department of Commerce, and others. The Office of Safeguards and Security has a significant interest in this program, due to the number of national defense facilities within its purview that are candidates for future inspections. As a result, the Office of Safeguards and Security has taken a very active role in DTIRP. This paper discusses the Office of Safeguards and Security''s increasing involvement in various elements of the DTIRP, ranging from facility assessments to training development and implementation

  2. Social Security Number Verification Service (SSNVS)

    Data.gov (United States)

    Social Security Administration — SSNVS is a service offered by SSA's Business Services Online (BSO). It is used by employers and certain third-party submitters to verify the accuracy of the names...

  3. Securing remote services by integrating SecurID strong authentication technology in EFDA-Federation infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Castro, R., E-mail: rodrigo.castro@visite.es [Asociacion EURATOM/CIEMAT para Fusion, Madrid (Spain); Barbato, P. [Consorzio RFX, Euratom ENEA Association, Corso Stati Uniti 4, 35127 Padova (Italy); Vega, J. [Asociacion EURATOM/CIEMAT para Fusion, Madrid (Spain); Taliercio, C. [Consorzio RFX, Euratom ENEA Association, Corso Stati Uniti 4, 35127 Padova (Italy)

    2011-10-15

    Remote participation facilities among fusion laboratories require access control solutions with two main objectives: to preserve the usability of the systems and to guaranty the required level of security for accessing to shared services. On one hand, this security solution has to be: single-sign-on, transparent for users, compatible with user mobility, and compatible with used client applications. On the other hand, it has to be compatible with shared services and resources among organisations, providing in each case the required access security level. EFDA-Federation is a security infrastructure that integrates a set of fusion laboratories and enables to share resources and services fulfilling the requirements previously described. In EFDA community, JET and RFX have security access policies to some of their services that require strong authentication mechanisms. In both cases, strong authentication is based on RSA SecurID tokens. This is a hardware device that is supplied to and generates a new password every minute. The job presents two main results. The first one is the integration of RSA SecurID into EFDA-Federation. Thanks to it, federated organisations are able to offer SecurID to their users as an alternative strong authentication mechanism, with the corresponding increase of security level. The second result is the development of a new access control mechanism based on port knocking techniques and its integration into EFDA-Federation. Additionally, a real application in RFX is presented and includes the integration of its SecurID infrastructure as federated authentication mechanism, and the application of the new access control mechanism to its MDSplus server.

  4. Securing remote services by integrating SecurID strong authentication technology in EFDA-Federation infrastructure

    International Nuclear Information System (INIS)

    Castro, R.; Barbato, P.; Vega, J.; Taliercio, C.

    2011-01-01

    Remote participation facilities among fusion laboratories require access control solutions with two main objectives: to preserve the usability of the systems and to guaranty the required level of security for accessing to shared services. On one hand, this security solution has to be: single-sign-on, transparent for users, compatible with user mobility, and compatible with used client applications. On the other hand, it has to be compatible with shared services and resources among organisations, providing in each case the required access security level. EFDA-Federation is a security infrastructure that integrates a set of fusion laboratories and enables to share resources and services fulfilling the requirements previously described. In EFDA community, JET and RFX have security access policies to some of their services that require strong authentication mechanisms. In both cases, strong authentication is based on RSA SecurID tokens. This is a hardware device that is supplied to and generates a new password every minute. The job presents two main results. The first one is the integration of RSA SecurID into EFDA-Federation. Thanks to it, federated organisations are able to offer SecurID to their users as an alternative strong authentication mechanism, with the corresponding increase of security level. The second result is the development of a new access control mechanism based on port knocking techniques and its integration into EFDA-Federation. Additionally, a real application in RFX is presented and includes the integration of its SecurID infrastructure as federated authentication mechanism, and the application of the new access control mechanism to its MDSplus server.

  5. Secure Service Discovery in Home Networks

    NARCIS (Netherlands)

    Scholten, Johan; van Dijk, H.W.; De Cock, Danny; Preneel, Bart; Kung, Antonio; d'Hooge, Michel

    2006-01-01

    This paper presents an architecture for secure service discovery for use in home networks. We give an overview and rationale of a cluster-based home network architecture that bridges different, often vendor specific, network technologies. We show how it integrates security, communication, and

  6. Optimal Service Distribution in WSN Service System Subject to Data Security Constraints

    Science.gov (United States)

    Wu, Zhao; Xiong, Naixue; Huang, Yannong; Gu, Qiong

    2014-01-01

    Services composition technology provides a flexible approach to building Wireless Sensor Network (WSN) Service Applications (WSA) in a service oriented tasking system for WSN. Maintaining the data security of WSA is one of the most important goals in sensor network research. In this paper, we consider a WSN service oriented tasking system in which the WSN Services Broker (WSB), as the resource management center, can map the service request from user into a set of atom-services (AS) and send them to some independent sensor nodes (SN) for parallel execution. The distribution of ASs among these SNs affects the data security as well as the reliability and performance of WSA because these SNs can be of different and independent specifications. By the optimal service partition into the ASs and their distribution among SNs, the WSB can provide the maximum possible service reliability and/or expected performance subject to data security constraints. This paper proposes an algorithm of optimal service partition and distribution based on the universal generating function (UGF) and the genetic algorithm (GA) approach. The experimental analysis is presented to demonstrate the feasibility of the suggested algorithm. PMID:25093346

  7. SecSLA: A Proactive and Secure Service Level Agreement Framework for Cloud Services

    OpenAIRE

    Fahad F. Alruwaili; T. Aaron Gulliver

    2014-01-01

    Cloud customers migrate to cloud services to reduce the operational costs of information technology (IT) and increase organization efficiency. However, ensuring cloud security is very challenging. As a consequence, cloud service providers find it difficult to persuade customers to acquire their services due to security concerns. In terms of outsourcing applications, software, and/or infrastructure services to the cloud, customers are concerned about the availability, integrity, privacy...

  8. Integrating Programming Language and Operating System Information Security Mechanisms

    Science.gov (United States)

    2016-08-31

    suggestions for reducing the burden, to the Department of Defense, Executive Service Directorate (0704-0188). Respondents should be aware that...improve the precision of security enforcement, and to provide greater assurance of information security. This grant focuses on two key projects: language...based control of authority; and formal guarantees for the correctness of audit information. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17

  9. Security infrastructure for on-demand provisioned Cloud infrastructure services

    NARCIS (Netherlands)

    Demchenko, Y.; Ngo, C.; de Laat, C.; Wlodarczyk, T.W.; Rong, C.; Ziegler, W.

    2011-01-01

    Providing consistent security services in on-demand provisioned Cloud infrastructure services is of primary importance due to multi-tenant and potentially multi-provider nature of Clouds Infrastructure as a Service (IaaS) environment. Cloud security infrastructure should address two aspects of the

  10. Applications for cyber security - System and application monitoring

    International Nuclear Information System (INIS)

    Marron, J. E.

    2006-01-01

    Standard network security measures are adequate for defense against external attacks. However, many experts agree that the greater threat is from internal sources. Insiders with malicious intentions can change controller instructions, change alarm thresholds, and issue commands to equipment which can damage equipment and compromise control system integrity. In addition to strict physical security the state of the system must be continually monitored. System and application monitoring goes beyond the capabilities of network security appliances. It will include active processes, operating system services, files, network adapters and IP addresses. The generation of alarms is a crucial feature of system and application monitoring. The alarms should be integrated to avoid the burden on operators of checking multiple locations for security violations. Tools for system and application monitoring include commercial software, free software, and ad-hoc tools that can be easily created. System and application monitoring is part of a 'defense-in-depth' approach to a control network security plan. Layered security measures prevent an individual security measure failure from being exploited into a successful security breach. Alarming of individual failures is essential for rapid isolation and correction of single failures. System and application monitoring is the innermost layer of this defense strategy. (authors)

  11. Martin Continues His Homeland Security Profession with New UASI Position

    OpenAIRE

    Issvoran, Heather

    2014-01-01

    Bruce Martin has found a second act in homeland security. The fire services veteran and college educator is now Project Manager of the Bay Area Urban Areas Security Initiative (UASI), overseeing its Chemical, Biological, Radiological, Nuclear Explosives (CBRNE) program. Martin is a 2010 master’s degree graduate of the Naval Postgraduate School Center for Homeland Defense and Security.

  12. Strategic Management for IT Services on Outsourcing Security Company

    Directory of Open Access Journals (Sweden)

    Lydia Wijaya

    2018-04-01

    Full Text Available Information Technology (IT is used by many organizations to enhance competitive advantage, but many outsource security firms have not used IT in their business processes. In this research, we will design Strategic Management for IT Services for outsourcing security company. We use an outsourcing security company as a case study of IT Strategy Management for IT Services development. The purpose of this study is to create an IT services strategy for security outsourcing companies. The framework used is the ITIL (Information Technology Infrastructure Library framework service strategy in strategy management for IT services process. There are several steps taken in the making of the strategy: (a Strategic assessment stage to analyzed internal and external factors of the company. (b Strategy generation by creating the strategic plan. (c Strategy execution to determine the tactical plan. And (d strategy measurement and evaluation. This study produced the proposed IT service system that suits the needs of the company in the form of strategic, tactical plans and strategy measurement. This result can be used as the foundations of IT service development in outsourcing security company. In the process of this study, we work closely with stakeholders; every work product has been verified and validated by stakeholders.

  13. Allegations Concerning Defense Reutilization and Marketing Service Business Practices

    National Research Council Canada - National Science Library

    2001-01-01

    We performed this audit in response to a request from Senator John Warner. The request was based on several allegations the senator's office received concerning the operations of the Defense Reutilization and Marketing Service (DRMS...

  14. [Calculation on ecological security baseline based on the ecosystem services value and the food security].

    Science.gov (United States)

    He, Ling; Jia, Qi-jian; Li, Chao; Xu, Hao

    2016-01-01

    The rapid development of coastal economy in Hebei Province caused rapid transition of coastal land use structure, which has threatened land ecological security. Therefore, calculating ecosystem service value of land use and exploring ecological security baseline can provide the basis for regional ecological protection and rehabilitation. Taking Huanghua, a city in the southeast of Hebei Province, as an example, this study explored the joint point, joint path and joint method between ecological security and food security, and then calculated the ecological security baseline of Huanghua City based on the ecosystem service value and the food safety standard. The results showed that ecosystem service value of per unit area from maximum to minimum were in this order: wetland, water, garden, cultivated land, meadow, other land, salt pans, saline and alkaline land, constructive land. The order of contribution rates of each ecological function value from high to low was nutrient recycling, water conservation, entertainment and culture, material production, biodiversity maintenance, gas regulation, climate regulation and environmental purification. The security baseline of grain production was 0.21 kg · m⁻², the security baseline of grain output value was 0.41 yuan · m⁻², the baseline of ecosystem service value was 21.58 yuan · m⁻², and the total of ecosystem service value in the research area was 4.244 billion yuan. In 2081 the ecological security will reach the bottom line and the ecological system, in which human is the subject, will be on the verge of collapse. According to the ecological security status, Huanghua can be divided into 4 zones, i.e., ecological core protection zone, ecological buffer zone, ecological restoration zone and human activity core zone.

  15. The Evolving Relationship Between Technology and National Security in China: Innovation, Defense Transformation, and China’s Place in the Global Technology Order

    Science.gov (United States)

    2016-02-12

    Stockmann, Xiao Qiang. Changing Media, Changing China , New York: Oxford University Press, (01 2011) Dieter Ernst. Indigenous Innovation and...2211 China , science, technology, dual use, defense, security, innovation REPORT DOCUMENTATION PAGE 11. SPONSOR/MONITOR’S REPORT NUMBER(S) 10...ABSTRACT Final Report: The Evolving Relationship Between Technology and National Security in China : Innovation , Defense Transformation, and China’s

  16. Supporting the Information-Centric 2001 Quadrennial Defense Review: The Case for an Information Service

    National Research Council Canada - National Science Library

    Costa, Robert

    2002-01-01

    Information Superiority is an overarching and integrating construct in both Joint Vision 2020 and the 2001 Quadrennial Defense Review and is codified in both the 2000 National Security Strategy (NSS...

  17. Secure Data Service Outsourcing with Untrusted Cloud

    OpenAIRE

    Xiong, Huijun

    2013-01-01

    Outsourcing data services to the cloud is a nature fit for cloud usage. However, increasing security and privacy concerns from both enterprises and individuals on their outsourced data inhibit this trend. In this dissertation, we introduce service-centric solutions to address two types of security threats existing in the current cloud environments: semi-honest cloud providers and malicious cloud customers. Our solution aims not only to provide confidentiality and access controllability of out...

  18. Simple & Secure: Attitude and behaviour towards security and usability in internet products and services at home

    NARCIS (Netherlands)

    Wolthuis, R.; Broenink, E.G.; Fransen, F.; Schultz, S.; Vries, A. de

    2010-01-01

    This paper is the result of research on the security perception of users in ICT services and equipment. We analyze the rationale of users to have an interest in security and to decide to change security parameters of equipment and services. We focus on the home environment, where more and more

  19. Cyber Security: Assessing Our Vulnerabilities and Developing an Effective Defense

    Science.gov (United States)

    Spafford, Eugene H.

    The number and sophistication of cyberattacks continues to increase, but no national policy is in place to confront them. Critical systems need to be built on secure foundations, rather than the cheapest general-purpose platform. A program that combines education in cyber security, increasing resources for law enforcement, development of reliable systems for critical applications, and expanding research support in multiple areas of security and reliability is essential to combat risks that are far beyond the nuisances of spam email and viruses, and involve widespread espionage, theft, and attacks on essential services.

  20. Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks.

    Science.gov (United States)

    Lin, Zhaowen; Tao, Dan; Wang, Zhenji

    2017-04-21

    For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller.

  1. A full cost analysis of the replacement of Naval Base, Guantanamo Bay's Marine ground defense force by the fleet antiterrorism security team

    OpenAIRE

    Ordona, Placido C.

    2000-01-01

    Constrained defense budgets and manpower resources have motivated the United States Marine Corps and the United States Navy to seek initiatives that maximize the efficient use and allocation of these diminishing resources. One such initiative is the restructuring of the Marine security presence at Naval Station, Guantanamo Bay, Cuba, through the replacement of the 350 man Marine Ground Defense Force with a smaller, rotating unit consisting of two platoons from the Fleet Antiterrorism Security...

  2. Consolidating Financial Statements of the Defense Finance and Accounting Service Revolving Fund of the Defense Business Operations Fund-FY 1992

    National Research Council Canada - National Science Library

    1993-01-01

    ...) Revolving Fund of the Defense Business Operations Fund (the Fund). The revolving Fund was created to provide finance and accounting services to DoD customers, charging them the full cost of those services...

  3. Securing Single Points of Compromise (SPoC)

    Energy Technology Data Exchange (ETDEWEB)

    Belangia, David Warren [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2015-06-25

    Securing the Single Points of Compromise that provide central services to the institution’s environment is paramount to success when trying to protect the business. (Fisk, 2014) Time Based Security mandates protection (erecting and ensuring effective controls) that last longer than the time to detect and react to a compromise. When enterprise protections fail, providing additional layered controls for these central services provides more time to detect and react. While guidance is readily available for securing the individual critical asset, protecting these assets as a group is not often discussed. Using best business practices to protect these resources as individual assets while leveraging holistic defenses for the group increases the opportunity to maximize protection time, allowing detection and reaction time for the SPoCs that is commensurate with the inherent risk of these centralized services.

  4. Lecture 2: Software Security

    CERN Multimedia

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development, testing and deployment. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and ...

  5. Analytical Characterization of Internet Security Attacks

    Science.gov (United States)

    Sellke, Sarah H.

    2010-01-01

    Internet security attacks have drawn significant attention due to their enormously adverse impact. These attacks includes Malware (Viruses, Worms, Trojan Horse), Denial of Service, Packet Sniffer, and Password Attacks. There is an increasing need to provide adequate defense mechanisms against these attacks. My thesis proposal deals with analytical…

  6. Web-Services Development in Secure Way for Highload Systems

    Directory of Open Access Journals (Sweden)

    V. M. Nichiporchouk

    2011-12-01

    Full Text Available This paper describes approach to design of web-services in secure, high load and fault tolerant implementation for mass message processing. The multicomponent architecture of web-service with possibility for high security zone is provided as well as scalability evaluation of the architecture.

  7. Security Issues for Intelligence Information System based on Service-Oriented Architecture

    OpenAIRE

    Ackoski, Jugoslav; Trajkovik, Vladimir; Davcev, Danco

    2011-01-01

    Security is important requirement for service-oriented architecture (SOA), because SOA considers widespread services on different location and diverse operational platforms. Main challenge for SOA Security still drifts around “clouds” and that is insufficient frameworks for security models based on consistent and convenient methods. Contemporary security architectures and security protocols are in the phase of developing. SOA based systems are characterized with differences ...

  8. 76 FR 2151 - Assumption Buster Workshop: Defense-in-Depth is a Smart Investment for Cyber Security

    Science.gov (United States)

    2011-01-12

    ... day-long workshop on the pros and cons of the defense-in-depth strategy for cyber security. The... Technology Research and Development (NITRD) Program. ACTION: Call for participation. FOR FURTHER INFORMATION... Information Technology Research and Development (NITRD) Program on behalf of the SCORE Committee. Background...

  9. Innovation in small and mediumsized firms in the security service industry

    DEFF Research Database (Denmark)

    Langergaard, Luise Li; Møller, Jørn Kjølseth; Hansen, Anne Vorre

    2014-01-01

    This article is a study of innovation in the security sector based on an analysis of three Danish security companies. It uncovers the logics and dynamics of innovation in the security business, which is part of the operational service sector. Operational service companies are forced to choose...... activities. In order to overcome this general ‘service squeeze’ and break with a mature market, security companies use different strategies for innovation. These strategies depend on the ability of the individual security companies to activate the innovative resources among employees in order to move...... the business activities further up in the market hierarchy of security services by offering more complex and knowledge-intensive solutions to the customers, thereby reducing price competition and increasing the profits of the business activity in the same way as known from other industries...

  10. 39 CFR 761.8 - Servicing book-entry Postal Service securities; payment of interest, payment at maturity or upon...

    Science.gov (United States)

    2010-07-01

    ... 39 Postal Service 1 2010-07-01 2010-07-01 false Servicing book-entry Postal Service securities... POSTAL SERVICE POSTAL SERVICE DEBT OBLIGATIONS; DISBURSEMENT POSTAL MONEY ORDERS BOOK-ENTRY PROCEDURES § 761.8 Servicing book-entry Postal Service securities; payment of interest, payment at maturity or upon...

  11. Evaluating the Impact of the Department of Defense Regional Centers for Security Studies

    Science.gov (United States)

    2014-01-01

    Kazakstan, Moldova, Montenegro $542,000 total 11% O&M; 89% other Media: weapon or tool 50 Garmisch, Germany $99,000 O&M nAtO Smart Defense (2...events) 70 total Bosnia, Montenegro $74,000 total Other nESA Yemen national Security Seminar 40 Yemen $450,000 Other pakistani Military Confidence...mandate. It included commentary on all aspects of APCSS’s operations, including physical plant , library usage, stu- dent selection, alumni outreach

  12. 76 FR 6637 - Assumption Buster Workshop: Defense-in-Depth Is a Smart Investment for Cyber Security

    Science.gov (United States)

    2011-02-07

    ... the pros and cons of the Defense-in-Depth strategy for cyber security. The workshop will be held March... Technology Research and Development (NITRD) Program. ACTION: Call for participation. FOR FURTHER INFORMATION... notice is issued by the National Coordination Office for the Networking and Information Technology...

  13. Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems.

    Science.gov (United States)

    Wu, Jun; Su, Zhou; Wang, Shen; Li, Jianhua

    2017-07-30

    Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on "friend" relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

  14. WPSS: Watching people security services

    NARCIS (Netherlands)

    Bouma, H.; Baan, J.; Borsboom, S.; Zon, K. van; Luo, X.; Loke, B.; Stoeller, B.; Kuilenburg, H. van; Dijk, J.

    2013-01-01

    To improve security, the number of surveillance cameras is rapidly increasing. However, the number of human operators remains limited and only a selection of the video streams are observed. Intelligent software services can help to find people quickly, evaluate their behavior and show the most

  15. THE CONCEPT OF "SMART DEFENSE" IN THE CONTEXT OF AN EFFICIENT DEFENSE PLANNING

    Directory of Open Access Journals (Sweden)

    Teodor FRUNZETI

    2012-01-01

    Full Text Available The international security environment is currently undergoing a series of fundamental changes becoming increasingly complex. Consequently, international actors need to find innovative ways to manage security and defense. The global financial and economic crisis has had a strong impact on military budgets, making it necessary for states and regional and international organizations concerned with such issues to streamline their defense planning and the more so because, in addition to the already consecrated risks and security threats, there are also new challenges. The concepts of “pooling and sharing” and “smart defense” have become, in this context, increasingly popular generating new initiatives in defense planning. However, despite some successes in this regard and their presentation as ideal solutions for managing defense in the current context, these concepts involve a number of difficulties to overcome that sometimes may translate into strategic political military and even economic disadvantages.

  16. Secure Multi-party Computation Protocol for Defense Applications in Military Operations Using Virtual Cryptography

    Science.gov (United States)

    Pathak, Rohit; Joshi, Satyadhar

    With the advent into the 20th century whole world has been facing the common dilemma of Terrorism. The suicide attacks on US twin towers 11 Sept. 2001, Train bombings in Madrid Spain 11 Mar. 2004, London bombings 7 Jul. 2005 and Mumbai attack 26 Nov. 2008 were some of the most disturbing, destructive and evil acts by terrorists in the last decade which has clearly shown their evil intent that they can go to any extent to accomplish their goals. Many terrorist organizations such as al Quaida, Harakat ul-Mujahidin, Hezbollah, Jaish-e-Mohammed, Lashkar-e-Toiba, etc. are carrying out training camps and terrorist operations which are accompanied with latest technology and high tech arsenal. To counter such terrorism our military is in need of advanced defense technology. One of the major issues of concern is secure communication. It has to be made sure that communication between different military forces is secure so that critical information is not leaked to the adversary. Military forces need secure communication to shield their confidential data from terrorist forces. Leakage of concerned data can prove hazardous, thus preservation and security is of prime importance. There may be a need to perform computations that require data from many military forces, but in some cases the associated forces would not want to reveal their data to other forces. In such situations Secure Multi-party Computations find their application. In this paper, we propose a new highly scalable Secure Multi-party Computation (SMC) protocol and algorithm for Defense applications which can be used to perform computation on encrypted data. Every party encrypts their data in accordance with a particular scheme. This encrypted data is distributed among some created virtual parties. These Virtual parties send their data to the TTP through an Anonymizer layer. TTP performs computation on encrypted data and announces the result. As the data sent was encrypted its actual value can’t be known by TTP

  17. Agencies Need Improved Financial Data Reporting for Private Security Contractors

    National Research Council Canada - National Science Library

    Warren, David R; Bianco, Michael A; Nasser, Waheed; Kusman, Richard R; Shafer, James; Venner, Jason; Walls, Lovell Q; Wright, Samson J

    2008-01-01

    Section 842 of the National Defense Authorization Act of 2008 (Public Law 110-181), required SIGIR to, among other things, develop a plan to evaluate various characteristics of contracting for private security contractor services in Iraq...

  18. Multi-capability color night vision HD camera for defense, surveillance, and security

    Science.gov (United States)

    Pang, Francis; Powell, Gareth; Fereyre, Pierre

    2015-05-01

    e2v has developed a family of high performance cameras based on our next generation CMOS imagers that provide multiple features and capabilities to meet the range of challenging imaging applications in defense, surveillance, and security markets. Two resolution sizes are available: 1920x1080 with 5.3 μm pixels, and an ultra-low light level version at 1280x1024 with 10μm pixels. Each type is available in either monochrome or e2v's unique bayer pattern color version. The camera is well suited to accommodate many of the high demands for defense, surveillance, and security applications: compact form factor (SWAP+C), color night vision performance (down to 10-2 lux), ruggedized housing, Global Shutter, low read noise (<6e- in Global shutter mode and <2.5e- in Rolling shutter mode), 60 Hz frame rate, high QE especially in the enhanced NIR range (up to 1100nm). Other capabilities include active illumination and range gating. This paper will describe all the features of the sensor and the camera. It will be followed with a presentation of the latest test data with the current developments. Then, it will conclude with a description of how these features can be easily configured to meet many different applications. With this development, we can tune rather than create a full customization, making it more beneficial for many of our customers and their custom applications.

  19. RESTful Java web services security

    CERN Document Server

    Enríquez, René

    2014-01-01

    A sequential and easy-to-follow guide which allows you to understand the concepts related to securing web apps/services quickly and efficiently, since each topic is explained and described with the help of an example and in a step-by-step manner, helping you to easily implement the examples in your own projects. This book is intended for web application developers who use RESTful web services to power their websites. Prior knowledge of RESTful is not mandatory, but would be advisable.

  20. Cyber Threats/Attacks and a Defensive Model to Mitigate Cyber Activities

    Directory of Open Access Journals (Sweden)

    Jawad Hussain Awan

    2018-04-01

    Full Text Available Nowadays, every internet user is part of cyber world. In this way, millions of users, knowledge seekers, and service provider organizations are connected to each other, a vast number of common people shifted their everyday activities to cyber world as they can save their time, traffic problem and gets effective and costless services by using various services such as, online banking, social networking sites, government services and cloud services. The use of Cyber services, eBusiness, eCommerce and eGovernance increases the usage of online/cyber services also increased the issue of cyber security. Recently, various cases have been reported in the literature and media about the cyber-attacks and crimes which seriously disrupted governments, businesses and personal lives. From the literature. It is noticed that every cyber user is unaware about privacy and security practices and measures. Therefore, cyber user has provided knowledge and fully aware them from the online services and also about cyber privacy and security. This paper presents a review on the recent cybercrimes, threats and attacks reported in the literature and media. In addition, the impact of these cyber breaches and cyber law to deal with cyber security has been discussed. At last, a defensive model is also proposed to mitigate cyber-criminal activities.

  1. Ecosystem services for energy security

    Energy Technology Data Exchange (ETDEWEB)

    Athanas, Andrea; McCormick, Nadine

    2010-09-15

    The world is at an energy crossroads. The changes underway will have implications for ecosystems and livelihoods. Energy security is the reliable supply of affordable energy, of which there are two dimensions; reliability and resilience. Changes in ecosystem services linked to degradation and climate change have the potential to impact both on the reliabiity of energy systems and on their resiliance. Investing in ecosystems can help safeguard energy systems, and mitigate unforeseen risks to energy security. The energy and conservation community should come together to build reliable and resilliant energy systems in ways which recognise and value supporting ecosystems.

  2. Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

    Directory of Open Access Journals (Sweden)

    Jun Wu

    2017-07-01

    Full Text Available Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

  3. Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

    Science.gov (United States)

    Wu, Jun; Su, Zhou; Li, Jianhua

    2017-01-01

    Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems. PMID:28758943

  4. Program Management at the National Nuclear Security Administration Office of Defense Nuclear Security: A Review of Program Management Documents and Underlying Processes

    International Nuclear Information System (INIS)

    Madden, Michael S.

    2010-01-01

    The scope of this paper is to review the National Nuclear Security Administration Office of Defense Nuclear Security (DNS) program management documents and to examine the underlying processes. The purpose is to identify recommendations for improvement and to influence the rewrite of the DNS Program Management Plan (PMP) and the documentation supporting it. As a part of this process, over 40 documents required by DNS or its stakeholders were reviewed. In addition, approximately 12 other documents produced outside of DNS and its stakeholders were reviewed in an effort to identify best practices. The complete list of documents reviewed is provided as an attachment to this paper.

  5. Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services

    OpenAIRE

    Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje

    2015-01-01

    - This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, supplemented with requirements from European data protection legislation, and taking into account security issues identified in recent research on Cloud security. The document is intended to be used by potential cloud customers that need to assess the security of a c...

  6. The Evolution of Missile Defense Plan from Bush to Obama. Implications for the National Security of Romania

    Directory of Open Access Journals (Sweden)

    Ruxandra-Laura BOSILCA

    2012-06-01

    Full Text Available In 2011 Romania officially became part of the Obama administration’s missile defense system in Europe which has significantly changed the strategic military relations both in Europe and worldwide. The Bush approach has been revised and progress in several sections has been achieved, both strategically and technically. For Romania, the participation in the missile defence plan, ensures more solid security guarantees, especially in an unpredictable and risk-prone international environment where the U.S. reconsiders its presence in Europe under the pressure of the economic crisis and of a relative decline in power; it has also become a more visible actor – alongside Bulgaria – which were initially excluded by the Bush missile defence plan. This paper’s purpose is to review the main evolutions of the missile defense plan from the Bush to the Obama administration and to outline its implications on the national security of Romania.

  7. Paying Personal Property Transportation Contracts at the Defense Finance and Accounting Service-Indianapolis Center

    National Research Council Canada - National Science Library

    Bridges, W

    1997-01-01

    ...; procuring those services using Federal Acquisition Regulation (FAR) contracts. It also plans to centralize the payment process at the Defense Finance and Accounting Service-Indianapolis Center (DFAS...

  8. E PLURIBUS UNUM Homeland Security versus Homeland Defense Who Does What and to Whom

    Science.gov (United States)

    2010-04-01

    thesis is a prima facie , Strength, Weakness, Opportunity and Threat (SWOT) analysis of both the NSC/DoD and the HSC/DHS security/defense...all true Muslims have an obligation to engage in violent acts with the aim of relieving the world of corrupt values and social demagoguery. Extremist...9426085 on December 26, 2009). 47 meet the obligations associated with the globalization of democracy, America must align resources in a well

  9. Design and Implementation of Wiki Services in a Multilevel Secure Environment

    National Research Council Canada - National Science Library

    Ong, Kar L

    2007-01-01

    The Monterey Security Architecture (MYSEA) provides a distributed multilevel secure networking environment where authenticated users can securely access data and services at different security classification levels...

  10. The Development of the US National Missile Defense and its Impact on the International Security

    Directory of Open Access Journals (Sweden)

    J. Yu. Parshkova

    2015-01-01

    Full Text Available The article reflects the US officials' point of view on the development of its national missile defense. The major threat to international security is the proliferation of ballistic missiles and weapons of mass destruction. The United States and the former Soviet Union made huge efforts to reduce and limit offensive arms. However, presently the proliferation of ballistic missiles spreads all over the world, especially in the Middle East, because of the ballistic missile technology falling into the hands of hostile non-state groups. Missile defenses can provide a permanent presence in a region and discourage adversaries from believing they can use ballistic missiles to coerce or intimidate the U.S. or its allies. With the possible attack regional missile defense systems will be promptly mobilized to enhance an effective deterrent. The ultimate goal of such large-scale missile defense deployment is to convince the adversaries that the use of ballistic missiles is useless in military terms and that any attack on the United States and its allies is doomed to failure. The United States has missile defense cooperative programs with a number of allies, including United Kingdom, Japan, Australia, Israel, Denmark, Germany, Netherlands, Czech Republic, Poland, Italy and many others. The Missile Defense Agency also actively participates in NATO activities to maximize opportunities to develop an integrated NATO ballistic missile defense capability. The initiative of the development of US BMD naturally belongs to the United States. That country has enormous technological, financial, economic, military and institutional capabilities, exceeding by far those of the other NATO members combined.

