Department of Energy security program needs effective information systems

International Nuclear Information System (INIS)

1991-10-01

Although security is an important, nearly billion-dollar-a-year function in the Department of Energy (DOE), key information systems that hold important data about security weaknesses and incidents have limited analytical capabilities and contain unreliable information. The resultant difficulty in identifying patterns and trends reduces managers' ability to ensure the effectiveness of the security program. Resources are also wasted because DOE has deployed incompatible systems that are unable to electronically share or transfer data, often forcing employees to manually re-enter data that are already stored in computers elsewhere. Finally, continuing data problems with other important security information systems, such as those used to track security clearances and classified documents, indicate that information system deficiencies are extensive. A major reason for these problems is that DOE has not done a comprehensive, strategic assessment of its information and information technology needs of the security program. DOE's efforts are fragmented because it has not assigned to any organization the leadership responsibility to determine security information needs and to plan and manage security information resources Department-wide. This paper reports that a number of changes are needed to correct these problems and take advantage of information technology to help strengthen the security program

COLLABORATIVE NETWORK SECURITY MANAGEMENT SYSTEM BASED ON ASSOCIATION MINING RULE

Directory of Open Access Journals (Sweden)

Nisha Mariam Varughese

2014-07-01

Full Text Available Security is one of the major challenges in open network. There are so many types of attacks which follow fixed patterns or frequently change their patterns. It is difficult to find the malicious attack which does not have any fixed patterns. The Distributed Denial of Service (DDoS attacks like Botnets are used to slow down the system performance. To address such problems Collaborative Network Security Management System (CNSMS is proposed along with the association mining rule. CNSMS system is consists of collaborative Unified Threat Management (UTM, cloud based security centre and traffic prober. The traffic prober captures the internet traffic and given to the collaborative UTM. Traffic is analysed by the Collaborative UTM, to determine whether it contains any malicious attack or not. If any security event occurs, it will reports to the cloud based security centre. The security centre generates security rules based on association mining rule and distributes to the network. The cloud based security centre is used to store the huge amount of tragic, their logs and the security rule generated. The feedback is evaluated and the invalid rules are eliminated to improve the system efficiency.

Integrated security systems design a complete reference for building enterprise-wide digital security systems

CERN Document Server

Norman, Thomas L

2014-01-01

Integrated Security Systems Design, 2nd Edition, is recognized as the industry-leading book on the subject of security systems design. It explains how to design a fully integrated security system that ties together numerous subsystems into one complete, highly coordinated, and highly functional system. With a flexible and scalable enterprise-level system, security decision makers can make better informed decisions when incidents occur and improve their operational efficiencies in ways never before possible. The revised edition covers why designing an integrated security system is essential a

Federal Government Information Systems Security Management and Governance Are Pacing Factors for Innovation

Science.gov (United States)

Edwards, Gregory

2011-01-01

Security incidents resulting from human error or subversive actions have caused major financial losses, reduced business productivity or efficiency, and threatened national security. Some research suggests that information system security frameworks lack emphasis on human involvement as a significant cause for security problems in a rapidly…

Sandia's experience in designing and implementing integrated high security physical protection systems

International Nuclear Information System (INIS)

Caskey, D.L.

1986-01-01

As DOE's lead laboratory for physical security, Sandia National Laboratories has had a major physical security program for over ten years. Activities have ranged from component development and evaluation, to full scale system design and implementation. This paper presents some of the lessons learned in designing and implementing state-of-the-art high security physical protection systems for a number of government facilities. A generic system design is discussed for illustration purposes. Sandia efforts to transfer technology to industry are described

An investigation on the deployments of major computer system ...

African Journals Online (AJOL)

This paper investigated the capabilities and limitations of major operating systems with reference to issues of usability, stability, availability, portability, security, flexibility and cost effectiveness; with other attendant inherent and external considerations, like, no licensing, activation, robustness, high scalability and GUI ...

Integrated security system definition

International Nuclear Information System (INIS)

Campbell, G.K.; Hall, J.R. II

1985-01-01

The objectives of an integrated security system are to detect intruders and unauthorized activities with a high degree of reliability and the to deter and delay them until effective response/engagement can be accomplished. Definition of an effective integrated security system requires proper application of a system engineering methodology. This paper summarizes a methodology and describes its application to the problem of integrated security system definition. This process includes requirements identification and analysis, allocation of identified system requirements to the subsystem level and provides a basis for identification of synergistic subsystem elements and for synthesis into an integrated system. The paper discusses how this is accomplished, emphasizing at each step how system integration and subsystem synergism is considered. The paper concludes with the product of the process: implementation of an integrated security system

A Development Framework for Software Security in Nuclear Safety Systems: Integrating Secure Development and System Security Activities

Energy Technology Data Exchange (ETDEWEB)

Park, Jaekwan; Suh, Yongsuk [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2014-02-15

The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

Security of Dependable Systems

DEFF Research Database (Denmark)

Ahmed, Naveed; Jensen, Christian D.

2011-01-01

Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

Energy systems security

CERN Document Server

Voeller, John G

2014-01-01

Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

Computer Security Systems Enable Access.

Science.gov (United States)

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

Security Information System Digital Simulation

OpenAIRE

Tao Kuang; Shanhong Zhu

2015-01-01

The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

Multimedia Security System for Security and Medical Applications

Science.gov (United States)

Zhou, Yicong

2010-01-01

This dissertation introduces a new multimedia security system for the performance of object recognition and multimedia encryption in security and medical applications. The system embeds an enhancement and multimedia encryption process into the traditional recognition system in order to improve the efficiency and accuracy of object detection and…

Securing the Global Airspace System Via Identity-Based Security

Science.gov (United States)

Ivancic, William D.

2015-01-01

Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

Network systems security analysis

Science.gov (United States)

Yilmaz, Ä.°smail

2015-05-01

Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

Obsessive-Compulsive Homeland Security: Insights from the Neurobiological Security Motivation System

Science.gov (United States)

2018-03-01

HOMELAND SECURITY: INSIGHTS FROM THE NEUROBIOLOGICAL SECURITY MOTIVATION SYSTEM by Marissa D. Madrigal March 2018 Thesis Advisor...FROM THE NEUROBIOLOGICAL SECURITY MOTIVATION SYSTEM 5. FUNDING NUMBERS 6. AUTHOR(S) Marissa D. Madrigal 7. PERFORMING ORGANIZATION NAME(S) AND...how activation of the neurobiological security- motivation system can lead to securitization in response to a security speech act. It explores the model

Security And Privacy Issues in Healthcare Monitoring Systems: A Case Study

DEFF Research Database (Denmark)

Handler, Daniel Tolboe; Hauge, Lotte; Spognardi, Angelo

2017-01-01

Security and privacy issues are rarely taken into account in automated systems for monitoring elderly people in their home, exposing inhabitants to a number of threats they are usually not aware of. As a case study to expose the major vulnerabilities these systems are exposed to, this paper reviews...... a generic example of automated healthcare monitoring system. The security and privacy issues identified in this case study can be easily generalised and regarded as alarm bells for all the pervasive healthcare professionals....

Human engineering considerations in designing a computerized controlled access security system

International Nuclear Information System (INIS)

Moore, J.W.; Banks, W.W.

1988-01-01

This paper describes a human engineering effort in the design of a major security system upgrade at Lawrence Livermore National Laboratory. This upgrade was to be accomplished by replacing obsolete and difficult-to-man (i.e., multiple operator task actions required) security equipment and systems with a new, automated, computer-based access control system. The initial task was to assist the electronic and mechanical engineering staff in designing a computerized security access system too functionally and ergonomically accommodate 100% of the Laboratory user population. The new computerized access system was intended to control entry into sensitive exclusion areas by requiring personnel to use an entry booth-based system and/or a remote access control panel system. The primary user interface with the system was through a control panel containing a magnetic card reader, function buttons, LCD display, and push-button keypad

Security in In-House Developed Information Systems: The Case of Tanzania

Directory of Open Access Journals (Sweden)

Magreth Mushi

2012-04-01

Full Text Available In this 21st century, the world is moving more and more into the information economy; and information held by organization's information systems is among the most valuable assets in the organization's care and is considered a critical resource, enabling the organizations to achieve their strategic objectives. In-house developed information systems meant to enable organizations to achieve their strategic objectives, are on the increase and security has become a major concern in recent years. Hackers are using new techniques to gain access to sensitive data, disable information systems and administer other malicious activities aimed at the information systems. The need to secure an information system is imperative for use in today's world. Until recently, information systems security was an afterthought; developers were typically focused on functionality and features, waiting to implement security at the end of development. This approach to information systems security has proven to be disastrous because vulnerabilities have gone undetected allowing information systems to be attacked and damaged. A survey done in three (3 organizations in Tanzania has proved that most of the information systems developers have drawn their background from traditional systems development without the sense of implementing security in the early stage of information system development. This paper attempts to identify in-house developed information system's security deficiencies and related risks to organizations, the paper also attempt to establish technique that can be used to detect those deficiencies. Lastly the paper provide guidance that can be used by organizations to mitigate the risks.

The public transportation system security and emergency preparedness planning guide

Science.gov (United States)

2003-01-01

Recent events have focused renewed attention on the vulnerability of the nation's critical infrastructure to major events, including terrorism. The Public Transportation System Security and Emergency Preparedness Planning Guide has been prepared to s...

Secure File Allocation and Caching in Large-scale Distributed Systems

DEFF Research Database (Denmark)

Di Mauro, Alessio; Mei, Alessandro; Jajodia, Sushil

2012-01-01

In this paper, we present a file allocation and caching scheme that guarantees high assurance, availability, and load balancing in a large-scale distributed file system that can support dynamic updates of authorization policies. The scheme uses fragmentation and replication to store files with hi......-balancing, and reducing delay of read operations. The system offers a trade-off-between performance and security that is dynamically tunable according to the current level of threat. We validate our mechanisms with extensive simulations in an Internet-like network.......In this paper, we present a file allocation and caching scheme that guarantees high assurance, availability, and load balancing in a large-scale distributed file system that can support dynamic updates of authorization policies. The scheme uses fragmentation and replication to store files with high...... security requirements in a system composed of a majority of low-security servers. We develop mechanisms to fragment files, to allocate them into multiple servers, and to cache them as close as possible to their readers while preserving the security requirement of the files, providing load...

Army Secure Operating System: Information Security for Real Time Systems

National Research Council Canada - National Science Library

Anderson, Eric

1984-01-01

The Army Secure Operating System (ASOS) project, under the management of the U.S. Army CECOM organization, will provide real time systems software necessary for fielding modern Battlefield Automation Systems...

Survey of holographic security systems

Science.gov (United States)

Kontnik, Lewis T.; Lancaster, Ian M.

1990-04-01

The counterfeiting of products and financial instruments is a major problem throughout the world today. The dimensions of the problem are growing, accelerated by the expanding availability of production technologies to sophisticated counterfeiters and the increasing capabilities of these technologies. Various optical techniques, including holography, are beingused in efforts to mark authentic products and to distinguish them from copies. Industry is recognizing that the effectiveness of these techniques depends on such factors as the economics of the counterfeiting process and the distribution channels for the products involved, in addition to the performance of the particular optical security technologies used. This paper surveys the nature of the growing counterfeit market place and reviews the utility of holographic optical security systems. In particular, we review the use of holograms on credit cards and other products; and outline certain steps the holography industry should take to promote these application.

System Security Management in SNMP

OpenAIRE

P. Deivendran; Dr. R. Dhanapal Ph.D

2010-01-01

We present a framework for managing system security, based on a SNMP Management Information Base (MIB), namely the System Security MIB (SSEC MIB), We have defined managed objects and completed the ASN.1 description of the MIB that embeds them. The related security management functions are mainly focused on monitoring external script execution for system security scanning and access control. The main goal of this work is to introduce the semantics and a standard interface that will allow the r...

Vietnam: expanding the social security system.

Science.gov (United States)

Pruzin, D

1996-01-01

Viet Nam's shift toward a market-oriented economy has been associated with annual gross domestic product growth of more than 8% over the past 5 years. At the same time, the emergence of private-sector enterprises and subsequent closure of many state-run enterprises have had profound implications for Viet Nam's social protection systems. At present, only 5.6 million of the country's 33 million workers are covered under the state-run social insurance system. In 1995, the government moved to include private enterprises with 10 or more employees in its state benefits system. The International Labor Organization (ILO) has been working with the Vietnamese Government to design and implement a social security system that would extend coverage progressively to excluded sectors and provide support to workers who have become unemployed as a result of the economic transition process. At its Eighth National Congress, the Vietnamese Communist Party approved a 5-year social and economic plan calling for such an expansion of the social insurance system as well as for a guaranteed standard of living for pensioners. To facilitate anticipated changes, activities that were previously divided between the Ministry of Labor, Invalids, and Social Affairs and the Vietnam General Confederation of Labor have been assigned to the newly formed Vietnam Social Insurance (VSI) Organization. Under consideration is a plan to combine some VSI activities with those of the Vietnam Health Insurance Organization. The ILO will assist with training, computerization, and social security fund investing. Noncompliance is a major obstacle to planned expansion of the social security system; about 90% of private firms are still not paying into the system.

Systems analysis of a security alarm system

International Nuclear Information System (INIS)

Schiff, A.

1975-01-01

When the Lawrence Livermore Laboratory found that its security alarm system was causing more false alarms and maintenance costs than LLL felt was tolerable, a systems analysis was undertaken to determine what should be done about the situation. This report contains an analysis of security alarm systems in general and ends with a review of the existing Security Alarm Control Console (SACC) and recommendations for its improvement, growth and change. (U.S.)

Audit for Information Systems Security

Directory of Open Access Journals (Sweden)

Ana-Maria SUDUC

2010-01-01

Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

On Building Secure Communication Systems

DEFF Research Database (Denmark)

Carvalho Quaresma, Jose Nuno

This thesis presents the Guided System Development (GSD) framework, which aims at supporting the development of secure communication systems. A communication system is specified in a language similar to the Alice and Bob notation, a simple and intuitive language used to describe the global...... the verification and implementation of the system. The translation is semi-automatic because the developer has the option of choosing which implementation to use in order to achieve the specified security requirements. The implementation options are given by plugins defined in the framework. The framework......’s flexibility allows for the addition of constructs that model new security properties as well as new plugins that implement the security properties. In order to provide higher security assurances, the system specification can be verified by formal methods tools such as the Beliefs and Knowledge (BAK) tool...

Insights on the Security and Dependability of Industrial Control Systems

NARCIS (Netherlands)

Kargl, Frank; van der Heijden, R.; van der Heijden, Rens W.; König, Hartmut; Valdes, Alfonso; Dacier, Marc C.

2014-01-01

The authors discuss the findings of a recent research seminar on the security and dependability of industrial control systems and provide an overview of major challenges in the field and areas where current research should focus.

Security System Software

Science.gov (United States)

1993-01-01

C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

Information technology security system engineering methodology

Science.gov (United States)

Childs, D.

2003-01-01

A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

Systems Security Engineering

Science.gov (United States)

2010-08-22

environment that contains network- borne cybersecurity threats, an argument may be made that the firewall increases overall system functionality by reserving...the number of administered devices. This approach to security analysis is at once old and new. In the early days of eCommerce , security

Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

OpenAIRE

Hilker, Michael; Schommer, Christoph

2008-01-01

Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is disting...

Physical Layer Built-In Security Analysis and Enhancement Algorithms for CDMA Systems

Directory of Open Access Journals (Sweden)

Li Tongtong

2007-01-01

Full Text Available Historically developed for secure communication and military use, CDMA has been identified as a major modulation and multiple-access technique for 3G systems and beyond. In addition to the wide bandwidth and low power-spectrum density which make CDMA signals robust to narrowband jamming and easy to be concealed within the noise floor, the physical layer built-in information privacy of CDMA system is provided by pseudorandom scrambling. In this paper, first, security weakness of the operational and proposed CDMA airlink interfaces is analyzed. Second, based on the advanced encryption standard (AES, we propose to enhance the physical layer built-in security of CDMA systems through secure scrambling. Performance analysis demonstrates that while providing significantly improved information privacy, CDMA systems with secure scrambling have comparable computational complexity and overall system performance with that of conventionally scrambled systems. Moreover, it is shown that by scrambling the training sequence and the message sequence separately with two independent scrambling sequences, both information privacy and system performance can be further improved. The proposed scheme can readily be applied to 3G systems and beyond.

Information Security and Integrity Systems

Science.gov (United States)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

Application of the Concept of Intrusion Tolerant System for Evaluating Cyber Security Enhancements

Energy Technology Data Exchange (ETDEWEB)

Lee, Chanyoung; Seong, Poong Hyun [KAIST, Daejeon (Korea, Republic of)

2016-10-15

One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is

Application of the Concept of Intrusion Tolerant System for Evaluating Cyber Security Enhancements

International Nuclear Information System (INIS)

Lee, Chanyoung; Seong, Poong Hyun

2016-01-01

One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is possible to

Control system security in nuclear power plant

International Nuclear Information System (INIS)

Li Jianghai; Huang Xiaojin

2012-01-01

The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control, operation and maintenance. However, the highly digitalized control system also introduces additional security vulnerabilities. Moreover, the replacement of conventional proprietary systems with common protocols, software and devices makes these vulnerabilities easy to be exploited. Through the interaction between control systems and the physical world, security issues in control systems impose high risks on health, safety and environment. These security issues may even cause damages of critical infrastructures and threaten national security. The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years. Several key difficulties in addressing these security issues were described. Finally, existing researches on control system security and propose several promising research directions were reviewed. (authors)

Audit Characteristics for Information System Security

OpenAIRE

Marius POPA; Mihai DOINEA

2007-01-01

The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

Secure integrated circuits and systems

CERN Document Server

Verbauwhede, Ingrid MR

2010-01-01

On any advanced integrated circuit or 'system-on-chip' there is a need for security. In many applications the actual implementation has become the weakest link in security rather than the algorithms or protocols. The purpose of the book is to give the integrated circuits and systems designer an insight into the basics of security and cryptography from the implementation point of view. As a designer of integrated circuits and systems it is important to know both the state-of-the-art attacks as well as the countermeasures. Optimizing for security is different from optimizations for speed, area,

Learning from the blackouts. Transmission system security in competitive electricity markets

Energy Technology Data Exchange (ETDEWEB)

none

2005-07-01

Electricity market reform has fundamentally changed the environment for maintaining reliable and secure power supplies. Growing inter-regional trade has placed new demands on transmission systems, creating a more integrated and dynamic network environment with new real-time challenges for reliable and secure transmission system operation. Despite these fundamental changes, system operating rules and practices remain largely unchanged. The major blackouts of 2003 and 2004 raised searching questions about the appropriateness of these arrangements. Management of system security needs to be transformed to maintain reliable electricity services in this more dynamic operating environment. These challenges raise fundamental issues for policymakers. This publication presents case studies drawn from recent large-scale blackouts in Europe, North America, and Australia. It concludes that a comprehensive, integrated policy response is required to avoid preventable large-scale blackouts in the future.

Security systems engineering overview

Science.gov (United States)

Steele, Basil J.