  11. Secure and Resilient Cloud Computing for the Department of Defense

    Science.gov (United States)

    2015-07-21

    scalability of resource usage. Lincoln Laboratory is developing technology that will strengthen the security and resilience of cloud computing so that the...capabilities are outsourced to a provider that delivers services to a cloud user (also called a tenant). The DoD is looking to the cloud computing model...hardware. Today’s cloud providers and the technology that underpins them are focused on the availability and scalability of services and not on DoD

  12. POLITICAL SCIENCES AND THE SECURITY AND DEFENSE STUDIES. PRECISIONS AND PROJECTIONS

    Directory of Open Access Journals (Sweden)

    JUAN FUENTES VERA

    2018-02-01

    Full Text Available This article focus on political science as a matter of study in the programs of the National Academy for Political and Strategic Studies, in order to explain the reason of including this discipline, particularly in its relation with security and defense. It is focused on the object of study of political science, thus delivering precisions about the concept of politics among others related. It also emphasizes some aspects that have been important in this discipline, including some modern epistemological debates, and also open the scope of possibilities that today can be offered as matters of study in a world yielded to the dynamics of the globalization.

  13. Security management of next generation telecommunications networks and services

    CERN Document Server

    Jacobs, Stuart

    2014-01-01

    This book will cover network management security issues and currently available security mechanisms by discussing how network architectures have evolved into the contemporary NGNs which support converged services (voice, video, TV, interactive information exchange, and classic data communications). It will also analyze existing security standards and their applicability to securing network management. This book will review 21st century security concepts of authentication, authorization, confidentiality, integrity, nonrepudiation, vulnerabilities, threats, risks, and effective approaches to enc

  14. 32 CFR 154.61 - Security education.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 1 2010-07-01 2010-07-01 false Security education. 154.61 Section 154.61... PERSONNEL SECURITY PROGRAM REGULATION Continuing Security Responsibilities § 154.61 Security education. (a.... Through security briefings and education, the Department of Defense continues to provide for the...

  15. DLA/FedEx Premium Service Effects on Defense Distribution Inventories and Shipments

    National Research Council Canada - National Science Library

    Hill, Marichal L; Pitts, Bobby

    2006-01-01

    .... The research will view the possible benefits gained through commercial inventory and transportation practices by partnering a third party logistics service with the Defense Transportation System...

  16. FlySec: a risk-based airport security management system based on security as a service concept

    Science.gov (United States)

    Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

    2016-05-01

    Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

  17. Analysis of Department of Defense social media policy and its impact on operational security

    OpenAIRE

    Leonhardi, Eric V.; Murphy, Mark; Kim, Hannah

    2015-01-01

    Approved for public release; distribution is unlimited The emergence and rapid adoption of social media by society has forced the Department of Defense (DOD) to adapt, and ultimately develop and incorporate, social media policy into its cybersecurity strategy. While social media has influenced DOD strategy, it has also had a direct impact on the organization’s operational security (OPSEC). DOD personnel using social media represent a potential OPSEC risk through the various ways and means ...

  18. Neuroscience, ethics, and national security: the state of the art.

    Directory of Open Access Journals (Sweden)

    Michael N Tennison

    Full Text Available National security organizations in the United States, including the armed services and the intelligence community, have developed a close relationship with the scientific establishment. The latest technology often fuels warfighting and counter-intelligence capacities, providing the tactical advantages thought necessary to maintain geopolitical dominance and national security. Neuroscience has emerged as a prominent focus within this milieu, annually receiving hundreds of millions of Department of Defense dollars. Its role in national security operations raises ethical issues that need to be addressed to ensure the pragmatic synthesis of ethical accountability and national security.

  19. Neuroscience, ethics, and national security: the state of the art.

    Science.gov (United States)

    Tennison, Michael N; Moreno, Jonathan D

    2012-01-01

    National security organizations in the United States, including the armed services and the intelligence community, have developed a close relationship with the scientific establishment. The latest technology often fuels warfighting and counter-intelligence capacities, providing the tactical advantages thought necessary to maintain geopolitical dominance and national security. Neuroscience has emerged as a prominent focus within this milieu, annually receiving hundreds of millions of Department of Defense dollars. Its role in national security operations raises ethical issues that need to be addressed to ensure the pragmatic synthesis of ethical accountability and national security.

  20. Cost and price auditing: effectiveness in the procurement of defense services in Spain

    Directory of Open Access Journals (Sweden)

    José Aguado Romero

    Full Text Available Abstract Contract auditing, or cost and price auditing, has been applied in Spain as a means of determining prices in non-competitive defense contracts since 1989. Factors such as Spain's participation in international defense organizations, the characteristics of the defense market and the contractual legal framework for the procurement of defense goods and services help underscore the need for the Spanish Ministry of Defense to implement cost and price auditing. With the evolution of cost and price auditing in Spain in mind, this paper analyses the entire process, describes the audit procedures that are most commonly used today and assesses the main results achieved, in terms of financial savings. The results obtained show that cost and price auditing does indeed contribute to a more efficient use of public resources.

  1. Privacy-preserving security solution for cloud services

    OpenAIRE

    L. Malina; J. Hajny; P. Dzurenda; V. Zeman

    2015-01-01

    We propose a novel privacy-preserving security solution for cloud services. Our solution is based on an efficient non-bilinear group signature scheme providing the anonymous access to cloud services and shared storage servers. The novel solution offers anonymous authenticationfor registered users. Thus, users' personal attributes (age, valid registration, successful payment) can be proven without revealing users' identity, and users can use cloud services without any threat of profiling their...

  2. Instant SQL Server Analysis Services 2012 Cube Security

    CERN Document Server

    Jayanty, Satya SK

    2013-01-01

    Filled with practical, step-by-step instructions and clear explanations for the most important and useful tasks. Instant Microsoft SQL Server Analysis Services 2012 Cube Security is a practical, hands-on guide that provides a number of clear, step-by-step exercises for getting started with cube security.This book is aimed at Database Administrators, Data Architects, and Systems Administrators who are managing the SQL Server data platform. It is also beneficial for analysis services developers who already have some experience with the technology, but who want to go into more detail on advanced

  3. Security threats and their mitigation in infrastructure as a service

    Directory of Open Access Journals (Sweden)

    Bineet Kumar Joshi

    2016-09-01

    Full Text Available Cloud computing is a hot technology in the market. It permits user to use all IT resources as computing services on the basis of pay per use manner and access the applications remotely. Infrastructure as a service (IaaS is the basic requirement for all delivery models. Infrastructure as a service delivers all possible it resources (Network Components, Operating System, etc. as a service to users. From both users and providers point of view: integrity, privacy and other security issues in IaaS are the important concern. In this paper we studied in detail about the different types of security related issues in IaaS layer and methods to resolve them to maximize the performance and to maintain the highest level of security in IaaS.

  4. COMMUNICATING DEFENSE AND SECURITY IN ROMANIA DURING THE UKRAINIAN CRISIS (NOVEMBER 2013 - SEPTEMBER 2014

    Directory of Open Access Journals (Sweden)

    Viorel MIHAILĂ

    2014-10-01

    Full Text Available This paper analyzes the main themes and patterns used by Romanian communication programs on defense and security during the Ukrainian crises, from November 2013 until the ceasefire of September 5th. Acknowledging the change made in the Romanian leadership’s understanding of the security concept during the last 25 years of country’s transition from communism to democracy, the study found out that the narrative used by the Romanian institutions might lead to a new understanding on whose job is to protect the country in case of a military aggression. Currently, the bearer of this responsibility appears to be, for Romanians, the North Atlantic Treaty Organization (NATO, the European Union (EU and the Romanians themselves, in this order. For the timeframe analyzed, for what is spoken and written in the media by the politicians and, afterwards, re-represented by the general public (developed by opinion pools it seems that for the military dimension, the security responsibility was somehow outsourced.

  5. Pre-Service Teachers' Defensive Pessimism in Situ: Two Case Studies within a Mathematics Classroom

    Science.gov (United States)

    Merz, Alice H.; Swim, Terri Jo

    2008-01-01

    In this study, defensive pessimism is reviewed in relation to anxiety, self-esteem, expectations, self-regulation, and self-handicapping. Then, two case studies of American pre-service teachers in a mathematics classroom are provided that move the research beyond survey and correlational studies. In the case analyses, defensive pessimists'…

  6. VCC-SSF: Service-Oriented Security Framework for Vehicular Cloud Computing

    Directory of Open Access Journals (Sweden)

    Won Min Kang

    2015-02-01

    Full Text Available Recently, as vehicle computing technology has advanced, the paradigm of the vehicle has changed from a simple means of transportation to a smart vehicle for safety and convenience. In addition, the previous functions of the Intelligent Transportation System (ITS such as traffic accident prevention and providing traffic volume information have been combined with cloud computing. ITS services provide user-oriented broad services in the Vehicular Cloud Computing (VCC environment through efficient traffic management, traffic accident prevention, and convenience services. However, existing vehicle services focus on providing services using sensing information inside the vehicle and the system to provide the service through an interface with the external infrastructure is insufficient. In addition, because wireless networks are used in VCC environments, there is a risk of important information leakage from sensors inside the vehicle, such as driver personal identification and payment information at the time of goods purchase. We propose the VCC Service-oriented Security Framework (VCC-SSF to address the limitations and security threats of VCC-based services. The proposed framework considers security for convenient and efficient services of VCC and includes new user-oriented payment management and active accident management services. Furthermore, it provides authentication, encryption, access control, confidentiality, integrity, and privacy protection for user personal information and information inside the vehicle.

  7. Outsourcing as a Mean of Service for Security Provision

    Directory of Open Access Journals (Sweden)

    D.I. Persanov

    2012-03-01

    Full Text Available The article highlights the implementation of outsourcing as a mean of service for security provision. Analysis is performed to describe the current issues affecting the management decision in favor of outsourcing. Investigation covers the processes of physical, information and economical security. The main recommendations to use outsourcing for security provision are described in the conclusion.

  8. 78 FR 47021 - Excepted Service

    Science.gov (United States)

    2013-08-02

    ... the Assistant......... BO130016 5/9/2013 Director. Small Business Administration.. Office of Field... Immigration Director. Services. Office of the Cybersecurity DM120050 5/18/2013 Under Secretary Strategist. for... (International Defense (Europe/ Security Affairs). NATO). Small Business Administration.. Office of Deputy...

  9. Effective Proactive and Reactive Defense Strategies against Malicious Attacks in a Virtualized Honeynet

    Directory of Open Access Journals (Sweden)

    Frank Yeong-Sung Lin

    2013-01-01

    Full Text Available Virtualization plays an important role in the recent trend of cloud computing. It allows the administrator to manage and allocate hardware resources flexibly. However, it also causes some security issues. This is a critical problem for service providers, who simultaneously strive to defend against malicious attackers while providing legitimate users with high quality service. In this paper, the attack-defense scenario is formulated as a mathematical model where the defender applies both proactive and reactive defense mechanisms against attackers with different attack strategies. In order to simulate real-world conditions, the attackers are assumed to have incomplete information and imperfect knowledge of the target network. This raises the difficulty of solving the model greatly, by turning the problem nondeterministic. After examining the experiment results, effective proactive and reactive defense strategies are proposed. This paper finds that a proactive defense strategy is suitable for dealing with aggressive attackers under “winner takes all” circumstances, while a reactive defense strategy works better in defending against less aggressive attackers under “fight to win or die” circumstances.

  10. SAM: Secure Access of Media Independent Information Service with User Anonymity

    Directory of Open Access Journals (Sweden)

    Li Guangsong

    2010-01-01

    Full Text Available Seamless handover across different access technologies is very important in the future wireless networks. To optimize vertical handover in heterogeneous networks, IEEE 802.21 standard defines Media Independent Handover (MIH services. The MIH services can be a new target to attackers, which will be the main concern for equipment vendors and service providers. In this paper, we focus specifically on security of Media Independent Information Service (MIIS and present a new access authentication scheme with user anonymity for MIIS. The protocol can be used to establish a secure channel between the mobile node and the information server. Security and performance of the protocol are also analyzed in this paper.

  11. Secure Electronic Cards in Public Services

    Directory of Open Access Journals (Sweden)

    Cristian TOMA

    2008-01-01

    Full Text Available The paper presents the electronic wallet solution implemented within a GSM SIM technology for accessing public services. The solution is implemented in the medical field to provide information on the patient’s medical history and payment for private medical services. The security issue is a very important one as the patient’s history is confidential and the payment has to be safe.

  12. Enhancing Unity of Effort in Homeland Defense, Homeland Security, and Civil Support Through Interdisciplinary Education

    Science.gov (United States)

    2010-03-01

    Parameters, Winter 1998, 39–50. Walt Disney Pictures. (2004) Miracle. Burbank, CA. Wormuth, C. E., & Witkowsky, A. (2008). Managing the Next...defense, homeland security, and civil support. In 2004, Disney produced a movie entitled Miracle that portrayed the story of the 1980 hockey team...perspective that the players have finally set aside their differences and internal competitions to form a true team. These quotes from a movie Disney

  13. A new data collaboration service based on cloud computing security

    Science.gov (United States)

    Ying, Ren; Li, Hua-Wei; Wang, Li na

    2017-09-01

    With the rapid development of cloud computing, the storage and usage of data have undergone revolutionary changes. Data owners can store data in the cloud. While bringing convenience, it also brings many new challenges to cloud data security. A key issue is how to support a secure data collaboration service that supports access and updates to cloud data. This paper proposes a secure, efficient and extensible data collaboration service, which prevents data leaks in cloud storage, supports one to many encryption mechanisms, and also enables cloud data writing and fine-grained access control.

  14. The Department of Defense Information Security Process: A Study of Change Acceptance and Past-Performance-Based Outsourcing

    Science.gov (United States)

    Hackney, Dennis W. G.

    2011-01-01

    Subchapter III of Chapter 35 of Title 44, United States Code, Federal Information Security Management Act of 2002; Department of Defense (DoD) Directive 8500.01E, Information Assurance, October 24, 2002; DoD Directive 8100.1, Global Information Grid Overarching Policy, September 19, 2002; and DoD Instruction 8500.2, Information Assurance…

  15. Dutch National Security Reform Under Review : Sufficient Checks and Balances in the Intelligence and Security Services Act 2017?

    NARCIS (Netherlands)

    Quirine Eijkman; Nico van Eijk; Robert van Schaik

    2018-01-01

    In May 2018, the new Dutch Intelligence and Security Services Act 2017 (Wet op de Inlichtingen- en veiligheidsdiensten, Wiv) will enter into force. It replaces the previous 2002 Act and incorporates many reforms to the information gathering powers of the two intelligence and security services as

  16. Constructing RBAC based security model in u-healthcare service platform.

    Science.gov (United States)

    Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

    2015-01-01

    In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

  17. Constructing RBAC Based Security Model in u-Healthcare Service Platform

    Science.gov (United States)

    Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

    2015-01-01

    In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices. PMID:25695104

  18. Measuring Changes in Service Costs to Meet the Requirements of the 2002 National Defense Authorization Act

    National Research Council Canada - National Science Library

    Shirley, Chad; Ausink, John; Baldwin, Laura H

    2004-01-01

    The National Defense Authorization Act for Fiscal Year 2002 sets forth a series of goals for the Department of Defense to reduce the cost of the services it buys over a ten-year period through changes...

  19. On effectiveness of network sensor-based defense framework

    Science.gov (United States)

    Zhang, Difan; Zhang, Hanlin; Ge, Linqiang; Yu, Wei; Lu, Chao; Chen, Genshe; Pham, Khanh

    2012-06-01

    Cyber attacks are increasing in frequency, impact, and complexity, which demonstrate extensive network vulnerabilities with the potential for serious damage. Defending against cyber attacks calls for the distributed collaborative monitoring, detection, and mitigation. To this end, we develop a network sensor-based defense framework, with the aim of handling network security awareness, mitigation, and prediction. We implement the prototypical system and show its effectiveness on detecting known attacks, such as port-scanning and distributed denial-of-service (DDoS). Based on this framework, we also implement the statistical-based detection and sequential testing-based detection techniques and compare their respective detection performance. The future implementation of defensive algorithms can be provisioned in our proposed framework for combating cyber attacks.

  20. Prepublication Review of Government Employee Speech: A Case Study of the Department of Defense and United States Air Force Security/Policy Review Programs.

    Science.gov (United States)

    Warden, Michael L.

    Since 1957 the Department of Defense has subjected all forms of speech of U.S. military personnel meant for publication to prepublication review based on security and policy criteria. The historical development of the Defense Department's prepublication review program and its specific implementation by the U.S. Air Force lead to questions of First…

  1. Special Army Reports Prepared by Defense Finance and Accounting Service Indianapolis Operations

    National Research Council Canada - National Science Library

    Granetto, Paul J; Marsh, Patricia A; Armstrong, Jack L; Wenzel, Paul C; Barnes, Leslie M; Grum, Andrew D; Kleiman, E. E; Baer, Joseph A; Maroska, Chad A; Thompson, Ann L

    2007-01-01

    .... This is the second in a series of reports related to Army budget execution operations. The first report discussed the transmission of Army budget execution data by the Defense Finance and Accounting Service (DFAS...

  2. Transformation - Herding the Cats Towards Service Interdependence

    National Research Council Canada - National Science Library

    Pope, Thomas

    2004-01-01

    U.S. Department of Defense efforts to transform the military is a daunting task. Adapting to a security environment shaped by faceless threats, globalization, and the emergence of the information age requires a change in Service culture...

  3. Deception used for Cyber Defense of Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Miles A. McQueen

    2009-05-01

    Control system cyber security defense mechanisms may employ deception to make it more difficult for attackers to plan and execute successful attacks. These deceptive defense mechanisms are organized and initially explored according to a specific deception taxonomy and the seven abstract dimensions of security previously proposed as a framework for the cyber security of control systems.

  4. A MAS-Based Cloud Service Brokering System to Respond Security Needs of Cloud Customers

    Directory of Open Access Journals (Sweden)

    Jamal Talbi

    2017-03-01

    Full Text Available Cloud computing is becoming a key factor in computer science and an important technology for many organizations to deliver different types of services. The companies which provide services to customers are called as cloud service providers. The cloud users (CUs increase and require secure, reliable and trustworthy cloud service providers (CSPs from the market. So, it’s a challenge for a new customer to choose the highly secure provider. This paper presents a cloud service brokering system in order to analyze and rank the secured cloud service provider among the available providers list. This model uses an autonomous and flexible agent in multi-agent system (MASs that have an intelligent behavior and suitable tools for helping the brokering system to assess the security risks for the group of cloud providers which make decision of the more secured provider and justify the business needs of users in terms of security and reliability.

  5. Planetary Defense

    Science.gov (United States)

    2016-05-01

    4 Abstract Planetary defense against asteroids should be a major concern for every government in the world . Millions of asteroids and...helps make Planetary Defense viable because defending the Earth against asteroids benefits from all the above technologies. So if our planet security...information about their physical characteristics so we can employ the right strategies. It is a crucial difference if asteroids are made up of metal

  6. Security solution against denial of service attacks in BESIP system

    Science.gov (United States)

    Rezac, Filip; Voznak, Miroslav; Safarik, Jakub; Partila, Pavol; Tomala, Karel

    2013-05-01

    This article deals about embedded SIP communication server with an easy integration into the computer network based on open source solutions and its effective defense against the most frequent attack in the present - Denial of Service. The article contains brief introduction into the Bright Embedded Solution for IP Telephony - BESIP and describes the most common types of DoS attacks, which are applied on SIP elements of the VoIP infrastructure including the results of defensive mechanism that has been designed.

  7. Military Construction of the Defense Finance and Accounting Service Operations Facility, Columbus, Ohio

    National Research Council Canada - National Science Library

    Granetto, Paul

    1995-01-01

    The audit objectives were to determine whether the Defense Finance and Accounting Service Columbus Center properly planned and programmed the FY 1996 proposed military construction project and whether...

  8. 78 FR 5122 - NASA Security and Protective Services Enforcement

    Science.gov (United States)

    2013-01-24

    ... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 14 CFR Parts 1203a, 1203b, and 1204 [Docket No NASA-2012-0007] RIN 2700-AD89 NASA Security and Protective Services Enforcement AGENCY: National Aeronautics... nonsubstantive changes to NASA regulations to clarify the procedures for establishing controlled/ secure areas...

  9. Constructing RBAC Based Security Model in u-Healthcare Service Platform

    Directory of Open Access Journals (Sweden)

    Moon Sun Shin

    2015-01-01

    Full Text Available In today’s era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation’s healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR, recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

  10. Application of Transaction Cost Economics to Capabilities-Based Acquisition: Exploring Single Service vs. Joint Service Programs and Single Systems vs. System-of-Systems

    National Research Council Canada - National Science Library

    Angelis, Diana; Dillard, John; Franck, Raymond; Melese, Francois; Brown, Mary M; Flowe, Robert M

    2008-01-01

    The US Department of Defense (DoD) is in the process of radical transformation -- transformation to a national security strategy predicated on joint Service purchases and complex System-of-Systems (SoS) capabilities...

  11. The government as a client for security support services. A commercial security contractor's perspective

    International Nuclear Information System (INIS)

    Leith, H.M.

    1984-01-01

    This paper presents a look at the challenges confronting security management personnel contracting with the U.S. government to provide security and related support services. From the corporate decision to enter the ''Big Leagues'' via proposal submission, through commitments and required expertise necessary to achieve ''outstanding'' ratings, this paper is an overview of a broad spectrum of security related topics including: the proposal process, the first step; oral review boards and ''Catch-22'' dilemmas; contractual requirements vs. court orders; personnel, the human factor; the carousel approach to fiscal accountability; and avoiding communication barriers

  12. Contemporary women's secure psychiatric services in the United Kingdom: A qualitative analysis of staff views.

    Science.gov (United States)

    Walker, T; Edge, D; Shaw, J; Wilson, H; McNair, L; Mitchell, H; Gutridge, K; Senior, J; Sutton, M; Meacock, R; Abel, K

    2017-11-01

    WHAT IS KNOWN ON THE SUBJECT?: Three pilot UK-only Women's Enhanced Medium Secure Services (WEMSS) was opened in 2007 to support women's movement from high secure care and provide a bespoke, women-only service. Evidence suggests that women's secure services are particularly challenging environments to work in and staffing issues (e.g., high turnover) can cause difficulties in establishing a therapeutic environment. Research in this area has focused on the experiences of service users. Studies which have examined staff views have focused on their feelings towards women in their care and the emotional burden of working in women's secure services. No papers have made a direct comparison between staff working in different services. WHAT DOES THIS STUDY ADD TO EXISTING KNOWLEDGE?: This is the first study to explore the views and experiences of staff in the three UK WEMSS pilot services and contrast them with staff from women's medium secure services. Drawing upon data from eighteen semi-structured interviews (nine WEMSS, nine non-WEMSS), key themes cover staff perceptions of factors important for women's recovery and their views on operational aspects of services. This study extends our understanding of the experiences of staff working with women in secure care and bears relevance for staff working internationally, as well as in UK services. WHAT ARE THE IMPLICATIONS FOR PRACTICE?: The study reveals the importance of induction and training for bank and agency staff working in women's secure services. Further, regular clinical supervision should be mandatory for all staff so they are adequately supported. Introduction Women's Enhanced Medium Secure Services (WEMSS) is bespoke, gender-sensitive services which opened in the UK in 2007 at three pilot sites. This study is the first of its kind to explore the experiences of WEMSS staff, directly comparing them to staff in a standard medium secure service for women. The literature to date has focused on the experiences of

  13. Employment of security personnel of a security service company does not need approval by the works council

    International Nuclear Information System (INIS)

    Anon.

    1990-01-01

    If a company or institution hires personnel of a security service company to protect its premises, this kind of employment does not mean the company carries on temporary employment business. Within the purview of section 99, sub-secion 1 of the BetrVG (Works Constitution Act), the security service personnel is not 'employed' in the proper sense even if the security tasks fulfilled by them are done at other times by regular employees of the company or institution. The court decision also decided that the Works Council need not give consent to employment of foreign security personnel. The court decision was taken for settlement of court proceedings commenced by Institute of Plasma Physics in Garching. (Federal Labour Court, decision dated November 28, 1989 - 1 ABR 90/88). (orig./HP) [de

  14. THE DEFENSE PLANNING SYSTEMS AND THEIR IMPLICATIONS

    Directory of Open Access Journals (Sweden)

    Laszlo STICZ

    2010-01-01

    Full Text Available Defense planning in the Alliance is a fundamental element of the arrangements which enable its member countries to enjoy the crucial political, military and resource advantages of collective defense and other common military efforts to enhance security and stability. In this respect, the aim of this paper is to outline the role of the Armed Forces and the specific processes aiming to achieve the ultimate goal of a nation regarding national security, with focus on defense planning and the PDPS.

  15. External Service Providers to the National Security Technology Incubator: Formalization of Relationships

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-04-30

    This report documents the formalization of relationships with external service providers in the development of the National Security Technology Incubator (NSTI). The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report summarizes the process in developing and formalizing relationships with those service providers and includes a sample letter of cooperation executed with each provider.

  16. 76 FR 81359 - National Security Personnel System

    Science.gov (United States)

    2011-12-28

    ... Security Personnel System AGENCY: Department of Defense; Office of Personnel Management. ACTION: Final rule... concerning the National Security Personnel System (NSPS). Section 1113 of the National Defense Authorization... National Security Personnel System (NSPS) in regulations jointly prescribed by DOD and OPM (Office of...

  17. INFORMATION SECURITY RISKS OPTIMIZATION IN CLOUDY SERVICES ON THE BASIS OF LINEAR PROGRAMMING

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2013-01-01

    Full Text Available The paper discusses theoretical aspects of secure cloud services creation for information processing of various confidentiality degrees. A new approach to the reasoning of information security composition in distributed computing structures is suggested, presenting the problem of risk assessment as an extreme problem of decisionmaking. Linear programming method application is proved to minimize the risk of information security for given performance security in compliance with the economic balance for the maintenance of security facilities and cost of services. An example is given to illustrate the obtained theoretical results.

  18. HOMA: Israel's National Missile Defense Strategy (Abridged Version)

    National Research Council Canada - National Science Library

    Lailari, Guermantes

    2002-01-01

    ... (Hebrew for Fortress Wall), Chapter 1 discusses the fundamentals of missile defense and the reason why Israel's missile defense system affects US national security interests, Chapter 2 describes Israel's missile defense...

  19. Financial Reporting for the Other Defense Organizations - General Funds at the Defence Finance and Accounting Service San Antonio

    National Research Council Canada - National Science Library

    2002-01-01

    ...) for inclusion in the FY 2001 Other Defense Organizations Financial Statements. Specifically, we looked at the abnormal balances reported in trial balances prepared by the Defense Finance and Accounting Service San Antonio...

  20. Service oriented architecture governance tools within information security

    OpenAIRE

    2012-01-01

    M.Tech. Service Oriented Architecture has many advantages. For example, organisations can align business with Information Technology, reuse the developed functionality, reduce development and maintain cost for applications. Organisations adopt Service Oriented Architecture with the aim of automating and integrating business processes. However, it has information security vulnerabilities that should be considered. For example, applications exchange information across the Internet, where it ...

  1. The challenges of multi-layered security governance in Ituri

    DEFF Research Database (Denmark)

    Hoffmann, Kasper; Vlassenroot, Koen

    governance is that the inclusion of local non-state actors in security governance will improve security provision to people because they have more legitimacy. But in reality ‘multi-layered’ security governance is often marked by conflict and competition as much as by collaboration and common solutions......There has been a slow, but growing awareness among external actors that some local non-state security actors should be involved in security governance in conflict-affected situations. Already in 2006, the OECD published a report that called for a ‘multi-layered’ approach to reforming actors...... and institutions that provide security and justice services (Scheye and McLean, 2006). Often these actors consist of local authorities, such as customary chiefs, village elders, or business people working in collaboration with different kinds of self-defense groups. The idea behind ‘multi-layered’ security...

  2. Joint Cross-Service Group for Laboratories 1995 Defense Base Realignment and Closure Process

    National Research Council Canada - National Science Library

    Reed, Donald

    1995-01-01

    This report is one in a series of reports that discusses the Joint Cross-Service Group implementation of the internal control plan developed by the 1995 Defense Base Closure and Realignment Steering Group (the Steering Group...

  3. Defense Inventory: Further Analysis and Enhanced Metrics Could Improve Service Supply and Depot Operations

    Science.gov (United States)

    2016-06-01

    Managed Spare Parts at Service Industrial Sites by Supply Chain , Fiscal...Metrics and Inventory Stratification Reporting; and Defense Logistics Agency Instruction 4140.08, DLA Retail Supply Chain Materiel Management ...the retail supply system, which is typically managed by the services. As a retail inventory manager at industrial sites, DLA manages the supply

  4. Department of Defense PERSEREC (DOD PERSEREC)

    Data.gov (United States)

    Social Security Administration — The purpose of this agreement is for SSA to verify SSN information for Defense Manpower Data Center (DMDC) of the Department of Defense. DMDC will use the SSA data...

  5. A Full Cost Analysis of the Replacement of Naval Base, Guantanamo Bay's Marine Ground Defense Force by the Fleet Antiterrorism Security Team

    National Research Council Canada - National Science Library

    Ordona, Placido

    2000-01-01

    ... of these diminishing resources. One such initiative is the restructuring of the Marine security presence at Naval Station, Guantanamo Bay, Cuba, through the replacement of the 350 man Marine Ground Defense Force with a smaller...

  6. Defense Finance and Accounting Service Work on the Navy General Fund 1996 Financial Statements

    National Research Council Canada - National Science Library

    1998-01-01

    ... for the Marine Corps, and on the Defense Finance and Accounting Service Cleveland Center, which consolidated the financial information for Navy and Marine Corps and compiled the financial statements...

  7. Mobile, portable lightweight wireless video recording solutions for homeland security, defense, and law enforcement applications

    Science.gov (United States)

    Sandy, Matt; Goldburt, Tim; Carapezza, Edward M.

    2015-05-01

    It is desirable for executive officers of law enforcement agencies and other executive officers in homeland security and defense, as well as first responders, to have some basic information about the latest trend on mobile, portable lightweight wireless video recording solutions available on the market. This paper reviews and discusses a number of studies on the use and effectiveness of wireless video recording solutions. It provides insights into the features of wearable video recording devices that offer excellent applications for the category of security agencies listed in this paper. It also provides answers to key questions such as: how to determine the type of video recording solutions most suitable for the needs of your agency, the essential features to look for when selecting a device for your video needs, and the privacy issues involved with wearable video recording devices.