1997-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

A Security Audit Framework to Manage Information System Security

Science.gov (United States)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

Cyber Security and Resilient Systems

Energy Technology Data Exchange (ETDEWEB)

Robert S. Anderson

2009-07-01

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

Cyber Security and Resilient Systems

International Nuclear Information System (INIS)

Anderson, Robert S.

2009-01-01

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation's cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested - both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

Developing Scalable Information Security Systems

Directory of Open Access Journals (Sweden)

Valery Konstantinovich Ablekov

2013-06-01

Full Text Available Existing physical security systems has wide range of lacks, including: high cost, a large number of vulnerabilities, problems of modification and support system. This paper covers an actual problem of developing systems without this list of drawbacks. The paper presents the architecture of the information security system, which operates through the network protocol TCP/IP, including the ability to connect different types of devices and integration with existing security systems. The main advantage is a significant increase in system reliability, scalability, both vertically and horizontally, with minimal cost of both financial and time resources.

33 CFR 127.705 - Security systems.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security systems. 127.705 Section 127.705 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... Waterfront Facilities Handling Liquefied Natural Gas Security § 127.705 Security systems. The operator shall...

Internet security information system implement method

International Nuclear Information System (INIS)

Liu Baoxu; Mei Jie; Xu Rongsheng; An Dehai; Yu Mingjian; Chen Xiangyang; Zheng Peng

1999-01-01

On the basis of analysis of the key elements that will affect the Internet Security Information System, the author takes UNIX Operating System as an example, and provides the important stages that must be considered when implementing the Internet Security Information System. An implemental model of the Internet Security Information System is given

Prototype system of secure VOD

Science.gov (United States)

Minemura, Harumi; Yamaguchi, Tomohisa

1997-12-01

Secure digital contents delivery systems are to realize copyright protection and charging mechanism, and aim at secure delivery service of digital contents. Encrypted contents delivery and history (log) management are means to accomplish this purpose. Our final target is to realize a video-on-demand (VOD) system that can prevent illegal usage of video data and manage user history data to achieve a secure video delivery system on the Internet or Intranet. By now, mainly targeting client-server systems connected with enterprise LAN, we have implemented and evaluated a prototype system based on the investigation into the delivery method of encrypted video contents.

HITACHI security concept for industrial control systems

International Nuclear Information System (INIS)

Endoh, H.; Yamada, T.; Okubo, S.; Nakano, T.

2012-01-01

Security is a necessary factor for the safe and efficient operation of today's control systems. To ensure safe operation of control systems throughout their lifetime, security measures must be carefully planned in the development phase and then maintained continuously during the operation phase and other following phases. To ensure operation within the system's safe states, Hitachi proposes security concept processes (1) to derive security measures rationally and (2) to maintain the security model over the system life cycle. Hitachi also proposes security development programs which support the integration of standards-compliant systems and development of robust control equipment. (author)

Enterprise security IT security solutions : concepts, practical experiences, technologies

CERN Document Server

Fumy, Walter

2013-01-01

Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr

Optimizing man-machine performance of a personnel access restriction security system

International Nuclear Information System (INIS)

Banks, W.W.; Moore, J.W.

1988-01-01

This paper describes a human engineering design and analysis effort for a major security system upgrade at a DOE facility. This upgrade was accomplished by replacing an obsolete and poorly human engineered security screening both the with a new, user oriented, semiautomated, computer-based access control system. Human factors engineers assisted the designer staff in specifying a security access interface to physically and cognitively accommodate all employees which included handicapped individuals in wheel chairs, and several employees who were severely disabled, both visually and aurally. The new access system was intended to control entry into sensitive exclusion areas by requiring personnel to enter a security screening booth and interact with card reader devices and a-simple-to-operate access control panel system. Extensive man-machine testing with prototype mock-ups was conducted to assess human engineered design features and to illuminate potentially confusing or difficult-to-operated hardware placement, layout, and operation sequencing. These evaluations, along with the prototype mock-ups, provided input which resulted in a prototype which was easy to enter, operate, and understand by end users. This prototype later served as the design basis for the final systems design

CC-based Design of Secure Application Systems

DEFF Research Database (Denmark)

Sharp, Robin

2009-01-01

This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secu...... an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.......This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure...

Upgrading the Fermilab fire and security reporting system

International Nuclear Information System (INIS)

King, C.; Neswold, R.

2012-01-01

Fermilab's home grown fire and security system (known as FIRUS - Fire Incident Reporting and Utility System) is highly reliable and has been used for nearly thirty years. The system has gone through some minor upgrades, however, none of those changes made significant, visible changes. In this paper, we present a major overhaul to the system that is halfway complete. We discuss the use of Apple's OS X for the new GUI (Graphical User Interface), upgrading the servers to use the Erlang programming language and allowing limited access for iOS and Android-based mobile devices. (authors)

Security Controls for NPP I and C Systems

International Nuclear Information System (INIS)

Kim, Y. M.; Jeong, C. H.; Kim, T. H.

2014-01-01

In Korea, regulatory body have required cyber security plan for nuclear I and C system. Also, all I and C systems and equipment must be classified according to cyber security level and technical, operational and managerial security controls must be provided based on each level. It is necessary to determine the best set of security controls for NPP I and C system. In our research, selection, implementation and verification process of security controls which can be used for I and C systems has developed. For establishing the cyber security of the nuclear I and C system, special cyber security system which consider the difference between general IT system and nuclear I and C system is needed. This research, we developed security improvement methodology for NPP I and C system through establishing security control, applying and verifying activity. Also, the cyber security activities which are needed during development are defined. It is expected that the methodology which has been developed by this research can be used for establish, implement, evaluate the security controls for protecting nuclear I and C system from cyber-attacks

Security Controls for NPP I and C Systems

Energy Technology Data Exchange (ETDEWEB)

Kim, Y. M.; Jeong, C. H. [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of); Kim, T. H. [Formal Works Inc., Seoul (Korea, Republic of)

2014-05-15

In Korea, regulatory body have required cyber security plan for nuclear I and C system. Also, all I and C systems and equipment must be classified according to cyber security level and technical, operational and managerial security controls must be provided based on each level. It is necessary to determine the best set of security controls for NPP I and C system. In our research, selection, implementation and verification process of security controls which can be used for I and C systems has developed. For establishing the cyber security of the nuclear I and C system, special cyber security system which consider the difference between general IT system and nuclear I and C system is needed. This research, we developed security improvement methodology for NPP I and C system through establishing security control, applying and verifying activity. Also, the cyber security activities which are needed during development are defined. It is expected that the methodology which has been developed by this research can be used for establish, implement, evaluate the security controls for protecting nuclear I and C system from cyber-attacks.

49 CFR 659.23 - System security plan: contents.

Science.gov (United States)

2010-10-01

... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: contents. 659.23 Section 659... State Oversight Agency § 659.23 System security plan: contents. The system security plan must, at a... system security plan; and (e) Document the rail transit agency's process for making its system security...

Cyber secure systems approach for NPP digital control systems

Energy Technology Data Exchange (ETDEWEB)

McCreary, T. J.; Hsu, A. [HF Controls Corporation, 16650 Westgrove Drive, Addison, TX 75001 (United States)

2006-07-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant and distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from

Cyber secure systems approach for NPP digital control systems

International Nuclear Information System (INIS)

McCreary, T. J.; Hsu, A.

2006-01-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant and distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to

Security systems engineering overview

International Nuclear Information System (INIS)

Steele, B.J.

1996-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.)

Systems Security Engineering Capability Maturity Model (SSECMM), Model Description, Version 1.1

National Research Council Canada - National Science Library

1997-01-01

This document is designed to acquaint the reader with the SSE-CMM Project as a whole and present the project's major work product - the Systems Security Engineering Capability Maturity Model (SSE- CMM...

Latvia in the System of European Territorial Security: a View from the Inside and Outside

Directory of Open Access Journals (Sweden)

Lanko Dmitry

2015-03-01

Full Text Available This article focuses on Latvian contribution to European security, which, for the purposes of this study, is understood as a territorial system of regional security. Such system is a combination of interconnected institutions with Latvian participation operating in the field of security, Latvian cooperation with other European countries in the field of security, and the European perception of major security challenges and threats (that Latvia may or may not agree with. A systemic approach to studying the role of Latvia in the territorial system of European security requires a solid theoretical framework. The theories of international relations discussed in this article fall into two categories: those where territorial security systems are viewed as a product of external factors, and those that focus on internal regional factors. In this article, the authors rely on a variety of methods, including those that are characteristic of classical theories of international relations (such as realism and liberalism, and those employed in social constructivism studies. It is concluded that Latvian cooperation with institutions and countries of the territorial system of European security is rather limited, which indicates either a lack of the country’s integration into the system or a crisis of the system itself. An important result of the study is the validation of a systemic approach to studying regional security systems. This angle proves particularly useful in identifying crises of territorial systems of regional security in various regions of the world.

Stolen Vehicles for Export: A Major Concern for Domestic and International Security

Science.gov (United States)

2018-03-01

xi LIST OF ACRONYMS AND ABBREVIATIONS AES Automated Export System BEST Border Enforcement Security Task Force CSI Container Security Initiative...motor vehicles, increase inspections of exports, and enhance enforcement capabilities. Unfortunately, this thesis was unable to establish a clear link...and a better understanding could only benefit law enforcement’s efforts to counter it. 14. SUBJECT TERMS Border Enforcement Security Task Force

Adversary characterization for security system evaluation

International Nuclear Information System (INIS)

Suber, L.A. Jr.

1976-04-01

Evaluation of security systems effectiveness requires a definition of adversary capabilities, but an objective basis for such a definition has been lacking. A system of adversary attributes is proposed in which any desired adversary may be synthesized by selection of the appropriate level of capability from each attribute or category. In use, the synthesized adversaries will be pitted against a security system in an evaluation model, thus allowing comparison of other adversary or security system configurations

Constructing Secure Mobile Agent Systems Using the Agent Operating System

NARCIS (Netherlands)

van t Noordende, G.J.; Overeinder, B.J.; Timmer, R.J.; Brazier, F.M.; Tanenbaum, A.S.

2009-01-01

Designing a secure and reliable mobile agent system is a difficult task. The agent operating system (AOS) is a building block that simplifies this task. AOS provides common primitives required by most mobile agent middleware systems, such as primitives for secure communication, secure and

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

National Research Council Canada - National Science Library

Ganger, Gregory R

2007-01-01

This report summarizes the results of the work on the AFOSR's Critical Infrastructure Protection Program project, entitled Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security...

76 FR 81359 - National Security Personnel System

Science.gov (United States)

2011-12-28

... Security Personnel System AGENCY: Department of Defense; Office of Personnel Management. ACTION: Final rule... concerning the National Security Personnel System (NSPS). Section 1113 of the National Defense Authorization... National Security Personnel System (NSPS) in regulations jointly prescribed by DOD and OPM (Office of...

Security aspects of database systems implementation

OpenAIRE

Pokorný, Tomáš

2009-01-01

The aim of this thesis is to provide a comprehensive overview of database systems security. Reader is introduced into the basis of information security and its development. Following chapter defines a concept of database system security using ISO/IEC 27000 Standard. The findings from this chapter form a complex list of requirements on database security. One chapter also deals with legal aspects of this domain. Second part of this thesis offers a comparison of four object-relational database s...

Security threat assessment of an Internet security system using attack tree and vague sets.

Science.gov (United States)

Chang, Kuei-Hu

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

Teaching RFID Information Systems Security

Science.gov (United States)

Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

2014-01-01

The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

Security Research on Engineering Database System

Institute of Scientific and Technical Information of China (English)

无

2002-01-01

Engine engineering database system is an oriented C AD applied database management system that has the capability managing distributed data. The paper discusses the security issue of the engine engineering database management system (EDBMS). Through studying and analyzing the database security, to draw a series of securi ty rules, which reach B1, level security standard. Which includes discretionary access control (DAC), mandatory access control (MAC) and audit. The EDBMS implem ents functions of DAC, ...

Information Security Policy Modeling for Network Security Systems

Directory of Open Access Journals (Sweden)

Dmitry Sergeevich Chernyavskiy

2014-12-01

Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

Improving industrial process control systems security

CERN Document Server

Epting, U; CERN. Geneva. TS Department

2004-01-01

System providers are today creating process control systems based on remote connectivity using internet technology, effectively exposing these systems to the same threats as corporate computers. It is becoming increasingly difficult and costly to patch/maintain the technical infrastructure monitoring and control systems to remove these vulnerabilities. A strategy including risk assessment, security policy issues, service level agreements between the IT department and the controls engineering groups must be defined. In addition an increased awareness of IT security in the controls system engineering domain is needed. As consequence of these new factors the control system architectures have to take into account security requirements, that often have an impact on both operational aspects as well as on the project and maintenance cost. Manufacturers of industrial control system equipment do however also propose progressively security related solutions that can be used for our active projects. The paper discusses ...

Designing a Secure Point-of-Sale System

DEFF Research Database (Denmark)

Sharp, Robin; Pedersen, Allan; Hedegaard, Anders

2006-01-01

This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described.......This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described....

Modelling the System of Ensuring the Investment Security

Directory of Open Access Journals (Sweden)

Moroz Maxim O.

2017-11-01

Full Text Available The article explores approaches to modelling the system of ensuring the investment security. Necessity of observance of investment security of Ukraine has been substantiated. The author’s own vision of the modelling essentials has been provided. The eligibility for consideration of the system of ensuring the investment security of Ukraine in the functional, structural, process, formative, and factor aspects has been proved. The target setting and tasks of a functional model of the system of ensuring the investment security have been defined. The functions, subjects, organizational-economic mechanisms of the system of ensuring the investment security of Ukraine have been characterized. A structural model of the system of ensuring the investment security has been presented. Special attention has been given to the definition of objects of direct and indirect influence, control and controlled subsystems, aggregate of indicators, safe levels, principles of formation of the investment security system. The process and formative models of the system of ensuring the investment security, as well as the algorithm of the complex assessment of the level of investment security, were analyzed in detail. Measures to ensure the investment security of Ukraine have been defined.

Primer Control System Cyber Security Framework and Technical Metrics

Energy Technology Data Exchange (ETDEWEB)

Wayne F. Boyer; Miles A. McQueen

2008-05-01

The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

Distributed security in closed distributed systems

DEFF Research Database (Denmark)

Hernandez, Alejandro Mario

properties. This is also restricted to distributed systems in which the set of locations is known a priori. All this follows techniques borrowed from both the model checking and the static analysis communities. In the end, we reach a step towards solving the problem of enforcing security in distributed...... systems. We achieve the goal of showing how this can be done, though we restrict ourselves to closed systems and with a limited set of enforceable security policies. In this setting, our approach proves to be efficient. Finally, we achieve all this by bringing together several fields of Computer Science......The goal of the present thesis is to discuss, argue and conclude about ways to provide security to the information travelling around computer systems consisting of several known locations. When developing software systems, security of the information managed by these plays an important role...

The electronic security partnership of safety/security and information systems departments.

Science.gov (United States)

Yow, J Art

2012-01-01

The ever-changing world of security electronics is reviewed in this article. The author focuses on its usage in a hospital setting and the need for safety/security and information systems departments to work together to protect and get full value from IP systems.

Windows 2012 Server network security securing your Windows network systems and infrastructure

CERN Document Server

Rountree, Derrick

2013-01-01

Windows 2012 Server Network Security provides the most in-depth guide to deploying and maintaining a secure Windows network. The book drills down into all the new features of Windows 2012 and provides practical, hands-on methods for securing your Windows systems networks, including: Secure remote access Network vulnerabilities and mitigations DHCP installations configuration MAC filtering DNS server security WINS installation configuration Securing wired and wireless connections Windows personal firewall

Information Systems Security: Whose Responsibility? | Senzige ...

African Journals Online (AJOL)

... compounded by the increasingly international nature of information systems, this responsibility still rests with managers only. This paper looks at security concerns related to information systems, identifies the threats and suggests how the security of information systems should be handled. African Journal of Finance and ...

8 CFR 103.34 - Security of records systems.

Science.gov (United States)

2010-01-01

... 8 Aliens and Nationality 1 2010-01-01 2010-01-01 false Security of records systems. 103.34 Section 103.34 Aliens and Nationality DEPARTMENT OF HOMELAND SECURITY IMMIGRATION REGULATIONS POWERS AND DUTIES; AVAILABILITY OF RECORDS § 103.34 Security of records systems. The security of records systems...

5 CFR 9701.508 - Homeland Security Labor Relations Board.

Science.gov (United States)

2010-01-01

... MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.508 Homeland Security Labor... impression or a major policy. (2) In cases where the full HSLRB acts, a vote of the majority of the HSLRB (or...

LANSCE radiation security system (RSS)

International Nuclear Information System (INIS)

Gallegos, F.R.

1996-01-01

The Radiation Security System (RSS) is an engineered safety system which automatically terminates transmission of accelerated ion beams in response to pre-defined abnormal conditions. It is one of the four major mechanisms used to protect people from radiation hazards induced by accelerated pulsed ion beams at the Los Alamos Neutron Science Center (LANSCE). The others are shielding, administrative policies and procedures, and qualified, trained personnel. Prompt radiation hazards at the half-mile long LANSCE accelerator exist due to average beam intensities ranging from 1 milli-amp for H + beam to 100 micro-amps for the high intensity H - beam. Experimental programs are supplied with variable energy (maximum 800 MeV), pulse-width (maximum 1 msec), and pulse frequency (maximum 120 Hz) ion beams. The RSS includes personnel access control systems, beam spill monitoring systems, and beam current level limiting systems. It is a stand-alone system with redundant logic chains. A fault of the RSS will cause the insertion of fusible beam plugs in the accelerator low energy beam transport. The design philosophy, description, and operation of the RSS are described in this paper

THE FAILURE OF COLLECTIVE SECURITY IN THE POST WORLD WARS I AND II INTERNATIONAL SYSTEM

Directory of Open Access Journals (Sweden)

JOSEPH C. EBEGBULEM

2012-05-01

Full Text Available The League of Nations and the United Nations Organization were two post-World War (World War I and World War II organizations established for the maintenance of peace and security in the international system. One of the cardinal objectives of these organizations was the promotion of a Collective Security System which was considered as vital in the pursuit of global peace and security. In other words, Collective Security is an institutional mechanism established to address a comprehensive list of major threats to peace and security around the world. With the escalation of conflicts and wars in different parts of the world, there is therefore the need for collective responses at global, regional and national levels in conflict situations. The achievement of collective security in the international system would be based on the principle that any attack on any member of the United Nations would be considered as an attack on all the members. After a panoramic discourse of the meaning and nature of Collective Security, the paper also examines the problems of collective security in the international system; its failure under the League of Nations and the United Nations. The paper concludes that the weaknesses inherent in the system do not make it unuseful as it is a relevant factor in the maintenance of international peace and security.

Polish Security Printing Works in the system of public and economic security

OpenAIRE

Remigiusz Lewandowski

2013-01-01

The article raises the issue of placing PWPW in the system of economic and public security. Two particular categories of security connected with PWPW business activity, i.e. identification and transactional security, have been defined and discussed in the article. The most essential factors affecting the above security categories as well as relations between identification/transactional security and economic/public security. The article indicates that PWPW plays an important role in the state...

Strengthening global health security by embedding the International Health Regulations requirements into national health systems.

Science.gov (United States)

Kluge, Hans; Martín-Moreno, Jose Maria; Emiroglu, Nedret; Rodier, Guenael; Kelley, Edward; Vujnovic, Melitta; Permanand, Govin

2018-01-01

The International Health Regulations (IHR) 2005, as the overarching instrument for global health security, are designed to prevent and cope with major international public health threats. But poor implementation in countries hampers their effectiveness. In the wake of a number of major international health crises, such as the 2014 Ebola and 2016 Zika outbreaks, and the findings of a number of high-level assessments of the global response to these crises, it has become clear that there is a need for more joined-up thinking between health system strengthening activities and health security efforts for prevention, alert and response. WHO is working directly with its Member States to promote this approach, more specifically around how to better embed the IHR (2005) core capacities into the main health system functions. This paper looks at how and where the intersections between the IHR and the health system can be best leveraged towards developing greater health system resilience. This merging of approaches is a key component in pursuit of Universal Health Coverage and strengthened global health security as two mutually reinforcing agendas.

The Application of Islamic Economic Security System for a Better Human Security in Indonesia

OpenAIRE

Dewi, Gemala

2013-01-01

As the 2010 Indonesian demographic Statistic data predicted that in the year 2020-2030 Indonesia will have overpopulation of young people at the productive age (18-50 years old) in about 69%. So there is a need to find solution on jobs and welfare for those segments of people. Islam as the religion of majority people of Indonesia has a teaching regarding this matter that has been known as Islamic economic security system, by means of zakat, waqf, trading and business manner that could give so...

Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

Energy Technology Data Exchange (ETDEWEB)

Robert P. Evans

2005-09-01

Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

OpenAIRE

Kuei-Hu Chang

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system’s elementary event are incomplete—the traditional approach for ca...

THE SECURITY AUDIT WITHIN INFORMATION SYSTEMS

OpenAIRE

Dan Constantin TOFAN

2011-01-01

The information security audit is definitely a tool for determining, achieving, and maintaining a proper level of security in an organization. This article offers a comprehensive review of the world's most popular standards related to information systems security audit.

Security of legacy process control systems : Moving towards secure process control systems

NARCIS (Netherlands)

Oosterink, M.

2012-01-01

This white paper describes solutions which organisations may use to improve the security of their legacy process control systems. When we refer to a legacy system, we generally refer to old methodologies, technologies, computer systems or applications which are still in use, despite the fact that

Lecture 13: Control System Cyber Security

CERN Multimedia

CERN. Geneva

2013-01-01

Today, the industralized world lives in symbiosis with control systems: it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and outline why the presenter is still waiting for a change in paradigm. Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and...

Information technology - Security techniques - Information security management systems - Requirements

CERN Document Server

International Organization for Standardization. Geneva

2005-01-01

ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

Personal health record systems and their security protection.

Science.gov (United States)

Win, Khin Than; Susilo, Willy; Mu, Yi

2006-08-01

The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.

Almaraz ovation control system security

International Nuclear Information System (INIS)

Madronal Rodriguez, E.; Anderson, E.; Jimenez Diaz, J.; Carrasco Mateos, J. A.

2013-01-01

Improving the security of a plant's Distributed Control System (DCS) is an important consideration for plant safety and profitability, as well as the necessity to comply with the regulation. The U.S. Nuclear Regulatory Commission has produced Regulatory Guide (RG) 5.71, and the Nuclear Energy Institute (NEI) has produced NEI 08-09 to assist plants in meeting 10 CFR 73.54, Protection of digital computer and communication systems and networks. These requirements, which address the establishment, implementation and maintenance of a cyber security program, present challenges to ensure that safety, security and emergency preparedness functions of nuclear facilities are not negatively impacted by the vulnerability scanning and testing process.

Applications for cyber security - System and application monitoring

International Nuclear Information System (INIS)

Marron, J. E.

2006-01-01

Standard network security measures are adequate for defense against external attacks. However, many experts agree that the greater threat is from internal sources. Insiders with malicious intentions can change controller instructions, change alarm thresholds, and issue commands to equipment which can damage equipment and compromise control system integrity. In addition to strict physical security the state of the system must be continually monitored. System and application monitoring goes beyond the capabilities of network security appliances. It will include active processes, operating system services, files, network adapters and IP addresses. The generation of alarms is a crucial feature of system and application monitoring. The alarms should be integrated to avoid the burden on operators of checking multiple locations for security violations. Tools for system and application monitoring include commercial software, free software, and ad-hoc tools that can be easily created. System and application monitoring is part of a 'defense-in-depth' approach to a control network security plan. Layered security measures prevent an individual security measure failure from being exploited into a successful security breach. Alarming of individual failures is essential for rapid isolation and correction of single failures. System and application monitoring is the innermost layer of this defense strategy. (authors)

INFORMATION SECURITY IN MOBILE MODULAR MEASURING SYSTEMS

Directory of Open Access Journals (Sweden)

A. N. Tkhishev

2017-01-01

Full Text Available A special aspect of aircraft test is carrying out both flight evaluation and ground operation evaluation in a structure of flying aids and special tools equipment. The specific of flight and sea tests involve metering in offshore zone, which excludes the possibility of fixed geodetically related measuring tools. In this regard, the specific role is acquired by shipbased measurement systems, in particular the mobile modular measuring systems. Information processed in the mobile modular measurement systems is a critical resource having a high level of confidentiality. When carrying out their functions, it should be implemented a proper information control of the mobile modular measurement systems to ensure their protection from the risk of data leakage, modification or loss, i.e. to ensure a certain level of information security. Due to the specific of their application it is difficult to solve the problems of information security in such complexes. The intruder model, the threat model, the security requirements generated for fixed informatization objects are not applicable to mobile systems. It was concluded that the advanced mobile modular measuring systems designed for flight experiments monitoring and control should be created due to necessary information protection measures and means. The article contains a diagram of security requirements formation, starting with the data envelopment analysis and ending with the practical implementation. The information security probabilistic model applied to mobile modular measurement systems is developed. The list of current security threats based on the environment and specific of the mobile measurement system functioning is examined. The probabilistic model of the information security evaluation is given. The problems of vulnerabilities transformation of designed information system into the security targets with the subsequent formation of the functional and trust requirements list are examined.

Authenticated Secure Container System (ASCS)

International Nuclear Information System (INIS)

1991-01-01

Sandia National Laboratories developed an Authenticated Secure Container System (ASCS) for the International Atomic Energy Agency (IAEA). Agency standard weights and safeguards samples can be stored in the ASCS to provide continuity of knowledge. The ASCS consists of an optically clear cover, a base containing the Authenticated Item Monitoring System (AIMS) transmitter, and the AIMS receiver unit for data collection. The ASCS will provide the Inspector with information concerning the status of the system, during a surveillance period, such as state of health, tampering attempts, and movement of the container system. The secure container is located inside a Glove Box with the receiver located remotely from the Glove Box. AIMS technology uses rf transmission from the secure container to the receiver to provide a record of state of health and tampering. The data is stored in the receiver for analysis by the Inspector during a future inspection visit. 2 refs

Holographic optical security systems

Science.gov (United States)

Fagan, William F.

1990-06-01

One of the most successful applications of Holography,in recent years,has been its use as an optical security technique.Indeed the general public's awareness of holograms has been greatly enhanced by the incorporation of holographic elements into the VISA and MASTERCHARGE credit cards.Optical techniques related to Holography,are also being used to protect the currencies of several countries against the counterfeiter. The mass production of high quality holographic images is by no means a trivial task as a considerable degree of expertise is required together with an optical laboratory and embossing machinery.This paper will present an overview of the principal holographic and related optical techniques used for security purposes.Worldwide, over thirty companies are involved in the production of security elements utilising holographic and related optical technologies.Counterfeiting of many products is a major criminal activity with severe consequences not only for the manufacturer but for the public in general as defective automobile parts,aircraft components,and pharmaceutical products, to cite only a few of the more prominent examples,have at one time or another been illegally copied.

Secure it now or secure it later: the benefits of addressing cyber-security from the outset

Science.gov (United States)

Olama, Mohammed M.; Nutaro, James

2013-05-01

The majority of funding for research and development (R&D) in cyber-security is focused on the end of the software lifecycle where systems have been deployed or are nearing deployment. Recruiting of cyber-security personnel is similarly focused on end-of-life expertise. By emphasizing cyber-security at these late stages, security problems are found and corrected when it is most expensive to do so, thus increasing the cost of owning and operating complex software systems. Worse, expenditures on expensive security measures often mean less money for innovative developments. These unwanted increases in cost and potential slowing of innovation are unavoidable consequences of an approach to security that finds and remediate faults after software has been implemented. We argue that software security can be improved and the total cost of a software system can be substantially reduced by an appropriate allocation of resources to the early stages of a software project. By adopting a similar allocation of R&D funds to the early stages of the software lifecycle, we propose that the costs of cyber-security can be better controlled and, consequently, the positive effects of this R&D on industry will be much more pronounced.

Biomedical devices and systems security.

Science.gov (United States)

Arney, David; Venkatasubramanian, Krishna K; Sokolsky, Oleg; Lee, Insup

2011-01-01

Medical devices have been changing in revolutionary ways in recent years. One is in their form-factor. Increasing miniaturization of medical devices has made them wearable, light-weight, and ubiquitous; they are available for continuous care and not restricted to clinical settings. Further, devices are increasingly becoming connected to external entities through both wired and wireless channels. These two developments have tremendous potential to make healthcare accessible to everyone and reduce costs. However, they also provide increased opportunity for technology savvy criminals to exploit them for fun and profit. Consequently, it is essential to consider medical device security issues. In this paper, we focused on the challenges involved in securing networked medical devices. We provide an overview of a generic networked medical device system model, a comprehensive attack and adversary model, and describe some of the challenges present in building security solutions to manage the attacks. Finally, we provide an overview of two areas of research that we believe will be crucial for making medical device system security solutions more viable in the long run: forensic data logging, and building security assurance cases.

Developing an Undergraduate Information Systems Security Track

Science.gov (United States)

Sharma, Aditya; Murphy, Marianne C.; Rosso, Mark A.; Grant, Donna

2013-01-01

Information Systems Security as a specialized area of study has mostly been taught at the graduate level. This paper highlights the efforts of establishing an Information Systems (IS) Security track at the undergraduate level. As there were many unanswered questions and concerns regarding the Security curriculum, focus areas, the benefit of…

Integrated assessment and scenarios simulation of urban water security system in the southwest of China with system dynamics analysis.

Science.gov (United States)

Yin, Su; Dongjie, Guan; Weici, Su; Weijun, Gao

2017-11-01

The demand for global freshwater is growing, while global freshwater available for human use is limited within a certain time and space. Its security has significant impacts on both the socio-economic system and ecological system. Recently, studies have focused on the urban water security system (UWSS) in terms of either water quantity or water quality. In this study, water resources, water environment, and water disaster issues in the UWSS were combined to establish an evaluation index system with system dynamics (SD) and geographic information systems (GIS). The GIS method performs qualitative analysis from the perspective of the spatial dimension; meanwhile, the SD method performs quantitative calculation about related water security problems from the perspective of the temporal dimension. We established a UWSS model for Guizhou province, China to analyze influencing factors, main driving factors, and system variation law, by using the SD method. We simulated the water security system from 2005 to 2025 under four scenarios (Guiyang scenario, Zunyi scenario, Bijie scenario and combined scenario). The results demonstrate that: (1) the severity of water security in cities is ranked as follows: three cities are secure in Guizhou province, four cities are in basic security and two cities are in a situation of insecurity from the spatial dimension of GIS through water security synthesis; and (2) the major driving factors of UWSS in Guizhou province include agricultural irrigation water demand, soil and water losses area, a ratio increase to the standard of water quality, and investment in environmental protection. A combined scenario is the best solution for UWSS by 2025 in Guizhou province under the four scenarios from the temporal dimension of SD. The results of this study provide a useful suggestion for the management of freshwater for the cities of Guizhou province in southwest China.

Analysis of Security Protocols in Embedded Systems

DEFF Research Database (Denmark)

Bruni, Alessandro

Embedded real-time systems have been adopted in a wide range of safety-critical applications—including automotive, avionics, and train control systems—where the focus has long been on safety (i.e., protecting the external world from the potential damage caused by the system) rather than security (i.......e., protecting the system from the external world). With increased connectivity of these systems to external networks the attack surface has grown, and consequently there is a need for securing the system from external attacks. Introducing security protocols in safety critical systems requires careful...... in this direction is to extend saturation-based techniques so that enough state information can be modelled and analysed. Finally, we present a methodology for proving the same security properties in the computational model, by means of typing protocol implementations....

Security analysis of cyber-physical system

Science.gov (United States)

Li, Bo; Zhang, Lichen

2017-05-01

In recent years, Cyber-Physical System (CPS) has become an important research direction of academic circles and scientific and technological circles at home and abroad, is considered to be following the third wave of world information technology after the computer, the Internet. PS is a multi-dimensional, heterogeneous, deep integration of open systems, Involving the computer, communication, control and other disciplines of knowledge. As the various disciplines in the research theory and methods are significantly different, so the application of CPS has brought great challenges. This paper introduces the definition and characteristics of CPS, analyzes the current situation of CPS, analyzes the security threats faced by CPS, and gives the security solution for security threats. It also discusses CPS-specific security technology, to promote the healthy development of CPS in information security.

It Security and EO Systems

Science.gov (United States)

Burnett, M.

2010-12-01

One topic that is beginning to influence the systems that support these goals is that of Information Technology (IT) Security. Unsecure systems are vulnerable to increasing attacks and other negative consequences; sponsoring agencies are correspondingly responding with more refined policies and more stringent security requirements. These affect how EO systems can meet the goals of data and service interoperability and harmonization through open access, transformation and visualization services. Contemporary systems, including the vision of a system-of-systems (such as GEOSS, the Global Earth Observation System of Systems), utilize technologies that support a distributed, global, net-centric environment. These types of systems have a high reliance on the open systems, web services, shared infrastructure and data standards. The broader IT industry has developed and used these technologies in their business and mission critical systems for many years. Unfortunately, the IT industry, and their customers have learned the importance of protecting their assets and resources (computing and information) as they have been forced to respond to an ever increasing number and more complex illegitimate “attackers”. This presentation will offer an overview of work done by the CEOS WGISS organization in summarizing security threats, the challenges to responding to them and capturing the current state of the practice within the EO community.

A Complex Systems Approach to More Resilient Multi-Layered Security Systems

Energy Technology Data Exchange (ETDEWEB)

Brown, Nathanael J. K. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Jones, Katherine A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Bandlow, Alisa [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Nozick, Linda Karen [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Waddell, Lucas [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Levin, Drew [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Whetzel, Jonathan [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2016-09-01

In July 2012, protestors cut through security fences and gained access to the Y-12 National Security Complex. This was believed to be a highly reliable, multi-layered security system. This report documents the results of a Laboratory Directed Research and Development (LDRD) project that created a consistent, robust mathematical framework using complex systems analysis algorithms and techniques to better understand the emergent behavior, vulnerabilities and resiliency of multi-layered security systems subject to budget constraints and competing security priorities. Because there are several dimensions to security system performance and a range of attacks that might occur, the framework is multi-objective for a performance frontier to be estimated. This research explicitly uses probability of intruder interruption given detection (P_I) as the primary resilience metric. We demonstrate the utility of this framework with both notional as well as real-world examples of Physical Protection Systems (PPSs) and validate using a well-established force-on-force simulation tool, Umbra.

47 CFR 80.277 - Ship Security Alert System (SSAS).

Science.gov (United States)

2010-10-01

... 47 Telecommunication 5 2010-10-01 2010-10-01 false Ship Security Alert System (SSAS). 80.277... Security Alert System (SSAS). (a) Vessels equipped with a Ship Security Alert System pursuant to the Safety..., “RTCM Standard 11020.0—Ship Security Alert Systems (SSAS) using the Cospas-Sarsat System,” Version 1.0...

Open source systems security certification

CERN Document Server

Damiani, Ernesto; El Ioini, Nabil

2009-01-01

Open Source Advances in Computer Applications book series provides timely technological and business information for: Enabling Open Source Systems (OSS) to become an integral part of systems and devices produced by technology companies; Inserting OSS in the critical path of complex network development and embedded products, including methodologies and tools for domain-specific OSS testing (lab code available), plus certification of security, dependability and safety properties for complex systems; Ensuring integrated systems, including OSS, meet performance and security requirements as well as achieving the necessary certifications, according to the overall strategy of OSS usage on the part of the adopter

Handbook of SCADA/control systems security

CERN Document Server

Radvanovsky, Robert

2013-01-01

The availability and security of many services we rely upon-including water treatment, electricity, healthcare, transportation, and financial transactions-are routinely put at risk by cyber threats. The Handbook of SCADA/Control Systems Security is a fundamental outline of security concepts, methodologies, and relevant information pertaining to the supervisory control and data acquisition (SCADA) systems and technology that quietly operate in the background of critical utility and industrial facilities worldwide. Divided into five sections, the book examines topics comprising functions within

BWS Open System Architecture Security Assessment

OpenAIRE

Cristian Ionita

2011-01-01

Business process management systems play a central role in supporting the business operations of medium and large organizations. Because of this the security characteristics of these systems are becoming very important. The present paper describes the BWS architecture used to implement the open process aware information system DocuMentor. Using the proposed platform, the article identifies the security characteristics of such systems, shows the correlation between these characteristics and th...

Almaraz ovation control system security

Energy Technology Data Exchange (ETDEWEB)

Madronal Rodriguez, E.; Anderson, E.; Jimenez Diaz, J.; Carrasco Mateos, J. A.

2013-07-01

Improving the security of a plant's Distributed Control System (DCS) is an important consideration for plant safety and profitability, as well as the necessity to comply with the regulation. The U.S. Nuclear Regulatory Commission has produced Regulatory Guide (RG) 5.71, and the Nuclear Energy Institute (NEI) has produced NEI 08-09 to assist plants in meeting 10 CFR 73.54, Protection of digital computer and communication systems and networks. These requirements, which address the establishment, implementation and maintenance of a cyber security program, present challenges to ensure that safety, security and emergency preparedness functions of nuclear facilities are not negatively impacted by the vulnerability scanning and testing process.

Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

Energy Technology Data Exchange (ETDEWEB)

Wayne F. Boyer; Scott A. McBride

2009-04-01

This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

Secure computing on reconfigurable systems

OpenAIRE

Fernandes Chaves, R.J.

2007-01-01

This thesis proposes a Secure Computing Module (SCM) for reconfigurable computing systems. SC provides a protected and reliable computational environment, where data security and protection against malicious attacks to the system is assured. SC is strongly based on encryption algorithms and on the attestation of the executed functions. The use of SC on reconfigurable devices has the advantage of being highly adaptable to the application and the user requirements, while providing high performa...

Critically Important Object Security System Element Model

Directory of Open Access Journals (Sweden)

I. V. Khomyackov

2012-03-01

Full Text Available A stochastic model of critically important object security system element has been developed. The model includes mathematical description of the security system element properties and external influences. The state evolution of the security system element is described by the semi-Markov process with finite states number, the semi-Markov matrix and the initial semi-Markov process states probabilities distribution. External influences are set with the intensity of the Poisson thread.