  8. SEADE: Countering the Futility of Network Security

    Science.gov (United States)

    2015-10-01

    guards, and computer cages) and logical security measures (network firewall and intrusion detection). However, no matter how many layers of network...security built-in and with minimal security dependence on network security appliances (e.g., firewalls ). As Secretary of Defense Ashton Carter...based analysis that assumes nothing bad will happen to applications/data if those defenses prevent malware transactions at the entrance. The

  9. Strengthening Nordic-Baltic Defense Capabilities

    DEFF Research Database (Denmark)

    Breitenbauch, Henrik Ø.

    2014-01-01

    and troubling challenge to the way international security has been structured in Europe since the end of the Cold War. While most of the existing defense cooperation with a view of strengthening defense capabilities has been carried out within the internationally renowned framework of NORDEFCO...

  10. 78 FR 41954 - TA-W-82,634, Prudential Global Business Technology Solutions Central Security Services Dresher...

    Science.gov (United States)

    2013-07-12

    ... Business Technology Solutions Central Security Services Iselin, New Jersey; TA-W-82,634B, Prudential Global Business Technology Solutions Central Security Services Plymouth, Minnesota; TA- W-82,634C, Prudential Global Business Technology Solutions Central Security Services Scottsdale, Arizona; TA-W-82,634D...

  11. A Dynamic Defense Modeling and Simulation Methodology using Semantic Web Services

    Directory of Open Access Journals (Sweden)

    Kangsun Lee

    2010-04-01

    Full Text Available Defense Modeling and Simulations require interoperable and autonomous federates in order to fully simulate complex behavior of war-fighters and to dynamically adapt themselves to various war-game events, commands and controls. In this paper, we propose a semantic web service based methodology to develop war-game simulations. Our methodology encapsulates war-game logic into a set of web services with additional semantic information in WSDL (Web Service Description Language and OWL (Web Ontology Language. By utilizing dynamic discovery and binding power of semantic web services, we are able to dynamically reconfigure federates according to various simulation events. An ASuW (Anti-Surface Warfare simulator is constructed to demonstrate the methodology and successfully shows that the level of interoperability and autonomy can be greatly improved.

  12. 32 CFR 154.42 - Evaluation of personnel security information.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

  13. 78 FR 6168 - Public Availability of Social Security Administration Fiscal Year (FY) 2012 Service Contract...

    Science.gov (United States)

    2013-01-29

    ... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2013-0001] Public Availability of Social Security Administration Fiscal Year (FY) 2012 Service Contract Inventory AGENCY: Social Security Administration. ACTION: Notice of Public Availability of FY 2012 Service Contract Inventories. SUMMARY: In accordance with...

  14. 77 FR 3836 - Public Availability of Social Security Administration Fiscal Year (FY) 2011 Service Contract...

    Science.gov (United States)

    2012-01-25

    ... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2011-0105] Public Availability of Social Security Administration Fiscal Year (FY) 2011 Service Contract Inventory AGENCY: Social Security Administration. ACTION: Notice of Public Availability of FY 2011 Service Contract Inventories. SUMMARY: In accordance with...

  15. 6 CFR 25.8 - Government contractor Defense.

    Science.gov (United States)

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Government contractor Defense. 25.8 Section 25.8...-TERRORISM BY FOSTERING EFFECTIVE TECHNOLOGIES § 25.8 Government contractor Defense. (a) Criteria for... applicability of the government contractor defense. In determining whether to issue such Certification, the...

  16. Network perimeter security building defense in-depth

    CERN Document Server

    Riggs, Cliff

    2003-01-01

    PREFACEWho is this Book For?The Path to Network SecurityWho Should Read This Book?MANAGING NETWORK SECURITYThe Big Picture: Security Policies from A to ZAdministrative CountermeasuresPhysical CountermeasuresTechnological CountermeasuresCreating the Security Standards DocumentCreating the Configuration Guide DocumentPulling it All Together: Sample Security Policy CreationProteris Security Standards and ProceduresTHE NETWORK STACK AND SECURITYConnecting the NetworkProtocolsServers and HostsCRYPTOGRAPHY AND VPN TERMINOLOGYKeysCertificatesHashingDigital SignaturesCommon Encryption AlgorithmsSplit

  17. Campus network security model study

    Science.gov (United States)

    Zhang, Yong-ku; Song, Li-ren

    2011-12-01

    Campus network security is growing importance, Design a very effective defense hacker attacks, viruses, data theft, and internal defense system, is the focus of the study in this paper. This paper compared the firewall; IDS based on the integrated, then design of a campus network security model, and detail the specific implementation principle.

  18. Security measures effect over performance in service provider network

    African Journals Online (AJOL)

    pc

    2018-03-05

    Mar 5, 2018 ... Abstract—network security is defined as a set of policies and actions taken by a ... These threats are linked with the following factors that are ... typically smaller than those in the service provider space. ... Service providers cannot manage to provide ... e the DB performance effect ... r the business needs [10].

  19. Security infrastructure for dynamically provisioned cloud infrastructure services

    NARCIS (Netherlands)

    Demchenko, Y.; Ngo, C.; de Laat, C.; Lopez, D.R.; Morales, A.; García-Espín, J.A.; Pearson, S.; Yee, G.

    2013-01-01

    This chapter discusses conceptual issues, basic requirements and practical suggestions for designing dynamically configured security infrastructure provisioned on demand as part of the cloud-based infrastructure. This chapter describes general use cases for provisioning cloud infrastructure services

  20. Department of Defense perspective

    International Nuclear Information System (INIS)

    Devine, R.

    1985-01-01

    This paper examines radiation instrumentation from the Department of Defense perspective. Radiation survey instruments and calibration, or RADIAC, as it is called in the services, while administratively falling under the Assistant Secretary of Defense for Atomic Energy, has generally been managed at a lower level. The Naval Electronics Systems Command and Army Signal Corp are the two principles in the Department of Defense for RADIAC. The actions of the services are coordinated through the tri-service RADIAC working group, which meets about every year and a half. Several points from this organization are highlighted

  1. Design of a Secure System Considering Quality of Service

    Directory of Open Access Journals (Sweden)

    Seondong Heo

    2014-11-01

    Full Text Available Improvements in networking technologies have provided users with useful information services. Such information services may bring convenience and efficiency, but might be accompanied by vulnerabilities to a variety of attacks. Therefore, a variety of research to enhance the security of the systems and get the services at the same time has been carried out. Especially, research on intrusion-tolerant systems (ITSs has been conducted in order to survive against every intrusion, rather than to detect and prevent them. In this paper, an ITS based on effective resource conversion (ERC is presented to achieve the goal of intrusion-tolerance. Instead of using the fixed number of virtual machines (VMs to process requests and recover as in conventional approaches, the ITS based on ERC can transform the assigned resources depending on the system status. This scheme is proved to maintain a certain level of quality of service (QoS and quality of security service (QoSS in threatening environments. The performance of ERC is compared with previous studies on ITS by CSIM 20, and it is verified that the proposed scheme is more effective in retaining a specific level of QoS and QoSS.

  2. The Change in The Activity of The American Intelligence Services in The Security Context of the Last 24 Years

    Directory of Open Access Journals (Sweden)

    Georgescu - Stefan

    2014-11-01

    Full Text Available The security events dynamics poses an overwhelming challenge for the decision makers’political agenda, priorities. The wide range of risks and rhythm of significant security events determine a difficult enterprise for security theories. A scientific analysis of the security evolutions entails a profound historical introspection and an appropriate understanding of the security events with significant impact over the global evolutions. Probably in the next period of time, hundreds of papers will be written regarding the period since 9/11. The aim of this paper is to provide a perspective over the security context, and the intelligence services activity of the last 15 years, period of time dramatically divided by the unprecedented shock and suffering in the history of the from 9/11. The reorganization of the Western Intelligence Community was ordered as a result of the September 11th attacks and with future counterterrorism efforts in mind. Specifically, the 9/11 terrorists exploited the wall between the U.S.’s foreign and domestic intelligence collection efforts, and yet the IRTPA and EO 12333 avoid the issue of how to best integrate foreign and domestic intelligence while minimizing the threat to civil liberties. This manner in which the Western Countries separates its foreign and domestic intelligence collection is particularly exploitable by terrorists and non-state actors–those currently posing one of the most serious threats to international security. To ensure both the best intelligence integration possible as well as the defense of civil liberties, clear and sensible rules should be formed which dictate how intelligence from these two spheres is collected and in what way and at what level it is integrated and disseminated.

  3. A security modeling approach for web-service-based business processes

    DEFF Research Database (Denmark)

    Jensen, Meiko; Feja, Sven

    2009-01-01

    a transformation that automatically derives WS-SecurityPolicy-conformant security policies from the process model, which in conjunction with the generated WS-BPEL processes and WSDL documents provides the ability to deploy and run the complete security-enhanced process based on Web Service technology.......The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality...... of a process, the consideration of security properties at the level of a process model is a promising approach. In this work-in-progress paper we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide...

  4. Controls Over Operating System and Security Software Supporting the Defense Finance and Accounting Service

    National Research Council Canada - National Science Library

    1993-01-01

    ... programs from one another. Security software provides access controls that restrict the use of computer resources to authorized individuals and limit those individuals to the computer resources required to perform their jobs...

  5. Network attacks and defenses a hands-on approach

    CERN Document Server

    Trabelsi, Zouheir; Al Braiki, Arwa; Mathew, Sujith Samuel

    2012-01-01

    The attacks on computers and business networks are growing daily, and the need for security professionals who understand how malfeasants perform attacks and compromise networks is a growing requirement to counter the threat. Network security education generally lacks appropriate textbooks with detailed, hands-on exercises that include both offensive and defensive techniques. Using step-by-step processes to build and generate attacks using offensive techniques, Network Attacks and Defenses: A Hands-on Approach enables students to implement appropriate network security solutions within a laborat

  6. Space-based ballistic-missile defense

    International Nuclear Information System (INIS)

    Bethe, H.A.; Garwin, R.L.; Gottfried, K.; Kendall, H.W.

    1984-01-01

    This article, based on a forthcoming book by the Union for Concerned Scientists, focuses on the technical aspects of the issue of space-based ballistic-missile defense. After analysis, the authors conclude that the questionable performance of the proposed defense, the ease with which it could be overwhelmed or circumvented, and its potential as an antisatellite system would cause grievous damage to the security of the US if the Strategic Defense Initiative were to be pursued. The path toward greater security lies in quite another direction, they feel. Although research on ballistic-missile defense should continue at the traditional level of expenditure and within the constraints of the ABM Treaty, every effort should be made to negotiate a bilateral ban on the testing and use of space weapons. The authors think it is essential that such an agreement cover all altitudes, because a ban on high-altitude antisatellite weapons alone would not viable if directed energy weapons were developed for ballistic-missile defense. Further, the Star Wars program, unlikely ever to protect the entire nation against a nuclear attack, would nonetheless trigger a major expansion of the arms race

  7. Missile defense in the United States

    OpenAIRE

    Heurlin, Bertil

    2004-01-01

    The basic arguments of this paper are, first, that the current US-missile defense, being operative from fall 2004, is based upon the former experiences with missile defense, second, that missile defense closely associated with weapons of mass destruction has gained the highest priority in American national security policy due to the 9.11 attacks, and third, that the superior argument for establishing an American missile defense is to maintain global, long term political-strategic superiority....

  8. An authentication scheme for secure access to healthcare services.

    Science.gov (United States)

    Khan, Muhammad Khurram; Kumari, Saru

    2013-08-01

    Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.'s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.'s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.'s scheme stick with Zhu's scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user's stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.'s scheme lacks forward secrecy and Zhu's scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.'s scheme and Zhu's scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS.

  9. Service task partition and distribution in star topology computer grid subject to data security constraints

    Energy Technology Data Exchange (ETDEWEB)

    Xiang Yanping [Collaborative Autonomic Computing Laboratory, School of Computer Science, University of Electronic Science and Technology of China (China); Levitin, Gregory, E-mail: levitin@iec.co.il [Collaborative Autonomic Computing Laboratory, School of Computer Science, University of Electronic Science and Technology of China (China); Israel electric corporation, P. O. Box 10, Haifa 31000 (Israel)

    2011-11-15

    The paper considers grid computing systems in which the resource management systems (RMS) can divide service tasks into execution blocks (EBs) and send these blocks to different resources. In order to provide a desired level of service reliability the RMS can assign the same blocks to several independent resources for parallel execution. The data security is a crucial issue in distributed computing that affects the execution policy. By the optimal service task partition into the EBs and their distribution among resources, one can achieve the greatest possible service reliability and/or expected performance subject to data security constraints. The paper suggests an algorithm for solving this optimization problem. The algorithm is based on the universal generating function technique and on the evolutionary optimization approach. Illustrative examples are presented. - Highlights: > Grid service with star topology is considered. > An algorithm for evaluating service reliability and data security is presented. > A tradeoff between the service reliability and data security is analyzed. > A procedure for optimal service task partition and distribution is suggested.

  10. Service task partition and distribution in star topology computer grid subject to data security constraints

    International Nuclear Information System (INIS)

    Xiang Yanping; Levitin, Gregory

    2011-01-01

    The paper considers grid computing systems in which the resource management systems (RMS) can divide service tasks into execution blocks (EBs) and send these blocks to different resources. In order to provide a desired level of service reliability the RMS can assign the same blocks to several independent resources for parallel execution. The data security is a crucial issue in distributed computing that affects the execution policy. By the optimal service task partition into the EBs and their distribution among resources, one can achieve the greatest possible service reliability and/or expected performance subject to data security constraints. The paper suggests an algorithm for solving this optimization problem. The algorithm is based on the universal generating function technique and on the evolutionary optimization approach. Illustrative examples are presented. - Highlights: → Grid service with star topology is considered. → An algorithm for evaluating service reliability and data security is presented. → A tradeoff between the service reliability and data security is analyzed. → A procedure for optimal service task partition and distribution is suggested.

  11. A security architecture for the ALICE grid services

    CERN Document Server

    Schreiner, Steffen; Buchmann, Johannes; Betev, Latchezar; Grigoras, Alina

    2012-01-01

    Globally distributed research cyberinfrastructures, like the ALICE Grid Services, need to provide traceability and accountability of operations and internal interactions. This document presents a new security architecture for the ALICE Grid Services, allowing to establish non-repudiation with respect to creatorship and ownership of Grid files and jobs. It is based on mutually authenticated and encrypted communication using X.509 Public Key Infrastructure and the Transport Layer Security (TLS) protocol. Introducing certified Grid file entries and signed Grid jobs by implementing a model of Mediated Definite Delegation it allows to establish long-term accountability concerning Grid jobs and files. Initial submissions as well as any alteration of Grid jobs are becoming verifiable and can be traced back to the originator. The architecture has been implemented as a prototype along with the development of a new central Grid middleware, called jAliEn.

  12. 77 FR 9214 - National Security Education Board Members Meeting

    Science.gov (United States)

    2012-02-16

    ... DEPARTMENT OF DEFENSE Office of the Secretary National Security Education Board Members Meeting... meeting of the National Security Education Board. The purpose of the meeting is to review and make... p.m. ADDRESSES: Defense Language and National Security Education Office, 1101 Wilson Boulevard...

  13. Security and privacy for implantable medical devices

    CERN Document Server

    Carrara, Sandro

    2014-01-01

     This book presents a systematic approach to analyzing the challenging engineering problems posed by the need for security and privacy in implantable medical devices (IMD).  It describes in detail new issues termed as lightweight security, due to the associated constraints on metrics such as available power, energy, computing ability, area, execution time, and memory requirements. Coverage includes vulnerabilities and defense across multiple levels, with basic abstractions of cryptographic services and primitives such as public key cryptography, block ciphers and digital signatures. Experts from engineering introduce to some IMD systems that have  recently been proposed and developed. Experts from Computer Security and Cryptography present new research, which shows vulnerabilities in existing IMDs and proposes solutions. Experts from Privacy Technology and Policy will discuss the societal, legal and ethical challenges surrounding IMD security as well as technological solutions that build on the latest in C...

  14. A Learning-Based Approach to Reactive Security

    Science.gov (United States)

    Barth, Adam; Rubinstein, Benjamin I. P.; Sundararajan, Mukund; Mitchell, John C.; Song, Dawn; Bartlett, Peter L.

    Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker's incentives and knowledge.

  15. 76 FR 28960 - National Security Education Board Members Meeting

    Science.gov (United States)

    2011-05-19

    ... DEPARTMENT OF DEFENSE Office of the Secretary National Security Education Board Members Meeting...: Pursuant to Public Law 92-463, notice is hereby given of a forthcoming meeting of the National Security... Defense concerning requirements established by the David L. Boren National Security Education Act, Title...

  16. 77 FR 49439 - National Security Education Board Members Meeting

    Science.gov (United States)

    2012-08-16

    ... DEPARTMENT OF DEFENSE Office of the Secretary National Security Education Board Members Meeting...: Pursuant to Public Law 92-463, notice is hereby given of a forthcoming meeting of the National Security... Secretary of Defense concerning requirements established by the David L. Boren National Security Education...

  17. 77 FR 27739 - National Security Education Board Members Meeting

    Science.gov (United States)

    2012-05-11

    ... DEPARTMENT OF DEFENSE Office of the Secretary National Security Education Board Members Meeting...: Pursuant to Public Law 92-463, notice is hereby given of a forthcoming meeting of the National Security... Defense concerning requirements established by the David L. Boren National Security Education Act, Title...

  18. Design and Research of a New secure Authentication Protocol in GSM networks

    Directory of Open Access Journals (Sweden)

    Qi Ai-qin

    2016-01-01

    Full Text Available As the first line of defense in the security application system, Authentication is an important security service. Its typical scheme is challenge/response mechanism and this scheme which is simple-structured and easy to realize has been used worldwide. But these protocols have many following problems In the GSM networks such as the leakage of user indentity privacy, no security protection between home registers and foreign registers and the vicious intruders’ information stealing and so on. This paper presents an authentication protocol in GSM networks based on maths operation and modular square root technique . The analysis of the security and performance has also been done. The results show that it is more robust and secure compared to the previous agreements.

  19. Towards Formal Validation of Trust and Security of the Internet of Services

    DEFF Research Database (Denmark)

    Carbone, Roberto; Minea, Marius; Mödersheim, Sebastian Alexander

    2011-01-01

    Service designers and developers, while striving to meet the requirements posed by application scenarios, have a hard time to assess the trust and security impact of an option, a minor change, a combination of functionalities, etc., due to the subtle and unforeseeable situations and behaviors...... techniques to efficiently tackle industrial-size problems. The formal verification of trust and security of the Internet of Services will significantly boost its development and public acceptance....

  20. Denial-of-Service Security Attack in the Continuous-Time World

    DEFF Research Database (Denmark)

    Wang, Shuling; Nielson, Flemming; Nielson, Hanne Riis

    2014-01-01

    -of-service security attack, the expected information from the controllers is not received and as a consequence the physical systems may fail to behave as expected. This paper proposes a formal framework for expressing denial-of-service security attack in hybrid systems. As a virtue, a physical system is able to plan......Hybrid systems are integrations of discrete computation and continuous physical evolution. The physical components of such systems introduce safety requirements, the achievement of which asks for the correct monitoring and control from the discrete controllers. However, due to denial...... for reasonable behavior in case the ideal control fails due to unreliable communication, in such a way that the safety of the system upon denial-of-service is still guaranteed. In the context of the modeling language, we develop an inference system for verifying safety of hybrid systems, without putting any...

  1. Measuring Stability and Security in Iraq: Report to Congress in Accordance with the Department of Defense Appropriations Act 2007 (Section 9010, Public Law 109-289)

    National Research Council Canada - National Science Library

    2006-01-01

    This report to Congress includes specific performance indicators and measures of progress toward political, economic, and security stability in Iraq, as directed in Section 9010, DoD Defense Appropriations Act 2007...

  2. Financial Management: Contracts Classified as Unreconcilable by the Defense Finance and Accounting Service Columbus (Contract DAAA09-81-G-2008-0031)

    National Research Council Canada - National Science Library

    Granetto, Paul J; Kornides, James L; Issel, John K; Knight, Clarence E., III; Frawley, John; Bennett, Karen M

    2005-01-01

    .... Defense Contract Management Agency (DCMA), Pittsburgh, Pennsylvania, personnel stated that the former Defense Contract Administration Services Region Philadelphia initially paid the contract until the payment function was transferred...

  3. Defense Primer: DOD Contractors

    Science.gov (United States)

    2017-02-10

    functions, from intelligence analysis or software development to landscaping or food service. Why does DOD use individual contractors? Going back to...that provide professional services, from research to management support. The bulk of contractors—more than 70%—provide products, and these include...10 U.S.C. Part IV: Service, Supply, and Procurement. CRS Products CRS In Focus IF10548, Defense Primer: U.S. Defense Industrial Base, by Daniel

  4. Clausewitz and the Theory of Military Strategy in Europe - Reflections Upon a Paradigm of Military Strategy Within the European Common Security and Defense Policy (ESDP)

    National Research Council Canada - National Science Library

    Hartmann, Uwe

    2001-01-01

    ... as a core element of the Common Security and Defense Policy of the EU, Based on the interpretation of Clausewitz's theory of war and strategy in Britain, France, and Germany, main commonalities...

  5. 75 FR 71563 - Defense Federal Acquisition Regulation Supplement; Services of Senior Mentors (DFARS Case 2010-D025)

    Science.gov (United States)

    2010-11-24

    ... mentoring, teaching, training, advice, and recommendations to senior military officers, staff, and students... Acquisition Regulation Supplement; Services of Senior Mentors (DFARS Case 2010-D025) AGENCY: Defense... policy on the services of senior mentors. DATES: Effective: November 24, 2010. FOR FURTHER INFORMATION...

  6. Statement of Accountability Reconciliation Procedures for Defense Finance and Accounting Service Columbus Center, Disbursing Station 6551

    National Research Council Canada - National Science Library

    1998-01-01

    .... Beginning in FY 1996, the Defense Finance and Accounting Service (DFAS) Indianapolis Center became responsible for preparing the financial statements for the Department 97 general fund appropriations...

  7. Data-plane Defenses against Routing Attacks on Tor

    Directory of Open Access Journals (Sweden)

    Tan Henry

    2016-10-01

    Full Text Available Tor is susceptible to traffic correlation attacks in which an adversary who observes flows entering and leaving the anonymity network can apply statistical techniques to correlate flows and de-anonymize their endpoints. While an adversary may not be naturally positioned to conduct such attacks, a recent study shows that the Internet’s control-plane can be manipulated to increase an adversary’s view of the network, and consequently, improve its ability to perform traffic correlation. This paper explores, in-depth, the effects of control-plane attacks on the security of the Tor network. Using accurate models of the live Tor network, we quantify Tor’s susceptibility to these attacks by measuring the fraction of the Tor network that is vulnerable and the advantage to the adversary of performing the attacks. We further propose defense mechanisms that protect Tor users from manipulations at the control-plane. Perhaps surprisingly, we show that by leveraging existing trust anchors in Tor, defenses deployed only in the data-plane are sufficient to detect most control-plane attacks. Our defenses do not assume the active participation of Internet Service Providers, and require only very small changes to Tor. We show that our defenses result in a more than tenfold decrease in the effectiveness of certain control-plane attacks.

  8. Broad Overview of Energy Efficiency and Renewable Energy Opportunities for Department of Defense Installations

    Energy Technology Data Exchange (ETDEWEB)

    Anderson, E.; Antkowiak, M.; Butt, R.; Davis, J.; Dean, J.; Hillesheim, M.; Hotchkiss, E.; Hunsberger, R.; Kandt, A.; Lund, J.; Massey, K.; Robichaud, R.; Stafford, B.; Visser, C.

    2011-08-01

    The Strategic Environmental Research and Developmental Program (SERDP)/Environmental Security Technology Certification Program (ESTCP) is the Department of Defense?s (DOD) environmental science and technology program focusing on issues related to environment and energy for the military services. The SERDP/ESTCP Office requested that the National Renewable Energy Laboratory (NREL) provide technical assistance with strategic planning by evaluating the potential for several types of renewable energy technologies at DOD installations. NREL was tasked to provide technical expertise and strategic advice for the feasibility of geothermal resources, waste-to-energy technology, photovoltaics (PV), wind, microgrids, and building system technologies on military installations. This technical report is the deliverable for these tasks.

  9. Documentation of the Federal Financial System Process at the Defense Finance and Accounting Service Indianapolis Center

    National Research Council Canada - National Science Library

    Gimble, Thomas

    1997-01-01

    .... In September 1994, the Defense Finance and Accounting Service (DFAS) transferred the responsibility for preparing the departmental accounting reports for Department 971 appropriations to the DFAS Indianapolis Center...

  10. An end-to-end security auditing approach for service oriented architectures

    NARCIS (Netherlands)

    Azarmi, M.; Bhargava, B.; Angin, P.; Ranchal, R.; Ahmed, N.; Sinclair, A.; Linderman, M.; Ben Othmane, L.

    2012-01-01

    Service-Oriented Architecture (SOA) is becoming a major paradigm for distributed application development in the recent explosion of Internet services and cloud computing. However, SOA introduces new security challenges not present in the single-hop client-server architectures due to the involvement

  11. Defense.gov Special Report: Hagel Bids Farewell

    Science.gov (United States)

    Africa. Story Major Components of Hagel's Leadership During his tenure, Defense Secretary Chuck Hagel prudence, careful leadership and personal compassion. "What our budget proposal and defense strategy Relationship With India Understanding the importance of a rising and democratic India to the future security

  12. Role of Department of Defense Policies in Identifying Traumatic Brain Injuries Among Deployed US Service Members, 2001-2016.

    Science.gov (United States)

    Agimi, Yll; Regasa, Lemma Ebssa; Ivins, Brian; Malik, Saafan; Helmick, Katherine; Marion, Donald

    2018-05-01

    To examine the role of Department of Defense policies in identifying theater-sustained traumatic brain injuries (TBIs). We conducted a retrospective study of 48 172 US military service members who sustained their first lifetime TBIs between 2001 and 2016 while deployed to Afghanistan or Iraq. We used multivariable negative binomial models to examine the changes in TBI incidence rates following the introduction of Department of Defense policies. Two Army policies encouraging TBI reporting were associated with an increase of 251% and 97% in TBIs identified following their implementation, respectively. Among airmen, the introduction of TBI-specific screening questions to the Post-Deployment Health Assessment was associated with a 78% increase in reported TBIs. The 2010 Department of Defense Directive Type Memorandum 09-033 was associated with another increase of 80% in the likelihood of being identified with a TBI among soldiers, a 51% increase among sailors, and a 124% increase among Marines. Department of Defense and service-specific policies introduced between 2006 and 2013 significantly increased the number of battlefield TBIs identified, successfully improving the longstanding problem of underreporting of TBIs.

  13. WPSS: watching people security services

    Science.gov (United States)

    Bouma, Henri; Baan, Jan; Borsboom, Sander; van Zon, Kasper; Luo, Xinghan; Loke, Ben; Stoeller, Bram; van Kuilenburg, Hans; Dijk, Judith

    2013-10-01

    To improve security, the number of surveillance cameras is rapidly increasing. However, the number of human operators remains limited and only a selection of the video streams are observed. Intelligent software services can help to find people quickly, evaluate their behavior and show the most relevant and deviant patterns. We present a software platform that contributes to the retrieval and observation of humans and to the analysis of their behavior. The platform consists of mono- and stereo-camera tracking, re-identification, behavioral feature computation, track analysis, behavior interpretation and visualization. This system is demonstrated in a busy shopping mall with multiple cameras and different lighting conditions.

  14. SECURE SERVICE DISCOVERY BASED ON PROBE PACKET MECHANISM FOR MANETS

    Directory of Open Access Journals (Sweden)

    S. Pariselvam

    2015-03-01

    Full Text Available In MANETs, Service discovery process is always considered to be crucial since they do not possess a centralized infrastructure for communication. Moreover, different services available through the network necessitate varying categories. Hence, a need arises for devising a secure probe based service discovery mechanism to reduce the complexity in providing the services to the network users. In this paper, we propose a Secure Service Discovery Based on Probe Packet Mechanism (SSDPPM for identifying the DoS attack in MANETs, which depicts a new approach for estimating the level of trust present in each and every routing path of a mobile ad hoc network by using probe packets. Probing based service discovery mechanisms mainly identifies a mobile node’s genuineness using a test packet called probe that travels the entire network for the sake of computing the degree of trust maintained between the mobile nodes and it’s attributed impact towards the network performance. The performance of SSDPPM is investigated through a wide range of network related parameters like packet delivery, throughput, Control overhead and total overhead using the version ns-2.26 network simulator. This mechanism SSDPPM, improves the performance of the network in an average by 23% and 19% in terms of packet delivery ratio and throughput than the existing service discovery mechanisms available in the literature.

  15. Secure Service Invocation in a Peer-to-Peer Environment Using JXTA-SOAP

    Science.gov (United States)

    Laghi, Maria Chiara; Amoretti, Michele; Conte, Gianni

    The effective convergence of service-oriented architectures (SOA) and peer-to-peer (P2P) is an urgent task, with many important applications ranging from e-business to ambient intelligence. A considerable standardization effort is being carried out from both SOA and P2P communities, but a complete platform for the development of secure, distributed applications is still missing. In this context, the result of our research and development activity is JXTA-SOAP, an official extension for JXTA enabling Web Service sharing in peer-to-peer networks. Recently we focused on security aspects, providing JXTA-SOAP with a general security management system, and specialized policies that target both J2SE and J2ME versions of the component. Among others, we implemented a policy based on Multimedia Internet KEYing (MIKEY), which can be used to create a key pair and all the required parameters for encryption and decryption of service messages in consumer and provider peers running on resource-constrained devices.

  16. Cloud Computing Security: A Survey

    Directory of Open Access Journals (Sweden)

    Issa M. Khalil

    2014-02-01

    Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

  17. Design and Acquisition of Software for Defense Systems

    Science.gov (United States)

    2018-02-14

    embrace of iterative development has benefited bottom lines and cost , schedule, and testing performance, while the Department and its defense industrial...February 2018 CLEARED FOR OPEN PUBLICATION February 14, 2018 DEPARTMENT OF DEFENSE OFFICE OF PREPUBLICATION AND SECURITY REVIEW...Force concluded that the Department of Defense would benefit from the implementation of continuous iterative development best practices as software

  18. 76 FR 66940 - Privacy Act of 1974; Department of Homeland Security/United States Secret Service-004 Protection...

    Science.gov (United States)

    2011-10-28

    ... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0083] Privacy Act of 1974; Department of Homeland Security/United States Secret Service--004 Protection Information System... Security (DHS)/United States Secret Service (USSS)-004 System name: DHS/USSS-004 Protection Information...

  19. Load control services in the management of power system security costs

    International Nuclear Information System (INIS)

    Jayantilal, A.; Strbac, G.

    1999-01-01

    The new climate of deregulation in the electricity industry is creating a need for a more transparent cost structure and within this framework the cost of system security has been a subject of considerable interest. Traditionally power system security has been supplied by out-of-merit generation, in the short term, and transmission reinforcement, in the long term. This paper presents a method of analysing the role of load-demand in the management of power system security costs by utilising load control services (LCS). It also proposes a competitive market to enable bidding from various participants within the electricity industry to supply system security. (author)

  20. Determining relevant financial statement ratios in Department of Defense service component general fund financial statements

    OpenAIRE

    Koetter, Nicholas J.; Krause, Daniel J.; Liptak, Carl S.

    2014-01-01

    Approved for public release; distribution is unlimited Department of Defense (DOD) service components are dedicating significant financial and human resources toward achieving unqualified opinions on audits of their financial statements. The DOD has endeavored to produce auditable financial statements as mandated in the Chief Financial Officers Act of 1990. In December of 2013, the United States Marine Corps became the first service component to achieve an unqualified audit opinion on its ...

  1. 32 CFR 2004.20 - National Industrial Security Program Operating Manual (NISPOM) [201(a)].

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false National Industrial Security Program Operating... Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION NATIONAL INDUSTRIAL SECURITY PROGRAM DIRECTIVE NO. 1 Operations § 2004.20 National Industrial Security Program...

  2. WiMAX security and quality of service an end-to-end perspective

    CERN Document Server

    Tang, Seok-Yee; Sharif, Hamid

    2010-01-01

    WiMAX is the first standard technology to deliver true broadband mobility at speeds that enable powerful multimedia applications such as Voice over Internet Protocol (VoIP), online gaming, mobile TV, and personalized infotainment. WiMAX Security and Quality of Service, focuses on the interdisciplinary subject of advanced Security and Quality of Service (QoS) in WiMAX wireless telecommunication systems including its models, standards, implementations, and applications. Split into 4 parts, Part A of the book is an end-to-end overview of the WiMAX architecture, protocol, and system requirements.

  3. Leveraging Service Oriented Architecture to Enhance Information Sharing for Surface Transportation Security

    Science.gov (United States)

    2008-09-01

    Fire and Emergency Management Services, Suffolk County Sheriff’s Department, the U.S. Attorney’s Office, the Bureau of Alcohol, Tobacco and Firearms...mass transit services. These include express and regular bus service, a downtown Skyway monorail , a trolley service and the Stadium Shuttle for various...safety related incidents rather than security, including transportation disruptions due to derailments, accidents, fires , hazardous materials spills

  4. Implementation of QoSS (Quality-of-Security Service) for NoC-Based SoC Protection

    Science.gov (United States)

    Sepúlveda, Johanna; Pires, Ricardo; Strum, Marius; Chau, Wang Jiang

    Many of the current electronic systems embedded in a SoC (System-on-Chip) are used to capture, store, manipulate and access critical data, as well as to perform other key functions. In such a scenario, security is considered as an important issue. The Network-on-chip (NoC), as the foreseen communication structure of next-generation SoC devices, can be used to efficiently incorporate security. Our work proposes the implementation of QoSS (Quality of Security Service) to overcome present SoC vulnerabilities. QoSS is a novel concept for data protection that introduces security as a dimension of QoS. In this paper, we present the implementation of two security services (access control and authentication), that may be configured to assume one from several possible levels, the implementation of a technique to avoid denial-of-service (DoS) attacks, evaluate their effectiveness and estimate their impact on NoC performance.

  5. Addressing Software Security

    Science.gov (United States)

    Bailey, Brandon

    2015-01-01

    Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

  6. INFORMATION SECURITY AND SECURE SEARCH OVER ENCRYPTED DATA IN CLOUD STORAGE SERVICES

    OpenAIRE

    Mr. A Mustagees Shaikh *; Prof. Nitin B. Raut

    2016-01-01

    Cloud computing is most widely used as the next generation architecture of IT enterprises, that provide convenient remote access to data storage and application services. This cloud storage can potentially bring great economical savings for data owners and users, but due to wide concerns of data owners that their private data may be exposed or handled by cloud providers. Hence end-to-end encryption techniques and fuzzy fingerprint technique have been used as solutions for secure cloud data st...

  7. Quality of Security Service Costing Demonstration for the MSHN Project

    National Research Council Canada - National Science Library

    Spyropoulou, Evdoxia

    2000-01-01

    .... Each service has two costs: an initialization cost and a run-time cost. The demonstration illustrates the costs incurred as network modes and security levels are changed. High level and detailed specifications are provided.

  8. Defense Security Cooperation Agency Vision 2020. Update 1

    Science.gov (United States)

    2015-10-01

    the feasibility and pros/ cons of developing a DoD- wide security cooperation workforce development and management program including training...Synchronizing Security Cooperation Activities ..................................................................................... 7 Meeting...Security Cooperation ............................. 15 6. Remaining a Provider of Choice for Our International Customers

  9. 76 FR 66937 - Privacy Act of 1974; Department of Homeland Security/United States Secret Service-003 Non...

    Science.gov (United States)

    2011-10-28

    ... 1974; Department of Homeland Security/United States Secret Service--003 Non-Criminal Investigation... Security/United States Secret Service--003 Non-Criminal Investigation Information System.'' As a result of... Secret Service, 245 Murray Lane SW., Building T-5, Washington, DC 20223. For privacy issues please...

  10. Ethical Hacking in Information Security Curricula

    Science.gov (United States)

    Trabelsi, Zouheir; McCoey, Margaret

    2016-01-01

    Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on…

  11. Flexible, Secure, and Reliable Data Sharing Service Based on Collaboration in Multicloud Environment

    Directory of Open Access Journals (Sweden)

    Qiang Wei

    2018-01-01

    Full Text Available Due to the abundant storage resources and high reliability data service of cloud computing, more individuals and enterprises are motivated to outsource their data to public cloud platform and enable legal data users to search and download what they need in the outsourced dataset. However, in “Paid Data Sharing” model, some valuable data should be encrypted before outsourcing for protecting owner’s economic benefits, which is an obstacle for flexible application. Specifically, if the owner does not know who (user will download which data files in advance and even does not know the attributes of user, he/she has to either remain online all the time or import a trusted third party (TTP to distribute the file decryption key to data user. Obviously, making the owner always remain online is too inflexible, and wholly depending on the security of TTP is a potential risk. In this paper, we propose a flexible, secure, and reliable data sharing scheme based on collaboration in multicloud environment. For securely and instantly providing data sharing service even if the owner is offline and without TTP, we distribute all encrypted split data/key blocks together to multiple cloud service providers (CSPs, respectively. An elaborate cryptographic protocol we designed helps the owner verify the correctness of data exchange bills, which is directly related to the owner’s economic benefits. Besides, in order to support reliable data service, the erasure-correcting code technic is exploited for tolerating multiple failures among CSPs, and we offer a secure keyword search mechanism that makes the system more close to reality. Extensive security analyses and experiments on real-world data show that our scheme is secure and efficient.

  12. The National Security Education Program and Its Service Requirement: An Exploratory Study of What Areas of Government and for What Duration National Security Education Program Recipients Have Worked

    Science.gov (United States)

    Comp, David J.

    2013-01-01

    The National Security Education Program, established under the National Security Education Act of 1991, has had a post-funding service requirement in the Federal Government for undergraduate scholarship and graduate fellowship recipients since its inception. The service requirement, along with the concern that the National Security Education…

  13. Secure external access to CERN's services to replace VPN

    CERN Multimedia

    2005-01-01

    CERN has recently experienced several computer security incidents caused by people opening VPN connections and (unknown to them) allowing malicious software to enter CERN. VPN should be used to connect to CERN only in extreme and exceptional circumstances and it is formally discouraged as a general solution. If incidents continue, the availability of the service will need to be reviewed. Recommended methods of connecting to CERN from the Internet for common functionalities such as e-mail, access to CERN web or file servers and interactive sessions on CERN systems are described at http://cern.ch/security/vpn

  14. A Survey of Denial-of-Service and Distributed Denial of Service Attacks and Defenses in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Adrien Bonguet

    2017-08-01

    Full Text Available Cloud Computing is a computing model that allows ubiquitous, convenient and on-demand access to a shared pool of highly configurable resources (e.g., networks, servers, storage, applications and services. Denial-of-Service (DoS and Distributed Denial-of-Service (DDoS attacks are serious threats to the Cloud services’ availability due to numerous new vulnerabilities introduced by the nature of the Cloud, such as multi-tenancy and resource sharing. In this paper, new types of DoS and DDoS attacks in Cloud Computing are explored, especially the XML-DoS and HTTP-DoS attacks, and some possible detection and mitigation techniques are examined. This survey also provides an overview of the existing defense solutions and investigates the experiments and metrics that are usually designed and used to evaluate their performance, which is helpful for the future research in the domain.

  15. Enhancing Experiment Central Service Reliability: from delivery to security and virtualization

    CERN Document Server

    Donno, Flavia; Buzykaev, Alexey; Saiz Santos, Maria Dolores

    2011-01-01

    The four LHC experiments rely on experiment specific services running on machines mainly located at CERN. Some of these services have been rated by the experiments as very critical: any loss or degradation of performance has a major impact on the experiment's production and analysis activities. It is therefore important to provide a reliable and robust operational environment. In this work we describe the strategy based on service deployment, security and virtualization adopted to enhance the reliability of ATLAS and CMS central services.

  16. Science and Technology vs. Defense and Security: Dual Use Consequences, a South American Perspective

    International Nuclear Information System (INIS)

    Espona, M. J.

    2007-01-01

    Nowadays we can say that science and technology are development driven forces in most countries, with some exceptions especially in the Southern Hemisphere. Even though, we have to take into account their link to and impact on defense and security and not only when it comes to WMD but also in the economy and academy areas, both in developed and developing countries. Within this framework, when we analyze the spread of technology and knowledge, it is important to consider: the media where it takes place (e.g. journals, internet, conferences, commercial agreements); which the actors involved are (e.g. scientists, governmental agencies, commercial firms); and the motive why it occurs (e.g. scientific discoveries; commercial exchange; international agreements). Once known all these elements, which vary both intracountry and intercountry, we may have a deep and broad enough framework to consider which policies to take in order to foster scientific and technologic development without collaborating with state and non state WMD programs. Although we already have a legal framework to fight against WMD proliferation and terrorism, the diverse degree of success of such instruments makes it necessary to continue analyzing and debating ways to strengthen them and/or find new ones. Therefore, in this paper we will analyze how the phenomena of science and technology development and spread impacts on defense and security from a South American perspective, taking into account the particular differences among developed and developing countries. Among the primary findings we can mention the existing differences between countries when it comes to the place (military, academic or commercial ones) where the critical science and technology innovative developments take place; the origin of funding (private or governmental); the existence and fulfillment of plans to foster science and technology development; and the scientific community awareness in WMD topics. All these elements have a

  17. Homeland Security Affairs Journal (press release)

    OpenAIRE

    Naval Postgraduate School (U.S.); Center for Homeland Defense and Security

    2013-01-01

    Homeland Security Affairs (HSA) is the peer-reviewed online journal of the Center for Homeland Defense and Security (CHDS). The journal provides a forum to propose and debate strategies, policies and organizational arrangements to strengthen U.S. homeland security.

  18. Proactive Self Defense in Cyberspace

    National Research Council Canada - National Science Library

    Caulkins, Bruce D

    2009-01-01

    ... and standards to properly secure and defend the Global Information Grid (GIG) from cyber attacks. This paper will discuss the strategic requirements for enacting a proactive self-defense mechanism in cyberspace...

  19. Obfuscatable multi-recipient re-encryption for secure privacy-preserving personal health record services.

    Science.gov (United States)

    Shi, Yang; Fan, Hongfei; Xiong, Guoyue

    2015-01-01

    With the rapid development of cloud computing techniques, it is attractive for personal health record (PHR) service providers to deploy their PHR applications and store the personal health data in the cloud. However, there could be a serious privacy leakage if the cloud-based system is intruded by attackers, which makes it necessary for the PHR service provider to encrypt all patients' health data on cloud servers. Existing techniques are insufficiently secure under circumstances where advanced threats are considered, or being inefficient when many recipients are involved. Therefore, the objectives of our solution are (1) providing a secure implementation of re-encryption in white-box attack contexts and (2) assuring the efficiency of the implementation even in multi-recipient cases. We designed the multi-recipient re-encryption functionality by randomness-reusing and protecting the implementation by obfuscation. The proposed solution is secure even in white-box attack contexts. Furthermore, a comparison with other related work shows that the computational cost of the proposed solution is lower. The proposed technique can serve as a building block for supporting secure, efficient and privacy-preserving personal health record service systems.

  20. Sense of security felt by the armed police with different service length and influential factors

    Directory of Open Access Journals (Sweden)

    Jing CHEN

    2011-02-01

    Full Text Available Objective To investigate the status of sense of security felt by the armed police and the influential factors thereof.Methods The sense of security,stress level,comprehension of social supports and the coping styles were measured and evaluated by use of Security Questionnaire(SQ,Psychological Stress Self-Evaluation Test(PSET,Perceived Social Support Scale(PSSS and Coping Style Scale(CSS in 725 armed police,and the differences were compared between the servicemen with different service length(1,2 and 3 years.The correlation between security sense(expressed as personal safety and determination of control and comprehension of social supports,coping styles and T score on stress level were analyzed.A stepwise regression analysis was done to screen the factors influencing the security sense of servicemen with the overall score of security sense as the dependent variable and the comprehension of social supports(expressed as inside-and outside-family support,coping styles(expressed as illusion,resignation,rationalization,self-condemned determinant,resort and problem-solving capacity and T score on stress level as the independent variables.Results Compared with the armed police with 1 year of military service,those with 2 or 3 years of military service got lower scores in personal safety,determination of control,inside-and outside-family support,and resort and problem-solving capacity(P 0.05.The two factors of comprehension of social supports(inside-and outside-family support,and the two factors of coping styles(resort and problem-solving capacity were positively correlated with the sense of security(personal safety and determination of control(P < 0.001;while the four factors of coping styles(illusion,resignation,rationalization and self-condemned determinant and the T score on stress level were negatively correlated with the sense of security(P < 0.001.It was proved by multivariate linear regression analysis that outside-family support

  1. 10 CFR 95.33 - Security education.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

  2. 76 FR 70977 - Proposed Collection; Comment Request

    Science.gov (United States)

    2011-11-16

    ...: ``Defense Security Service Industrial Security Review Data'' and ``Defense Security Service Industrial Security Facility Clearance Survey Data,'' OMB No. 0704-0427. Needs and Uses: The conduct of an Industrial Security Review and/or Industrial Security Facility Security Survey assists in determining whether a...

  3. Rethinking Defensive Information Warfare

    Science.gov (United States)

    2004-06-01

    Countless studies, however, have demonstrated the weakness in this system.15 The tension between easily remembered passwords and suffi...vulnerabilities Undiscovered flaws The patch model for Internet security has failed spectacularly. Caida , 2004 Signature-Based Defense Anti virus, intrusion

  4. 10 CFR 780.8 - Security.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 4 2010-01-01 2010-01-01 false Security. 780.8 Section 780.8 Energy DEPARTMENT OF ENERGY PATENT COMPENSATION BOARD REGULATIONS General Provisions § 780.8 Security. In any proceeding under this... the Act to assure compliance with Department security regulations and the common defense. ...

  5. ITIL Based Service Level Management if SLAs Cover Security

    Directory of Open Access Journals (Sweden)

    Tomas Feglar

    2005-08-01

    Full Text Available Current level of information technology creates new perspectives for more IT service oriented market. Quality of these services requires slightly different approach then was applied for products including software. No IT services are delivered and supported in risk free environment. Risks would be considered consistently with IT services quality gaps from Service Level Management (SLM perspective. SLM is one of ITIL modules that are widely used within the IT service industry. We identified some weaknesses in how SLM is developed in ITIL environment if service level agreement (SLA has cover Security. We argue that in such cases Architecture modeling and risk assessment approach let us effectively control analytical effort that relates to risks identification and understanding. Risk driven countermeasures designed in a next step (Risk treatment have significant impact to the SLM especially from responsibility perspective. To demonstrate SLM's importance in real practice we analyze SLA synthesize process in CCI (Cyber Critical Infrastructure environment.

  6. Security Transition Program Office 1994 fiscal year work plan WBS 6.11

    International Nuclear Information System (INIS)

    Brogdon, R.C. Jr.

    1993-10-01

    The Security Transition Program Office (STPO) will change the Hanford Safeguards and Security Protection Program from one that supported the national defense program to one that supports environmental restoration and waste management. A Successful Safeguards and Security Protection Program transition will have an industrial security foundation supplemented to protect material interests and information resources. The transition will change the current approaches to protection philosophy to ones that will provide the Hanford Site with the following: consolidation, reduction, and elimination of safeguards and security interests and targets; greater open Site access; maximum application of technology and automation; interpretation of security policies and procedures in light of the Hanford Site's environmental mission; coexistence with other emergency services; streamlined operations; and protection of employees and the public from health, safety, fire, security, and safeguards risks. This report describes the 1994 program objectives, the technical base, schedule baseline, cost, funding, manpower, and the 1993 program workscope

  7. Portfolio analysis of layered security measures.

    Science.gov (United States)

    Chatterjee, Samrat; Hora, Stephen C; Rosoff, Heather

    2015-03-01

    Layered defenses are necessary for protecting the public from terrorist attacks. Designing a system of such defensive measures requires consideration of the interaction of these countermeasures. In this article, we present an analysis of a layered security system within the lower Manhattan area. It shows how portfolios of security measures can be evaluated through portfolio decision analysis. Consideration is given to the total benefits and costs of the system. Portfolio diagrams are created that help communicate alternatives among stakeholders who have differing views on the tradeoffs between security and economic activity. © 2014 Society for Risk Analysis.

  8. Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

    Directory of Open Access Journals (Sweden)

    Youngsook Lee

    2014-01-01

    Full Text Available An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.’s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1 it fails to provide user anonymity against any third party as well as the foreign agent, (2 it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3 it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.’s scheme can be addressed without degrading the efficiency of the scheme.

  9. 75 FR 43492 - Federal Advisory Committee; National Security Education Board; Charter Renewal

    Science.gov (United States)

    2010-07-26

    ... DEPARTMENT OF DEFENSE Office of the Secretary Federal Advisory Committee; National Security... Department of Defense gives notice that it is renewing the charter for the National Security Education Board... awards that favors individuals expressing an interest in national security issues or pursuing a career in...

  10. Exploring Effects of Organizational Culture upon Implementation of Information Security Awareness and Training Programs within the Defense Industry Located in the Tennessee Valley Region

    Science.gov (United States)

    Grant, Robert Luther

    2017-01-01

    Data breaches due to social engineering attacks and employee negligence are on the rise. The only known defense against social engineering attacks and employee negligence is information security awareness and training. However, implementation of awareness and training programs within organizations are lagging in priority. This research used the…

  11. 20 CFR 404.1402 - When are railroad industry services by a non-vested worker covered under Social Security?

    Science.gov (United States)

    2010-04-01

    ...-vested worker covered under Social Security? 404.1402 Section 404.1402 Employees' Benefits SOCIAL... When are railroad industry services by a non-vested worker covered under Social Security? If you are a non-vested worker, we (the Social Security Administration) will consider your services in the railroad...

  12. Reforming The U.S. Security Assistance Export Process To Build Existing Capabilities

    Science.gov (United States)

    2015-12-01

    the USASAC leads the AMC Security Assistance Enterprise (ASAE), as well as cases associated with Foreign Military Sales (FMS) (Turner 2012, 5). The...reforms, excess defense articles, U.S. Army Security Assistance Command, Foreign Military Sales 15. NUMBER OF PAGES 73 16. PRICE CODE 17...Contract Audit Agency DCMA Defense Contract Management Agency DCS Direct Commercial Sales DELG Defense Export Loan Guarantee DISAM Defense

  13. Long-term energy services security: What is it and how can it be measured and valued?

    International Nuclear Information System (INIS)

    Jansen, Jaap C.; Seebregts, Ad J.

    2010-01-01

    The paper reviews some recent approaches towards measuring the extent of long-term energy security and security externality valuation. It starts out to discuss the contextual connotations of notions of 'energy security' in medium to long-term time frames and reviews some indicators that have been proposed to quantify it. Special attention is paid to two of these approaches, which the authors helped to develop, i.e. diversity-based indices and the Supply/Demand Index. The paper takes issue with conventional welfare economic approaches that neglect: (i) the scope on the demand side for raising security and (ii) negative feedback mechanisms of socio-political impacts of international rent transfers in fossil fuels exporting countries. The concept of energy services security is proposed with a demand-side focus. This enables application of an integrated approach to gauge the resilience of a society to meet the needs of its population for energy services over longer timescales ahead from various interrelated perspectives. Propositions are made on the attribution of security externalities to the use of fossil fuels, policies, and suggestions for further improvements of measures for energy services security.

  14. 32 CFR 154.3 - Definitions.

    Science.gov (United States)

    2010-07-01

    ..., National Security Agency/Central Security Service; Director, Defense Intelligence Agency; Assistant Chief... Defense Department of Defense OFFICE OF THE SECRETARY OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION General Provisions § 154.3 Definitions. (a) Access. The ability and opportunity...

  15. OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN

    OpenAIRE

    Han, Biao; Yang, Xiangrui; Sun, Zhigang; Huang, Jinfeng; Su, Jinshu

    2018-01-01

    Distributed Denial of Service (DDoS) attacks are one of the biggest concerns for security professionals. Traditional middle-box based DDoS attack defense is lack of network-wide monitoring flexibility. With the development of software-defined networking (SDN), it becomes prevalent to exploit centralized controllers to defend against DDoS attacks. However, current solutions suffer with serious southbound communication overhead and detection delay. In this paper, we propose a cross-plane DDoS a...

  16. Argumentation-Based Security Requirements Elicitation: The Next Round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roelf J.

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of

  17. How to securely replicate services (preliminary version)

    Science.gov (United States)

    Reiter, Michael; Birman, Kenneth

    1992-01-01

    A method is presented for constructing replicated services that retain their availability and integrity despite several servers and clients being corrupted by an intruder, in addition to others failing benignly. More precisely, a service is replicated by 'n' servers in such a way that a correct client will accept a correct server's response if, for some prespecified parameter, k, at least k servers are correct and fewer than k servers are correct. The issue of maintaining causality among client requests is also addressed. A security breach resulting from an intruder's ability to effect a violation of causality in the sequence of requests processed by the service is illustrated. An approach to counter this problem is proposed that requires that fewer than k servers are corrupt and, to ensure liveness, that k is less than or = n - 2t, where t is the assumed maximum total number of both corruptions and benign failures suffered by servers in any system run. An important and novel feature of these schemes is that the client need not be able to identify or authenticate even a single server. Instead, the client is required only to possess at most two public keys for the service.

  18. Best Practices for the Security of Radioactive Materials

    Energy Technology Data Exchange (ETDEWEB)

    Coulter, D.T.; Musolino, S.

    2009-05-01

    This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studies suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices

  19. Best Practices for the Security of Radioactive Materials

    International Nuclear Information System (INIS)

    Coulter, D.T.; Musolino, S.

    2009-01-01

    This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studies suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices encompass

  20. OpenID connect as a security service in Cloud-based diagnostic imaging systems

    Science.gov (United States)

    Ma, Weina; Sartipi, Kamran; Sharghi, Hassan; Koff, David; Bak, Peter

    2015-03-01

    The evolution of cloud computing is driving the next generation of diagnostic imaging (DI) systems. Cloud-based DI systems are able to deliver better services to patients without constraining to their own physical facilities. However, privacy and security concerns have been consistently regarded as the major obstacle for adoption of cloud computing by healthcare domains. Furthermore, traditional computing models and interfaces employed by DI systems are not ready for accessing diagnostic images through mobile devices. RESTful is an ideal technology for provisioning both mobile services and cloud computing. OpenID Connect, combining OpenID and OAuth together, is an emerging REST-based federated identity solution. It is one of the most perspective open standards to potentially become the de-facto standard for securing cloud computing and mobile applications, which has ever been regarded as "Kerberos of Cloud". We introduce OpenID Connect as an identity and authentication service in cloud-based DI systems and propose enhancements that allow for incorporating this technology within distributed enterprise environment. The objective of this study is to offer solutions for secure radiology image sharing among DI-r (Diagnostic Imaging Repository) and heterogeneous PACS (Picture Archiving and Communication Systems) as well as mobile clients in the cloud ecosystem. Through using OpenID Connect as an open-source identity and authentication service, deploying DI-r and PACS to private or community clouds should obtain equivalent security level to traditional computing model.

  1. Hybrid network defense model based on fuzzy evaluation.

    Science.gov (United States)

    Cho, Ying-Chiang; Pan, Jen-Yi

    2014-01-01

    With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

  2. Acquisition Planning at the Defense Communications Agency.

    Science.gov (United States)

    1984-04-01

    guidelines for interaction are developed under the leadership of DCA agencywide integrators with the participation of personnel from DCA, the Services...Communications System DCSO - Defense Communications System Organizatin . DDN - Defense Data Network DEC - Decision Making DG - Defense Guidance DIA - Defense

  3. Services Provided to Military Dependents Who Are "Mentally Gifted" in the US Department of Defense (DoDEA) Schools

    Science.gov (United States)

    Bugaj, Stephen J.

    2013-01-01

    The US Department of Defense Education Activity (DoDEA) is a federal agency that provides educational services to military dependents in 12 foreign countries, seven states, Cuba, and Puerto Rico. Perhaps due to its restricted audience, the general public has limited knowledge of DoDEA services; moreover, empirical information about these services…

  4. SQL Injection Attacks and Defense

    CERN Document Server

    Clarke, Justin

    2012-01-01

    SQL Injection Attacks and Defense, First Edition: Winner of the Best Book Bejtlich Read Award "SQL injection is probably the number one problem for any server-side application, and this book unequaled in its coverage." -Richard Bejtlich, Tao Security blog SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information available for penetration testers, IT security consultants and practitioners, and web/software developers to turn to for help. SQL Injection Att

  5. 75 FR 43944 - Defense Science Board; Task Force on Trends and Implications of Climate Change for National and...

    Science.gov (United States)

    2010-07-27

    ... DEPARTMENT OF DEFENSE Office of the Secretary Defense Science Board; Task Force on Trends and Implications of Climate Change for National and International Security AGENCY: Department of Defense (DoD... and Implications of Climate Change for National and International Security will meet in closed session...

  6. 75 FR 34438 - Defense Science Board Task Force on Trends and Implications of Climate Change for National and...

    Science.gov (United States)

    2010-06-17

    ... DEPARTMENT OF DEFENSE Office of the Secretary Defense Science Board Task Force on Trends and Implications of Climate Change for National and International Security AGENCY: Department of Defense (DoD... and Implications of Climate Change for National and International Security will meet in closed session...

  7. Proceedings and Presentations from the 2015 Homeland Security Education Summit

    OpenAIRE

    2015-01-01

    Proceedings: 9th Annual Homeland Defense and Security Education Summit The 9th Annual Homeland Defense and Security Education Summit was held on September 25-26, 2015 at the Hyatt Regency Hotel in Orlando Florida. The theme of the event was Evolving Homeland Security…

  8. Human factors in layers of defense in airport security

    NARCIS (Netherlands)

    Andriessen, H.; Van Gulijk, C.; Ale, B.J.M.

    2012-01-01

    Airport security systems are built up out of layers of defence based on the security-in-depth model (Talbot & Jakeman, 2008). The Transport Safety Authority (TSA) in the United States defined a staggering 20 layers of defence to control security risks. This means that not only security personnel is

  9. PKI-based secure mobile access to electronic health services and data.

    Science.gov (United States)

    Kambourakis, G; Maglogiannis, I; Rouskas, A

    2005-01-01

    Recent research works examine the potential employment of public-key cryptography schemes in e-health environments. In such systems, where a Public Key Infrastructure (PKI) is established beforehand, Attribute Certificates (ACs) and public key enabled protocols like TLS, can provide the appropriate mechanisms to effectively support authentication, authorization and confidentiality services. In other words, mutual trust and secure communications between all the stakeholders, namely physicians, patients and e-health service providers, can be successfully established and maintained. Furthermore, as the recently introduced mobile devices with access to computer-based patient record systems are expanding, the need of physicians and nurses to interact increasingly with such systems arises. Considering public key infrastructure requirements for mobile online health networks, this paper discusses the potential use of Attribute Certificates (ACs) in an anticipated trust model. Typical trust interactions among doctors, patients and e-health providers are presented, indicating that resourceful security mechanisms and trust control can be obtained and implemented. The application of attribute certificates to support medical mobile service provision along with the utilization of the de-facto TLS protocol to offer competent confidentiality and authorization services is also presented and evaluated through experimentation, using both the 802.11 WLAN and General Packet Radio Service (GPRS) networks.

  10. DHS Office of Health Affairs Chemical Defense Program Analyzes Subway Safety Against Chemical Terrorist Threats

    OpenAIRE

    Center for Homeland Defense and Security

    2012-01-01

    Center for Homeland Defense and Security, OUT OF THE CLASSROOM In an article for the journal Domestic Preparedness, Joselito Ignacio examines how to protect subway riders from chemical attacks. Ignacio graduated from the Center for Homeland Defense and Security in...

  11. Practical Aspects of Outsourcing as a Mean of Security Service Provision

    Directory of Open Access Journals (Sweden)

    D.B. Frolov

    2012-06-01

    Full Text Available The article highlights the implementation of outsourcing as a mean of service for security provision. Analysis is performed to describe the current issues affecting the management decision in favor of outsourcing. Investigation covers the processes of physical, information and economical security. The main recommendations to use outsourcing for security provision are described in the conclusion. With the development of mobile technology protecting of user data becomes more and more important. The article is dedicated to the vulnerability of devices running on the iOS platform, potentially allowing an attacker to obtain information about the movements of their owners, and suggests ways to protect against these attacks.

  12. 77 FR 34029 - National Security Education Board Members Meeting; Cancellation of Meeting

    Science.gov (United States)

    2012-06-08

    ... DEPARTMENT OF DEFENSE Office of the Secretary National Security Education Board Members Meeting... of the National Security Education Board. This meeting was to be held on June 20, 2012, from 8:30 a.m. to 2 p.m. at Defense Language and National Security Education Office, 1101 Wilson Boulevard, Suite...

  13. 76 FR 78316 - Excepted Service

    Science.gov (United States)

    2011-12-16

    ... Education. Policy and School Turnaround. Office of Legislation and Confidential Assistant DB120007 10/25... DC120005 10/21/2011 DEPARTMENT OF DEFENSE Office of the Assistant Special Assistant (International DD110133 10/25/2011 Secretary of Defense Security Affairs). (International Security Affairs). Office of...