A Holistic and Immune System inspired Security Framework

OpenAIRE

Mwakalinga, G. Jeffy; Yngström, Louise; Kowalski, Stewart

2009-01-01

This paper presents a Framework for adaptive information security systems for securing information systems. Information systems today are vulnerable and not adaptive to the dynamic environments because initial development of these systems focused on computer technology and communications protocol only. Most research in information security does not consider culture of users, system environments and does not pay enough attention to the enemies of information systems. As a result, users serve t...

Cold Vacuum Dryer (CVD) Facility Security System Design Description. System 54

International Nuclear Information System (INIS)

WHITEHURST, R.

2000-01-01

This system design description (SDD) addresses the Cold Vacuum Drying (CVD) Facility security system. The system's primary purpose is to provide reasonable assurance that breaches of security boundaries are detected and assessment information is provided to protective force personnel. In addition, the system is utilized by Operations to support reduced personnel radiation goals and to provide reasonable assurance that only authorized personnel are allowed to enter designated security areas

Privacy and Security Research Group workshop on network and distributed system security: Proceedings

Energy Technology Data Exchange (ETDEWEB)

1993-05-01

This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

Control Systems Cyber Security Standards Support Activities

Energy Technology Data Exchange (ETDEWEB)

Robert Evans

2009-01-01

The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

Security for decentralized health information systems.

Science.gov (United States)

Bleumer, G

1994-02-01

Health care information systems must reflect at least two basic characteristics of the health care community: the increasing mobility of patients and the personal liability of everyone giving medical treatment. Open distributed information systems bear the potential to reflect these requirements. But the market for open information systems and operating systems hardly provides secure products today. This 'missing link' is approached by the prototype SECURE Talk that provides secure transmission and archiving of files on top of an existing operating system. Its services may be utilized by existing medical applications. SECURE Talk demonstrates secure communication utilizing only standard hardware. Its message is that cryptography (and in particular asymmetric cryptography) is practical for many medical applications even if implemented in software. All mechanisms are software implemented in order to be executable on standard-hardware. One can investigate more or less decentralized forms of public key management and the performance of many different cryptographic mechanisms. That of, e.g. hybrid encryption and decryption (RSA+DES-PCBC) is about 300 kbit/s. That of signing and verifying is approximately the same using RSA with a DES hash function. The internal speed, without disk accesses etc., is about 1.1 Mbit/s. (Apple Quadra 950 (MC 68040, 33 MHz, RAM: 20 MB, 80 ns. Length of RSA modulus is 512 bit).

SECURING DIGITIZED LIBRARY CIRCULATORY SYSTEM

African Journals Online (AJOL)

user

The widespread application of the developed system on smart library circulation .... database management system; [9] through securing .... system running on a Windows 8 Operating system .... mini library for their support, advice and unlimited.

33 CFR 106.255 - Security systems and equipment maintenance.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... Shelf (OCS) Facility Security Requirements § 106.255 Security systems and equipment maintenance. (a) Security systems and equipment must be in good working order and inspected, tested, calibrated, and...

Design Methodologies for Secure Embedded Systems

CERN Document Server

Biedermann, Alexander

2011-01-01

Embedded systems have been almost invisibly pervading our daily lives for several decades. They facilitate smooth operations in avionics, automotive electronics, or telecommunication. New problems arise by the increasing employment, interconnection, and communication of embedded systems in heterogeneous environments: How secure are these embedded systems against attacks or breakdowns? Therefore, how can embedded systems be designed to be more secure? And how can embedded systems autonomically react to threats? Facing these questions, Sorin A. Huss is significantly involved in the exploration o

Secure ADS-B authentication system and method

Science.gov (United States)

Viggiano, Marc J (Inventor); Valovage, Edward M (Inventor); Samuelson, Kenneth B (Inventor); Hall, Dana L (Inventor)

2010-01-01

A secure system for authenticating the identity of ADS-B systems, including: an authenticator, including a unique id generator and a transmitter transmitting the unique id to one or more ADS-B transmitters; one or more ADS-B transmitters, including a receiver receiving the unique id, one or more secure processing stages merging the unique id with the ADS-B transmitter's identification, data and secret key and generating a secure code identification and a transmitter transmitting a response containing the secure code and ADSB transmitter's data to the authenticator; the authenticator including means for independently determining each ADS-B transmitter's secret key, a receiver receiving each ADS-B transmitter's response, one or more secure processing stages merging the unique id, ADS-B transmitter's identification and data and generating a secure code, and comparison processing comparing the authenticator-generated secure code and the ADS-B transmitter-generated secure code and providing an authentication signal based on the comparison result.

EFFICIENCY INDICATORS INFORMATION MANAGEMENT IN INTEGRATED SECURITY SYSTEMS

Directory of Open Access Journals (Sweden)

N. S. Rodionova

2014-01-01

Full Text Available Summary. Introduction of information technology to improve the efficiency of security activity leads to the need to consider a number of negative factors associated with in consequence of the use of these technologies as a key element of modern security systems. One of the most notable factor is the exposure to information processes in protection systems security threats. This largely relates to integrated security systems (ISS is the system of protection with the highest level of informatization security functions. Significant damage to protected objects that they could potentially incur as a result of abnormal operation ISS, puts a very actual problem of assessing factors that reduce the efficiency of the ISS to justify the ways and methods to improve it. Because of the nature of threats and blocking distortion of information in the ISS of interest are: the volume undistorted ISF working environment, as a characteristic of data integrity; time access to information as a feature of its availability. This in turn leads to the need to use these parameters as the performance characteristics of information processes in the ISS - the completeness and timeliness of information processing. The article proposes performance indicators of information processes in integrated security systems in terms of optimal control procedures to protect information from unauthorized access. Set the considered parameters allows to conduct comprehensive security analysis of integrated security systems, and to provide recommendations to improve the management of information security procedures in them.

Secure electronic commerce communication system based on CA

Science.gov (United States)

Chen, Deyun; Zhang, Junfeng; Pei, Shujun

2001-07-01

In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

Practical Covertly Secure MPC for Dishonest Majority – or: Breaking the SPDZ Limits

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Keller, Marcel; Larraia, Enrique

2013-01-01

for distributingBGV secret keys are likely to be of wider applicability than to the SPDZ protocol alone. We then construct both a covertly and actively secure preprocessing phase, both of which compare favourably with previous work in terms of efficiency and provable security. We also build a new online phase...... with SPDZ; and present several theoretical and practical improvements to the protocol. In detail, we start by designing and implementing a covertly secure key generation protocol for distributed BGV secret keys. In prior work this was assumed to be provided by a given setup functionality. Protocols......, which solves a major problem of the SPDZ protocol: namely prior to this work preprocessed data could be used for only one function evaluation and then had to be recomputed from scratch for the next evaluation, while our online phase can support reactive functionalities. This improvement comes mainly...

Intelligent Model for Video Survillance Security System

Directory of Open Access Journals (Sweden)

J. Vidhya

2013-12-01

Full Text Available Video surveillance system senses and trails out all the threatening issues in the real time environment. It prevents from security threats with the help of visual devices which gather the information related to videos like CCTV’S and IP (Internet Protocol cameras. Video surveillance system has become a key for addressing problems in the public security. They are mostly deployed on the IP based network. So, all the possible security threats exist in the IP based application might also be the threats available for the reliable application which is available for video surveillance. In result, it may increase cybercrime, illegal video access, mishandling videos and so on. Hence, in this paper an intelligent model is used to propose security for video surveillance system which ensures safety and it provides secured access on video.

28 CFR 700.24 - Security of systems of records.

Science.gov (United States)

2010-07-01

... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Security of systems of records. 700.24... Records Under the Privacy Act of 1974 § 700.24 Security of systems of records. (a) The Office Administrator or Security Officer shall be responsible for issuing regulations governing the security of systems...

Security of practical quantum key distribution systems

Energy Technology Data Exchange (ETDEWEB)

Jain, Nitin

2015-02-24

This thesis deals with practical security aspects of quantum key distribution (QKD) systems. At the heart of the theoretical model of any QKD system lies a quantum-mechanical security proof that guarantees perfect secrecy of messages - based on certain assumptions. However, in practice, deviations between the theoretical model and the physical implementation could be exploited by an attacker to break the security of the system. These deviations may arise from technical limitations and operational imperfections in the physical implementation and/or unrealistic assumptions and insufficient constraints in the theoretical model. In this thesis, we experimentally investigate in depth several such deviations. We demonstrate the resultant vulnerabilities via proof-of-principle attacks on a commercial QKD system from ID Quantique. We also propose countermeasures against the investigated loopholes to secure both existing and future QKD implementations.

Integrated homeland security system with passive thermal imaging and advanced video analytics

Science.gov (United States)

Francisco, Glen; Tillman, Jennifer; Hanna, Keith; Heubusch, Jeff; Ayers, Robert

2007-04-01

A complete detection, management, and control security system is absolutely essential to preempting criminal and terrorist assaults on key assets and critical infrastructure. According to Tom Ridge, former Secretary of the US Department of Homeland Security, "Voluntary efforts alone are not sufficient to provide the level of assurance Americans deserve and they must take steps to improve security." Further, it is expected that Congress will mandate private sector investment of over $20 billion in infrastructure protection between 2007 and 2015, which is incremental to funds currently being allocated to key sites by the department of Homeland Security. Nearly 500,000 individual sites have been identified by the US Department of Homeland Security as critical infrastructure sites that would suffer severe and extensive damage if a security breach should occur. In fact, one major breach in any of 7,000 critical infrastructure facilities threatens more than 10,000 people. And one major breach in any of 123 facilities-identified as "most critical" among the 500,000-threatens more than 1,000,000 people. Current visible, nightvision or near infrared imaging technology alone has limited foul-weather viewing capability, poor nighttime performance, and limited nighttime range. And many systems today yield excessive false alarms, are managed by fatigued operators, are unable to manage the voluminous data captured, or lack the ability to pinpoint where an intrusion occurred. In our 2006 paper, "Critical Infrastructure Security Confidence Through Automated Thermal Imaging", we showed how a highly effective security solution can be developed by integrating what are now available "next-generation technologies" which include: Thermal imaging for the highly effective detection of intruders in the dark of night and in challenging weather conditions at the sensor imaging level - we refer to this as the passive thermal sensor level detection building block Automated software detection

32 CFR 637.20 - Security surveillance systems.

Science.gov (United States)

2010-07-01

... 32 National Defense 4 2010-07-01 2010-07-01 true Security surveillance systems. 637.20 Section 637... ENFORCEMENT AND CRIMINAL INVESTIGATIONS MILITARY POLICE INVESTIGATION Investigations § 637.20 Security surveillance systems. Closed circuit video recording systems, to include those with an audio capability, may be...

Prototype of smart office system using based security system

Science.gov (United States)

Prasetyo, T. F.; Zaliluddin, D.; Iqbal, M.

2018-05-01

Creating a new technology in the modern era gives a positive impact on business and industry. Internet of Things (IoT) as a new communication technology is very useful in realizing smart systems such as: smart home, smart office, smart parking and smart city. This study presents a prototype of the smart office system which was designed as a security system based on IoT. Smart office system development method used waterfall model. IoT-based smart office system used platform (project builder) cayenne so that. The data can be accessed and controlled through internet network from long distance. Smart office system used arduino mega 2560 microcontroller as a controller component. In this study, Smart office system is able to detect threats of dangerous objects made from metals, earthquakes, fires, intruders or theft and perform security monitoring outside the building by using raspberry pi cameras on autonomous robots in real time to the security guard.

Analyzing the security of an existing computer system

Science.gov (United States)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

6 CFR 5.31 - Security of systems of records.

Science.gov (United States)

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Security of systems of records. 5.31 Section 5.31 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.31 Security of systems of records. (a) In general. Each component...

Advanced topics in security computer system design

International Nuclear Information System (INIS)

Stachniak, D.E.; Lamb, W.R.

1989-01-01

The capability, performance, and speed of contemporary computer processors, plus the associated performance capability of the operating systems accommodating the processors, have enormously expanded the scope of possibilities for designers of nuclear power plant security computer systems. This paper addresses the choices that could be made by a designer of security computer systems working with contemporary computers and describes the improvement in functionality of contemporary security computer systems based on an optimally chosen design. Primary initial considerations concern the selection of (a) the computer hardware and (b) the operating system. Considerations for hardware selection concern processor and memory word length, memory capacity, and numerous processor features

Mitigations for Security Vulnerabilities Found in Control System Networks

Energy Technology Data Exchange (ETDEWEB)

Trent D. Nelson

2006-05-01

Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in on-site CS assessments and suggests mitigation strategies to provide asset owners with the information they need to better protect their systems from common security flows.

Strengthening the Security of ESA Ground Data Systems

Science.gov (United States)

Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

2013-08-01

A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

31 CFR 306.23 - Securities eligible to be held in the TREASURY DIRECT Book-entry Securities System.

Science.gov (United States)

2010-07-01

... TREASURY DIRECT Book-entry Securities System. 306.23 Section 306.23 Money and Finance: Treasury Regulations... Securities eligible to be held in the TREASURY DIRECT Book-entry Securities System. (a) Eligible issues. The... conversion to the TREASURY DIRECT Book-entry Securities System. The notice shall specify the period during...

Electronic security systems better ways to crime prevention

CERN Document Server

Walker, Philip

2013-01-01

Electronic Security Systems: Better Ways to Crime Prevention teaches the reader about the application of electronics for security purposes through the use of case histories, analogies, anecdotes, and other related materials. The book is divided into three parts. Part 1 covers the concepts behind security systems - its objectives, limitations, and components; the fundamentals of space detection; detection of intruder movement indoors and outdoors; surveillance; and alarm communication and control. Part 2 discusses equipments involved in security systems such as the different types of sensors,

Food Security In South Asia: Major Challenges And Solutions

Directory of Open Access Journals (Sweden)

N. V. Galistcheva

2018-01-01

Full Text Available The subject of the study is analysis of the state of food security of the South Asian countries at the present time. The methodological basis of the study is such methods as induction and deduction, analysis and synthesis. The systematic approach to the overall study of the South Asian countries’ economy and the state of its food security in particular has become the base of this research. Historical and statistical method were used to solve the main task of the research to reveal the conditions of the region’s agricultural development and food availability and food accessibility in the region as well as to carry out an assessment of the ability of households to obtain nutritious food all year round. The author also used the comparative method to analyze the South Asian countries’ approaches to realization of food policy that has allowed to reveal the specific tools used by certain countries of the region and the common characteristics of all countries of South Asia. While selecting the research topics the author proceeded from the idea that the problem of the state of food security of the South Asian countries has not been studied for the last two decades. The research required to attract and summarize a large amount of statistical data that has been drawn from many sources including official-sites of international organizations and South Asian countries. The author also used Russian and Indian scientific journals and monographs. The article highlights the state of food security in the region in accordance with criteria offered by the FAO. The author examines the situation in the South Asian countries’ agriculture sector, its productivity, the volume of production, food waste as well as the countries’ dependency on food imports. The article also presents some information on food accessibility which is generally considered within the context of household income, food distribution systems and ability of the household to obtain food

MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

OpenAIRE

Muhammad Qaiser Saleem; Jafreezal Jaafar; Mohd Fadzil Hassan

2011-01-01

Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is...

Secure and Efficient Routable Control Systems

Energy Technology Data Exchange (ETDEWEB)

Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

2010-05-01

This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

Selecting RMF Controls for National Security Systems

Energy Technology Data Exchange (ETDEWEB)

Witzke, Edward L. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2015-08-01

In 2014, the United States Department of Defense started tra nsitioning the way it performs risk management and accreditation of informatio n systems to a process entitled Risk Management Framework for DoD Information Technology or RMF for DoD IT. There are many more security and privacy contro ls (and control enhancements) from which to select in RMF, than there w ere in the previous Information Assurance process. This report is an attempt t o clarify the way security controls and enhancements are selected. After a brief overview and comparison of RMF for DoD I T with the previously used process, this report looks at the determination of systems as National Security Systems (NSS). Once deemed to be an NSS, this report addr esses the categorization of the information system with respect to impact level s of the various security objectives and the selection of an initial baseline o f controls. Next, the report describes tailoring the controls through the use of overl ays and scoping considerations. Finally, the report discusses organizatio n-defined values for tuning the security controls to the needs of the information system.

Security system

Science.gov (United States)

Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

2016-02-02

A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

33 CFR 105.250 - Security systems and equipment maintenance.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... systems and equipment maintenance. (a) Security systems and equipment must be in good working order and... include procedures for identifying and responding to security system and equipment failures or...

33 CFR 104.260 - Security systems and equipment maintenance.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... systems and equipment maintenance. (a) Security systems and equipment must be in good working order and... procedures for identifying and responding to security system and equipment failures or malfunctions. ...

Secure videoconferencing equipment switching system and method

Science.gov (United States)

Hansen, Michael E [Livermore, CA

2009-01-13

A switching system and method are provided to facilitate use of videoconference facilities over a plurality of security levels. The system includes a switch coupled to a plurality of codecs and communication networks. Audio/Visual peripheral components are connected to the switch. The switch couples control and data signals between the Audio/Visual peripheral components and one but nor both of the plurality of codecs. The switch additionally couples communication networks of the appropriate security level to each of the codecs. In this manner, a videoconferencing facility is provided for use on both secure and non-secure networks.

Nuclear power plant security systems - The need for upgrades

International Nuclear Information System (INIS)

Murskyj, M.P.; Furlow, C.H.

1989-01-01

Most perimeter security systems for nuclear power plants were designed and installed in the late 1970s or early 1980s. This paper explores the need to regularly evaluate and possibly upgrade a security system in the area of perimeter intrusion detection and surveillance. this paper discusses US Nuclear Regulatory Commission audits and regulatory effectiveness reviews (RERs), which have raised issues regarding the performance of perimeter security systems. The audits and RERs identified various degrees of vulnerability in certain aspects of existing perimeter security systems. In addition to reviewing the regulatory concerns, this paper discusses other reasons to evaluate and/or upgrade a perimeter security system

Dynamic Security Assessment Of Computer Networks In Siem-Systems

Directory of Open Access Journals (Sweden)

Elena Vladimirovna Doynikova

2015-10-01

Full Text Available The paper suggests an approach to the security assessment of computer networks. The approach is based on attack graphs and intended for Security Information and Events Management systems (SIEM-systems. Key feature of the approach consists in the application of the multilevel security metrics taxonomy. The taxonomy allows definition of the system profile according to the input data used for the metrics calculation and techniques of security metrics calculation. This allows specification of the security assessment in near real time, identification of previous and future attacker steps, identification of attackers goals and characteristics. A security assessment system prototype is implemented for the suggested approach. Analysis of its operation is conducted for several attack scenarios.

Master planning for successful safeguard/security systems engineering

International Nuclear Information System (INIS)

Bruckner, D.G.