  14. 32 CFR 2700.51 - Information Security Oversight Committee.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

  15. Security in Cloud Computing For Service Delivery Models: Challenges and Solutions

    OpenAIRE

    Preeti Barrow; Runni Kumari; Prof. Manjula R

    2016-01-01

    Cloud computing, undoubtedly, is a path to expand the limits or add powerful capabilities on-demand with almost no investment in new framework, training new staff, or authorizing new software. Though today everyone is talking about cloud but, organizations are still in dilemma whether it’s safe to deploy their business on cloud. The reason behind it; is nothing but Security. No cloud service provider provides 100% security assurance to its customers and therefore, businesses are h...

  16. Probabilistic reasoning with graphical security models

    NARCIS (Netherlands)

    Kordy, Barbara; Pouly, Marc; Schweitzer, Patrick

    This work provides a computational framework for meaningful probabilistic evaluation of attack–defense scenarios involving dependent actions. We combine the graphical security modeling technique of attack–defense trees with probabilistic information expressed in terms of Bayesian networks. In order

  17. A Framework for Smart Home Services with Secure and QoS-aware Communications

    Directory of Open Access Journals (Sweden)

    Markus Hager

    2013-01-01

    Full Text Available The scenario of smart home services will be discussed with regard to two important aspects: the quality of service problem for the in-house communication and the need for a security scheme for the whole system. We focus on an installation with smart computers in each flat interconnected using a switched Ethernet network. These smart devices are responsible for performing local services, user control and operate as a gateway for the different types of sensor and actor networks installed at each flat. We propose a QoS scheme to prevent congestion situation for the Ethernet network which is applicable to currently available cost-sensitive hardware. Furthermore, the whole system, all communication channels, user data and the access to the framework are secured by our proposed security architecture. Finally, we will present the latest improvements on Ethernet network standards, the ongoing work on this topics and our next steps for future work.

  18. Pareto Optimal Solutions for Network Defense Strategy Selection Simulator in Multi-Objective Reinforcement Learning

    Directory of Open Access Journals (Sweden)

    Yang Sun

    2018-01-01

    Full Text Available Using Pareto optimization in Multi-Objective Reinforcement Learning (MORL leads to better learning results for network defense games. This is particularly useful for network security agents, who must often balance several goals when choosing what action to take in defense of a network. If the defender knows his preferred reward distribution, the advantages of Pareto optimization can be retained by using a scalarization algorithm prior to the implementation of the MORL. In this paper, we simulate a network defense scenario by creating a multi-objective zero-sum game and using Pareto optimization and MORL to determine optimal solutions and compare those solutions to different scalarization approaches. We build a Pareto Defense Strategy Selection Simulator (PDSSS system for assisting network administrators on decision-making, specifically, on defense strategy selection, and the experiment results show that the Satisficing Trade-Off Method (STOM scalarization approach performs better than linear scalarization or GUESS method. The results of this paper can aid network security agents attempting to find an optimal defense policy for network security games.

  19. Enforcement of Security and Privacy in a Service-Oriented Smart Grid

    DEFF Research Database (Denmark)

    Mikkelsen, Søren Aagaard

    inhabitants. With the vision, it is therefore necessity to enforce privacy and security of the data in all phases of its life cycle. The life cycle starts from acquiring the data to it is stored. Therefore, this dissertation follows a system-level and application-level approach to manage data with respect...... to privacy and security. This includes first a design of a service-oriented architecture that allows for the deployment of home-oriented and grid-oriented IASs on a Home Energy Management System (HEMS) and in the cloud, respectively. Privacy and security of electricity data are addressed by letting...... the residential consumer control data dissemination in a two-stage process: first from the HEMS to the cloud and from the cloud to the IASs. Then the dissertation focuses on the critical phases in securing the residential home as well as securing the cloud. It presents a system-level threat model of the HEMS...

  20. Mathematical Modeling Applied to Maritime Security

    OpenAIRE

    Center for Homeland Defense and Security

    2010-01-01

    Center for Homeland Defense and Security, OUT OF THE CLASSROOM Download the paper: Layered Defense: Modeling Terrorist Transfer Threat Networks and Optimizing Network Risk Reduction” Students in Ted Lewis’ Critical Infrastructure Protection course are taught how mathematic modeling can provide...

  1. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  2. Web security a whitehat perspective

    CERN Document Server

    Wu, Hanqing

    2015-01-01

    MY VIEW OF THE SECURITY WORLDView of the IT Security WorldBrief History of Web SecurityBrief History of Chinese HackersDevelopment Process of Hacking TechniquesRise of Web SecurityBlack Hat, White HatBack to Nature: The Essence of Secret SecuritySuperstition: There Is No Silver BulletSecurity Is an Ongoing ProcessSecurity ElementsHow to Implement Safety AssessmentAsset ClassificationThreat AnalysisRisk AnalysisDesign of Security ProgramsArt of War of White HatPrinciples of Secure by DefaultBlacklist, WhitelistPrinciple of Least PrivilegePrinciple of Defense in DepthPrinciples of Data and Code

  3. Security planning an applied approach

    CERN Document Server

    Lincke, Susan

    2015-01-01

    This book guides readers through building an IT security plan. Offering a template, it helps readers to prioritize risks, conform to regulation, plan their defense and secure proprietary/confidential information. The process is documented in the supplemental online security workbook. Security Planning is designed for the busy IT practitioner, who does not have time to become a security expert, but needs a security plan now. It also serves to educate the reader of a broader set of concepts related to the security environment through the Introductory Concepts and Advanced sections. The book serv

  4. 47 CFR 90.411 - Civil defense communications.

    Science.gov (United States)

    2010-10-01

    ... 47 Telecommunication 5 2010-10-01 2010-10-01 false Civil defense communications. 90.411 Section 90... PRIVATE LAND MOBILE RADIO SERVICES Operating Requirements § 90.411 Civil defense communications. The... necessary for the implementation of civil defense activities assigned such station by local civil defense...

  5. Technology Empowerment: Security Challenges.

    Energy Technology Data Exchange (ETDEWEB)

    Warren, Drake Edward [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Backus, George A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Jones, Wendell [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Nelson, Thomas R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Skocypec, Russell D. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-03-01

    “Technology empowerment” means that innovation is increasingly accessible to ordinary people of limited means. As powerful technologies become more affordable and accessible, and as people are increasingly connected around the world, ordinary people are empowered to participate in the process of innovation and share the fruits of collaborative innovation. This annotated briefing describes technology empowerment and focuses on how empowerment may create challenges to U.S. national security. U.S. defense research as a share of global innovation has dwindled in recent years. With technology empowerment, the role of U.S. defense research is likely to shrink even further while technology empowerment will continue to increase the speed of innovation. To avoid falling too far behind potential technology threats to U.S. national security, U.S. national security institutions will need to adopt many of the tools of technology empowerment.

  6. DefenseLink: Securing Afganistan, Stabilization & Growth

    Science.gov (United States)

    since, the International Security Assistance Force, under NATO leadership, has taken charge of extensive conditions for the growth of an effective, democratic national government in Afghanistan. As the lead member

  7. Report of the Defense Task Force on Sexual Harassment and Violence at the Military Service Academies

    Science.gov (United States)

    US Department of Defense, 2005

    2005-01-01

    In creating this report the Task Force gathered information by conducting site visits; communicating with numerous individuals, including victims; reviewing the Department of Defense survey data; reviewing Academy and Service policies, reports, and data; consulting with subject matter experts; and communicating with related committees and task…

  8. BROSMAP: A Novel Broadcast Based Secure Mobile Agent Protocol for Distributed Service Applications

    Directory of Open Access Journals (Sweden)

    Dina Shehada

    2017-01-01

    Full Text Available Mobile agents are smart programs that migrate from one platform to another to perform the user task. Mobile agents offer flexibility and performance enhancements to systems and service real-time applications. However, security in mobile agent systems is a great concern. In this paper, we propose a novel Broadcast based Secure Mobile Agent Protocol (BROSMAP for distributed service applications that provides mutual authentication, authorization, accountability, nonrepudiation, integrity, and confidentiality. The proposed system also provides protection from man in the middle, replay, repudiation, and modification attacks. We proved the efficiency of the proposed protocol through formal verification with Scyther verification tool.

  9. Secure Service Oriented Architectures (SOA) Supporting NEC [Architecture orientée service (SOA) gérant la NEC

    NARCIS (Netherlands)

    Meiler, P.P.; Schmeing, M.

    2009-01-01

    Combined scenario ; Data management ; Data processing ; Demonstrator ; Information systems ; Integrated systems ; Interoperability ; Joint scenario ; Network Enabled Capability (NEC) ; Operational effectiveness ; Operations research ; Scenarios ; Secure communication ; Service Oriented Architecture

  10. Influence of Security Mechanisms on the Quality of Service of VoIP

    Science.gov (United States)

    Backs, Peter; Pohlmann, Norbert

    While Voice over IP (VoIP) is advancing rapidly in the telecommunications market, the interest to protect the data transmitted by this new service is also rising. However, in contrast to other internet services such as email or HTTP, VoIP is real-time media, and therefore must meet a special requirement referred to as Quality-of-Service to provide a comfortable flow of speech. Speech quality is worsened when transmitted over the network due to delays in transmission or loss of packets. Often, voice quality is at a level that even prevents comprehensive dialog. Therefore, an administrator who is to setup a VoIP infrastructure might consider avoiding additional decreases in voice quality resulting from security mechanisms, and might leave internet telephony unprotected as a result. The inspiration for this paper is to illustrate that security mechanisms have negligible impact on speech quality and should in fact be encouraged.

  11. The Navigation Metaphor in Security Economics

    DEFF Research Database (Denmark)

    Pieters, Wolter; Barendse, Jeroen; Ford, Margaret

    2016-01-01

    The navigation metaphor for cybersecurity merges security architecture models and security economics. By identifying the most efficient routes for gaining access to assets from an attacker's viewpoint, an organization can optimize its defenses along these routes. The well-understood concept of na...... of navigation makes it easier to motivate and explain security investment to a wide audience, encouraging strategic security decisions....

  12. 32 CFR 700.826 - Physical security.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 5 2010-07-01 2010-07-01 false Physical security. 700.826 Section 700.826... Commanding Officers in General § 700.826 Physical security. (a) The commanding officer shall take appropriate... officer shall take action to protect and maintain the security of the command against dangers from fire...

  13. Secure, Autonomous, Intelligent Controller for Integrating Distributed Emergency Response Satellite Operations

    Science.gov (United States)

    Ivancic, William D.; Paulsen, Phillip E.; Miller, Eric M.; Sage, Steen P.

    2013-01-01

    This report describes a Secure, Autonomous, and Intelligent Controller for Integrating Distributed Emergency Response Satellite Operations. It includes a description of current improvements to existing Virtual Mission Operations Center technology being used by US Department of Defense and originally developed under NASA funding. The report also highlights a technology demonstration performed in partnership with the United States Geological Service for Earth Resources Observation and Science using DigitalGlobe(Registered TradeMark) satellites to obtain space-based sensor data.

  14. Compilation of FY 1995 and FY 1996 DOD Financial Statements at the Defense Finance and Accounting Service, Indianapolis Center

    National Research Council Canada - National Science Library

    1996-01-01

    The audit objective was to determine whether the Defense Finance and Accounting Service, Indianapolis Center, consistently and accurately compiled financial data from field entities and other sources...

  15. 32 CFR 2103.51 - Information Security Oversight Committee.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

  16. Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

    Science.gov (United States)

    Shim, Woohyun

    2010-01-01

    An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

  17. Security implications and governance of cognitive neuroscience.

    Science.gov (United States)

    Kosal, Margaret E; Huang, Jonathan Y

    2015-01-01

    In recent years, significant efforts have been made toward elucidating the potential of the human brain. Spanning fields as disparate as psychology, biomedicine, computer science, mathematics, electrical engineering, and chemistry, research venturing into the growing domains of cognitive neuroscience and brain research has become fundamentally interdisciplinary. Among the most interesting and consequential applications to international security are the military and defense community's interests in the potential of cognitive neuroscience findings and technologies. In the United States, multiple governmental agencies are actively pursuing such endeavors, including the Department of Defense, which has invested over $3 billion in the last decade to conduct research on defense-related innovations. This study explores governance and security issues surrounding cognitive neuroscience research with regard to potential security-related applications and reports scientists' views on the role of researchers in these areas through a survey of over 200 active cognitive neuroscientists.

  18. Airline Security and a Strategy for Change

    National Research Council Canada - National Science Library

    Welch, Timothy J

    2006-01-01

    .... Obligated to secure the Homeland the United States Government scrambled to develop measures that would uphold societal values while providing an in-depth defense capable of ensuring a more secure society...

  19. For the Common Defense of Cyberspace: Implications of a US Cyber Militia on Department of Defense Cyber Operations

    Science.gov (United States)

    2015-06-12

    the Common Defense of Cyberspace: Implications of a US Cyber Militia on Department of Defense Cyber Operations 5a. CONTRACT NUMBER 5b. GRANT ...20130423/ NEWS/304230016/Navy-wants-1-000-more-cyber-warriors. 33 Edward Cardon , “Army Cyber Capabilities” (Lecture, Advanced Operations Course...Finally, once a cyber security professional is trained, many argue, to include the head of Army’s Cyber Command, Lieutenant General Edward Cardon

  20. 76 FR 32358 - Meeting of the Defense Department Advisory Committee on Women in the Services (DACOWITS)

    Science.gov (United States)

    2011-06-06

    ... give the Committee a briefing on the results of their Workplace and Gender Relations survey... restrict the service of female members and the plans for a new Working Group on women's issues. The meeting... FY11 NDAA. --Receive briefing from Defense Manpower Data Center on survey results on 2010 workplace and...

  1. Homeland Security Affairs Journal, Supplement - 2012: IEEE 2011 Conference on Technology for Homeland Security: Best Papers

    OpenAIRE

    2012-01-01

    Homeland Security Affairs is the peer-reviewed online journal of the Naval Postgraduate School Center for Homeland Defense and Security (CHDS), providing a forum to propose and debate strategies, policies, and organizational arrangements to strengthen U.S. homeland security. The instructors, participants, alumni, and partners of CHDS represent the leading subject matter experts and practitioners in the field of homeland security. IEEE Supplement 2012. Supplement: IEEE 2011 Conference on Te...

  2. 40 CFR 1042.635 - National security exemption.

    Science.gov (United States)

    2010-07-01

    ... 40 Protection of Environment 32 2010-07-01 2010-07-01 false National security exemption. 1042.635... Compliance Provisions § 1042.635 National security exemption. The standards and requirements of this part and... government responsible for national defense. (b) Manufacturers may request a national security exemption for...

  3. 40 CFR 85.1708 - National security exemption.

    Science.gov (United States)

    2010-07-01

    ... 40 Protection of Environment 18 2010-07-01 2010-07-01 false National security exemption. 85.1708... Vehicle Engines § 85.1708 National security exemption. A manufacturer requesting a national security... agency of the Federal Government charged with responsibility for national defense. [39 FR 32611, Sept. 10...

  4. Scalable Security and Accounting Services for Content-Based Publish/Subscribe Systems

    OpenAIRE

    Himanshu Khurana; Radostina K. Koleva

    2006-01-01

    Content-based publish/subscribe systems offer an interaction scheme that is appropriate for a variety of large-scale dynamic applications. However, widespread use of these systems is hindered by a lack of suitable security services. In this paper, we present scalable solutions for confidentiality, integrity, and authentication for these systems. We also provide verifiable usage-based accounting services, which are required for e-commerce and e-business applications that use publish/subscribe ...

  5. Water Security and Services in the Caribbean

    Directory of Open Access Journals (Sweden)

    Adrian Cashman

    2014-05-01

    Full Text Available The efficient management of water resources and services continues to be a concern in many of the small island states of the Caribbean. There are growing concerns over the ability of governments in the region to ensure the good management and provision of water without jeopardizing economic growth and the maintenance of social well-being. This paper provides an overview of the major factors influencing the water security facing the Caribbean Region and how the emerging concerns are being addressed. The key challenges and vulnerabilities may be summarized as lack of data and barriers to making available what information there is. Forward planning has been largely neglected and is symptomatic of a lack of appreciation of the need for having national water policies. In this respect Jamaica’s development of a national master water plan serves as a good example of what is needed. Water service providers have to be efficient, well managed and allowed to do their job. This means that they have to be on a sound financial footing. The challenge is to find the balance between appropriate political and regulatory oversight and the autonomy of water managers and service providers.

  6. Secure positioning technique based on encrypted visible light map for smart indoor service

    Science.gov (United States)

    Lee, Yong Up; Jung, Gillyoung

    2018-03-01

    Indoor visible light (VL) positioning systems for smart indoor services are negatively affected by both cochannel interference from adjacent light sources and VL reception position irregularity in the three-dimensional (3-D) VL channel. A secure positioning methodology based on a two-dimensional (2-D) encrypted VL map is proposed, implemented in prototypes of the specific positioning system, and analyzed based on performance tests. The proposed positioning technique enhances the positioning performance by more than 21.7% compared to the conventional method in real VL positioning tests. Further, the pseudonoise code is found to be the optimal encryption key for secure VL positioning for this smart indoor service.

  7. 32 CFR 2400.45 - Information Security Program Review.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Program Review. 2400.45... SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45 Information Security Program Review. (a) The Director, OSTP, shall require an annual formal review of the OSTP...

  8. The navigation metaphor in security economics

    NARCIS (Netherlands)

    Pieters, Wolter; Barendse, Jeroen; Ford, Margaret; Heath, Claude P.R.; Probst, Christian W.; Verbij, Ruud

    2016-01-01

    The navigation metaphor for cybersecurity merges security architecture models and security economics. By identifying the most efficient routes for gaining access to assets from an attacker's viewpoint, an organization can optimize its defenses along these routes. The well-understood concept of

  9. Practical Secure Transaction for Privacy-Preserving Ride-Hailing Services

    Directory of Open Access Journals (Sweden)

    Chenglong Cao

    2018-01-01

    Full Text Available Ride-hailing service solves the issue of taking a taxi difficultly in rush hours. It is changing the way people travel and has had a rapid development in recent years. Since the service is offered over the Internet, there is a great deal of uncertainty about security and privacy. Focusing on the issue, we changed payment pattern of existing systems and designed a privacy protection ride-hailing scheme. E-cash was generated by a new partially blind signature protocol that achieves e-cash unforgeability and passenger privacy. Particularly, in the face of a service platform and a payment platform, a passenger is still anonymous. Additionally, a lightweight hash chain was constructed to keep e-cash divisible and reusable, which increases practicability of transaction systems. The analysis shows that the scheme has small communication and computation costs, and it can be effectively applied in the ride-hailing service with privacy protection.

  10. Secure Cloud-Based Solutions for Different eHealth Services in Spanish Rural Health Centers.

    Science.gov (United States)

    de la Torre-Díez, Isabel; Lopez-Coronado, Miguel; Garcia-Zapirain Soto, Begonya; Mendez-Zorrilla, Amaia

    2015-07-27

    The combination of eHealth applications and/or services with cloud technology provides health care staff—with sufficient mobility and accessibility for them—to be able to transparently check any data they may need without having to worry about its physical location. The main aim of this paper is to put forward secure cloud-based solutions for a range of eHealth services such as electronic health records (EHRs), telecardiology, teleconsultation, and telediagnosis. The scenario chosen for introducing the services is a set of four rural health centers located within the same Spanish region. iCanCloud software was used to perform simulations in the proposed scenario. We chose online traffic and the cost per unit in terms of time as the parameters for choosing the secure solution on the most optimum cloud for each service. We suggest that load balancers always be fitted for all solutions in communication together with several Internet service providers and that smartcards be used to maintain identity to an appropriate extent. The solutions offered via private cloud for EHRs, teleconsultation, and telediagnosis services require a volume of online traffic calculated at being able to reach 2 Gbps per consultation. This may entail an average cost of €500/month. The security solutions put forward for each eHealth service constitute an attempt to centralize all information on the cloud, thus offering greater accessibility to medical information in the case of EHRs alongside more reliable diagnoses and treatment for telecardiology, telediagnosis, and teleconsultation services. Therefore, better health care for the rural patient can be obtained at a reasonable cost.

  11. Secure Cloud-Based Solutions for Different eHealth Services in Spanish Rural Health Centers

    Science.gov (United States)

    2015-01-01

    Background The combination of eHealth applications and/or services with cloud technology provides health care staff—with sufficient mobility and accessibility for them—to be able to transparently check any data they may need without having to worry about its physical location. Objective The main aim of this paper is to put forward secure cloud-based solutions for a range of eHealth services such as electronic health records (EHRs), telecardiology, teleconsultation, and telediagnosis. Methods The scenario chosen for introducing the services is a set of four rural health centers located within the same Spanish region. iCanCloud software was used to perform simulations in the proposed scenario. We chose online traffic and the cost per unit in terms of time as the parameters for choosing the secure solution on the most optimum cloud for each service. Results We suggest that load balancers always be fitted for all solutions in communication together with several Internet service providers and that smartcards be used to maintain identity to an appropriate extent. The solutions offered via private cloud for EHRs, teleconsultation, and telediagnosis services require a volume of online traffic calculated at being able to reach 2 Gbps per consultation. This may entail an average cost of €500/month. Conclusions The security solutions put forward for each eHealth service constitute an attempt to centralize all information on the cloud, thus offering greater accessibility to medical information in the case of EHRs alongside more reliable diagnoses and treatment for telecardiology, telediagnosis, and teleconsultation services. Therefore, better health care for the rural patient can be obtained at a reasonable cost. PMID:26215155

  12. Compilation of the FY 1997 Navy General Fund Financial Statements at the Defense Finance and Accounting Service Cleveland Center

    National Research Council Canada - National Science Library

    1998-01-01

    Audit Report on tile Compilation of the FY 1997 Navy General Fund Financial Statements at the Defense Finance and Accounting Service Cleveland Center Our objective was to determine whether the DFAS...

  13. Security Risks of Cloud Computing and Its Emergence as 5th Utility Service

    Science.gov (United States)

    Ahmad, Mushtaq

    Cloud Computing is being projected by the major cloud services provider IT companies such as IBM, Google, Yahoo, Amazon and others as fifth utility where clients will have access for processing those applications and or software projects which need very high processing speed for compute intensive and huge data capacity for scientific, engineering research problems and also e- business and data content network applications. These services for different types of clients are provided under DASM-Direct Access Service Management based on virtualization of hardware, software and very high bandwidth Internet (Web 2.0) communication. The paper reviews these developments for Cloud Computing and Hardware/Software configuration of the cloud paradigm. The paper also examines the vital aspects of security risks projected by IT Industry experts, cloud clients. The paper also highlights the cloud provider's response to cloud security risks.

  14. 40 CFR 90.908 - National security exemption.

    Science.gov (United States)

    2010-07-01

    ... 40 Protection of Environment 20 2010-07-01 2010-07-01 false National security exemption. 90.908... Exemption of Nonroad Engines from Regulations § 90.908 National security exemption. (a)(1) Any nonroad... defense, will be considered exempt from this part for purposes of national security. No request for...

  15. The Navigation Metaphor in Security Economics

    NARCIS (Netherlands)

    Pieters, W.; Barendse, Jeroen; Ford, Margaret; Heath, Claude P R; Probst, Christian W.; Verbij, Ruud

    2016-01-01

    The navigation metaphor for cybersecurity merges security architecture models and security economics. By identifying the most efficient routes for gaining access to assets from an attacker's viewpoint, an organization can optimize its defenses along these routes. The well-understood concept of

  16. Management Data Used to Manage the Defense Logistics Agency Supply Management Division of the Defense Business Operations Fund

    National Research Council Canada - National Science Library

    1994-01-01

    The Defense Logistics Agency Supply Management Division (the Division) of the Defense Business Operations Fund provides supplies and logistics services to DoD Components and other (Government agencies...

  17. 78 FR 43863 - Proposed Collection; Comment Request

    Science.gov (United States)

    2013-07-22

    ... proposal and associated collection instruments, please write to: Defense Security Service, Industrial.... Needs and Uses: Executive Order 12829, ``National Industrial Security Program (NISP)'', (January 6, 1993... entered into agreements with the Secretary of Defense for industrial security services required for...

  18. Secure Data Transfer Guidance for Industrial Control and SCADA Systems

    Energy Technology Data Exchange (ETDEWEB)

    Mahan, Robert E.; Fluckiger, Jerry D.; Clements, Samuel L.; Tews, Cody W.; Burnette, John R.; Goranson, Craig A.; Kirkham, Harold

    2011-09-01

    This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems.

  19. Cyber security level assignment for research reactor digital instrumentation and control system architecture using concept of defense in depth

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Son, Han Seong; Kim, Young Ki; Park, Jaek Wan

    2012-01-01

    Due to recent aging of the analog instrumentation of many nuclear power plants (NPPs) and research reactors, the system reliability decreases while maintenance and testing costs increase. In addition, it is difficult to find the substitutable analog equipment s due to obsolescence. Therefore, the instrumentation and control (I and C) systems have changed from analog system to digital system due to these facts. With the introduction of digital systems, research reactors are forced to care for the problem of cyber attacks because I and C systems have been digitalized using networks or communication systems. Especially, it is more issued at research reactors due to the accessibility of human resources. In the real world, an IBM researcher has been successful in controlling the software by penetrating a NPPs network in U.S. on July 2008 and acquiring the control right of nuclear facilities after one week. Moreover, the malignant code called 'stuxnet' impaired the nearly 1,000 centrifugal separators in Iran according to an IAEA report. The problem of cyber attacks highlights the important of cyber security, which should be emphasized. Defense.in.depth (DID) is a significant concept for the cyber security to work properly. DID institutes and maintains a hardy program for critical digital asset (CDA) by implementing multiple security boundaries. In this work, we assign cyber security levels to a typical digital I and C system using DID concept. This work is very useful in applying the concept of DID to nuclear industry with respect to cyber security

  20. Cyber security level assignment for research reactor digital instrumentation and control system architecture using concept of defense in depth

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Kyung Hee University, Seoul (Korea, Republic of); Son, Han Seong [Joongbu Univ., Chungnam (Korea, Republic of); Kim, Young Ki; Park, Jaek Wan [KAERI, Daejeon (Korea, Republic of)

    2012-10-15

    Due to recent aging of the analog instrumentation of many nuclear power plants (NPPs) and research reactors, the system reliability decreases while maintenance and testing costs increase. In addition, it is difficult to find the substitutable analog equipment s due to obsolescence. Therefore, the instrumentation and control (I and C) systems have changed from analog system to digital system due to these facts. With the introduction of digital systems, research reactors are forced to care for the problem of cyber attacks because I and C systems have been digitalized using networks or communication systems. Especially, it is more issued at research reactors due to the accessibility of human resources. In the real world, an IBM researcher has been successful in controlling the software by penetrating a NPPs network in U.S. on July 2008 and acquiring the control right of nuclear facilities after one week. Moreover, the malignant code called 'stuxnet' impaired the nearly 1,000 centrifugal separators in Iran according to an IAEA report. The problem of cyber attacks highlights the important of cyber security, which should be emphasized. Defense.in.depth (DID) is a significant concept for the cyber security to work properly. DID institutes and maintains a hardy program for critical digital asset (CDA) by implementing multiple security boundaries. In this work, we assign cyber security levels to a typical digital I and C system using DID concept. This work is very useful in applying the concept of DID to nuclear industry with respect to cyber security.

  1. 78 FR 17176 - Federal Acquisition Regulation; Defense Base Act

    Science.gov (United States)

    2013-03-20

    ... Regulation; Defense Base Act AGENCIES: Department of Defense (DoD), General Services Administration (GSA... the Defense Base Act. DATES: Interested parties should submit written comments to the Regulatory... Act as extended by the Defense Base Act. II. Discussion and Analysis The Defense Base Act of 1941...

  2. Lexical Link Analysis (LLA) Application: Improving Web Service to Defense Acquisition Visibility Environment (DAVE)

    Science.gov (United States)

    2015-05-01

    1 LEXICAL LINK ANALYSIS (LLA) APPLICATION: IMPROVING WEB SERVICE TO DEFENSE ACQUISITION VISIBILITY ENVIRONMENT(DAVE) May 13-14, 2015 Dr. Ying...REPORT DATE MAY 2015 2. REPORT TYPE 3. DATES COVERED 00-00-2015 to 00-00-2015 4. TITLE AND SUBTITLE Lexical Link Analysis (LLA) Application...Making 3 2 1 3 L L A Methods • Lexical Link Analysis (LLA) Core – LLA Reports and Visualizations • Collaborative Learning Agents (CLA) for

  3. Strategic Foresight Process - Improvements for the Hungarian Ministry of Defense

    Science.gov (United States)

    2016-06-01

    data by modeling and econometric techniques including trend curves and trend extrapolations, among others; the kind of extrapolation of past data that...strategic management, Hungary, Hungarian Ministry of Defense, migration, Russia 15. NUMBER OF PAGES 79 16. PRICE CODE 17. SECURITY ...CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF THIS PAGE Unclassified 19. SECURITY CLASSIFICATION OF ABSTRACT Unclassified 20

  4. SELF-DEFENSE IN KARABAKH CONFLICT?

    Directory of Open Access Journals (Sweden)

    Saeed Bagheri

    2015-01-01

    Full Text Available Use of force is one of the principles of international law which has been banned by the UN Charter and modern constitutions. However, since the enforcement of the UN Charter, self-defense has become the preferred excuse for states to justify their use of force. But applying self-defense requires some conditions. Immediacy is one of the important conditions of self-defense. Immediacy defined as the time span between armed attacks and reaction to it, is the main discourse. This condition requires self defense immediately after the armed conflict or during a rational time span since its occurance.In this respect, the emerging Karabakh Conflict between Armenia and Azerbaijan in the 1990s is important. After Armenia’s armed attacks, Azerbaijan has acted within the scope of legitimate self-defense. But in accordance with UN Security Council cease-fire resolution Azerbaijan has suspended its self-defense actions. However, today, still twenty percent of Azerbaijani territory is still under Armenian occupation. Accordingly, after a long time the validity of Azerbaijan’s right to legitimate self-defense is still subject to arguments.In this article, by comparing two different approaches (strict and board interpretation approaches on the temporal link between the measures of self-defense and the armed attacks (immediacy, the temporal link between the self-defense countermeasures of Azerbaijan and armed attacks by Armenia in Karabakh Conflict will be examined.

  5. Enhancing U.S. Defenses Against Terrorist Air Attacks

    National Research Council Canada - National Science Library

    2004-01-01

    .... Air Force, law enforcement authorities, the Federal Aviation Administration, airport security personnel, and many other agencies share responsibility for closing gaps in our national air defenses...

  6. Proof of Concept Integration of a Single-Level Service-Oriented Architecture into a Multi-Domain Secure Environment

    National Research Council Canada - National Science Library

    Gilkey, Craig M

    2008-01-01

    .... Such web services operating across multiple security domains would provide additional advantages, including improved intelligence aggregation, and real-time collaboration between users in different security domains...

  7. Employment of personnel of a security service company does not require the consent of the works council

    International Nuclear Information System (INIS)

    Anon.

    1992-01-01

    If a company or institution hires personnel of a security service company to protect its premises, this kind of employment does not mean the company carries on temporary employment business. Within the purview of section 99, sub-section 1 of the BetrVG (Works Constitution Act), the security service personnel is not 'employed' in the proper sense even if the security tasks fulfilled by them are done at other times by regular employees of the company or institution. The court decision also decided that the Works Council need not give consent to employment of foreign security personnel. Federal Labour Court, decision dated May 5, 1992 - 1 ABR 78/91. (orig./HP) [de

  8. 78 FR 56266 - Consent Based Social Security Number Verification (CBSV) Service

    Science.gov (United States)

    2013-09-12

    ... developed CBSV as a user- friendly, internet-based application with safeguards that protect the public's information. In addition to the benefit of providing high volume, centralized SSN verification services to users in a secure manner, CBSV provides us with cost and workload management benefits. New Information...

  9. 17 CFR 240.15Ca2-5 - Consent to service of process to be furnished by non-resident government securities brokers or...

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Consent to service of process... Government Securities Dealers § 240.15Ca2-5 Consent to service of process to be furnished by non-resident... government securities dealer by the service of process upon the Commission and the forwarding of a copy...

  10. Website Fingerprinting Defenses at the Application Layer

    Directory of Open Access Journals (Sweden)

    Cherubin Giovanni

    2017-04-01

    Full Text Available Website Fingerprinting (WF allows a passive network adversary to learn the websites that a client visits by analyzing traffic patterns that are unique to each website. It has been recently shown that these attacks are particularly effective against .onion sites, anonymous web servers hosted within the Tor network. Given the sensitive nature of the content of these services, the implications of WF on the Tor network are alarming. Prior work has only considered defenses at the client-side arguing that web servers lack of incentives to adopt countermeasures. Furthermore, most of these defenses have been designed to operate on the stream of network packets, making practical deployment difficult. In this paper, we propose two application-level defenses including the first server-side defense against WF, as .onion services have incentives to support it. The other defense is a lightweight client-side defense implemented as a browser add-on, improving ease of deployment over previous approaches. In our evaluations, the server-side defense is able to reduce WF accuracy on Tor .onion sites from 69.6% to 10% and the client-side defense reduces accuracy from 64% to 31.5%.

  11. Formerly Used Defense Sites (FUDS) Public Properties

    Data.gov (United States)

    Department of Homeland Security — The FUDS Public GIS dataset contains point location information for the 2,709 Formerly Used Defense Sites (FUDS) properties where the U.S. Army Corps of Engineers is...

  12. Behavioral analysis of use personal service e-balance Indonesian social security

    Science.gov (United States)

    Wang, Gunawan; Fitriani, Novi; Nurul Fajar, Ahmad

    2017-09-01

    Indonesian Social Security is the one of the government agencies that is trusted to organize social security. With help of Information technology that growing these day, Indonesian Social Security is also developing E-Balance application, where previously all activities for checking balance is done by giving their slip details through the nearest branch to be distributed to each company. So far there is no research that reviewing e-Balance. Hence, the authors is interested to do research related factors that influence the behavior of the use of E-Balance Indonesian Social Security in the Jakarta area and model that can describe those factors Authors distributing questioners to 193 respondents and perform data processing. The result of this study is to know the factors that influence the behavior of use Personal Service E-Balance Indonesian Social Security and model that can describe those factors. The result shows that UTAUT 2 model is not match with this research and need to be enhanced. After enhancement, there are 3 factors that being significant. Such as Behavioral Intention, Effort Expectancy and Social Influence while the others are not supported and need to be customize.

  13. Securing services in the cloud: an investigation of the threats and the mitigations

    Science.gov (United States)

    Farroha, Bassam S.; Farroha, Deborah L.

    2012-05-01

    The stakeholder's security concerns over data in the clouds (Voice, Video and Text) are a real concern to DoD, the IC and private sector. This is primarily due to the lack of physical isolation of data when migrating to shared infrastructure platforms. The security concerns are related to privacy and regulatory compliance required in many industries (healthcare, financial, law enforcement, DoD, etc) and the corporate knowledge databases. The new paradigm depends on the service provider to ensure that the customer's information is continuously monitored and is kept available, secure, access controlled and isolated from potential adversaries.

  14. Department of Defense Strategic and Business Case Analyses for Commercial Products in Secure Mobile Computing

    Science.gov (United States)

    2011-06-01

    Solicitation / Modification of Contract. Fort Meade: National Security Agency. Mankiw , N. G. (2006). Essentials of Economics , 4 th Ed. Mason, OH: South...for current smartphone implementations. Results indicate growing strategic opportunities for the DoD to acquire more economical commercial handsets...opportunities for the DoD to acquire more economical commercial handsets and more flexible network services. The business cases may potentially save

  15. 76 FR 60112 - Consent Based Social Security Number Verification (CBSV) Service

    Science.gov (United States)

    2011-09-28

    ... protect the public's information. In addition to the benefit of providing high volume, centralized SSN verification services to the business community in a secure manner, CBSV provides us with cost and workload management benefits. New Information: To use CBSV, interested parties must pay a one- time non-refundable...

  16. DTIC Review: Biometric Security

    National Research Council Canada - National Science Library

    2007-01-01

    ...: Biometrics, the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits, is a critical tool used in law enforcement, computer security and homeland defense...

  17. Risk Assessment Using The Homeland-Defense Operational Planning System (HOPS)

    International Nuclear Information System (INIS)

    Durling, R L; Price, D E; Spero, K K

    2005-01-01

    For over ten years, the Counterproliferation Analysis and Planning System (CAPS) at Lawrence Livermore National Laboratory (LLNL) has been a planning tool used by U.S. combatant commands for mission support planning against foreign programs engaged in the manufacture of weapons of mass destruction (WMD). CAPS is endorsed by the Secretary of Defense as the preferred counterproliferation tool to be used by the nation's armed services. A sister system, the Homeland-Defense Operational Planning System (HOPS), is a new operational planning tool leveraging CAPS expertise designed to support the defense of the U.S. homeland. HOPS provides planners with a basis to make decisions to protect against acts of terrorism, focusing on the defense of facilities critical to U.S. infrastructure. Criticality of facilities, structures, and systems is evaluated on a composite matrix of specific projected casualty, economic, and sociopolitical impact bins. Based on these criteria, significant unidentified vulnerabilities are identified and secured. To provide insight into potential successes by malevolent actors, HOPS analysts strive to base their efforts mainly on unclassified open-source data. However, more cooperation is needed between HOPS analysts and facility representatives to provide an advantage to those whose task is to defend these facilities. Evaluated facilities include: refineries, major ports, nuclear power plants and other nuclear licensees, dams, government installations, convention centers, sports stadiums, tourist venues, and public and freight transportation systems. A generalized summary of analyses of U.S. infrastructure facilities will be presented

  18. Homeland security and public health: role of the Department of Veterans Affairs, the US Department of Homeland Security, and implications for the public health community.

    Science.gov (United States)

    Koenig, Kristi L

    2003-01-01

    The terrorist attacks of 11 September 2001 led to the largest US Government transformation since the formation of the Department of Defense following World War II. More than 22 different agencies, in whole or in part, and >170,000 employees were reorganized to form a new Cabinet-level Department of Homeland Security (DHS), with the primary mission to protect the American homeland. Legislation enacted in November 2002 transferred the entire Federal Emergency Management Agency and several Department of Health and Human Services (HHS) assets to DHS, including the Office of Emergency Response, and oversight for the National Disaster Medical System, Strategic National Stockpile, and Metropolitan Medical Response System. This created a potential separation of "health" and "medical" assets between the DHS and HHS. A subsequent presidential directive mandated the development of a National Incident Management System and an all-hazard National Response Plan. While no Department of Veterans Affairs (VA) assets were targeted for transfer, the VA remains the largest integrated healthcare system in the nation with important support roles in homeland security that complement its primary mission to provide care to veterans. The Emergency Management Strategic Healthcare Group (EMSHG) within the VA's medical component, the Veteran Health Administration (VHA), is the executive agent for the VA's Fourth Mission, emergency management. In addition to providing comprehensive emergency management services to the VA, the EMSHG coordinates medical back-up to the Department of Defense, and assists the public via the National Disaster Medical System and the National Response Plan. This article describes the VA's role in homeland security and disasters, and provides an overview of the ongoing organizational and operational changes introduced by the formation of the new DHS. Challenges and opportunities for public health are highlighted.

  19. OpenID Connect as a security service in cloud-based medical imaging systems.

    Science.gov (United States)

    Ma, Weina; Sartipi, Kamran; Sharghigoorabi, Hassan; Koff, David; Bak, Peter

    2016-04-01

    The evolution of cloud computing is driving the next generation of medical imaging systems. However, privacy and security concerns have been consistently regarded as the major obstacles for adoption of cloud computing by healthcare domains. OpenID Connect, combining OpenID and OAuth together, is an emerging representational state transfer-based federated identity solution. It is one of the most adopted open standards to potentially become the de facto standard for securing cloud computing and mobile applications, which is also regarded as "Kerberos of cloud." We introduce OpenID Connect as an authentication and authorization service in cloud-based diagnostic imaging (DI) systems, and propose enhancements that allow for incorporating this technology within distributed enterprise environments. The objective of this study is to offer solutions for secure sharing of medical images among diagnostic imaging repository (DI-r) and heterogeneous picture archiving and communication systems (PACS) as well as Web-based and mobile clients in the cloud ecosystem. The main objective is to use OpenID Connect open-source single sign-on and authorization service and in a user-centric manner, while deploying DI-r and PACS to private or community clouds should provide equivalent security levels to traditional computing model.

  20. The Trump Administrations March 2017 Defense Budget Proposals: Frequently Asked Questions

    Science.gov (United States)

    2017-04-03

    The Trump Administration’s March 2017 Defense Budget Proposals: Frequently Asked Questions Pat Towell Specialist in U.S. Defense Policy and...Budget Lynn M. Williams Analyst in U.S. Defense Budget Policy April 3, 2017 Congressional Research Service 7-5700 www.crs.gov R44806 The Trump ...8 The Trump Administration’s March 2017 Defense Budget Proposals: FAQs Congressional Research Service 1 Introduction On

  1. 48 CFR 252.239-7016 - Telecommunications security equipment, devices, techniques, and services.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 3 2010-10-01 2010-10-01 false Telecommunications... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions And Clauses 252.239-7016 Telecommunications... clause: Telecommunications Security Equipment, Devices, Techniques, and Services (DEC 1991) (a...

  2. Defense Science Board Task Force on Mobility

    National Research Council Canada - National Science Library

    Tuttle, Jr, William G

    2005-01-01

    .... national security objectives as it is today. Both the 2001 and 2005 National Defense Strategy objectives place greater emphasis than in the past on the nation's worldwide commitments, increasing the demand for responsive forces capable...

  3. Multi-Level Secure Local Area Network

    OpenAIRE

    Naval Postgraduate School (U.S.); Center for Information Systems Studies Security and Research (CISR)

    2011-01-01

    Multi-Level Secure Local Area Network is a cost effective, multi-level, easy to use office environment leveraging existing high assurance technology. The Department of Defense and U.S. Government have an identified need to securely share information classified at differing security levels. Because there exist no commercial solutions to this problem, NPS is developing a MLS LAN. The MLS LAN extends high assurance capabilities of an evaluated multi-level secure system to commercial personal com...

  4. 17 CFR 249.250 - Form F-X, for appointment of agent for service of process by issuers registering securities on...

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Form F-X, for appointment of agent for service of process by issuers registering securities on Form F-8, F-9, F-10 or F-80 (§ 239.38... F-X, for appointment of agent for service of process by issuers registering securities on Form F-8...

  5. Gross anatomy of network security

    Science.gov (United States)

    Siu, Thomas J.

    2002-01-01

    Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

  6. Using secure web services to visualize poison center data for nationwide biosurveillance: a case study.

    Science.gov (United States)

    Savel, Thomas G; Bronstein, Alvin; Duck, William; Rhodes, M Barry; Lee, Brian; Stinn, John; Worthen, Katherine

    2010-01-01

    Real-time surveillance systems are valuable for timely response to public health emergencies. It has been challenging to leverage existing surveillance systems in state and local communities, and, using a centralized architecture, add new data sources and analytical capacity. Because this centralized model has proven to be difficult to maintain and enhance, the US Centers for Disease Control and Prevention (CDC) has been examining the ability to use a federated model based on secure web services architecture, with data stewardship remaining with the data provider. As a case study for this approach, the American Association of Poison Control Centers and the CDC extended an existing data warehouse via a secure web service, and shared aggregate clinical effects and case counts data by geographic region and time period. To visualize these data, CDC developed a web browser-based interface, Quicksilver, which leveraged the Google Maps API and Flot, a javascript plotting library. Two iterations of the NPDS web service were completed in 12 weeks. The visualization client, Quicksilver, was developed in four months. This implementation of web services combined with a visualization client represents incremental positive progress in transitioning national data sources like BioSense and NPDS to a federated data exchange model. Quicksilver effectively demonstrates how the use of secure web services in conjunction with a lightweight, rapidly deployed visualization client can easily integrate isolated data sources for biosurveillance.

  7. 77 FR 11495 - Renewal of Department of Defense Federal Advisory Committees

    Science.gov (United States)

    2012-02-27

    ... management, curricula, and methods of instructions, facilities, and other matters of interest. The Secretary... more than 10 members, who are eminent authorities in the fields of academia, business, national defense and security, the defense industry, and research and analysis. Not less than 50 percent of Board...

  8. Security and privacy in billing services in cloud computing

    OpenAIRE

    Μακρή, Ελένη - Λασκαρίνα

    2013-01-01

    The purpose of this master thesis is to define cloud computing and to introduce its basic principles. Firstly, the history of cloud computing will be briefly discussed, starting from the past and ending up to the current and future situation. Furthermore, the most important characteristics of cloud computing, such as security, privacy and cost, will be analyzed. Moreover the three service and three deployment models of cloud computing will be defined and analyzed with examples. Finally, the a...

  9. Department of Defense (DOD) Military Casualty/Wounded Warrior

    Data.gov (United States)

    Social Security Administration — SSA initiated this agreement with the Department of Defense (DOD) to transmit to SSA information that will identify military personnel injured or taken ill while in...

  10. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1993-06-01

    This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

  11. The design about the intrusion defense system for IHEP

    International Nuclear Information System (INIS)

    Liu Baoxu; Xu Rongsheng; Yu Chuansong; Wu Chunzhen

    2003-01-01

    With the development of network technologies, limitations on traditional methods of network security protection are becoming more and more obvious. An individual network security product or the simple combination of several products can hardly complete the goal of keeping from hackers' intrusion. Therefore, on the basis of the analyses about the security problems of IHEPNET which is an open and scientific research network, the author designs an intrusion defense system especially for IHEPNET

  12. Multitasking antimicrobial peptides, plant development, and host defense against biotic/abiotic stress

    Science.gov (United States)

    Crop losses due to pathogens are a major threat to global food security. Plants employ a multilayer defense system against pathogens including use of physical barriers (cell wall), induction of hypersensitive defense response (HR), resistance (R) proteins, and synthesis of antimicrobial peptides (AM...

  13. T-Check in Technologies for Interoperability: Web Services and Security--Single Sign-On

    National Research Council Canada - National Science Library

    Wrage, Lutz; Simanta, Soumya; Lewis, Grace A; Jaspan, Saul

    2007-01-01

    .... This technical note presents the results of applying the T-Check approach in an initial investigation of two Web services standards, WS-Security and SAML, to create an SSO solution that works inside...

  14. Oral health service utilization by elderly beneficiaries of the Mexican Institute of Social Security in México city

    Directory of Open Access Journals (Sweden)

    Solórzano-Santos Fortino

    2007-12-01

    Full Text Available Abstract Background The aging population poses a challenge to Mexican health services. The aim of this study is to describe recent oral health services utilization and its association with socio-demographic characteristics and co-morbidity in Mexican Social Security beneficiaries 60 years and older. Methods A sample of 700 individuals aged 60+ years was randomly chosen from the databases of the Mexican Institute of Social Security (IMSS. These participants resided in the southwest of Mexico City and made up the final sample of a cohort study for identifying risk factors for root caries in elderly patients. Sociodemographic variables, presence of cognitive decline, depression, morbidity, medication consumption, and utilization of as well as reasons for seeking oral health services within the past 12 months were collected through a questionnaire. Clinical oral assessments were carried out to determine coronal and root caries experience. Results The sample consisted of 698 individuals aged 71.6 years on average, of whom 68.3% were women. 374 participants (53.6% had made use of oral health services within the past 12 months. 81% of those who used oral health services sought private medical care, 12.8% sought social security services, and 6.2% public health services. 99.7% had experienced coronal caries and 44.0% root caries. Female sex (OR = 2.0, 6 years' schooling or less (OR = 1.4, and caries experience in more than 22 teeth (OR = 0.6 are factors associated with the utilization of these services. Conclusion About half the elderly beneficiaries of social security have made use of oral health services within the past 12 months, and many of them have to use private services. Being a woman, having little schooling, and low caries experience are factors associated with the use of these services.

  15. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  16. 5 CFR 3601.102 - Designation of separate agency components.

    Science.gov (United States)

    2010-01-01

    ... Service; (8) Defense Information Systems Agency; (9) Defense Intelligence Agency; (10) Defense Logistics Agency; (11) Defense Security Service; (12) Defense Threat Reduction Agency; (13) National Imagery and... outside sources and 5 CFR 2635.807 governing teaching, speaking and writing: (1) Armed Services Board of...

  17. The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures

    DEFF Research Database (Denmark)

    Armando, Alessandro; Arsac, Wihem; Avanesov, Tigran

    2012-01-01

    The AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our...

  18. The Impact of Civilian Control on Contemporary Defense Planning Systems: Challenges for South East Europe

    Science.gov (United States)

    2011-03-01

    Long-Term Defense Planning,” Information and Security: An International Journal 23, no. 1 (2009): 62-72; and Nicu Ionel Sava, Western (NATO/PfP...questionable relevance elsewhere in the world.” Huntington advanced his notions of “objective” and “subjective” control explicitly around the...chamber committees for defense: Public Order Committee and National Security Committee. These two discuss the proposals advanced by the government. Then

  19. NATO Advanced Study Institute on Laser Control & Monitoring in New Materials, Biomedicine, Environment, Security & Defense

    CERN Document Server

    Hall, Trevor J; Paredes, Sofia A; Extreme Photonics & Applications

    2010-01-01

    "Extreme Photonics & Applications" arises from the 2008 NATO Advanced Study Institute in Laser Control & Monitoring in New Materials, Biomedicine, Environment, Security and Defense. Leading experts in the manipulation of light offered by recent advances in laser physics and nanoscience were invited to give lectures in their fields of expertise and participate in discussions on current research, applications and new directions. The sum of their contributions to this book is a primer for the state of scientific knowledge and the issues within the subject of photonics taken to the extreme frontiers: molding light at the ultra-finest scales, which represents the beginning of the end to limitations in optical science for the benefit of 21st Century technological societies. Laser light is an exquisite tool for physical and chemical research. Physicists have recently developed pulsed lasers with such short durations that one laser shot takes the time of one molecular vibration or one electron rotation in an ...

  20. 77 FR 63356 - Excepted Service

    Science.gov (United States)

    2012-10-16

    ... Office of the Secretary of Defense and the Departments of the Army, Navy, and Air Force)-- (10) Temporary... (Asian and Secretary of Pacific Security Defense (East Affairs). Asia). Office of the Special Assistant... Defense (Central Affairs). Asia). Small Business Administration... Office of Field Regional SB090060 8/10...

  1. Global water risks and national security: Building resilience (Invited)

    Science.gov (United States)

    Pulwarty, R. S.

    2013-12-01

    The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere

  2. The Market Value of Information System (IS) Security: An Event Study of E-Banking Service Providers

    Science.gov (United States)

    Brock, Linda

    2012-01-01

    Understanding the financial value resulting from IS security investments is critically important to organizations focused on protecting service confidentiality, integrity, and availability in order to preserve firm revenues and reputations. Quantifying the financial effect from IS security investments is difficult to derive. This study…

  3. Defense AT&L. Volume 44, Number 4

    Science.gov (United States)

    2015-08-01

    integrated web applications. These apps will share the same map engine, chat function, and secure underlying data, decreasing training time for soldiers...security challenges. Revital - izing technology innovation must be at the forefront of this strategy in order to answer President Obama’s call to action...workforce will have available a num- ber of tools on business. defense.gov/ apps —a man- agement system to track performance and goaling. Buying

  4. ATM security via "Stargate" solution

    OpenAIRE

    Hensley, Katrina; Ludden, Fredrick

    1999-01-01

    Approved for public release, distribution unlimited. In today's world of integrating voice, video and data into a single network, Asynchronous Transfer Mode (ATM) networks have become prevalent in the Department of Defense. The Department of Defense's critical data will have to pass through public networks, which causes concern for security. This study presents an efficient solution aimed at authenticating communications over public ATM networks. The authenticating device, Stargate, utiliz...

  5. 32 CFR 1602.17 - Military service.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Military service. 1602.17 Section 1602.17 National Defense Other Regulations Relating to National Defense SELECTIVE SERVICE SYSTEM DEFINITIONS § 1602.17 Military service. The term military service includes service in the Army, the Navy, the Air Force...

  6. IPTV Service Framework Based on Secure Authentication and Lightweight Content Encryption for Screen-Migration in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Aymen Abdullah Alsaffar

    2015-01-01

    Full Text Available These days, the advancing of smart devices (e.g. smart phones, tablets, PC, etc. capabilities and the increase of internet bandwidth enables IPTV service provider to extend their services to smart mobile devices. User can just receive their IPTV service using any smart devices by accessing the internet via wireless network from anywhere anytime in the world which is convenience for users. However, wireless network communication has well a known critical security threats and vulnerabilities to user smart devices and IPTV service such as user identity theft, reply attack, MIM attack, and so forth. A secure authentication for user devices and multimedia protection mechanism is necessary to protect both user devices and IPTV services. As result, we proposed framework of IPTV service based on secure authentication mechanism and lightweight content encryption method for screen-migration in Cloud computing. We used cryptographic nonce combined with user ID and password to authenticate user device in any mobile terminal they passes by. In addition we used Lightweight content encryption to protect and reduce the content decode overload at mobile terminals. Our proposed authentication mechanism reduces the computational processing by 30% comparing to other authentication mechanism and our lightweight content encryption reduces encryption delay to 0.259 second.

  7. Defense Contract Management Command Capitalization of Fixed Assets

    National Research Council Canada - National Science Library

    Young, Shelton

    1997-01-01

    The audit objective was to determine whether the Defense Logistics Agency and the Defense Finance and Accounting Service had implemented effective management control procedures and complied with laws...

  8. 32 CFR 806b.12 - Requesting the Social Security Number.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Requesting the Social Security Number. 806b.12... Number. When asking an individual for his or her Social Security Number, always give a Privacy Act... Social Security Number; and whether providing the Social Security Number is voluntary or mandatory. Do...

  9. 32 CFR 637.20 - Security surveillance systems.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 4 2010-07-01 2010-07-01 true Security surveillance systems. 637.20 Section 637... ENFORCEMENT AND CRIMINAL INVESTIGATIONS MILITARY POLICE INVESTIGATION Investigations § 637.20 Security surveillance systems. Closed circuit video recording systems, to include those with an audio capability, may be...

  10. OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN

    Directory of Open Access Journals (Sweden)

    Biao Han

    2018-01-01

    Full Text Available Distributed Denial of Service (DDoS attacks are one of the biggest concerns for security professionals. Traditional middle-box based DDoS attack defense is lack of network-wide monitoring flexibility. With the development of software-defined networking (SDN, it becomes prevalent to exploit centralized controllers to defend against DDoS attacks. However, current solutions suffer with serious southbound communication overhead and detection delay. In this paper, we propose a cross-plane DDoS attack defense framework in SDN, called OverWatch, which exploits collaborative intelligence between data plane and control plane with high defense efficiency. Attack detection and reaction are two key procedures of the proposed framework. We develop a collaborative DDoS attack detection mechanism, which consists of a coarse-grained flow monitoring algorithm on the data plane and a fine-grained machine learning based attack classification algorithm on the control plane. We propose a novel defense strategy offloading mechanism to dynamically deploy defense applications across the controller and switches, by which rapid attack reaction and accurate botnet location can be achieved. We conduct extensive experiments on a real-world SDN network. Experimental results validate the efficiency of our proposed OverWatch framework with high detection accuracy and real-time DDoS attack reaction, as well as reduced communication overhead on SDN southbound interface.

  11. Parliamentary control of security information agency in terms of security culture: State and problems

    Directory of Open Access Journals (Sweden)

    Radivojević Nenad

    2013-01-01

    Full Text Available Even though security services have the same function as before, today they have different tasks and significantly more work than before. Modern security problems of the late 20th and early 21st century require states to reorganize their security services, adapting them to the new changes. The reorganization involves, among other things, giving wider powers of the security services, in order to effectively counter the growing and sophisticated security threats, which may also lead to violations of human rights and freedoms. It is therefore necessary to define the right competence, organization, authority and control of these services. In democratic countries, there are several institutions with different levels of control of security services. Parliament is certainly one of the most important institutions in that control, both in the world and in our country. Powers, finance, the use of special measures and the nature and scope of work of the Security Information Agency are certainly object of the control of the National Assembly. What seems to be the problem is achieving a balance between the need for control of security services and security services to have effective methods for combating modern security problems. This paper presents the legal framework related to the National Assembly control of the Security Intelligence Agency, as well as the practical problems associated with this type of control. We analyzed the role of security culture as one of the factors of that control. In this regard, it provides guidance for the practical work of the members of parliament who control the Security Intelligence Agency, noting in particular the importance of and the need for continuous improvement of security culture representatives.

  12. INSTITUTIONAL BASIS OF MANAGEMENT AND EVALUATION OF UKRAINIAN DEFENSE LANDS

    Directory of Open Access Journals (Sweden)

    Garazhа Y.P

    2017-02-01

    Full Text Available The management and evaluation of defense land was revealed in the article. Specific institution is the military institutе in the institutional framework for defense land. A special regime and zoning, evaluation, payment and exclusion conditions were established for these lands. The market economy has changed the land-property relations in the country. Lands for defense used only in the framework that established the state. Recently there was a tendency of land release this subcategory. This has led to their misuse, belonging to other owners. The research problem consists of the setting clear boundaries of defense land and legal regulation mechanisms of land relations. Public ownership rights applies only to the defense lands. They are located only in the state ownership. The subject is the state that implements ownership (right to possess, use and dispose of the lands of Defense. It ensures the defense of the country and territory for military sites, airfields, parts, ammunition depots. Functional use of defense land is divided into public (military schools, socio-cultural (health centers, recreation centers, industrial (military and industrial objects, residential (cantonment, commercial (commissary, special (military installations, transport ( carpark, bridges, engineering (antennas, radars, storage (defense deport. The land for military unit were given for permanent use with the justification of the project design documentation sizes. The military part of the land for permanent use with the justification sizes by the project design documentation. Safety, security and other areas are created around military and other defense installations. There are restricted areas, prohibited areas. They have a special regime. Reform of the Armed Forces of Ukraine, the State Special Transport Service leads to the release of land and real estate. Reform of the Armed Forces of Ukraine, the State Special Transport Service leads to the release of land and real

  13. The Evolution of European Security: From Confrontation to Cooperation

    Science.gov (United States)

    2013-03-01

    Vasconcelos , (Paris: The European Union Institute for Security Studies, 2009), 41. 60 Ibid. 61 European Union Home Page, “Common Security and...of ESDP,” in What Ambitions for European Defense in 2020?, 2nd ed., ed. Álvaro de Vasconcelos (Paris: The European Union Institute for Security

  14. The Evolution of the Automated Continuous Evaluation System (ACES) for Personnel Security

    Science.gov (United States)

    2013-11-12

    to capture and transmit fingerprints . • Accurate Biometrics , a commercial Livescan fingerprinting provider, also received fingerprints electronically...FOUO). Monterey, CA: Defense Personnel Security Research Center. Herbig, K. L. (2008). Changes in espionage by American citizens , 1947-2007. (Tech...by American citizens , 1947-2001. (Tech. Rep. 02-05). Monterey, CA: Defense Personnel Security Research Center. Heuer, Jr., R. J., Crawford, K. S

  15. Homeland Security: The Department of Defense's Role

    National Research Council Canada - National Science Library

    Bowman, Steve

    2003-01-01

    ...) more closely with federal, state, and local agencies in their homeland security activities. DoD resources are unique in the government, both in their size and capabilities, and can be applied to both deter and respond to terrorist acts...

  16. Twitter, Facebook, and Ten Red Balloons: Social Network Problem Solving and Homeland Security

    OpenAIRE

    Ford, Christopher M.

    2011-01-01

    This article appeared in Homeland Security Affairs (February 2011), v.7 no.1 This essay, the winner of the Center for Homeland Defense and Security (CHDS) Essay Contest in 2010, looks at how homeland security could benefit from crowd-sourced applications accessed through social networking tools such as Twitter and Facebook. Christopher M. Ford looks at the apparent efficacy of two such endeavors: the Defense Advanced Research Projects Agency'۪s (DARPA) competition to find ten 8-foot balloo...

  17. Security Assessment Simulation Toolkit (SAST) Final Report

    Energy Technology Data Exchange (ETDEWEB)

    Meitzler, Wayne D.; Ouderkirk, Steven J.; Hughes, Chad O.

    2009-11-15

    The Department of Defense Technical Support Working Group (DoD TSWG) investment in the Pacific Northwest National Laboratory (PNNL) Security Assessment Simulation Toolkit (SAST) research planted a technology seed that germinated into a suite of follow-on Research and Development (R&D) projects culminating in software that is used by multiple DoD organizations. The DoD TSWG technology transfer goal for SAST is already in progress. The Defense Information Systems Agency (DISA), the Defense-wide Information Assurance Program (DIAP), the Marine Corps, Office Of Naval Research (ONR) National Center For Advanced Secure Systems Research (NCASSR) and Office Of Secretary Of Defense International Exercise Program (OSD NII) are currently investing to take SAST to the next level. PNNL currently distributes the software to over 6 government organizations and 30 DoD users. For the past five DoD wide Bulwark Defender exercises, the adoption of this new technology created an expanding role for SAST. In 2009, SAST was also used in the OSD NII International Exercise and is currently scheduled for use in 2010.

  18. Analisis Teori Offense-Defense Pada Reformasi Kebijakan Pertahanan Jepang Dalam Dinamika Keamanan Di Asia Timur

    Directory of Open Access Journals (Sweden)

    Fadhil Alghifari

    2016-05-01

    Full Text Available This paper will seek to demonstrate how the use of Offense-Defense Theory can best explain the Japan’s new defense reform legislation that enables the country to play a more comprehensive global security role commensurate with its capabilities, resources, national interests, and international responsibilities. Through this offense-defense lens, it will be argued that Japan’s new defense reform legislation is a response to the growing dominance of ‘offensive’ behaviour by the neighbouring countries in East Asia. This paper will then elaborate more about the elements that are used in the offense-defense theory to analyze the ‘offense’ dominance that prompts East Asian states behave aggressively and defensively including Japan. Furthermore, this paper will explain why Japan is currently playing the ‘defensive’ role to counter the growing dominance of ‘offense’ in East Asia through the four variables of offense-defense balance; military doctrine and technology, geographical considerations, social and political order, and diplomatic arrangements. Thus, we will see that Japan holds the key to the offense-defense and security balance in the increasingly hostile environment in East Asia.