1987-01-01

The development and phased implementation of an overall master plan for weapons systems and facilities engaged in the complexities of high technology provides a logical road map for system accomplishment. An essential factor in such a comprehensive plan is development of an integrated systems security engineering plan. Some DOD programs use new military regulations and policy directives to mandate consideration of the safeguard/security disciplines be considered for weapons systems and facilities during the entire life cycle of the program. The emphasis is to make certain the weapon system and applicable facilities have complementary security features. Together they must meet the needs of the operational mission and, at the same time, provide the security forces practical solutions to their requirements. This paper discusses the process of meshing the safe- guards/security requirements with an overall the master plan and the challenges attendant to this activity

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

Energy Technology Data Exchange (ETDEWEB)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

An Early Warning System for Oil Security in China

Directory of Open Access Journals (Sweden)

Qingsong Wang

2018-01-01

Full Text Available The oil system security in a country or region will affect its sustainable development ability. China’s oil security has risen to the national strategic level. It is urgent to construct an early warning indicator system to reflect the oil security level accurately, as well as to diagnose and assess the oil system status effectively and put forward the corresponding proposals for ensuring oil security. An early warning indicator system of China’s oil system covering 23 sub-indicators from three aspects, i.e., resource security, market security and consumption security, was constructed using the SPSS (Statistical Product and Service Solutions factor analysis method. It shows that China’s oil system safety level has been seriously threatened and is generally declining. However, due to the strong introduction of energy policies and increasing energy utilization technology in recent years, the increasing proportion of new energy, renewable energy and oil substitutes eases the energy security threats. In response to complex oil security issues, the Chinese government needs to strengthen macroeconomic regulation and control at the policy level continuously, increase efforts to explore resource reserves, upgrade energy conservation and emission reduction technologies, develop new alternatives for oil products, and reduce the dependence on international oil imports.

Improving Control System Security through the Evaluation of Current Trends in Computer Security Research

Energy Technology Data Exchange (ETDEWEB)

Rolston

2005-03-01

At present, control system security efforts are primarily technical and reactive in nature. What has been overlooked is the need for proactive efforts, focused on the IT security research community from which new threats might emerge. Evaluating cutting edge IT security research and how it is evolving can provide defenders with valuable information regarding what new threats and tools they can anticipate in the future. Only known attack methodologies can be blocked, and there is a gap between what is known to the general security community and what is being done by cutting edge researchers --both those trying to protect systems and those trying to compromise them. The best security researchers communicate with others in their field; they know what cutting edge research is being done; what software can be penetrated via this research; and what new attack techniques and methodologies are being circulated in the black hat community. Standardization of control system applications, operating systems, and networking protocols is occurring at a rapid rate, following a path similar to the standardization of modern IT networks. Many attack methodologies used on IT systems can be ported over to the control system environment with little difficulty. It is extremely important to take advantage of the lag time between new research, its use on traditional IT networks, and the time it takes to port the research over for use on a control system network. Analyzing nascent trends in IT security and determining their applicability to control system networks provides significant information regarding defense mechanisms needed to secure critical infrastructure more effectively. This work provides the critical infrastructure community with a better understanding of how new attacks might be launched, what layers of defense will be needed to deter them, how the attacks could be detected, and how their impact could be limited.

Security of Electronic Payment Systems: A Comprehensive Survey

OpenAIRE

Solat , Siamak

2017-01-01

This comprehensive survey deliberated over the security of electronic payment systems. In our research, we focused on either dominant systems or new attempts and innovations to improve the level of security of the electronic payment systems. This survey consists of the Card-present (CP) transactions and a review of its dominant system i.e. EMV including several researches at Cambridge university to designate variant types of attacks against this standard which demonstrates lack of a secure "o...

QuickCash: Secure Transfer Payment Systems

Directory of Open Access Journals (Sweden)

Abdulrahman Alhothaily

2017-06-01

Full Text Available Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN. In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

QuickCash: Secure Transfer Payment Systems

Science.gov (United States)

Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

2017-01-01

Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties. PMID:28608846

QuickCash: Secure Transfer Payment Systems.

Science.gov (United States)

Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

2017-06-13

Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users' needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

Survey of current technologies of security management for distributed information systems; Bunsangata joho system no security iji kanri hoshiki no genjo

Energy Technology Data Exchange (ETDEWEB)

Matsui, S [Central Research Institute of Electric Power Industry, Tokyo (Japan)

1997-05-01

The latest situation of the security management for a distributed information system was examined and systematically summarized to indicate the management design in future. This paper describes the threat of the distributed information system to security, the risk for confidentiality, integrity, and availability due to the threat, and the measures to be taken. The basic technology of security management is classified into the `user certification to prevent an incorrect access` and the `encipherment to prevent data from being used incorrectly.` The technology for certification has been almost completed. It can be securely done using an expendable password or IC card system. In Internet, multiple enciphering technologies for constructing a virtual private network that can secure the almost the same security as for a private network can be used. In an electronic mail, the enciphering technology can also be used easily. The tool that manages the security of very many servers, clients, and networks is in the initial stage. 16 refs., 1 fig., 5 tabs.

Computer security of NPP instrumentation and control systems: categorization

International Nuclear Information System (INIS)

Klevtsov, A.L.; Simonov, A.A.; Trubchaninov, S.A.

2016-01-01

The paper is devoted to studying categorization of NPP instrumentation and control (I&C) systems from the point of view of computer security and to consideration of the computer security levels and zones used by the International Atomic Energy Agency (IAEA). The paper also describes the computer security degrees and zones regulated by the International Electrotechnical Commission (IEC) standard. The computer security categorization of the systems used by the U.S. Nuclear Regulatory Commission (NRC) is presented. The experts analyzed the main differences in I&C systems computer security categorization accepted by the IAEA, IEC and U.S. NRC. The approaches to categorization that should be advisably used in Ukraine during the development of regulation on NPP I&C systems computer security are proposed in the paper

African Social Security Systems: An Ordinal Evaluation | Dixon ...

African Journals Online (AJOL)

The purpose of this paper is to rank the social security systems in 45 African countries using a comparative evaluation methodology that enables an assess ment to be ma(le of a country's statutory social security intention. The conclusion drawn is that the spread of African social security system design standards are ...

Control Systems Cyber Security:Defense in Depth Strategies

Energy Technology Data Exchange (ETDEWEB)

David Kuipers; Mark Fabro

2006-05-01

Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

Towards the Security Evaluation of Biometric Authentication Systems

OpenAIRE

El-Abed , Mohamad; Giot , Romain; Hemery , Baptiste; Rosenberger , Christophe; Schwartzmann , Jean-Jacques

2011-01-01

International audience; Despite the obvious advantages of biometric authentication systems over traditional security ones (based on tokens or passwords), they are vulnerable to attacks which may considerably decrease their security. In order to contribute in resolving such problematic, we propose a modality-independent evaluation methodology for the security evaluation of biometric systems. It is based on the use of a database of common threats and vulnerabilities of biometric systems, and th...

Research and realization of info-net security controlling system

Science.gov (United States)

Xu, Tao; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-03-01

The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.

A Security Approach in System Development Life Cycle

OpenAIRE

P.Mahizharuvi; Dr.Alagarsamy

2011-01-01

Many software organizations today are confronted with challenge of building secure software systems. Traditional software engineering principles place little emphasis on security. These principles tend to tread security as one of a long list of quality factors that are expected from all professionally developed software. As software systems of today have a wide reach, security has become a more important factor than ever in the history of software engineering can no longer be treated as Separ...

A Hierarchical Security Architecture for Cyber-Physical Systems

Energy Technology Data Exchange (ETDEWEB)

Quanyan Zhu; Tamer Basar

2011-08-01

Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

Design tools for complex dynamic security systems.

Energy Technology Data Exchange (ETDEWEB)

Byrne, Raymond Harry; Rigdon, James Brian; Rohrer, Brandon Robinson; Laguna, Glenn A.; Robinett, Rush D. III (.; ); Groom, Kenneth Neal; Wilson, David Gerald; Bickerstaff, Robert J.; Harrington, John J.

2007-01-01

The development of tools for complex dynamic security systems is not a straight forward engineering task but, rather, a scientific task where discovery of new scientific principles and math is necessary. For years, scientists have observed complex behavior but have had difficulty understanding it. Prominent examples include: insect colony organization, the stock market, molecular interactions, fractals, and emergent behavior. Engineering such systems will be an even greater challenge. This report explores four tools for engineered complex dynamic security systems: Partially Observable Markov Decision Process, Percolation Theory, Graph Theory, and Exergy/Entropy Theory. Additionally, enabling hardware technology for next generation security systems are described: a 100 node wireless sensor network, unmanned ground vehicle and unmanned aerial vehicle.

Cyberspace security system

Science.gov (United States)

Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

2014-06-24

A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

Evaluation on Electronic Securities Settlements Systems by AHP Methods

Science.gov (United States)

Fukaya, Kiyoyuki; Komoda, Norihisa

Accompanying the spread of Internet and the change of business models, electronic commerce expands buisness areas. Electronic finance commerce becomes popular and especially online security tradings becoome very popular in this area. This online securitiy tradings have some good points such as less mistakes than telephone calls. In order to expand this online security tradings, the transfer of the security paper is one the largest problems to be solved. Because it takes a few days to transfer the security paper from a seller to a buyer. So the dematerialization of security papers is one of the solutions. The demterilization needs the information systems for setteling security. Some countries such as France, German, United Kingdom and U.S.A. have been strating the dematerialization projects. The legacy assesments on these projects focus from the viewpoint of the legal schemes only and there is no assessment from system architectures. This paper focuses on the information system scheme and valuates these dematerlization projects by AHP methods from the viewpoints of “dematerializaion of security papers", “speed of transfer", “usefulness on the system" and “accumulation of risks". This is the first case of valuations on security settlements systems by AHP methods, especially four counties’ systems.

49 CFR 659.21 - System security plan: general requirements.

Science.gov (United States)

2010-10-01

... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: general requirements. 659.21... State Oversight Agency § 659.21 System security plan: general requirements. (a) The oversight agency shall require the rail transit agency to implement a system security plan that, at a minimum, complies...

Virtual-Reality training system for nuclear security

International Nuclear Information System (INIS)

Nonaka, Nobuyuki

2012-01-01

At the Integrated Support Center for Nuclear Nonproliferation and Nuclear Security (ISCN) of the Japan Atomic Energy Agency, the virtual reality (VR) training system is under development for providing a practical training environment to implement experience-oriented and interactive lessons on nuclear security for wide range of participants in human resource development assistance program mainly to Asian emerging nuclear-power countries. This system electrically recreates and visualizes nuclear facilities and training conditions in stereoscopic (3D) view on a large-scale display (CAVE system) as virtual reality training facility (VR facility) and it provides training participants with effective environments to learn installation and layout of security equipment in the facility testing and verifying visually the protection performances under various situations such as changes in day-night lighting and weather conditions, which may lead to practical exercise in the design and evaluation of the physical protection system. This paper introduces basic concept of the system and outline of training programs as well as featured aspects in using the VR technology for the nuclear security. (author)

Cyber Security in Digital I and C Implementation

Energy Technology Data Exchange (ETDEWEB)

Chow, Ivan; Hsu, Allen; Kim, Jong Min; Luo, William [Doosan HF Controls, Texas (United States)

2011-08-15

During the Nuclear Regulatory Commission (NRC) audit process of Doosan HF Control HFC-6000 safety system 2009, cyber security assessment was a major audit process. The result of the assessment was favorably satisfied. As preventing digital I and C systems from being hijacked by malicious software a major goal for the NRC, audit process of actual digital I and C implementations such as the HFC-6000 safety system which provides already strong cyber security measures is mutually beneficial to both the NRC and the vendor: NRC can enhance their set of cyber security assessments and vendors such as Doosan HFC can also augment their cyber security measures. The NRC Safety Evaluation Report (SER) for the HFC-6000 system was released in April 2011 qualifying the system to be used as safety systems in US nuclear power plants. This paper provides the summary of the cyber security assessment of the complete software life cycle of HFC-6000 Safety System. Lessons learned in each life cycle phase are provided. In addition, alternate measures or recommendations for enhancing the cyber security in each life cycle phase are also described.

Cyber Security in Digital I and C Implementation

International Nuclear Information System (INIS)

Chow, Ivan; Hsu, Allen; Kim, Jong Min; Luo, William

2011-01-01

During the Nuclear Regulatory Commission (NRC) audit process of Doosan HF Control HFC-6000 safety system 2009, cyber security assessment was a major audit process. The result of the assessment was favorably satisfied. As preventing digital I and C systems from being hijacked by malicious software a major goal for the NRC, audit process of actual digital I and C implementations such as the HFC-6000 safety system which provides already strong cyber security measures is mutually beneficial to both the NRC and the vendor: NRC can enhance their set of cyber security assessments and vendors such as Doosan HFC can also augment their cyber security measures. The NRC Safety Evaluation Report (SER) for the HFC-6000 system was released in April 2011 qualifying the system to be used as safety systems in US nuclear power plants. This paper provides the summary of the cyber security assessment of the complete software life cycle of HFC-6000 Safety System. Lessons learned in each life cycle phase are provided. In addition, alternate measures or recommendations for enhancing the cyber security in each life cycle phase are also described

A Framework for Adaptive Information Security Systems : A Holistic Investigation

OpenAIRE

Mwakalinga, Jeffy

2011-01-01

This research proposes a framework for adaptive information security systems that considers both the technical and social aspects of information systems security. Initial development of information systems security focused on computer technology and communication protocols. Researchers and designers did not consider culture, traditions, ethics, and other social issues of the people using the systems when designing and developing information security systems. They also seemed to ignore environ...

Information Security Management System toolkit

OpenAIRE

Καραμανλής, Μάνος; Karamanlis, Manos

2016-01-01

Secure management of information is becoming critical for any organization because information is one of the most valuable assets in organization’s business operations. An Information security management system (ISMS) consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, mon...

CAR SECURITY ENHANCEMENT IN PARKING AREAS

OpenAIRE

NANYONGA BERINDA; AYESIGA LINDSEY PATRA; BYEKWASO FAISAL; NATULINDA LADAN

2017-01-01

Over time, car thefts have been reported within Kampala parking areas. This has been majorly due to inefficient security measures of the available parking systems which focus mainly on the car and not the driver, making parking management a challenge. The focus of this survey was to explore the requirements of a new system called Car to Driver Matching Security System to enhance security of cars in Kampala, in particular, from the experience of 15 people. The data collected was then analyzed ...

SCPR: Secure Crowdsourcing-Based Parking Reservation System

Directory of Open Access Journals (Sweden)

Changsheng Wan

2017-01-01

Full Text Available The crowdsourcing-based parking reservation system is a new computing paradigm, where private owners can rent their parking spots out. Security is the main concern for parking reservation systems. However, current schemes cannot provide user privacy protection for drivers and have no key agreement functions, resulting in a lot of security problems. Moreover, current schemes are typically based on the time-consuming bilinear pairing and not suitable for real-time applications. To solve these security and efficiency problems, we present a novel security protocol with user privacy called SCPR. Similar to protocols of this field, SCPR can authenticate drivers involved in the parking reservation system. However, different from other well-known approaches, SCPR uses pseudonyms instead of real identities for providing user privacy protection for drivers and designs a novel pseudonym-based key agreement protocol. Finally, to reduce the time cost, SCPR designs several novel cryptographic algorithms based on the algebraic signature technique. By doing so, SCPR can satisfy a number of security requirements and enjoy high efficiency. Experimental results show SCPR is feasible for real world applications.

Control and Communication for a Secure and Reconfigurable Power Distribution System

Science.gov (United States)

Giacomoni, Anthony Michael

A major transformation is taking place throughout the electric power industry to overlay existing electric infrastructure with advanced sensing, communications, and control system technologies. This transformation to a smart grid promises to enhance system efficiency, increase system reliability, support the electrification of transportation, and provide customers with greater control over their electricity consumption. Upgrading control and communication systems for the end-to-end electric power grid, however, will present many new security challenges that must be dealt with before extensive deployment and implementation of these technologies can begin. In this dissertation, a comprehensive systems approach is taken to minimize and prevent cyber-physical disturbances to electric power distribution systems using sensing, communications, and control system technologies. To accomplish this task, an intelligent distributed secure control (IDSC) architecture is presented and validated in silico for distribution systems to provide greater adaptive protection, with the ability to proactively reconfigure, and rapidly respond to disturbances. Detailed descriptions of functionalities at each layer of the architecture as well as the whole system are provided. To compare the performance of the IDSC architecture with that of other control architectures, an original simulation methodology is developed. The simulation model integrates aspects of cyber-physical security, dynamic price and demand response, sensing, communications, intermittent distributed energy resources (DERs), and dynamic optimization and reconfiguration. Applying this comprehensive systems approach, performance results for the IEEE 123 node test feeder are simulated and analyzed. The results show the trade-offs between system reliability, operational constraints, and costs for several control architectures and optimization algorithms. Additional simulation results are also provided. In particular, the

Congestion management considering voltage security of power systems

International Nuclear Information System (INIS)

Esmaili, Masoud; Shayanfar, Heidar Ali; Amjady, Nima

2009-01-01

Congestion in a power network is turned up due to system operating limits. To relieve congestion in a deregulated power market, the system operator pays to market participants, GENCOs and DISCOs, to alter their active powers considering their bids. After performing congestion management, the network may be operated with a low security level because of hitting some flows their upper limit and some voltages their lower limit. In this paper, a novel congestion management method based on the voltage stability margin sensitivities is introduced. Using the proposed method, the system operator so alleviates the congestion that the network can more retain its security. The proposed method not only makes the system more secure after congestion management than other methods already presented for this purpose but also its cost of providing security is lower than the earlier methods. Test results of the proposed method along with the earlier ones on the New-England test system elaborate the efficiency of the proposed method from the viewpoint of providing a better voltage stability margin and voltage profile as well as a lower security cost. (author)

System Health Monitoring Using a Novel Method: Security Unified Process

Directory of Open Access Journals (Sweden)

Alireza Shameli-Sendi

2012-01-01

and change management, and project management. The dynamic dimension, or phases, contains inception, analysis and design, construction, and monitoring. Risk assessment is a major part of the ISMS process. In SUP, we present a risk assessment model, which uses a fuzzy expert system to assess risks in organization. Since, the classification of assets is an important aspect of risk management and ensures that effective protection occurs, a Security Cube is proposed to identify organization assets as an asset classification model. The proposed model leads us to have an offline system health monitoring tool that is really a critical need in any organization.

Physical layer approaches for securing wireless communication systems

CERN Document Server

Wen, Hong

2013-01-01

This book surveys the outstanding work of physical-layer (PHY) security, including  the recent achievements of confidentiality and authentication for wireless communication systems by channel identification. A practical approach to building unconditional confidentiality for Wireless Communication security by feedback and error correcting code is introduced and a framework of PHY security based on space time block code (STBC) MIMO system is demonstrated.  Also discussed is a scheme which combines cryptographic techniques implemented in the higher layer with the physical layer security approach

High Assurance Models for Secure Systems

Science.gov (United States)

Almohri, Hussain M. J.

2013-01-01

Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

OpenID Connect as a security service in cloud-based medical imaging systems.