  19. Whither a Common Security for Southeast Asia?

    Science.gov (United States)

    1998-06-05

    by China. Even in 1994, the then-Malaysian Defense Minister Najib was careful to play down the security role of ASEAN as he still saw it as being... Razak Baginda. "Southeast Asia and Pacific Regional Security: Towards Multilateralism Amid Uncertainty?" Military Technology (April 1994): 10- 16

  20. Public Key Infrastructure (PKI) Interoperability: A Security Services Approach to Support Transfer of Trust

    National Research Council Canada - National Science Library

    Hansen, Anthony

    1999-01-01

    .... This thesis defines interoperability as the capacity to support trust through retention of security services across PKI domains at a defined level of assurance and examines the elements of PKI...

  1. 48 CFR 232.202-4 - Security for Government financing.

    Science.gov (United States)

    2010-10-01

    ... financing. 232.202-4 Section 232.202-4 Federal Acquisition Regulations System DEFENSE ACQUISITION REGULATIONS SYSTEM, DEPARTMENT OF DEFENSE GENERAL CONTRACTING REQUIREMENTS CONTRACT FINANCING Commercial Item Purchase Financing 232.202-4 Security for Government financing. (a)(2) When determining whether an offeror...

  2. Securing social media in the enterprise

    CERN Document Server

    Dalziel, Henry

    2015-01-01

    Securing Social Media in the Enterprise is a concise overview of the security threats posed by the use of social media sites and apps in enterprise network environments. Social media sites and apps are now a ubiquitous presence within enterprise systems and networks, and are vulnerable to a wide range of digital systems attacks. This brief volume provides security professionals and network systems administrators a much-needed dive into the most current threats, detection techniques, and defenses for these attacks, and provides a roadmap for best practices to secure and manage social media wi

  3. ENTREPRENEURSHIP ECONOMIC SAFETY AND DEVELOPMENT OF SECURITY SERVICES

    Directory of Open Access Journals (Sweden)

    G. V. Goudkov

    2011-01-01

    Full Text Available Successful functioning of the industry that provides for safety of organizations and physical entities exercises strategic impacts on development of society and economics of any state including Russia. Economic safety of Russia is directly linked with economic and information safety of itsbusiness structures. Extension of the scope and use of services offered by experienced state and private security enterprises including licensed individuals is one of most important directions of business safety perfection. Further improvement of Russian legislation on non-governmentalsecurity structures and coordination of their activities with those of state law enforcement bodies is obligatory condition of attaining higherpublic and economic safety levels.

  4. 78 FR 36012 - 30-Day Notice of Proposed Information Collection: Export Declaration of Defense Technical Data or...

    Science.gov (United States)

    2013-06-14

    ... Collection: Export Declaration of Defense Technical Data or Services. OMB Control Number: 1405-0157. Type of... Declaration of Defense Technical Data or Services ACTION: Notice of request for public comment and submission... and brokering of defense articles, defense services and related technical data are licensed by the...

  5. Security in Computer Applications

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

  6. Internet of people, things and services - the convergence of security, trust and privacy

    CSIR Research Space (South Africa)

    Eloff, JHP

    2009-12-01

    Full Text Available The Future Internet will consist of billions of people, things and services having the potential to interact with each other and their environment. This highly interconnected global network structure presents new types of challenges from a security...

  7. Fuzzy assessment of health information system users' security awareness.

    Science.gov (United States)

    Aydın, Özlem Müge; Chouseinoglou, Oumout

    2013-12-01

    Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

  8. Teaching introductory computer security at a Department of Defense university

    OpenAIRE

    Irvine, Cynthia E.

    1997-01-01

    The Naval Postgraduate School Center for Information Systems Security (INFOSEC) Studies and Research (NPS CISR) has developed an instructional program in computer security. Its objective is to insure that students not only understand practical aspects of computer security associated with current technology, but also learn the fundamental principles that can be applied to the development of systems for which high confidence in policy enforcement can be achieved. Introduction to Computer Sec...

  9. Final Report for Bio-Inspired Approaches to Moving-Target Defense Strategies

    Energy Technology Data Exchange (ETDEWEB)

    Fink, Glenn A.; Oehmen, Christopher S.

    2012-09-01

    This report records the work and contributions of the NITRD-funded Bio-Inspired Approaches to Moving-Target Defense Strategies project performed by Pacific Northwest National Laboratory under the technical guidance of the National Security Agency’s R6 division. The project has incorporated a number of bio-inspired cyber defensive technologies within an elastic framework provided by the Digital Ants. This project has created the first scalable, real-world prototype of the Digital Ants Framework (DAF)[11] and integrated five technologies into this flexible, decentralized framework: (1) Ant-Based Cyber Defense (ABCD), (2) Behavioral Indicators, (3) Bioinformatic Clas- sification, (4) Moving-Target Reconfiguration, and (5) Ambient Collaboration. The DAF can be used operationally to decentralize many such data intensive applications that normally rely on collection of large amounts of data in a central repository. In this work, we have shown how these component applications may be decentralized and may perform analysis at the edge. Operationally, this will enable analytics to scale far beyond current limitations while not suffering from the bandwidth or computational limitations of centralized analysis. This effort has advanced the R6 Cyber Security research program to secure digital infrastructures by developing a dynamic means to adaptively defend complex cyber systems. We hope that this work will benefit both our client’s efforts in system behavior modeling and cyber security to the overall benefit of the nation.

  10. 75 FR 17903 - Federal Advisory Committee; Defense Health Board (DHB) Meeting

    Science.gov (United States)

    2010-04-08

    ..., VA 22204. The June 9 meeting will be held at the Industrial College of the Armed Forces, Fort McNair... to the Board: Department of Defense Task Force on the Prevention of Suicide by Members of the Armed.... 552b, as amended, and 41 CFR 102-3.155, in the interest of national security, the Department of Defense...

  11. Enabling private and public sector organizations as agents of homeland security

    Science.gov (United States)

    Glassco, David H. J.; Glassco, Jordan C.

    2006-05-01

    Homeland security and defense applications seek to reduce the risk of undesirable eventualities across physical space in real-time. With that functional requirement in mind, our work focused on the development of IP based agent telecommunication solutions for heterogeneous sensor / robotic intelligent "Things" that could be deployed across the internet. This paper explains how multi-organization information and device sharing alliances may be formed to enable organizations to act as agents of homeland security (in addition to other uses). Topics include: (i) using location-aware, agent based, real-time information sharing systems to integrate business systems, mobile devices, sensor and actuator based devices and embedded devices used in physical infrastructure assets, equipment and other man-made "Things"; (ii) organization-centric real-time information sharing spaces using on-demand XML schema formatted networks; (iii) object-oriented XML serialization as a methodology for heterogeneous device glue code; (iv) how complex requirements for inter / intra organization information and device ownership and sharing, security and access control, mobility and remote communication service, tailored solution life cycle management, service QoS, service and geographic scalability and the projection of remote physical presence (through sensing and robotics) and remote informational presence (knowledge of what is going elsewhere) can be more easily supported through feature inheritance with a rapid agent system development methodology; (v) how remote object identification and tracking can be supported across large areas; (vi) how agent synergy may be leveraged with analytics to complement heterogeneous device networks.

  12. Department of Defense: Observations on the National Industrial Security Program

    National Research Council Canada - National Science Library

    Barr, Ann C; Denomme, Thomas J; Booth, Brandon; Krump, John; Sloan, Karen; Slodkowski, Lillian; Sterling, Suzanne

    2008-01-01

    .... In terms of facility oversight, DSS maintained files on contractor facilities security programs and their security violations, but it did not analyze this information to determine, for example...

  13. Vulnerability And Risk Assessment Using The Homeland-Defense Operational Planning System (HOPS)

    International Nuclear Information System (INIS)

    Durling, R.L. Jr.; Price, D.E.; Spero, K.K.

    2005-01-01

    For over ten years, the Counterproliferation Analysis and Planning System (CAPS) at Lawrence Livermore National Laboratory (LLNL) has been a planning tool used by U.S. combatant commands for mission support planning against foreign programs engaged in the manufacture of weapons of mass destruction (WMD). CAPS is endorsed by the Secretary of Defense as the preferred counterproliferation tool to be used by the nation's armed services. A sister system, the Homeland-Defense Operational Planning System (HOPS), is a new operational planning tool leveraging CAPS expertise designed to support the defense of the U.S. homeland. HOPS provides planners with a basis to make decisions to protect against acts of terrorism, focusing on the defense of facilities critical to U.S. infrastructure. Criticality of facilities, structures, and systems is evaluated on a composite matrix of specific projected casualty, economic, and sociopolitical impact bins. Based on these criteria, significant unidentified vulnerabilities are identified and secured. To provide insight into potential successes by malevolent actors, HOPS analysts strive to base their efforts mainly on unclassified open-source data. However, more cooperation is needed between HOPS analysts and facility representatives to provide an advantage to those whose task is to defend these facilities. Evaluated facilities include: refineries, major ports, nuclear power plants and other nuclear licensees, dams, government installations, convention centers, sports stadiums, tourist venues, and public and freight transportation systems. A generalized summary of analyses of U.S. infrastructure facilities is presented

  14. Research on Network Defense Strategy Based on Honey Pot Technology

    Science.gov (United States)

    Hong, Jianchao; Hua, Ying

    2018-03-01

    As a new network security technology of active defense, The honeypot technology has become a very effective and practical method of decoy attackers. The thesis discusses the theory, structure, characteristic, design and implementation of Honeypot in detail. Aiming at the development of means of attack, put forward a kind of network defense technology based on honeypot technology, constructing a virtual Honeypot demonstrate the honeypot’s functions.

  15. Cloud security mechanisms

    OpenAIRE

    2014-01-01

    Cloud computing has brought great benefits in cost and flexibility for provisioning services. The greatest challenge of cloud computing remains however the question of security. The current standard tools in access control mechanisms and cryptography can only partly solve the security challenges of cloud infrastructures. In the recent years of research in security and cryptography, novel mechanisms, protocols and algorithms have emerged that offer new ways to create secure services atop cloud...

  16. Privacy and security in teleradiology

    International Nuclear Information System (INIS)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  17. Privacy and security in teleradiology

    Energy Technology Data Exchange (ETDEWEB)

    Ruotsalainen, Pekka [National Institute for Health and Welfare, Helsinki (Finland)], E-mail: pekka.ruotsalainen@THL.fi

    2010-01-15

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  18. Developing the Cyber Defenders of Tomorrow with Regional Collegiate Cyber Defense Competitions (CCDC)

    Science.gov (United States)

    Carlin, Anna; Manson, Daniel P.; Zhu, Jake

    2010-01-01

    With the projected higher demand for Network Systems Analysts and increasing computer crime, network security specialists are an organization's first line of defense. The principle function of this paper is to provide the evolution of Collegiate Cyber Defense Competitions (CCDC), event planning required, soliciting sponsors, recruiting personnel…

  19. Public Key Infrastructure (PKI) Interoperability: A Security Services Approach to Support Transfer of Trust

    National Research Council Canada - National Science Library

    Hansen, Anthony

    1999-01-01

    Public key infrastructure (PKI) technology is at a primitive stage characterized by deployment of PKIs that are engineered to support the provision of security services within individual enterprises, and are not able to support...

  20. The effects of workforce-shaping tools on retirement: the case of the Department of Defense civil service.

    Science.gov (United States)

    Asch, Beth J; Haider, Steven J; Zissimopoulos, Julie M

    2009-11-01

    Apriority area for the public health workforce research agenda is the study of the public health labor market and how wages and benefits affect workforce outcomes, including recruiting, retention, and retirement. This study provides an example of such a study for the Department of Defense civil service workforce. We analyze the financial incentives to retire that are specifically embedded in the retirement system and how different workforce-shaping policies would affect these incentives. The study then uses a recently estimated model of the effects of financial incentives on retirement behavior among defense civilians to predict how these workforce-shaping tools would affect retirement behavior. We find that buyouts, retention incentives, and other workforce-shaping tools have a sizable effect on predicted retirement behavior and therefore, could be useful policies to help manage retirement outflows.

  1. DoD Identity Matching Engine for Security and Analysis (IMESA) Access to Criminal Justice Information (CJI) and Terrorist Screening Databases (TSDB)

    Science.gov (United States)

    2016-05-04

    Department of Defense INSTRUCTION NUMBER 5525.19 May 4, 2016 USD(P&R) SUBJECT: DoD Identity Matching Engine for Security and Analysis...DoD Identity Management Capability Enterprise Services Application (IMESA) Access to FBI National Crime Information Center (NCIC) Files,” April 22...Coordinates with: (1) The USD(I) for oversight and maintenance responsibilities, and for changes to digital DoD personnel identity data and

  2. Analyzing Comprehensive QoS with Security Constraints for Services Composition Applications in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Naixue Xiong

    2014-12-01

    Full Text Available Services composition is fundamental to software development in multi-service wireless sensor networks (WSNs. The quality of service (QoS of services composition applications (SCAs are confronted with severe challenges due to the open, dynamic, and complex natures of WSNs. Most previous research separated various QoS indices into different fields and studied them individually due to the computational complexity. This approach ignores the mutual influence between these QoS indices, and leads to a non-comprehensive and inaccurate analysis result. The universal generating function (UGF shows the speediness and precision in QoS analysis. However, only one QoS index at a time can be analyzed by the classic UGF. In order to efficiently analyze the comprehensive QoS of SCAs, this paper proposes an improved UGF technique—vector universal generating function (VUGF—which considers the relationship between multiple QoS indices, including security, and can simultaneously analyze multiple QoS indices. The numerical examples demonstrate that it can be used for the evaluation of the comprehensive QoS of SCAs subjected to the security constraint in WSNs. Therefore, it can be effectively applied to the optimal design of multi-service WSNs.

  3. Analyzing comprehensive QoS with security constraints for services composition applications in wireless sensor networks.

    Science.gov (United States)

    Xiong, Naixue; Wu, Zhao; Huang, Yannong; Xu, Degang

    2014-12-01

    Services composition is fundamental to software development in multi-service wireless sensor networks (WSNs). The quality of service (QoS) of services composition applications (SCAs) are confronted with severe challenges due to the open, dynamic, and complex natures of WSNs. Most previous research separated various QoS indices into different fields and studied them individually due to the computational complexity. This approach ignores the mutual influence between these QoS indices, and leads to a non-comprehensive and inaccurate analysis result. The universal generating function (UGF) shows the speediness and precision in QoS analysis. However, only one QoS index at a time can be analyzed by the classic UGF. In order to efficiently analyze the comprehensive QoS of SCAs, this paper proposes an improved UGF technique-vector universal generating function (VUGF)-which considers the relationship between multiple QoS indices, including security, and can simultaneously analyze multiple QoS indices. The numerical examples demonstrate that it can be used for the evaluation of the comprehensive QoS of SCAs subjected to the security constraint in WSNs. Therefore, it can be effectively applied to the optimal design of multi-service WSNs.

  4. A Multilevel Secure Workflow Management System

    National Research Council Canada - National Science Library

    Kang, Myong H; Froscher, Judith N; Sheth, Amit P; Kochut, Krys J; Miller, John A

    1999-01-01

    The Department of Defense (DoD) needs multilevel secure (MLS) workflow management systems to enable globally distributed users and applications to cooperate across classification levels to achieve mission critical goals...

  5. CLOUD SECURITY AND COMPLIANCE - A SEMANTIC APPROACH IN END TO END SECURITY

    OpenAIRE

    Kalaiprasath, R.; Elankavi, R.; Udayakumar, R.

    2017-01-01

    The Cloud services are becoming an essential part of many organizations. Cloud providers have to adhere to security and privacy policies to ensure their users' data remains confidential and secure. Though there are some ongoing efforts on developing cloud security standards, most cloud providers are implementing a mish-mash of security and privacy controls. This has led to confusion among cloud consumers as to what security measures they should expect from the cloud services, and whether thes...

  6. 75 FR 67697 - Membership of the Performance Review Board

    Science.gov (United States)

    2010-11-03

    ... Projects Agency, Defense Contract Management Agency, Defense Commissary Agency, Defense Security Cooperation Agency, Defense Business Transformation Agency, Defense Legal Services Agency, and Pentagon Force...

  7. Preserving the ABM treaty: a critique of the Reagan Strategic Defense Initiative

    International Nuclear Information System (INIS)

    Drell, S.D.; Farley, P.J.; Holloway, D.

    1984-01-01

    President Reagan's Strategic Defense Initiative (SDI) proposal for long-term research and development on a leak-proof defense capability conflicts with the past 15 years of Soviet-American strategic relations and arms control negotiations. It represents a unilateral change, and will elicit a Soviet response based on how the Soviets think their own security may be affected. Whether the SDI transcends or enhances defense, it raises basic issues involving the US-Soviet strategic relationship. Emphasizing the central bearing of the Anti-Ballistic Missile (ABM) Treaty of 1972 the author reviews these issues and questions about the technical and strategic grounds of the proposal. Three recommendations are to limit the SDI program to a search for scientific possibilities, to consult with the Soviets on the ABM Treaty, and to recognize that the ABM Treaty will enhance security more than the SDI. 58 references

  8. Design and Implementation of a Cyber-Defense Exercise

    OpenAIRE

    Adrian Furtuna

    2010-01-01

    Learning by practice is a very effective way of education in some activity domains, including information security. The article explores this idea by showing how a cyber-defense exercise can be designed and implemented in order to reach its educational goals.

  9. Database Security: What Students Need to Know

    Science.gov (United States)

    Murray, Meg Coffin

    2010-01-01

    Database security is a growing concern evidenced by an increase in the number of reported incidents of loss of or unauthorized exposure to sensitive data. As the amount of data collected, retained and shared electronically expands, so does the need to understand database security. The Defense Information Systems Agency of the US Department of…

  10. The changing face of Hanford security 1990--1994

    International Nuclear Information System (INIS)

    Thielman, J.

    1995-01-01

    The meltdown of the Cold War was a shock to the systems built to cope with it. At the DOE's Hanford Site in Washington State, a world-class safeguards and security system was suddenly out of step with the times. The level of protection for nuclear and classified materials was exceptional. But the cost was high and the defense facilities that funded security were closing down. The defense mission had created an umbrella of security over the sprawling Hanford Site. Helicopters designed to ferry special response teams to any trouble spot on the 1,456 square-kilometer site made the umbrella analogy almost literally true. Facilities were grouped into areas, fenced off like a military base, and entrance required a badge check for everyone. Within the fence, additional rings of protection were set up around security interests or targets. The security was effective, but costly to operate and inconvenient for employees and visitors alike. Moreover, the umbrella meant that virtually all employees needed a security clearance just to get to work, whether they worked on classified or unclassified projects. Clearly, some fundamental rethinking of safeguards and security was needed. The effort to meet that challenge is the story of transition at Hanford and documented here

  11. Privacy and security in teleradiology.

    Science.gov (United States)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. Copyright (c) 2009 Elsevier Ireland Ltd. All rights reserved.

  12. Security Engine Management of Router based on Security Policy

    OpenAIRE

    Su Hyung Jo; Ki Young Kim; Sang Ho Lee

    2007-01-01

    Security management has changed from the management of security equipments and useful interface to manager. It analyzes the whole security conditions of network and preserves the network services from attacks. Secure router technology has security functions, such as intrusion detection, IPsec(IP Security) and access control, are applied to legacy router for secure networking. It controls an unauthorized router access and detects an illegal network intrusion. This paper re...

  13. A Probabilistic Framework for Security Scenarios with Dependent Actions

    NARCIS (Netherlands)

    Kordy, Barbara; Pouly, Marc; Schweizer, Patrick; Albert, Elvira; Sekereinsk, Emil

    2014-01-01

    This work addresses the growing need of performing meaningful probabilistic analysis of security. We propose a framework that integrates the graphical security modeling technique of attack–defense trees with probabilistic information expressed in terms of Bayesian networks. This allows us to perform

  14. Massachusetts Institute of Technology Defense & Arms Control Studies Program

    Science.gov (United States)

    1996-01-01

    security of the nation. The unicorn is the obvious symbol for this box. Even with a two percent of GDP or less defense budget, we will maintain our nuclear...systems is not going away. There are some unicorns in the defense herd and this would be a time to claim to be one. ACTIVITIES AND PERSONNEL Looking...macroeconomics and public finance is advisable. The subjects in the Forces and Force Analysis section will provide sufficient review of the technical

  15. Measuring Stability and Security in Iraq

    National Research Council Canada - National Science Library

    2007-01-01

    This report to Congress, Measuring Stability and Security in Iraq, is submitted pursuant to Section 9010 of the Department of Defense Appropriations Act 2007, Public Law 109-289 as amended by Section...

  16. Security Engineering FY17 Systems Aware Cybersecurity

    Science.gov (United States)

    2017-12-07

    Security Engineering – FY17 Systems Aware Cybersecurity Technical Report SERC-2017-TR-114 December 7 2017 Principal Investigator: Dr...December 7, 2017 Copyright © 2017 Stevens Institute of Technology, Systems Engineering Research Center The Systems Engineering Research Center (SERC...supported, in whole or in part, by the U.S. Department of Defense through the Office of the Assistant Secretary of Defense for Research and Engineering (ASD

  17. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  18. DCT-based cyber defense techniques

    Science.gov (United States)

    Amsalem, Yaron; Puzanov, Anton; Bedinerman, Anton; Kutcher, Maxim; Hadar, Ofer

    2015-09-01

    With the increasing popularity of video streaming services and multimedia sharing via social networks, there is a need to protect the multimedia from malicious use. An attacker may use steganography and watermarking techniques to embed malicious content, in order to attack the end user. Most of the attack algorithms are robust to basic image processing techniques such as filtering, compression, noise addition, etc. Hence, in this article two novel, real-time, defense techniques are proposed: Smart threshold and anomaly correction. Both techniques operate at the DCT domain, and are applicable for JPEG images and H.264 I-Frames. The defense performance was evaluated against a highly robust attack, and the perceptual quality degradation was measured by the well-known PSNR and SSIM quality assessment metrics. A set of defense techniques is suggested for improving the defense efficiency. For the most aggressive attack configuration, the combination of all the defense techniques results in 80% protection against cyber-attacks with PSNR of 25.74 db.

  19. Accounting for Unliquidated Obligations for the Defense Fuel Supply Center

    National Research Council Canada - National Science Library

    1996-01-01

    .... The Defense Finance and Accounting Service (DFAS) Columbus Center, Columbus, Ohio, and the Defense Fuel Supply Center share responsibility for accurate accounting information and financial reporting...

  20. New security and privacy laws require basic changes in professional practice

    Science.gov (United States)

    Sykes, David M.

    2005-09-01

    Everybody knows about HIPAA-but what about GLBA? FIPA? The Patriot Act? Homeland Security? NCLB? FCRA? CASB1? PIPEDA? All of these are recent laws that impact acoustical design. Throw in the American Hospital Association/ASHE and AIA's about-to-be-released ``Guidelines for the Design of Healthcare Facilities'' as well as the redrafting of DCID 6/9 and it looks like time for careful examination of some professional practices relating to security and privacy. Should INCE members join with and endorse the ASA's recently formed Joint TCAA/TCN Subcommittee which aims to fill a policy vacuum in Washington and Ottawa relating to the fundamental protection of citizens' rights to privacy? This group will formulate consistent guidelines to enable federal and state agencies in the US and Canada to enforce and monitor their laws-will their guidelines affect INCE members? Those who advise or give expert testimony to government agencies, defense/security organizations, courts, and large institutions in financial services, healthcare or education likely find themselves in a rapidly shifting landscape and recognize the need to respond with new research and professional practices.

  1. The U.S. Arms Embargo of 1975-1978 and Its Effects on the Development of the Turkish Defense Industry

    Science.gov (United States)

    2014-09-01

    Turkish Defense Industry 15. NUMBER OF PAGES 93 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION...Organization CPI consumer price inflation DIEC Defense Industry Executive Committee DP Democrat Party EEC European Economic Community EOKA...sugar, and flour . With the return of men to their homes after World War I and the Independence War, Turkey experienced a dramatic increase in

  2. 75 FR 65439 - Defense Federal Acquisition Regulation Supplement; Electronic Subcontracting Reporting System

    Science.gov (United States)

    2010-10-25

    ... Accounting Service or Missile Defense Agency. (2) For DoD, the authority to acknowledge receipt or reject... DEPARTMENT OF DEFENSE Defense Acquisition Regulations System 48 CFR Parts 219 and 252 [DFARS Case 2009-D002] Defense Federal Acquisition Regulation Supplement; Electronic Subcontracting Reporting...

  3. The remote security station (RSS)

    International Nuclear Information System (INIS)

    Pletta, J.B.

    1991-01-01

    This paper reports that, as an outgrowth of research into physical security systems, Sandia is investigating robotic technologies for improving physical security performance and flexibility. Robotic systems have the potential to allow more effective utilization of security personnel, especially in scenarios where they might be exposed to harm. They also can supplement fixed site installations where sensors have failed or where transient assets are present. The Remote Security Station (RSS) program for the defense Nuclear Agency is developing a proof-of-principle robotic system which will be used to evaluate the role, and associated cost, of robotic technologies in exterior physical security systems. The RSS consists of three primary elements: a fixed but quickly moveable tripod with intrusion detection sensors and assessment camera; a mobile robotic platform with a functionally identical security module; and a control console which allows an operator to perform security functions and teleoperate the mobile platform

  4. 76 FR 5236 - 60-Day Notice of Proposed Information Collection: Form DS-4071, Export Declaration of Defense...

    Science.gov (United States)

    2011-01-28

    ... Information Collection: Export Declaration of Defense Technical Data or Services. OMB Control Number: 1405... of technology. Abstract of proposed collection: Actual export of defense technical data and defense... DS-4071, Export Declaration of Defense Technical Data or Services; OMB Control Number 1405-0157...

  5. Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

    OpenAIRE

    Hilker, Michael; Schommer, Christoph

    2008-01-01

    Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is disting...

  6. How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

    Science.gov (United States)

    Perry, William G.

    2006-04-01

    One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

  7. Improving Control System Security through the Evaluation of Current Trends in Computer Security Research

    Energy Technology Data Exchange (ETDEWEB)

    Rolston

    2005-03-01

    At present, control system security efforts are primarily technical and reactive in nature. What has been overlooked is the need for proactive efforts, focused on the IT security research community from which new threats might emerge. Evaluating cutting edge IT security research and how it is evolving can provide defenders with valuable information regarding what new threats and tools they can anticipate in the future. Only known attack methodologies can be blocked, and there is a gap between what is known to the general security community and what is being done by cutting edge researchers --both those trying to protect systems and those trying to compromise them. The best security researchers communicate with others in their field; they know what cutting edge research is being done; what software can be penetrated via this research; and what new attack techniques and methodologies are being circulated in the black hat community. Standardization of control system applications, operating systems, and networking protocols is occurring at a rapid rate, following a path similar to the standardization of modern IT networks. Many attack methodologies used on IT systems can be ported over to the control system environment with little difficulty. It is extremely important to take advantage of the lag time between new research, its use on traditional IT networks, and the time it takes to port the research over for use on a control system network. Analyzing nascent trends in IT security and determining their applicability to control system networks provides significant information regarding defense mechanisms needed to secure critical infrastructure more effectively. This work provides the critical infrastructure community with a better understanding of how new attacks might be launched, what layers of defense will be needed to deter them, how the attacks could be detected, and how their impact could be limited.

  8. Specifying Information Security Needs for the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then

  9. Process Control/SCADA system vendor security awareness and security posture.

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Lüders, S.

    2009-01-01

    A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in

  10. Report on the Audit of Screening of Materiel Available in the Defense Reutilization and Marketing Service

    Science.gov (United States)

    1990-06-06

    the Audit of Screening of Materiel Available in the Defense Re utilization and Marketing Service (DRMS) for your information and use. Comments on a draft of this report were considered in preparing the final report. We performed the audit from October 1988 through June 1989. The audit objectives were to evaluate the adequacy and effectiveness of the DoD wholesale inventory management activities’ screening and requisitioning of materiel in the DRMS during the Front End Screening (FES) and Final Asset Screening (FAS)

  11. 17 CFR 269.5 - Form F-X, for appointment of agent for service of process by issuers registering securities on...

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Form F-X, for appointment of agent for service of process by issuers registering securities on Form F-8, F-9, F-10 or F-80 (§§ 239... INDENTURE ACT OF 1939 § 269.5 Form F-X, for appointment of agent for service of process by issuers...

  12. 48 CFR 245.7311-2 - Safety, security, and fire regulations.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 3 2010-10-01 2010-10-01 false Safety, security, and fire regulations. 245.7311-2 Section 245.7311-2 Federal Acquisition Regulations System DEFENSE ACQUISITION... Inventory 245.7311-2 Safety, security, and fire regulations. ...

  13. Virtualization of open-source secure web services to support data exchange in a pediatric critical care research network.

    Science.gov (United States)

    Frey, Lewis J; Sward, Katherine A; Newth, Christopher J L; Khemani, Robinder G; Cryer, Martin E; Thelen, Julie L; Enriquez, Rene; Shaoyu, Su; Pollack, Murray M; Harrison, Rick E; Meert, Kathleen L; Berg, Robert A; Wessel, David L; Shanley, Thomas P; Dalton, Heidi; Carcillo, Joseph; Jenkins, Tammara L; Dean, J Michael

    2015-11-01

    To examine the feasibility of deploying a virtual web service for sharing data within a research network, and to evaluate the impact on data consistency and quality. Virtual machines (VMs) encapsulated an open-source, semantically and syntactically interoperable secure web service infrastructure along with a shadow database. The VMs were deployed to 8 Collaborative Pediatric Critical Care Research Network Clinical Centers. Virtual web services could be deployed in hours. The interoperability of the web services reduced format misalignment from 56% to 1% and demonstrated that 99% of the data consistently transferred using the data dictionary and 1% needed human curation. Use of virtualized open-source secure web service technology could enable direct electronic abstraction of data from hospital databases for research purposes. © The Author 2015. Published by Oxford University Press on behalf of the American Medical Informatics Association. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

  14. Fiscal Year 1985 Congressional budget request. Volume 1. Atomic energy defense activities

    Energy Technology Data Exchange (ETDEWEB)

    1984-02-01

    Contents include: summaries of estimates by appropriation, savings from management initiatives, staffing by subcommittee, staffing appropriation; appropriation language; amounts available for obligation; estimates by major category; program overview; weapons activities; verification and control technology; materials production; defense waste and by-products management; nuclear safeguards and security; security investigations; and naval reactors development.

  15. Integrating Ecosystem Services and Eco-Security to Assess Sustainable Development in Liuqiu Island

    Directory of Open Access Journals (Sweden)

    Han-Shen Chen

    2017-06-01

    Full Text Available Developing sustainable island tourism must be thoroughly evaluated in consideration of ecological, economic, and social factors on account of the fragility of island ecosystems. This study evaluated the ecological footprint (EF and ecological capacity of Liuqiu Island from 2010 to 2015 using the EF model, establishing an indicator to estimate the value of ecosystem service and eco-security. The empirical results include: (1 the overall value of ecosystem service on Liuqiu Island increased from US$3.75 million in 2010 to US$5.11 million in 2015; (2 the total per capita EF considerably increased from 0.5640 gha/person in 2010 to 4.0845 gha/person in 2015; and (3 the ecological footprint index increased from 0.30 in 2010 to 2.28 in 2015. These findings indicate that island tourism recreational zones gradually increased the pressure on its ecosystem, reduced the eco-security level, and severely damaged the environment, thereby threatening the function and structure of the entire ecosystem. The innovations and contributions of this study is integrating ecological footprint and ecosystem services valuation provide insights into sustainability of an island. The theoretical and practical implications identified in this study should contribute to reducing the gap between research and practice.

  16. BOF4WSS : a business-oriented framework for enhancing web services security for e-business

    OpenAIRE

    Nurse, Jason R. C.; Sinclair, Jane

    2009-01-01

    When considering Web services' (WS) use for online business-to-business (B2B) collaboration between companies, security is a complicated and very topical issue. This is especially true with regard to reaching a level of security beyond the technological layer, that is supported and trusted by all businesses involved. With appreciation of this fact, our research draws from established development methodologies to develop a new, business-oriented framework (BOF4WSS) to guide e-businesses in def...

  17. Designing and implementing the logical security framework for e-commerce based on service oriented architecture

    OpenAIRE

    Luhach, Ashish Kr.; Dwivedi, Sanjay K; Jha, C K

    2014-01-01

    Rapid evolution of information technology has contributed to the evolution of more sophisticated E- commerce system with the better transaction time and protection. The currently used E-commerce models lack in quality properties such as logical security because of their poor designing and to face the highly equipped and trained intruders. This editorial proposed a security framework for small and medium sized E-commerce, based on service oriented architecture and gives an analysis of the emin...

  18. Influence of IR sensor technology on the military and civil defense

    Science.gov (United States)

    Becker, Latika

    2006-02-01

    Advances in basic infrared science and developments in pertinent technology applications have led to mature designs being incorporated in civil as well as military area defense systems. Military systems include both tactical and strategic, and civil area defense includes homeland security. Technical challenges arise in applying infrared sensor technology to detect and track targets for space and missile defense. Infrared sensors are valuable due to their passive capability, lower mass and power consumption, and their usefulness in all phases of missile defense engagements. Nanotechnology holds significant promise in the near future by offering unique material and physical properties to infrared components. This technology is rapidly developing. This presentation will review the current IR sensor technology, its applications, and future developments that will have an influence in military and civil defense applications.

  19. Security Guarantees and Nuclear Non-Proliferation

    International Nuclear Information System (INIS)

    Bruno Tertrais

    2011-01-01

    The purpose of this paper is to discuss the value of 'security guarantees', that is, positive security assurances that include a formal or informal defense commitment, in preventing nuclear proliferation. It demonstrates that such guarantees have proven to be a very effective instrument in preventing States from going nuclear. It would thus seem logical to reinforce or extend them. However, this path is fraught with obstacles and dilemmas

  20. Security Guarantees and Nuclear Non-Proliferation

    Energy Technology Data Exchange (ETDEWEB)

    Bruno Tertrais

    2011-07-01

    The purpose of this paper is to discuss the value of 'security guarantees', that is, positive security assurances that include a formal or informal defense commitment, in preventing nuclear proliferation. It demonstrates that such guarantees have proven to be a very effective instrument in preventing States from going nuclear. It would thus seem logical to reinforce or extend them. However, this path is fraught with obstacles and dilemmas

  1. 32 CFR 321.1 - Purpose and applicability.

    Science.gov (United States)

    2010-07-01

    ... PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.1 Purpose and applicability. (a) This part... Defense Security Service (DSS) to the individual subjects, the handling of requests for amendment or... Copies may be obtained via internet at http://web7.whs.osd.mil/corres.htm. (b) The procedures set forth...

  2. Information Management Principles Applied to the Ballistic Missile Defense System

    National Research Council Canada - National Science Library

    Koehler, John M

    2007-01-01

    .... Similarly several military systems with the single mission of missile defense have evolved in service stovepipes, and are now being integrated into a national and global missile defense architecture...

  3. Analytical Chemistry for Homeland Defense and National Security

    Energy Technology Data Exchange (ETDEWEB)

    S.Randolph Long; Dan rock; Gary Eiceman; Chris Rowe Taitt; Robert J.Cotter; Dean D.Fetterolf; David R.Walt; Basil I. Swanson; Scott A McLuckey; Robin L.Garrell; Scott D. Cunningham

    2002-08-18

    The budget was requested to support speaker expenses to attend and speak in the day long symposium at the ACS meeting. The purpose of the symposium was to encourage analytical chemists to contribute to national security.

  4. A Secure, Scalable and Elastic Autonomic Computing Systems Paradigm: Supporting Dynamic Adaptation of Self-* Services from an Autonomic Cloud

    Directory of Open Access Journals (Sweden)

    Abdul Jaleel

    2018-05-01

    Full Text Available Autonomic computing embeds self-management features in software systems using external feedback control loops, i.e., autonomic managers. In existing models of autonomic computing, adaptive behaviors are defined at the design time, autonomic managers are statically configured, and the running system has a fixed set of self-* capabilities. An autonomic computing design should accommodate autonomic capability growth by allowing the dynamic configuration of self-* services, but this causes security and integrity issues. A secure, scalable and elastic autonomic computing system (SSE-ACS paradigm is proposed to address the runtime inclusion of autonomic managers, ensuring secure communication between autonomic managers and managed resources. Applying the SSE-ACS concept, a layered approach for the dynamic adaptation of self-* services is presented with an online ‘Autonomic_Cloud’ working as the middleware between Autonomic Managers (offering the self-* services and Autonomic Computing System (requiring the self-* services. A stock trading and forecasting system is used for simulation purposes. The security impact of the SSE-ACS paradigm is verified by testing possible attack cases over the autonomic computing system with single and multiple autonomic managers running on the same and different machines. The common vulnerability scoring system (CVSS metric shows a decrease in the vulnerability severity score from high (8.8 for existing ACS to low (3.9 for SSE-ACS. Autonomic managers are introduced into the system at runtime from the Autonomic_Cloud to test the scalability and elasticity. With elastic AMs, the system optimizes the Central Processing Unit (CPU share resulting in an improved execution time for business logic. For computing systems requiring the continuous support of self-management services, the proposed system achieves a significant improvement in security, scalability, elasticity, autonomic efficiency, and issue resolving time

  5. Research on information security in big data era

    Science.gov (United States)

    Zhou, Linqi; Gu, Weihong; Huang, Cheng; Huang, Aijun; Bai, Yongbin

    2018-05-01

    Big data is becoming another hotspot in the field of information technology after the cloud computing and the Internet of Things. However, the existing information security methods can no longer meet the information security requirements in the era of big data. This paper analyzes the challenges and a cause of data security brought by big data, discusses the development trend of network attacks under the background of big data, and puts forward my own opinions on the development of security defense in technology, strategy and product.

  6. A Secure and Stable Multicast Overlay Network with Load Balancing for Scalable IPTV Services

    Directory of Open Access Journals (Sweden)

    Tsao-Ta Wei

    2012-01-01

    Full Text Available The emerging multimedia Internet application IPTV over P2P network preserves significant advantages in scalability. IPTV media content delivered in P2P networks over public Internet still preserves the issues of privacy and intellectual property rights. In this paper, we use SIP protocol to construct a secure application-layer multicast overlay network for IPTV, called SIPTVMON. SIPTVMON can secure all the IPTV media delivery paths against eavesdroppers via elliptic-curve Diffie-Hellman (ECDH key exchange on SIP signaling and AES encryption. Its load-balancing overlay tree is also optimized from peer heterogeneity and churn of peer joining and leaving to minimize both service degradation and latency. The performance results from large-scale simulations and experiments on different optimization criteria demonstrate SIPTVMON's cost effectiveness in quality of privacy protection, stability from user churn, and good perceptual quality of objective PSNR values for scalable IPTV services over Internet.

  7. Security for small computer systems a practical guide for users

    CERN Document Server

    Saddington, Tricia

    1988-01-01

    Security for Small Computer Systems: A Practical Guide for Users is a guidebook for security concerns for small computers. The book provides security advice for the end-users of small computers in different aspects of computing security. Chapter 1 discusses the security and threats, and Chapter 2 covers the physical aspect of computer security. The text also talks about the protection of data, and then deals with the defenses against fraud. Survival planning and risk assessment are also encompassed. The last chapter tackles security management from an organizational perspective. The bo

  8. Homeland Security Affairs Journal, Volume II - 2006: Issue 1, April

    OpenAIRE

    2006-01-01

    Homeland Security Affairs is the peer-reviewed online journal of the Naval Postgraduate School Center for Homeland Defense and Security (CHDS), providing a forum to propose and debate strategies, policies, and organizational arrangements to strengthen U.S. homeland security. The instructors, participants, alumni, and partners of CHDS represent the leading subject matter experts and practitioners in the field of homeland security. April 2006. Welcome to the third edition of Homeland Securit...

  9. Cloud Infrastructure Security

    OpenAIRE

    Velev , Dimiter; Zlateva , Plamena

    2010-01-01

    Part 4: Security for Clouds; International audience; Cloud computing can help companies accomplish more by eliminating the physical bonds between an IT infrastructure and its users. Users can purchase services from a cloud environment that could allow them to save money and focus on their core business. At the same time certain concerns have emerged as potential barriers to rapid adoption of cloud services such as security, privacy and reliability. Usually the information security professiona...

  10. 75 FR 25844 - Federal Advisory Committee; National Security Education Board Members Meeting

    Science.gov (United States)

    2010-05-10

    ... DEPARTMENT OF DEFENSE Office of the Secretary Federal Advisory Committee; National Security... June 23, 2010, from 8 a.m. to 12:30 p.m. ADDRESSES: The meeting will be held at the National Security.... Kevin Gormley, Program Officer, National Security Education Program, 1101 Wilson Boulevard, Suite 1210...

  11. Neutron and Gamma Imaging for National Security Applications

    Science.gov (United States)

    Hornback, Donald

    2017-09-01

    The Department of Energy, National Nuclear Security Administration (NNSA), Office of Defense Nuclear Nonproliferation Research and Development (DNN R&D/NA-22) possesses, in part, the mission to develop technologies in support of nuclear security efforts in coordination with other U.S. government entities, such as the Department of Defense and the Department of Homeland Security. DNN R&D has long supported research in nuclear detection at national labs, universities, and through the small business innovation research (SBIR) program. Research topics supported include advanced detector materials and electronics, detection algorithm development, and advanced gamma/neutron detection systems. Neutron and gamma imaging, defined as the directional detection of radiation as opposed to radiography, provides advanced detection capabilities for the NNSA mission in areas of emergency response, international safeguards, and nuclear arms control treaty monitoring and verification. A technical and programmatic overview of efforts in this field of research will be summarized.

  12. 7 CFR 1951.866 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 14 2010-01-01 2009-01-01 true Security. 1951.866 Section 1951.866 Agriculture... REGULATIONS (CONTINUED) SERVICING AND COLLECTIONS Rural Development Loan Servicing § 1951.866 Security. (a) Loans from RDLF intermediaries to ultimate recipients. Security requirements for loans from...

  13. Ecological Security and Ecosystem Services in Response to Land Use Change in the Coastal Area of Jiangsu, China

    Directory of Open Access Journals (Sweden)

    Caiyao Xu

    2016-08-01

    Full Text Available Urbanization, and the resulting land use/cover change, is a primary cause of the degradation of coastal wetland ecosystems. Reclamation projects are seen as a way to strike a balance between socioeconomic development and maintenance of coastal ecosystems. Our aim was to understand the ecological changes to Jiangsu’s coastal wetland resulting from land use change since 1977 by using remote sensing and spatial analyses. The results indicate that: (1 The area of artificial land use expanded while natural land use was reduced, which emphasized an increase in production-orientated land uses at the expense of ecologically important wetlands; (2 It took 34 years for landscape ecological security and 39 years for ecosystem services to regain equilibrium. The coastal reclamation area would recover ecological equilibrium only after a minimum of 30 years; (3 The total ecosystem service value decreased significantly from $2.98 billion per year to $2.31 billion per year from 1977 to 2014. Food production was the only one ecosystem service function that consistently increased, mainly because of government policy; (4 The relationship between landscape ecological security and ecosystem services is complicated, mainly because of the scale effect of landscape ecology. Spatial analysis of changing gravity centers showed that landscape ecological security and ecosystem service quality became better in the north than the south over the study period.

  14. Security bingo for administrators

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Have you ever thought about the security of your service(s) or system(s)? Show us and win one of three marvellous books on computer security! Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us at Computer.Security@cern.ch or P.O. Box G19710, by November 14th 2011.   Winners[1] must show us that they follow at least five good practices in a continuous horizontal row, vertical column or diagonal. For details on CERN Computer Security, please consult http://cern.ch/security. My service or system…   …is following a software development life-cycle. …is patched in an automatic and timely fashion. …runs a tightened local ingress/egress firewall. …uses CERN Single-Sign-On (SSO). …has physical access protections in place. …runs all processes / services / applications with least privileges. …has ...

  15. 78 FR 31525 - National Security Education Board; Notice of Federal Advisory Committee Meeting

    Science.gov (United States)

    2013-05-24

    ... DEPARTMENT OF DEFENSE Office of the Secretary National Security Education Board; Notice of Federal... and National Security Education Office (DLNSEO), DoD. ACTION: Meeting notice. SUMMARY: Under the... announces that the following Federal advisory committee meeting of the National Security Education Board...

  16. 76 FR 70424 - Defense Policy Board; Federal Advisory Committee Meeting Notice

    Science.gov (United States)

    2011-11-14

    ... national security issues within the Pacific Rim, the Eastern Mediterranean, NATO, and nuclear deterrence... Advisory Committee Management Officer for the Department of Defense, pursuant to 41 CFR 102-3.150(b...

  17. Internal Controls and Compliance With Laws and Regulations for the Defense Finance and Accounting Service Working Capital Fund Financial Statements for FY 1998

    National Research Council Canada - National Science Library

    1999-01-01

    .... The Director, Defense Finance and Accounting Service (DFAS), who is the fund manager of the DFAS Working Capital Fund, is responsible for establishing and maintaining adequate internal controls and for complying with applicable laws and regulations...

  18. Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy

    Science.gov (United States)

    2016-12-19

    directly affect the access and utility of acquisition databases. The current information security environment does not establish a consistent... information ” without a nondisclosure agreement • proposing a legislative amendment to 10 U.S.C. 2320, which allows access to technical data for providing...ISSUES WITH Access to Acquisition Data and Information IN THE DEPARTMENT OF DEFENSE A Closer Look at the Origins and Implementation of

  19. 75 FR 43944 - Membership of the Defense Logistics Agency (DLA) Senior Executive Service (SES) Performance...

    Science.gov (United States)

    2010-07-27

    ... CONTACT: Ms. Lisa Novajosky, SES Program Manager, DLA Human Resources (J-14), Defense Logistics Agency... DEPARTMENT OF DEFENSE Defense Logistics Agency Membership of the Defense Logistics Agency (DLA... management of the SES cadre. DATES: Effective Date: September 16, 2010. ADDRESSES: Defense Logistics Agency...

  20. RFID Platform as a Service, Containerized Ecosystem, Feasibility and Security Impact Analysis

    Directory of Open Access Journals (Sweden)

    Lukas Kypus

    2015-01-01

    Full Text Available This paper presents a new concept as a special type of virtualization of particular event based communication components in RFID ecosystems. The new approach is containers based virtualization, and it is applied and tested on the container of Object name service. The results of the experiment allowed us to do the preliminary analysis of security consequences on the isolated containerized DNS-based RFID sub-service. We confirmed feasibility with this sandboxing technology represented by the special container. They bring the benefits in terms of efficient software component life-cycle management and integrity improvements. Experiments results of the containerization are discussed to show the possible isolation ways of other components like EPCis and middleware. There is present evaluation towards external threats and vulnerabilities. The result is a higher level of integrity, availability of whole ecosystem and resiliency against external threats. This gives a new opportunity to build robust RFID as Platform as a service, and it proves the ability to achieve a positive impact on the end to end service Quality of service.

  1. National Security and the Industrial Policy Debate: Modernizing Defense Manufacturing

    Science.gov (United States)

    1991-05-01

    47. 49. Michael Schroeder and Walecia Konrad, " Nucor : Rolling Right Into Steel’s Big Time," Business Week 19 Nov. 1990: 76. 50. Clyde V. Prestowitz...Defense." The I Industrial Policy Debate. Ed. Chalmers Johnson. San Francisco: ICS Press, 1984. i 74I Schroeder, Michael and Walecia Konrad. " Nucor

  2. 78 FR 54634 - National Security Education Board; Notice of Federal Advisory Committee Meeting

    Science.gov (United States)

    2013-09-05

    ... DEPARTMENT OF DEFENSE Office of the Secretary National Security Education Board; Notice of Federal... and National Security Education Office (DLNSEO), Office of the Secretary, DoD. ACTION: Meeting notice... committee working group meeting of the National Security Education Board will take place. DATES: Monday...

  3. Computer Security: Introduction to information and computer security (1/4)

    CERN Multimedia

    CERN. Geneva

    2012-01-01

    Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Aix-en-Provence and Haute Ecole de Gestion in Geneva in 2010. His professional interests include software and network security, distributed systems, and Web and mobile technologies. With the prevalence of modern information te...

  4. Year 2000 Reporting for Defense Finance and Accounting Service Cleveland Center Systems

    National Research Council Canada - National Science Library

    Lane, F

    1998-01-01

    .... For this report, we evaluated whether DFAS: entered all required data elements into the Defense Integration Support Tools for each system, and verified that information in the Defense Integration Support Tools database was consistent...

  5. Research and application of ARP protocol vulnerability attack and defense technology based on trusted network

    Science.gov (United States)

    Xi, Huixing

    2017-03-01

    With the continuous development of network technology and the rapid spread of the Internet, computer networks have been around the world every corner. However, the network attacks frequently occur. The ARP protocol vulnerability is one of the most common vulnerabilities in the TCP / IP four-layer architecture. The network protocol vulnerabilities can lead to the intrusion and attack of the information system, and disable or disable the normal defense function of the system [1]. At present, ARP spoofing Trojans spread widely in the LAN, the network security to run a huge hidden danger, is the primary threat to LAN security. In this paper, the author summarizes the research status and the key technologies involved in ARP protocol, analyzes the formation mechanism of ARP protocol vulnerability, and analyzes the feasibility of the attack technique. Based on the summary of the common defensive methods, the advantages and disadvantages of each defense method. At the same time, the current defense method is improved, and the advantage of the improved defense algorithm is given. At the end of this paper, the appropriate test method is selected and the test environment is set up. Experiment and test are carried out for each proposed improved defense algorithm.

  6. Security dimension of the Canada-EU relationship

    Directory of Open Access Journals (Sweden)

    O. M. Antokhiv­Skolozdra

    2014-05-01

    In particular, it defines that the Canadian Government accepted the fact of strengthening the security part of the European Union activity in a reserved manner, as it could cause decrease in influence of this North American State in Euro­Atlantic area. It outlines the main directions of cooperation, scrutinizes institutional mechanisms of interaction and emphasizes the key challenges of security dimension of bilateral relations.  It deals with the peculiarities of Canada’s participation in military and civil actions under the auspices of the European Union and stresses that the limited military potential of Ottawa makes its effective participation in bilateral cooperation with the European partners less possible. It stresses the adherence of priority in relations between Canada and the United States in security sphere and underlines the significant role of the North Atlantic Treaty Organization in its interaction on the security and defense issues between Canada and the European Union. It emphasizes that the official Ottawa insists on NATO playing the leading role in providing security in Euro­Atlantic area. It illustrates, however, that due to a number of reasons, in particular, lack of initiative in advancing European security and defense policy, the Canadian Government on current stage don’t present particular interest in activating interaction with their European partners in this sphere. It depicts also that Canada and the European Union have started developing cooperation outside ESDP on domestic security, in particular, on struggle against organized crime and other challenges of current society, which has encouraged institutionalization in relationship of the European Union and the Europol.

  7. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriat...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development.......When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...

  8. Brazilian Hybrid Security in South America

    Directory of Open Access Journals (Sweden)

    Rafael Duarte Villa

    2017-10-01

    Full Text Available Abstract Existing research on security governance in South America functions on dichotomous lines. Analysis of Brazil’s security practices is a case in point. On the one hand, scholars point out the balance of power and hegemonic institutions as the main discourse in the security practices between Brazil and its South American neighbors. On the other hand, some other emphasize the importance of democracy, cooperation on defense and security, and peaceful conflict resolution between states in the region as indicators for the emergence of a security community between Brazil and its neighbors in the South American region. The way in which multiple orders coexist is not given adequate attention in empirical research. This article seeks to overcome this dichotomy. By foregrounding Brazil’s regional security practices, particularly during the Lula and Rousseff administration, I show the hybrid and sometimes ambivalent security governance system in Brazil, where mechanisms of balance of power and security community overlap in important ways.

  9. 76 FR 52133 - Defense Federal Acquisition Regulation Supplement; Contractors Performing Private Security...

    Science.gov (United States)

    2011-08-19

    ... Outside the United States.'' DFARS 225.302-3, Definitions, provides the definition of ``private security... this total, 361, or 20 percent, were awarded to small businesses. Firms performing private security... private security functions in response to a perceived immediate threat; (2) Ensure that all employees of...

  10. Secure Encapsulation and Publication of Biological Services in the Cloud Computing Environment

    Science.gov (United States)

    Zhang, Weizhe; Wang, Xuehui; Lu, Bo; Kim, Tai-hoon

    2013-01-01

    Secure encapsulation and publication for bioinformatics software products based on web service are presented, and the basic function of biological information is realized in the cloud computing environment. In the encapsulation phase, the workflow and function of bioinformatics software are conducted, the encapsulation interfaces are designed, and the runtime interaction between users and computers is simulated. In the publication phase, the execution and management mechanisms and principles of the GRAM components are analyzed. The functions such as remote user job submission and job status query are implemented by using the GRAM components. The services of bioinformatics software are published to remote users. Finally the basic prototype system of the biological cloud is achieved. PMID:24078906

  11. Secure Encapsulation and Publication of Biological Services in the Cloud Computing Environment

    Directory of Open Access Journals (Sweden)

    Weizhe Zhang

    2013-01-01

    Full Text Available Secure encapsulation and publication for bioinformatics software products based on web service are presented, and the basic function of biological information is realized in the cloud computing environment. In the encapsulation phase, the workflow and function of bioinformatics software are conducted, the encapsulation interfaces are designed, and the runtime interaction between users and computers is simulated. In the publication phase, the execution and management mechanisms and principles of the GRAM components are analyzed. The functions such as remote user job submission and job status query are implemented by using the GRAM components. The services of bioinformatics software are published to remote users. Finally the basic prototype system of the biological cloud is achieved.

  12. Secure encapsulation and publication of biological services in the cloud computing environment.

    Science.gov (United States)

    Zhang, Weizhe; Wang, Xuehui; Lu, Bo; Kim, Tai-hoon

    2013-01-01

    Secure encapsulation and publication for bioinformatics software products based on web service are presented, and the basic function of biological information is realized in the cloud computing environment. In the encapsulation phase, the workflow and function of bioinformatics software are conducted, the encapsulation interfaces are designed, and the runtime interaction between users and computers is simulated. In the publication phase, the execution and management mechanisms and principles of the GRAM components are analyzed. The functions such as remote user job submission and job status query are implemented by using the GRAM components. The services of bioinformatics software are published to remote users. Finally the basic prototype system of the biological cloud is achieved.

  13. Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study

    NARCIS (Netherlands)

    Fraile, Marlon; Ford, Margaret; Gadyatskaya, Olga; Kumar, Rajesh; Stoelinga, Mariëlle Ida Antoinette; Trujillo-Rasua, Rolando

    2016-01-01

    Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs.We capture the most dangerous multi-stage attack

  14. Challenges in Defense Working Capital Fund Pricing: Analysis of the Defense Finance and Accounting Service

    National Research Council Canada - National Science Library

    Keating, Edward

    2003-01-01

    ... $2 billion in expenditures per year, DFAS itself is a sizable portion of the DoD infrastructure Second, we believe the pricing issues that DFAS confronts are similar to those faced by other Defense Working Capital Fund (DWCF...

  15. Supporting reputation based trust management enhancing security layer for cloud service models

    Science.gov (United States)

    Karthiga, R.; Vanitha, M.; Sumaiya Thaseen, I.; Mangaiyarkarasi, R.

    2017-11-01

    In the existing system trust between cloud providers and consumers is inadequate to establish the service level agreement though the consumer’s response is good cause to assess the overall reliability of cloud services. Investigators recognized the significance of trust can be managed and security can be provided based on feedback collected from participant. In this work a face recognition system that helps to identify the user effectively. So we use an image comparison algorithm where the user face is captured during registration time and get stored in database. With that original image we compare it with the sample image that is already stored in database. If both the image get matched then the users are identified effectively. When the confidential data are subcontracted to the cloud, data holders will become worried about the confidentiality of their data in the cloud. Encrypting the data before subcontracting has been regarded as the important resources of keeping user data privacy beside the cloud server. So in order to keep the data secure we use an AES algorithm. Symmetric-key algorithms practice a shared key concept, keeping data secret requires keeping this key secret. So only the user with private key can decrypt data.

  16. 78 FR 11947 - 60-Day Notice of Proposed Information Collection: Directorate of Defense Trade Controls...

    Science.gov (United States)

    2013-02-20

    ...: Directorate of Defense Trade Controls Information Collection: Export Declaration of Defense Technical Data or... . SUPPLEMENTARY INFORMATION: Title of Information Collection: Export Declaration of Defense Technical Data or... collection: Actual export of defense technical data and defense services must be reported directly to the...

  17. Toward a New Trilateral Strategic Security Relationship: United States, Canada, and Mexico

    Directory of Open Access Journals (Sweden)

    Richard J. Kilroy, Jr.

    2010-01-01

    Full Text Available The term "perimeter defense" has come back into vogue recently, with regard to security strategies for North America. The United States' concern primarily with the terrorist threat to its homeland subsequent to September 11, 2001 (9/11 is generating this discussion with its immediate neighbors of Mexico and Canada (and to some extent some Caribbean nations—the "third border". The concept is simply that by pushing defenses out to the "perimeter" nations, then security will be enhanced, since the United States visions itself as more vulnerable to international terrorism than its neighbors. However, Canada and Mexico have not been very happy about the perimeter defined by Washington since 9/11. These nations have sought to define the trilateral relationship beyond just discussions of terrorism to include natural disasters and international organized crime as a component of a broader trilateral agenda. Eight years later these three nations continue to look for some convergence of security interests, although there remains a degree of tension and hesitancy towards achieving a "common security agenda" in the Western Hemisphere.This article examines the concept of "perimeter defense" within the context of the new security challenges that the United States, Mexico, and Canada face today. Questions to be addressed in the article include: Do all these nations share the same "threat" perception? Where exactly is the "perimeter?" What security arrangements have been tried in the past? What are the prospects for the future for increased security cooperation? The main focus of this article is at the sub-regional level in North America and whether a new "trilateral" strategic security relationship between the United States, Canada, and Mexico can emerge in North America.

  18. Defense.gov Special Report: Travels with Panetta - April 2012

    Science.gov (United States)

    Leaders April 2012 Flag of Belgium Belgium Top Stories Clinton, Panetta Discuss Diplomatic, Defense Leon E. Panetta told CNN's Wolf Blitzer in an interview in Brussels. Story Clinton, Panetta: NATO to the security mission in Afghanistan up to and beyond 2014, Secretary of State Hillary Rodham

  19. Landscape Variation in Plant Defense Syndromes across a Tropical Rainforest

    Science.gov (United States)

    McManus, K. M.; Asner, G. P.; Martin, R.; Field, C. B.

    2014-12-01

    Plant defenses against herbivores shape tropical rainforest biodiversity, yet community- and landscape-scale patterns of plant defense and the phylogenetic and environmental factors that may shape them are poorly known. We measured foliar defense, growth, and longevity traits for 345 canopy trees across 84 species in a tropical rainforest and examined whether patterns of trait co-variation indicated the existence of plant defense syndromes. Using a DNA-barcode phylogeny and remote sensing and land-use data, we investigated how phylogeny and topo-edaphic properties influenced the distribution of syndromes. We found evidence for three distinct defense syndromes, characterized by rapid growth, growth compensated by defense, or limited palatability/low nutrition. Phylogenetic signal was generally lower for defense traits than traits related to growth or longevity. Individual defense syndromes were organized at different taxonomic levels and responded to different spatial-environmental gradients. The results suggest that a diverse set of tropical canopy trees converge on a limited number of strategies to secure resources and mitigate fitness losses due to herbivory, with patterns of distribution mediated by evolutionary histories and local habitat associations. Plant defense syndromes are multidimensional plant strategies, and thus are a useful means of discerning ecologically-relevant variation in highly diverse tropical rainforest communities. Scaling this approach to the landscape level, if plant defense syndromes can be distinguished in remotely-sensed data, they may yield new insights into the role of plant defense in structuring diverse tropical rainforest communities.

  20. Raman Spectroscopy for Homeland Security Applications

    Directory of Open Access Journals (Sweden)

    Gregory Mogilevsky

    2012-01-01

    Full Text Available Raman spectroscopy is an analytical technique with vast applications in the homeland security and defense arenas. The Raman effect is defined by the inelastic interaction of the incident laser with the analyte molecule’s vibrational modes, which can be exploited to detect and identify chemicals in various environments and for the detection of hazards in the field, at checkpoints, or in a forensic laboratory with no contact with the substance. A major source of error that overwhelms the Raman signal is fluorescence caused by the background and the sample matrix. Novel methods are being developed to enhance the Raman signal’s sensitivity and to reduce the effects of fluorescence by altering how the hazard material interacts with its environment and the incident laser. Basic Raman techniques applicable to homeland security applications include conventional (off-resonance Raman spectroscopy, surface-enhanced Raman spectroscopy (SERS, resonance Raman spectroscopy, and spatially or temporally offset Raman spectroscopy (SORS and TORS. Additional emerging Raman techniques, including remote Raman detection, Raman imaging, and Heterodyne imaging, are being developed to further enhance the Raman signal, mitigate fluorescence effects, and monitor hazards at a distance for use in homeland security and defense applications.