Science.gov (United States)

Ma, Weina; Sartipi, Kamran; Sharghigoorabi, Hassan; Koff, David; Bak, Peter

2016-04-01

The evolution of cloud computing is driving the next generation of medical imaging systems. However, privacy and security concerns have been consistently regarded as the major obstacles for adoption of cloud computing by healthcare domains. OpenID Connect, combining OpenID and OAuth together, is an emerging representational state transfer-based federated identity solution. It is one of the most adopted open standards to potentially become the de facto standard for securing cloud computing and mobile applications, which is also regarded as "Kerberos of cloud." We introduce OpenID Connect as an authentication and authorization service in cloud-based diagnostic imaging (DI) systems, and propose enhancements that allow for incorporating this technology within distributed enterprise environments. The objective of this study is to offer solutions for secure sharing of medical images among diagnostic imaging repository (DI-r) and heterogeneous picture archiving and communication systems (PACS) as well as Web-based and mobile clients in the cloud ecosystem. The main objective is to use OpenID Connect open-source single sign-on and authorization service and in a user-centric manner, while deploying DI-r and PACS to private or community clouds should provide equivalent security levels to traditional computing model.

12 CFR 792.67 - Security of systems of records.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Security of systems of records. 792.67 Section... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.67 Security of systems of records. (a) Each system manager, with the approval of the head of that...

Software Safety and Security

CERN Document Server

Nipkow, T; Hauptmann, B

2012-01-01

Recent decades have seen major advances in methods and tools for checking the safety and security of software systems. Automatic tools can now detect security flaws not only in programs of the order of a million lines of code, but also in high-level protocol descriptions. There has also been something of a breakthrough in the area of operating system verification. This book presents the lectures from the NATO Advanced Study Institute on Tools for Analysis and Verification of Software Safety and Security; a summer school held at Bayrischzell, Germany, in 2011. This Advanced Study Institute was

Improving Security in the ATLAS PanDA System

International Nuclear Information System (INIS)

Caballero, J; Maeno, T; Potekhin, M; Wenaus, T; Nilsson, P; Stewart, G

2011-01-01

The security challenges faced by users of the grid are considerably different to those faced in previous environments. The adoption of pilot jobs systems by LHC experiments has mitigated many of the problems associated with the inhomogeneities found on the grid and has greatly improved job reliability; however, pilot jobs systems themselves must then address many security issues, including the execution of multiple users' code under a common 'grid' identity. In this paper we describe the improvements and evolution of the security model in the ATLAS PanDA (Production and Distributed Analysis) system. We describe the security in the PanDA server which is in place to ensure that only authorized members of the VO are allowed to submit work into the system and that jobs are properly audited and monitored. We discuss the security in place between the pilot code itself and the PanDA server, ensuring that only properly authenticated workload is delivered to the pilot for execution. When the code to be executed is from a 'normal' ATLAS user, as opposed to the production system or other privileged actor, then the pilot may use an EGEE developed identity switching tool called gLExec. This changes the grid proxy available to the job and also switches the UNIX user identity to protect the privileges of the pilot code proxy. We describe the problems in using this system and how they are overcome. Finally, we discuss security drills which have been run using PanDA and show how these improved our operational security procedures.

Design and implementation of modular home security system with short messaging system

Directory of Open Access Journals (Sweden)

Budijono Santoso

2014-03-01

Full Text Available Today we are living in 21st century where crime become increasing and everyone wants to secure they asset at their home. In that situation user must have system with advance technology so person do not worry when getting away from his home. It is therefore the purpose of this design to provide home security device, which send fast information to user GSM (Global System for Mobile mobile device using SMS (Short Messaging System and also activate - deactivate system by SMS. The Modular design of this Home Security System make expandable their capability by add more sensors on that system. Hardware of this system has been designed using microcontroller AT Mega 328, PIR (Passive Infra Red motion sensor as the primary sensor for motion detection, camera for capturing images, GSM module for sending and receiving SMS and buzzer for alarm. For software this system using Arduino IDE for Arduino and Putty for testing connection programming in GSM module. This Home Security System can monitor home area that surrounding by PIR sensor and sending SMS, save images capture by camera, and make people panic by turn on the buzzer when trespassing surrounding area that detected by PIR sensor. The Modular Home Security System has been tested and succeed detect human movement.

System security in the space flight operations center

Science.gov (United States)

Wagner, David A.

1988-01-01

The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to risk assessment, security plan development, security implications of design requirements, automatic safeguards, and procedural safeguards.

Use of Attack Graphs in Security Systems

Directory of Open Access Journals (Sweden)

Vivek Shandilya

2014-01-01

Full Text Available Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.

Information security requirements in patient-centred healthcare support systems.

Science.gov (United States)

Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

2013-01-01

Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

Deployment of ERP Systems at Automotive Industries, Security Inspection (Case Study: IRAN KHODRO Automotive Company)

Science.gov (United States)

Ali, Hatamirad; Hasan, Mehrjerdi

Automotive industry and car production process is one of the most complex and large-scale production processes. Today, information technology (IT) and ERP systems incorporates a large portion of production processes. Without any integrated systems such as ERP, the production and supply chain processes will be tangled. The ERP systems, that are last generation of MRP systems, make produce and sale processes of these industries easier and this is the major factor of development of these industries anyhow. Today many of large-scale companies are developing and deploying the ERP systems. The ERP systems facilitate many of organization processes and make organization to increase efficiency. The security is a very important part of the ERP strategy at the organization, Security at the ERP systems, because of integrity and extensive, is more important of local and legacy systems. Disregarding of this point can play a giant role at success or failure of this kind of systems. The IRANKHODRO is the biggest automotive factory in the Middle East with an annual production over 600.000 cars. This paper presents ERP security deployment experience at the "IRANKHODRO Company". Recently, by launching ERP systems, it moved a big step toward more developments.

Measurable Control System Security through Ideal Driven Technical Metrics

Energy Technology Data Exchange (ETDEWEB)

Miles McQueen; Wayne Boyer; Sean McBride; Marie Farrar; Zachary Tudor

2008-01-01

The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based on these ideals, a draft set of proposed technical metrics was developed to allow control systems owner-operators to track improvements or degradations in their individual control systems security posture. The technical metrics development effort included review and evaluation of over thirty metrics-related documents. On the bases of complexity, ambiguity, or misleading and distorting effects the metrics identified during the reviews were determined to be weaker than necessary to aid defense against the myriad threats posed by cyber-terrorism to human safety, as well as to economic prosperity. Using the results of our metrics review and the set of security ideals as a starting point for metrics development, we identified thirteen potential technical metrics - with at least one metric supporting each ideal. Two case study applications of the ideals and thirteen metrics to control systems were then performed to establish potential difficulties in applying both the ideals and the metrics. The case studies resulted in no changes to the ideals, and only a few deletions and refinements to the thirteen potential metrics. This led to a final proposed set of ten core technical metrics. To further validate the security ideals, the modifications made to the original thirteen potential metrics, and the final proposed set of ten core metrics, seven separate control systems security assessments performed over the past three years were reviewed for findings and recommended mitigations. These findings and mitigations were then mapped to the security ideals and metrics to assess gaps in their coverage. The mappings indicated that there are no gaps in the security ideals and that the ten core technical metrics provide significant coverage of standard security issues with 87% coverage. Based

A Novel Secure IoT-Based Smart Home Automation System Using a Wireless Sensor Network

Science.gov (United States)

Pirbhulal, Sandeep; Zhang, Heye; E Alahi, Md Eshrat; Ghayvat, Hemant; Mukhopadhyay, Subhas Chandra; Zhang, Yuan-Ting; Wu, Wanqing

2016-01-01

Wireless sensor networks (WSNs) provide noteworthy benefits over traditional approaches for several applications, including smart homes, healthcare, environmental monitoring, and homeland security. WSNs are integrated with the Internet Protocol (IP) to develop the Internet of Things (IoT) for connecting everyday life objects to the internet. Hence, major challenges of WSNs include: (i) how to efficiently utilize small size and low-power nodes to implement security during data transmission among several sensor nodes; (ii) how to resolve security issues associated with the harsh and complex environmental conditions during data transmission over a long coverage range. In this study, a secure IoT-based smart home automation system was developed. To facilitate energy-efficient data encryption, a method namely Triangle Based Security Algorithm (TBSA) based on efficient key generation mechanism was proposed. The proposed TBSA in integration of the low power Wi-Fi were included in WSNs with the Internet to develop a novel IoT-based smart home which could provide secure data transmission among several associated sensor nodes in the network over a long converge range. The developed IoT based system has outstanding performance by fulfilling all the necessary security requirements. The experimental results showed that the proposed TBSA algorithm consumed less energy in comparison with some existing methods. PMID:28042831

A Novel Secure IoT-Based Smart Home Automation System Using a Wireless Sensor Network.

Science.gov (United States)

Pirbhulal, Sandeep; Zhang, Heye; E Alahi, Md Eshrat; Ghayvat, Hemant; Mukhopadhyay, Subhas Chandra; Zhang, Yuan-Ting; Wu, Wanqing

2016-12-30

Wireless sensor networks (WSNs) provide noteworthy benefits over traditional approaches for several applications, including smart homes, healthcare, environmental monitoring, and homeland security. WSNs are integrated with the Internet Protocol (IP) to develop the Internet of Things (IoT) for connecting everyday life objects to the internet. Hence, major challenges of WSNs include: (i) how to efficiently utilize small size and low-power nodes to implement security during data transmission among several sensor nodes; (ii) how to resolve security issues associated with the harsh and complex environmental conditions during data transmission over a long coverage range. In this study, a secure IoT-based smart home automation system was developed. To facilitate energy-efficient data encryption, a method namely Triangle Based Security Algorithm (TBSA) based on efficient key generation mechanism was proposed. The proposed TBSA in integration of the low power Wi-Fi were included in WSNs with the Internet to develop a novel IoT-based smart home which could provide secure data transmission among several associated sensor nodes in the network over a long converge range. The developed IoT based system has outstanding performance by fulfilling all the necessary security requirements. The experimental results showed that the proposed TBSA algorithm consumed less energy in comparison with some existing methods.

A Novel Secure IoT-Based Smart Home Automation System Using a Wireless Sensor Network

Directory of Open Access Journals (Sweden)

Sandeep Pirbhulal

2016-12-01

Full Text Available Wireless sensor networks (WSNs provide noteworthy benefits over traditional approaches for several applications, including smart homes, healthcare, environmental monitoring, and homeland security. WSNs are integrated with the Internet Protocol (IP to develop the Internet of Things (IoT for connecting everyday life objects to the internet. Hence, major challenges of WSNs include: (i how to efficiently utilize small size and low-power nodes to implement security during data transmission among several sensor nodes; (ii how to resolve security issues associated with the harsh and complex environmental conditions during data transmission over a long coverage range. In this study, a secure IoT-based smart home automation system was developed. To facilitate energy-efficient data encryption, a method namely Triangle Based Security Algorithm (TBSA based on efficient key generation mechanism was proposed. The proposed TBSA in integration of the low power Wi-Fi were included in WSNs with the Internet to develop a novel IoT-based smart home which could provide secure data transmission among several associated sensor nodes in the network over a long converge range. The developed IoT based system has outstanding performance by fulfilling all the necessary security requirements. The experimental results showed that the proposed TBSA algorithm consumed less energy in comparison with some existing methods.

OpenID connect as a security service in Cloud-based diagnostic imaging systems

Science.gov (United States)

Ma, Weina; Sartipi, Kamran; Sharghi, Hassan; Koff, David; Bak, Peter

2015-03-01

The evolution of cloud computing is driving the next generation of diagnostic imaging (DI) systems. Cloud-based DI systems are able to deliver better services to patients without constraining to their own physical facilities. However, privacy and security concerns have been consistently regarded as the major obstacle for adoption of cloud computing by healthcare domains. Furthermore, traditional computing models and interfaces employed by DI systems are not ready for accessing diagnostic images through mobile devices. RESTful is an ideal technology for provisioning both mobile services and cloud computing. OpenID Connect, combining OpenID and OAuth together, is an emerging REST-based federated identity solution. It is one of the most perspective open standards to potentially become the de-facto standard for securing cloud computing and mobile applications, which has ever been regarded as "Kerberos of Cloud". We introduce OpenID Connect as an identity and authentication service in cloud-based DI systems and propose enhancements that allow for incorporating this technology within distributed enterprise environment. The objective of this study is to offer solutions for secure radiology image sharing among DI-r (Diagnostic Imaging Repository) and heterogeneous PACS (Picture Archiving and Communication Systems) as well as mobile clients in the cloud ecosystem. Through using OpenID Connect as an open-source identity and authentication service, deploying DI-r and PACS to private or community clouds should obtain equivalent security level to traditional computing model.

Computer Security: Protect your plant: a "serious game" about control system cyber-security

CERN Multimedia

Stefan Lueders, Computer Security Team

2015-01-01

Control system cyber-security is attracting increasing attention: from cybercriminals, from the media and from security researchers.   After the legendary “Stuxnet” attacks of 2010 against an Iranian uranium enrichment plant, the infiltration of Saudi Aramco in 2012, and most recently the hacking of German blast furnaces, we should be prepared. Just imagine what would happen if hackers turned off the lights in Geneva and the Pays-de-Gex for a month? (“Hacking control systems, switching lights off!"). Or if attackers infiltrated CERN’s accelerator or experiment control systems and stopped us from pursuing our core business: delivering beams and recording particle collisions (“Hacking control systems, switching... accelerators off?"). Now you can test your ability to protect an industrial plant against cyber-threats! The Computer Security Team, in collaboration with Kaspersky Lab, is organising a so-...

Evaluation of Data Security Measures in a Network Environment Towards Developing Cooperate Data Security Guidelines

OpenAIRE

Ayub Hussein Shirandula; Dr. G. Wanyembi; Mr. Maina karume

2012-01-01

Data security in a networked environment is a topic that has become significant in organizations. As companies and organizations rely more on technology to run their businesses, connecting system to each other in different departments for efficiency data security is the concern for administrators. This research assessed the data security measures put in place at Mumias Sugar Company and the effort it was using to protect its data. The researcher also highlighted major security issues that wer...

Review on security issues in RFID systems

Directory of Open Access Journals (Sweden)

Mohamed El Beqqal

2017-12-01

Full Text Available Radio frequency Identification (RFID is currently considered as one of the most used technologies for an automatic identification of objects or people. Based on a combination of tags and readers, RFID technology has widely been applied in various areas including supply chain, production and traffic control systems. However, despite of its numerous advantages, the technology brings out many challenges and concerns still not being attracting more and more researchers especially the security and privacy issues. In this paper, we review some of the recent research works using RFID solutions and dealing with security and privacy issues, we define our specific parameters and requirements allowing us to classify for each work which part of the RFID system is being secured, the solutions and the techniques used besides the conformity to RFID standards. Finally, we present briefly a solution that consists of combining RFID with smartcard based biometric to enhance security especially in access control scenarios. Hence the result of our study aims to give a clear vision of available solutions and techniques used to prevent and secure the RFID system from specific threats and attacks.

Data security in Intelligent Transport Systems

Directory of Open Access Journals (Sweden)

Tomas Zelinka

2012-10-01

Full Text Available Intelligent Transport Services expect availability of the secure seamless communications solutions typically covering widely spread areas. Different ITS solutions require different portfolio of telecommunications service quality. These parameters have to correspond with ITS service performance parameters required by specific service. Even though quite extensive range of public wireless data services with reasonable coverage are provided, most of them are provided with no guaranteed quality and security. ITS requirements can be in most parameters easier reached if multi-path communications systems are applied core solution is combined with both public as well as private ones where and when it is needed. Such solution requires implementation of relevant flexible system architecture supported by the efficient decision processes. This paper is concentrated the telecommunications security issues relevant to the ITS wide area networking. Expected level of security varies in dependence on relevant ITS service requirements. Data volumes transferred both in private data vehicle on board networks as well as between vehicles and infrastructure (C2I or other vehicles (C2C progressively grow. Such trend upsurges the fatal problems appearance probability in case security of the wide area networks is not relevantly treated. That is reason why relevant communications security treatment becomes crucial part of the ITS solution. Besides of available "off shelf" security tools we present solution based on non-public universal identifier with dynamical extension (time and position dependency as an autonomous variables and data selection according to actor role or category. Presented results were obtained within projects e-Ident1, DOTEK2 and SRATVU3.

Process Control Systems in the Chemical Industry: Safety vs. Security

Energy Technology Data Exchange (ETDEWEB)

Jeffrey Hahn; Thomas Anderson

2005-04-01

Traditionally, the primary focus of the chemical industry has been safety and productivity. However, recent threats to our nation’s critical infrastructure have prompted a tightening of security measures across many different industry sectors. Reducing vulnerabilities of control systems against physical and cyber attack is necessary to ensure the safety, security and effective functioning of these systems. The U.S. Department of Homeland Security has developed a strategy to secure these vulnerabilities. Crucial to this strategy is the Control Systems Security and Test Center (CSSTC) established to test and analyze control systems equipment. In addition, the CSSTC promotes a proactive, collaborative approach to increase industry's awareness of standards, products and processes that can enhance the security of control systems. This paper outlines measures that can be taken to enhance the cybersecurity of process control systems in the chemical sector.

TOWARD HIGHLY SECURE AND AUTONOMIC COMPUTING SYSTEMS: A HIERARCHICAL APPROACH

Energy Technology Data Exchange (ETDEWEB)

Lee, Hsien-Hsin S

2010-05-11

The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniques and system software for achieving a robust, secure, and reliable computing system toward our goal.

Critical infrastructure system security and resiliency

CERN Document Server

Biringer, Betty; Warren, Drake

2013-01-01

Security protections for critical infrastructure nodes are intended to minimize the risks resulting from an initiating event, whether it is an intentional malevolent act or a natural hazard. With an emphasis on protecting an infrastructure's ability to perform its mission or function, Critical Infrastructure System Security and Resiliency presents a practical methodology for developing an effective protection system that can either prevent undesired events or mitigate the consequences of such events.Developed at Sandia National Labs, the authors' analytical approach and

How secure is your information system? An investigation into actual healthcare worker password practices.

Science.gov (United States)

Cazier, Joseph A; Medlin, B Dawn

2006-09-27

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed.

The IAEA Inspections: Creating a Collective Security System

International Nuclear Information System (INIS)

Le Guelte, Georges

2003-01-01

Through their successes, their achievements and the hopes they raised of a world where the law would replace the arbitrary, but also through the failures imputed to them and the fragility of their action, the inspections of the International Atomic Energy Agency (IAEA) have become a symbol of the capacities, the limits, and the weaknesses of the international system founded in 1945 by the UN Charter. Originally, their objective was much more limited. Historical developments - the Cold War, in particular - have turned the inspections into the major instrument of a unique mechanism of collective security, that is recovering its full significance in the current international context

Information security system quality assessment through the intelligent tools

Science.gov (United States)

Trapeznikov, E. V.

2018-04-01

The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

Security infrastructures: towards the INDECT system security

OpenAIRE

Stoianov, Nikolai; Urueña, Manuel; Niemiec, Marcin; Machník, Petr; Maestro, Gema

2012-01-01

This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI...

A Novel Multifactor Authentication System Ensuring Usability and Security

OpenAIRE

Mathew, Gloriya; Thomas, Shiney

2013-01-01

User authentication is one of the most important part of information security. Computer security most commonly depends on passwords to authenticate human users. Password authentication systems will be either been usable but not secure, or secure but not usable. While there are different types of authentication systems available alphanumeric password is the most commonly used authentication mechanism. But this method has significant drawbacks. An alternative solution to the text based authenti...

Cost and performance analysis of physical security systems

International Nuclear Information System (INIS)

Hicks, M.J.; Yates, D.; Jago, W.H.; Phillips, A.W.

1998-04-01

Analysis of cost and performance of physical security systems can be a complex, multi-dimensional problem. There are a number of point tools that address various aspects of cost and performance analysis. Increased interest in cost tradeoffs of physical security alternatives has motivated development of an architecture called Cost and Performance Analysis (CPA), which takes a top-down approach to aligning cost and performance metrics. CPA incorporates results generated by existing physical security system performance analysis tools, and utilizes an existing cost analysis tool. The objective of this architecture is to offer comprehensive visualization of complex data to security analysts and decision-makers

CRITICAL ASSESSMENT OF AUDITING CONTRIBUTIONS TO EFFECTIVE AND EFFICIENT SECURITY IN DATABASE SYSTEMS

OpenAIRE

Olumuyiwa O. Matthew; Carl Dudley

2015-01-01

Database auditing has become a very crucial aspect of security as organisations increase their adoption of database management systems (DBMS) as major asset that keeps, maintain and monitor sensitive information. Database auditing is the group of activities involved in observing a set of stored data in order to be aware of the actions of users. The work presented here outlines the main auditing techniques and methods. Some architectural based auditing systems were also consider...

Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

International Nuclear Information System (INIS)

Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K.

2012-01-01

The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases

Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

Energy Technology Data Exchange (ETDEWEB)

Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K. [KAERI, Daejeon (Korea, Republic of)

2012-10-15

The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases.

5 CFR 930.301 - Information systems security awareness training program.

Science.gov (United States)

2010-01-01

... 5 Administrative Personnel 2 2010-01-01 2010-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems § 930.301 Information systems security awareness training program. Each Executive Agency must develop a...

Help for the Developers of Control System Cyber Security Standards

Energy Technology Data Exchange (ETDEWEB)

Robert P. Evans

2008-05-01

A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

Systematic elicitation of cyber-security controls for NPP I and C system

Energy Technology Data Exchange (ETDEWEB)

Lee, M. S.; Kim, T. H. [Formal Works Inc., Seoul (Korea, Republic of); Park, S. P. [AhnLab Inc., Seongnam (Korea, Republic of); Kim, Y. M. [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of)

2015-05-15

Cyber-security implementation starts with a development of a cyber security plan considering characteristics of I and C system. In this paper, we describe a method that develops a cyber security plan for NPP I and C system. Especially, we propose a method for systematic elicitation of technical security controls that should be applied to I and C system. We expect that this study can provide a basis to develop a cyber-security plan for I and C system. Also, the study can contribute enhancing security to NPP I and C system. The rest of the paper is organized as follows: Section 2 introduces activities to develop a cyber-security plan and presents the result of each activity of the security plan. Section 3 concludes the paper. We proposed a method for systematic elicitation of security controls and described the method through examples. Development companies that want to implement cyber-security in I and C system can develop a cyber-security plan and apply the cyber-security program to their system according to our method. We expect that this study can provide a basis to develop a cyber-security plan for I and C system. Also, the study can contribute enhancing security to NPP I and C system.

Systematic elicitation of cyber-security controls for NPP I and C system

International Nuclear Information System (INIS)

Lee, M. S.; Kim, T. H.; Park, S. P.; Kim, Y. M.

2015-01-01

Cyber-security implementation starts with a development of a cyber security plan considering characteristics of I and C system. In this paper, we describe a method that develops a cyber security plan for NPP I and C system. Especially, we propose a method for systematic elicitation of technical security controls that should be applied to I and C system. We expect that this study can provide a basis to develop a cyber-security plan for I and C system. Also, the study can contribute enhancing security to NPP I and C system. The rest of the paper is organized as follows: Section 2 introduces activities to develop a cyber-security plan and presents the result of each activity of the security plan. Section 3 concludes the paper. We proposed a method for systematic elicitation of security controls and described the method through examples. Development companies that want to implement cyber-security in I and C system can develop a cyber-security plan and apply the cyber-security program to their system according to our method. We expect that this study can provide a basis to develop a cyber-security plan for I and C system. Also, the study can contribute enhancing security to NPP I and C system

Internetting tactical security sensor systems

Science.gov (United States)

Gage, Douglas W.; Bryan, W. D.; Nguyen, Hoa G.

1998-08-01

The Multipurpose Surveillance and Security Mission Platform (MSSMP) is a distributed network of remote sensing packages and control stations, designed to provide a rapidly deployable, extended-range surveillance capability for a wide variety of military security operations and other tactical missions. The baseline MSSMP sensor suite consists of a pan/tilt unit with video and FLIR cameras and laser rangefinder. With an additional radio transceiver, MSSMP can also function as a gateway between existing security/surveillance sensor systems such as TASS, TRSS, and IREMBASS, and IP-based networks, to support the timely distribution of both threat detection and threat assessment information. The MSSMP system makes maximum use of Commercial Off The Shelf (COTS) components for sensing, processing, and communications, and of both established and emerging standard communications networking protocols and system integration techniques. Its use of IP-based protocols allows it to freely interoperate with the Internet -- providing geographic transparency, facilitating development, and allowing fully distributed demonstration capability -- and prepares it for integration with the IP-based tactical radio networks that will evolve in the next decade. Unfortunately, the Internet's standard Transport layer protocol, TCP, is poorly matched to the requirements of security sensors and other quasi- autonomous systems in being oriented to conveying a continuous data stream, rather than discrete messages. Also, its canonical 'socket' interface both conceals short losses of communications connectivity and simply gives up and forces the Application layer software to deal with longer losses. For MSSMP, a software applique is being developed that will run on top of User Datagram Protocol (UDP) to provide a reliable message-based Transport service. In addition, a Session layer protocol is being developed to support the effective transfer of control of multiple platforms among multiple control

Hybrid algorithm for rotor angle security assessment in power systems

Directory of Open Access Journals (Sweden)

D. Prasad Wadduwage

2015-08-01

Full Text Available Transient rotor angle stability assessment and oscillatory rotor angle stability assessment subsequent to a contingency are integral components of dynamic security assessment (DSA in power systems. This study proposes a hybrid algorithm to determine whether the post-fault power system is secure due to both transient rotor angle stability and oscillatory rotor angle stability subsequent to a set of known contingencies. The hybrid algorithm first uses a new security measure developed based on the concept of Lyapunov exponents (LEs to determine the transient security of the post-fault power system. Later, the transient secure power swing curves are analysed using an improved Prony algorithm which extracts the dominant oscillatory modes and estimates their damping ratios. The damping ratio is a security measure about the oscillatory security of the post-fault power system subsequent to the contingency. The suitability of the proposed hybrid algorithm for DSA in power systems is illustrated using different contingencies of a 16-generator 68-bus test system and a 50-generator 470-bus test system. The accuracy of the stability conclusions and the acceptable computational burden indicate that the proposed hybrid algorithm is suitable for real-time security assessment with respect to both transient rotor angle stability and oscillatory rotor angle stability under multiple contingencies of the power system.

Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

Science.gov (United States)

Edwards, Keith

2015-01-01

Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

Information Security Management - Part Of The Integrated Management System

Science.gov (United States)

Manea, Constantin Adrian

2015-07-01

The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Science.gov (United States)

2010-07-01

... 39 Postal Service 1 2010-07-01 2010-07-01 false Reporting Postage Evidencing System security... security weaknesses. (a) For purposes of this section, provider refers to the Postage Evidencing System... Evidencing System model subject to each such method. Potential security weaknesses include but are not...

APPROACHES TO THE SECURITY SYSTEM AT THE MS SHAREPOINT

Directory of Open Access Journals (Sweden)

Iryna V. Zolotarenko

2010-10-01

Full Text Available Relevance of the material contained in the article is conditioned by pressing needs of society in creating secure information systems, facilitating the introduction of advanced information technologies in the education department. Security is important for the reliability and efficiency of such systems. One way of solving the security problem is the distribution of categories of users and granting their rights at different levels. The paper analyzes general approaches to organize groups and permission levels of users in information systems developed based on MS SharePoint. The main design decisions on security in information system planning research at the National Academy of Pedagogical Sciences of Ukraine based on the Internet use the conceptual results of this article.

77 FR 11385 - Security Considerations for Lavatory Oxygen Systems

Science.gov (United States)

2012-02-27

... considerations for lavatory oxygen systems (77 FR 12550). The interim final rule addresses a security... and taken to restore the oxygen system with a design that would consider the security risk. Boeing... [Docket No. FAA-2011-0186; Amdt. Nos. 21-94, 25-133, 121-354, 129-50; SFAR 111] RIN 2120-AJ92 Security...

The Remote Security Station (RSS) final report

International Nuclear Information System (INIS)

Pletta, J.B.; Amai, W.A.; Klarer, P.; Frank, D.; Carlson, J.; Byrne, R.

1992-10-01

The Remote Security Station (RSS) was developed by Sandia National Laboratories for the Defense Nuclear Agency to investigate issues pertaining to robotics and sensor fusion in physical security systems. This final report documents the status of the RSS program at its completion in April 1992. The RSS system consists of the Man Portable Security Station (MaPSS) and the Telemanaged Mobile Security Station (TMSS), which are integrated by the Operator's Control Unit (OCU) into a flexible exterior perimeter security system. The RSS system uses optical, infrared, microwave, and acoustic intrusion detection sensors in conjunction with sensor fusion techniques to increase the probability of detection and to decrease the nuisance alarm rate of the system. Major improvements to the system developed during the final year are an autonomous patrol capability, which allows TMSS to execute security patrols with limited operator interaction, and a neural network approach to sensor fusion, which significantly improves the system's ability to filter out nuisance alarms due to adverse weather conditions

A Multifactor Secure Authentication System for Wireless Payment

Science.gov (United States)

Sanyal, Sugata; Tiwari, Ayu; Sanyal, Sudip

Organizations are deploying wireless based online payment applications to expand their business globally, it increases the growing need of regulatory requirements for the protection of confidential data, and especially in internet based financial areas. Existing internet based authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. The vulnerability is that access is based on only single factor authentication which is not secure to protect user data, there is a need of multifactor authentication. This paper proposes a new protocol based on multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce another security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy with in a limited resources that does not require any change in infrastructure or underline protocol of wireless network. This Protocol for Wireless Payment is extended as a two way authentications system to satisfy the emerging market need of mutual authentication and also supports secure B2B communication which increases faith of the user and business organizations on wireless financial transaction using mobile devices.

Secure Automated Microgrid Energy System

Science.gov (United States)

2016-12-01

O&M Operations and Maintenance PSO Power System Optimization PV Photovoltaic RAID Redundant Array of Independent Disks RBAC Role...elements of the initial study and operational power system model (feeder size , protective devices, generation sources, controllable loads, transformers...EW-201340) Secure Automated Microgrid Energy System December 2016 This document has been cleared for public release; Distribution Statement A

Android based security and home automation system

OpenAIRE

Khan, Sadeque Reza; Dristy, Farzana Sultana

2015-01-01

The smart mobile terminal operator platform Android is getting popular all over the world with its wide variety of applications and enormous use in numerous spheres of our daily life. Considering the fact of increasing demand of home security and automation, an Android based control system is presented in this paper where the proposed system can maintain the security of home main entrance and also the car door lock. Another important feature of the designed system is that it can control the o...

Information systems security policies: a survey in Portuguese public administration

OpenAIRE

Lopes, Isabel Maria; Sá-Soares, Filipe de

2010-01-01

Information Systems Security is a relevant factor for present organizations. Among the security measures, policies assume a central role in literature. However, there is a reduced number of empirical studies about the adoption of information systems security policies. This paper contributes to mitigate this flaw by presenting the results of a survey in the adoption of Information System Security Policies in Local Public Administration in Portugal. The results are discussed in light of literat...

Modelling operations and security of cloud systems using Z-notation and Chinese Wall security policy

Science.gov (United States)

Basu, Srijita; Sengupta, Anirban; Mazumdar, Chandan

2016-11-01

Enterprises are increasingly using cloud computing for hosting their applications. Availability of fast Internet and cheap bandwidth are causing greater number of people to use cloud-based services. This has the advantage of lower cost and minimum maintenance. However, ensuring security of user data and proper management of cloud infrastructure remain major areas of concern. Existing techniques are either too complex, or fail to properly represent the actual cloud scenario. This article presents a formal cloud model using the constructs of Z-notation. Principles of the Chinese Wall security policy have been applied to design secure cloud-specific operations. The proposed methodology will enable users to safely host their services, as well as process sensitive data, on cloud.

Globally reasoning about localised security policies in distributed systems

DEFF Research Database (Denmark)

Hernandez, Alejandro Mario

In this report, we aim at establishing proper ways for model checking the global security of distributed systems, which are designed consisting of set of localised security policies that enforce specific issues about the security expected. The systems are formally specified following a syntax......, defined in detail in this report, and their behaviour is clearly established by the Semantics, also defined in detail in this report. The systems include the formal attachment of security policies into their locations, whose intended interactions are trapped by the policies, aiming at taking access...... control decisions of the system, and the Semantics also takes care of this. Using the Semantics, a Labelled Transition System (LTS) can be induced for every particular system, and over this LTS some model checking tasks could be done. We identify how this LTS is indeed obtained, and propose an alternative...

A biometric method to secure telemedicine systems.

Science.gov (United States)

Zhang, G H; Poon, Carmen C Y; Li, Ye; Zhang, Y T

2009-01-01

Security and privacy are among the most crucial issues for data transmission in telemedicine systems. This paper proposes a solution for securing wireless data transmission in telemedicine systems, i.e. within a body sensor network (BSN), between the BSN and server as well as between the server and professionals who have assess to the server. A unique feature of this solution is the generation of random keys by physiological data (i.e. a biometric approach) for securing communication at all 3 levels. In the performance analysis, inter-pulse interval of photoplethysmogram is used as an example to generate these biometric keys to protect wireless data transmission. The results of statistical analysis and computational complexity suggest that this type of key is random enough to make telemedicine systems resistant to attacks.

Security-aware design for cyber-physical systems a platform-based approach

CERN Document Server

Lin, Chung-Wei

2017-01-01

Addressing the rising security issues during the design stages of cyber-physical systems, this book develops a systematic approach to address security at early design stages together with all other design constraints. Cyber-attacks become more threatening as systems are becoming more connected with the surrounding environment, infrastructures, and other systems. Security mechanisms can be designed to protect against attacks and meet security requirements, but there are many challenges of applying security mechanisms to cyber-physical systems including open environments, limited resources, strict timing requirements, and large number of devices. Designed for researchers and professionals, this book is valuable for individuals working in network systems, security mechanisms, and system design. It is also suitable for advanced-level students of computer science. .

Gross anatomy of network security

Science.gov (United States)

Siu, Thomas J.

2002-01-01

Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

Designing Fuzzy Rule Based Expert System for Cyber Security

OpenAIRE

Goztepe, Kerim

2016-01-01

The state of cyber security has begun to attract more attention and interest outside the community of computer security experts. Cyber security is not a single problem, but rather a group of highly different problems involving different sets of threats. Fuzzy Rule based system for cyber security is a system consists of a rule depository and a mechanism for accessing and running the rules. The depository is usually constructed with a collection of related rule sets. The aim of this study is to...

A Stochastic Model for Improving Information Security in Supply Chain Systems

OpenAIRE

Ibrahim Al Kattan; Ahmed Al Nunu; Kassem Saleh

2009-01-01

This article presents a probabilistic security model for supply chain management systems (SCM) in which the basic goals of security (including confidentiality, integrity, availability and accountability, CIAA) are modeled and analyzed. Consequently, the weak points in system security are identified. A stochastic model using measurable values to describe the information system security of a SCM is introduced. Information security is a crucial and integral part of the network of supply chains. ...

Evaluating and projecting the European security system

International Nuclear Information System (INIS)

Dean, J.

1991-01-01

Components of the new European security system are described taking into account the new policy making and possibilities to resolve conflicts. Programmes for political and economic integration and co-operation managed by the European Community will provide main positive content of the new European security system. An insight of the future of nuclear armaments in Europe is included together with confidence building measure and the role of NATO

Security for safety critical space borne systems

Science.gov (United States)

Legrand, Sue

1987-01-01

The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

Ideal Based Cyber Security Technical Metrics for Control Systems

Energy Technology Data Exchange (ETDEWEB)

W. F. Boyer; M. A. McQueen

2007-10-01

Much of the world's critical infrastructure is at risk from attack through electronic networks connected to control systems. Security metrics are important because they provide the basis for management decisions that affect the protection of the infrastructure. A cyber security technical metric is the security relevant output from an explicit mathematical model that makes use of objective measurements of a technical object. A specific set of technical security metrics are proposed for use by the operators of control systems. Our proposed metrics are based on seven security ideals associated with seven corresponding abstract dimensions of security. We have defined at least one metric for each of the seven ideals. Each metric is a measure of how nearly the associated ideal has been achieved. These seven ideals provide a useful structure for further metrics development. A case study shows how the proposed metrics can be applied to an operational control system.

Optical Imaging Sensors and Systems for Homeland Security Applications

CERN Document Server

Javidi, Bahram

2006-01-01

Optical and photonic systems and devices have significant potential for homeland security. Optical Imaging Sensors and Systems for Homeland Security Applications presents original and significant technical contributions from leaders of industry, government, and academia in the field of optical and photonic sensors, systems and devices for detection, identification, prevention, sensing, security, verification and anti-counterfeiting. The chapters have recent and technically significant results, ample illustrations, figures, and key references. This book is intended for engineers and scientists in the relevant fields, graduate students, industry managers, university professors, government managers, and policy makers. Advanced Sciences and Technologies for Security Applications focuses on research monographs in the areas of -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection (including bios...

49 CFR 659.25 - Annual review of system safety program plan and system security plan.

Science.gov (United States)

2010-10-01

... system security plan. 659.25 Section 659.25 Transportation Other Regulations Relating to Transportation... and system security plan. (a) The oversight agency shall require the rail transit agency to conduct an annual review of its system safety program plan and system security plan. (b) In the event the rail...

THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

Directory of Open Access Journals (Sweden)

V. S. Oladko

2016-12-01

Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

Evaluation of a Cyber Security System for Hospital Network.

Science.gov (United States)

Faysel, Mohammad A

2015-01-01

Most of the cyber security systems use simulated data in evaluating their detection capabilities. The proposed cyber security system utilizes real hospital network connections. It uses a probabilistic data mining algorithm to detect anomalous events and takes appropriate response in real-time. On an evaluation using real-world hospital network data consisting of incoming network connections collected for a 24-hour period, the proposed system detected 15 unusual connections which were undetected by a commercial intrusion prevention system for the same network connections. Evaluation of the proposed system shows a potential to secure protected patient health information on a hospital network.

Cryptanalyzing a discrete-time chaos synchronization secure communication system

International Nuclear Information System (INIS)

Alvarez, G.; Montoya, F.; Romera, M.; Pastor, G.

2004-01-01

This paper describes the security weakness of a recently proposed secure communication method based on discrete-time chaos synchronization. We show that the security is compromised even without precise knowledge of the chaotic system used. We also make many suggestions to improve its security in future versions

Hadoop-Based Healthcare Information System Design and Wireless Security Communication Implementation

Directory of Open Access Journals (Sweden)

Hongsong Chen

2015-01-01

Full Text Available Human health information from healthcare system can provide important diagnosis data and reference to doctors. However, continuous monitoring and security storage of human health data are challenging personal privacy and big data storage. To build secure and efficient healthcare application, Hadoop-based healthcare security communication system is proposed. In wireless biosensor network, authentication and key transfer should be lightweight. An ECC (Elliptic Curve Cryptography based lightweight digital signature and key transmission method are proposed to provide wireless secure communication in healthcare information system. Sunspot wireless sensor nodes are used to build healthcare secure communication network; wireless nodes and base station are assigned different tasks to achieve secure communication goal in healthcare information system. Mysql database is used to store Sunspot security entity table and measure entity table. Hadoop is used to backup and audit the Sunspot security entity table. Sqoop tool is used to import/export data between Mysql database and HDFS (Hadoop distributed file system. Ganglia is used to monitor and measure the performance of Hadoop cluster. Simulation results show that the Hadoop-based healthcare architecture and wireless security communication method are highly effective to build a wireless healthcare information system.

Comparison of Routable Control System Security Approaches

Energy Technology Data Exchange (ETDEWEB)

Edgar, Thomas W.; Hadley, Mark D.; Carroll, Thomas E.; Manz, David O.; Winn, Jennifer D.

2011-06-01

This document is an supplement to the 'Secure and Efficient Routable Control Systems.' It addressed security in routable control system communication. The control system environment that monitors and manages the power grid historically has utilized serial communication mechanisms. Leased-line serial communication environments operating at 1200 to 9600 baud rates are common. However, recent trends show that communication media such as fiber, optical carrier 3 (OC-3) speeds, mesh-based high-speed wireless, and the Internet are becoming the media of choice. In addition, a dichotomy has developed between the electrical transmission and distribution environments, with more modern communication infrastructures deployed by transmission utilities. The preceding diagram represents a typical control system. The Communication Links cloud supports all of the communication mechanisms a utility might deploy between the control center and devices in the field. Current methodologies used for security implementations are primarily led by single vendors or standards bodies. However, these entities tend to focus on individual protocols. The result is an environment that contains a mixture of security solutions that may only address some communication protocols at an increasing operational burden for the utility. A single approach is needed that meets operational requirements, is simple to operate, and provides the necessary level of security for all control system communication. The solution should be application independent (e.g., Distributed Network Protocol/Internet Protocol [DNP/IP], International Electrotechnical Commission [IEC] C37.118, Object Linking and Embedding for Process Control [OPC], etc.) and focus on the transport layer. In an ideal setting, a well-designed suite of standards for control system communication will be used for vendor implementation and compliance testing. An expected outcome of this effort is an international standard.

[Spatial-temporal pattern and obstacle factors of cultivated land ecological security in major grain producing areas of northeast China: a case study in Jilin Province].

Science.gov (United States)

Zhao, Hong-Bo; Ma, Yan-Ji

2014-02-01

According to the cultivated land ecological security in major grain production areas of Northeast China, this paper selected 48 counties of Jilin Province as the research object. Based on the PSR-EES conceptual framework model, an evaluation index system of cultivated land ecological security was built. By using the improved TOPSIS, Markov chains, GIS spatial analysis and obstacle degree models, the spatial-temporal pattern of cultivated land ecological security and the obstacle factors were analyzed from 1995 to 2011 in Jilin Province. The results indicated that, the composite index of cultivated land ecological security appeared in a rising trend in Jilin Province from 1995 to 2011, and the cultivated land ecological security level changed from being sensitive to being general. There was a pattern of 'Club Convergence' in cultivated land ecological security level in each county and the spatial discrepancy tended to become larger. The 'Polarization' trend of cultivated land ecological security level was obvious. The distributions of sensitive level and critical security level with ribbon patterns tended to be dispersed, the general security level and relative security levels concentrated, and the distributions of security level scattered. The unstable trend of cultivated land ecological security level was more and more obvious. The main obstacle factors that affected the cultivated land ecological security level in Jilin Province were rural net income per capita, economic density, the proportion of environmental protection investment in GDP, degree of machinery cultivation and the comprehensive utilization rate of industrial solid wastes.

Secure multiparty computation with a dishonest majority via quantum means

International Nuclear Information System (INIS)

Loukopoulos, Klearchos; Browne, Daniel E.

2010-01-01

We introduce a scheme for secure multiparty computation utilizing the quantum correlations of entangled states. First we present a scheme for two-party computation, exploiting the correlations of a Greenberger-Horne-Zeilinger state to provide, with the help of a third party, a near-private computation scheme. We then present a variation of this scheme which is passively secure with threshold t=2, in other words, remaining secure when pairs of players conspire together provided they faithfully follow the protocol. Furthermore, we show that the passively secure variant can be modified to be secure when cheating parties are allowed to deviate from the protocol. We show that this can be generalized to computations of n-party polynomials of degree 2 with a threshold of n-1. The threshold achieved is significantly higher than the best known classical threshold, which satisfies the bound t< n/2. Our schemes, each complying with a different definition of security, shed light on which physical assumptions are necessary in order to achieve quantum secure multiparty computation.

Development of an integrated campus security alerting system ...

African Journals Online (AJOL)

This work presents an integrated alerting system which uses both the Internet Protocol (IP) cameras and micro-switches for monitoring security situations thereby providing an immediate alerting signal to the security personnel. The system has the input unit, processing unit, control unit and the power supply unit as its ...

Home security system using internet of things

Science.gov (United States)

Anitha, A.

2017-11-01

IoT refers to the infrastructure of connected physical devices which is growing at a rapid rate as huge number of devices and objects are getting associated to the Internet. Home security is a very useful application of IoT and we are using it to create an inexpensive security system for homes as well as industrial use. The system will inform the owner about any unauthorized entry or whenever the door is opened by sending a notification to the user. After the user gets the notification, he can take the necessary actions. The security system will use a microcontroller known as Arduino Uno to interface between the components, a magnetic Reed sensor to monitor the status, a buzzer for sounding the alarm, and a WiFi module, ESP8266 to connect and communicate using the Internet. The main advantages of such a system includes the ease of setting up, lower costs and low maintenance.

Designing a machinery control system (MCS) security testbed

OpenAIRE

Desso, Nathan H.

2014-01-01

Approved for public release; distribution is unlimited Industrial control systems (ICS) face daily cyber security threats, can have a significant impact to the security of our nation, and present a difficult challenge to defend. Critical infrastructures, including military systems like the machinery control systems (MCS) found onboard modern U.S. warships, are affected because of their use of commercial automation solutions. The increase of automated control systems within the U.S. Navy sa...

Recent advances in systems safety and security

CERN Document Server

Stamatescu, Grigore

2016-01-01

This book represents a timely overview of advances in systems safety and security, based on selected, revised and extended contributions from the 2nd and 3rd editions of the International Workshop on Systems Safety and Security – IWSSS, held in 2014 and 2015, respectively, in Bucharest, Romania. It includes 14 chapters, co-authored by 34 researchers from 7 countries. The book provides an useful reference from both theoretical and applied perspectives in what concerns recent progress in this area of critical interest. Contributions, broadly grouped by core topic, address challenges related to information theoretic methods for assuring systems safety and security, cloud-based solutions, image processing approaches, distributed sensor networks and legal or risk analysis viewpoints. These are mostly accompanied by associated case studies providing additional practical value and underlying the broad relevance and impact of the field.

49 CFR 234.211 - Security of warning system apparatus.

Science.gov (United States)

2010-10-01

... 49 Transportation 4 2010-10-01 2010-10-01 false Security of warning system apparatus. 234.211... ADMINISTRATION, DEPARTMENT OF TRANSPORTATION GRADE CROSSING SIGNAL SYSTEM SAFETY AND STATE ACTION PLANS Maintenance, Inspection, and Testing Maintenance Standards § 234.211 Security of warning system apparatus...

Analysis and characterization of the security systems of the Republic of Poland and the Slovak Republic

Directory of Open Access Journals (Sweden)

Tomasz Wałek

2015-12-01

Full Text Available The publication was devoted to issues of safety systems of Poland and Slovakia. Article aims to discuss and description of the major elements, principles of operation of safety systems and identify the differences and similarities between the various systems. Article summary are the conclusions and observations about prescriptions for common actions in the field to ensure a high level of security.

Process Control System Cyber Security Standards - An Overview

Energy Technology Data Exchange (ETDEWEB)

Robert P. Evans

2006-05-01

The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.

Improving Timeliness in Real-Time Secure Database Systems

National Research Council Canada - National Science Library

Son, Sang H; David, Rasikan; Thuraisingham, Bhavani

2006-01-01

.... In addition to real-time requirements, security is usually required in many applications. Multilevel security requirements introduce a new dimension to transaction processing in real-time database systems...

Security features of a nuclear material accounting system

International Nuclear Information System (INIS)

Erkkila, B.H.

1988-01-01

The Los Alamos Nuclear Material Accounting and Safeguards System (MASS) is a near-real-time accountability system for bulk materials, discrete items, and materials undergoing dynamic processing. MASS has evolved from a 80-column, card-based process control system to a very sophisticated computer system. Recently, the computer hardware was upgraded to a modern transaction oriented central computer system designed to accommodate extensive growth in the foreseeable future. The security of the MASS computer system is provided through various access controls. There are two kinds of access controls to be addressed. They are physical access control to the hardware which make up the system and access control to the software. There are many features which provide a measure of security to the hardware that are discussed. Access to the software is controlled by a security password. Access to various transaction activities in the system is controlled through the level of MASS under privilege. Details of MASS user privilege are discussed

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Science.gov (United States)

2010-07-01

... NATIONAL SECURITY INFORMATION Safeguarding § 2001.50 Telecommunications automated information systems and... identified in the Committee on National Security Systems (CNSS) issuances and the Intelligence Community Directive (ICD) 503, Intelligence Community Information Technology Systems Security Risk Management...

Handbook for the Computer Security Certification of Trusted Systems

National Research Council Canada - National Science Library

Weissman, Clark

1995-01-01

Penetration testing is required for National Computer Security Center (NCSC) security evaluations of systems and products for the B2, B3, and A1 class ratings of the Trusted Computer System Evaluation Criteria (TCSEC...

RFID Based Security Access Control System with GSM Technology

OpenAIRE

Peter Adole; Joseph M. Môm; Gabriel A. Igwue

2016-01-01

The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID) Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises). This is achieved mainly...

77 FR 70213 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

Science.gov (United States)

2012-11-23

...-market value of the proprietary positions (e.g., securities, money market instruments, and commodities... the deductions for securities and money market positions as compared with the standardized haircuts... and Markets, Securities and Exchange Commission, 100 F Street, NE., Washington, DC 20549-7010...

Information security management system planning for CBRN facilities

Energy Technology Data Exchange (ETDEWEB)

Lenaeu, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

2015-12-01

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

Information security management system planning for CBRN facilities

International Nuclear Information System (INIS)

Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

2015-01-01

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

Supervision functions - Secure operation of sustainable power systems

DEFF Research Database (Denmark)

Morais, Hugo; Zhang, Xinxin; Lind, Morten

2013-01-01

of power systems operation control. The use of PMUs allows more penetration of DG mainly, with technologies based on renewable resources with intermittent and unpredictable operation such a wind power. This paper introduces the Secure Operation of Sustainable Power Systems (SOSPO) project. The SOSPO...... project tries to respond to the question "How to ensure a secure operation of the future power system where the operating point is heavily is fluctuating?" focusing in the Supervision module architecture and in the power system operation states. The main goal of Supervision module is to determine...... the power system operation state based on new stability and security parameters derived from PMUs measurement and coordinate the use of automatic and manual control actions. The coordination of the control action is based not only in the static indicators but also in the performance evaluation of control...

The Flask Security Architecture: System Support for Diverse Security Policies

Science.gov (United States)

2006-01-01

Flask microkernel -based operating sys­ tem, that successfully overcomes these obstacles to pol- icy flexibility. The cleaner separation of mechanism and...other object managers in the system to en- force those access control decisions. Although the pro­ totype system is microkernel -based, the security...mecha­ nisms do not depend on a microkernel architecture and will easily generalize beyond it. The resulting system provides policy flexibility. It sup

Method for secure electronic voting system: face recognition based approach

Science.gov (United States)

Alim, M. Affan; Baig, Misbah M.; Mehboob, Shahzain; Naseem, Imran

2017-06-01

In this paper, we propose a framework for low cost secure electronic voting system based on face recognition. Essentially Local Binary Pattern (LBP) is used for face feature characterization in texture format followed by chi-square distribution is used for image classification. Two parallel systems are developed based on smart phone and web applications for face learning and verification modules. The proposed system has two tire security levels by using person ID followed by face verification. Essentially class specific threshold is associated for controlling the security level of face verification. Our system is evaluated three standard databases and one real home based database and achieve the satisfactory recognition accuracies. Consequently our propose system provides secure, hassle free voting system and less intrusive compare with other biometrics.

28 CFR 16.51 - Security of systems of records.

Science.gov (United States)

2010-07-01

... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Security of systems of records. 16.51... Security of systems of records. (a) Each component shall establish administrative and physical controls to prevent unauthorized access to its systems of records, to prevent unauthorized disclosure of records, and...

13 CFR 102.33 - Security of systems of records.

Science.gov (United States)

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Security of systems of records....33 Security of systems of records. (a) Each Program/Support Office Head or designee shall establish administrative and physical controls to prevent unauthorized access to its systems of records, to prevent...

Threats to financial system security

Energy Technology Data Exchange (ETDEWEB)

McGovern, D.E.

1997-06-01

The financial system in the United States is slowly migrating from the bricks and mortar of banks on the city square to branch banks, ATM`s, and now direct linkage through computers to the home. Much work has been devoted to the security problems inherent in protecting property and people. The impact of attacks on the information aspects of the financial system has, however, received less attention. Awareness is raised through publicized events such as the junk bond fraud perpetrated by Milken or gross mismanagement in the failure of the Barings Bank through unsupervised trading activities by Leeson in Singapore. These events, although seemingly large (financial losses may be on the order of several billion dollars), are but small contributors to the estimated $114 billion loss to all types of financial fraud in 1993. Most of the losses can be traced to the contribution of many small attacks perpetrated against a variety of vulnerable components and systems. This paper explores the magnitude of these financial system losses and identifies new areas for security to be applied to high consequence events.

Secure wireless embedded systems via component-based design

DEFF Research Database (Denmark)

Hjorth, T.; Torbensen, R.

2010-01-01

This paper introduces the method secure-by-design as a way of constructing wireless embedded systems using component-based modeling frameworks. This facilitates design of secure applications through verified, reusable software. Following this method we propose a security framework with a secure c......, with full support for confidentiality, authentication, and integrity using keypairs. The approach has been demonstrated in a multi-platform home automation prototype that can remotely unlock a door using a PDA over the Internet....

Secure stand alone positive personnel identity verification system (SSA-PPIV)

International Nuclear Information System (INIS)

Merillat, P.D.

1979-03-01

The properties of a secure stand-alone positive personnel identity verification system are detailed. The system is designed to operate without the aid of a central computing facility and the verification function is performed in the absence of security personnel. Security is primarily achieved by means of data encryption on a magnetic stripe badge. Several operational configurations are discussed. Advantages and disadvantages of this system compared to a central computer driven system are detailed

Artificial immune system applications in computer security

CERN Document Server

Tan, Ying

2016-01-01

This book provides state-of-the-art information on the use, design, and development of the Artificial Immune System (AIS) and AIS-based solutions to computer security issues. Artificial Immune System: Applications in Computer Security focuses on the technologies and applications of AIS in malware detection proposed in recent years by the Computational Intelligence Laboratory of Peking University (CIL@PKU). It offers a theoretical perspective as well as practical solutions for readers interested in AIS, machine learning, pattern recognition and computer security. The book begins by introducing the basic concepts, typical algorithms, important features, and some applications of AIS. The second chapter introduces malware and its detection methods, especially for immune-based malware detection approaches. Successive chapters present a variety of advanced detection approaches for malware, including Virus Detection System, K-Nearest Neighbour (KNN), RBF networ s, and Support Vector Machines (SVM), Danger theory, ...

Core security requirements of DRM systems

NARCIS (Netherlands)

Jonker, H.L.; Mauw, S.; Satish, D.

2008-01-01

The use of Digital Rights Management (DRM) systems involves several stakeholders, such as the content provider, the license provider and the user, each having their own incentives to use the system. Proper use of the system implies that these incentives can only be met if certain security

75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

Science.gov (United States)

2010-02-23

... risk of harm to economic or property interests, identity theft or fraud, or harm to the security or... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0041] Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel Security Management System of Records AGENCY...

Secure Fusion Estimation for Bandwidth Constrained Cyber-Physical Systems Under Replay Attacks.

Science.gov (United States)

Chen, Bo; Ho, Daniel W C; Hu, Guoqiang; Yu, Li; Bo Chen; Ho, Daniel W C; Guoqiang Hu; Li Yu; Chen, Bo; Ho, Daniel W C; Hu, Guoqiang; Yu, Li

2018-06-01

State estimation plays an essential role in the monitoring and supervision of cyber-physical systems (CPSs), and its importance has made the security and estimation performance a major concern. In this case, multisensor information fusion estimation (MIFE) provides an attractive alternative to study secure estimation problems because MIFE can potentially improve estimation accuracy and enhance reliability and robustness against attacks. From the perspective of the defender, the secure distributed Kalman fusion estimation problem is investigated in this paper for a class of CPSs under replay attacks, where each local estimate obtained by the sink node is transmitted to a remote fusion center through bandwidth constrained communication channels. A new mathematical model with compensation strategy is proposed to characterize the replay attacks and bandwidth constrains, and then a recursive distributed Kalman fusion estimator (DKFE) is designed in the linear minimum variance sense. According to different communication frameworks, two classes of data compression and compensation algorithms are developed such that the DKFEs can achieve the desired performance. Several attack-dependent and bandwidth-dependent conditions are derived such that the DKFEs are secure under replay attacks. An illustrative example is given to demonstrate the effectiveness of the proposed methods.

Cybernetic Security and Business Intelligence in the System of Diagnostics of Economic Security of the Enterprise

Directory of Open Access Journals (Sweden)

Ruslan Skrynkovskyy

2017-10-01

Full Text Available The purpose of the article is to determine the place, the role and features of cybernetic security and improve the business intelligence scheme in the system of diagnosing economic security of the enterprise. It had been found out that: 1 the term “cybernetic security of an enterprise” should be understood as the state of the protection of the cybernetic space of the whole enterprise or individual objects of its information infrastructure (computer system, computer data, etc. from the risk of external cybernetic influence, which ensures their sustainable development and the formation of prospects, as well as timely detection, prevention and neutralization of real and potential cybernetic interruptions and threats to the interests of the enterprise; 2 the main components of cybernetic security in the system of diagnostics of economic security of the enterprise are: investigation of information and telecommunication systems and cryptosystems of the opposing sides; cybernetic effects; protection of information sphere. It was established that the main task of business intelligence in the system of diagnosing economic security of the enterprise is the verification of the reliability of business information, the provision of cybernetic protection of information resources, information and communication technologies and systems and the elimination of the possibility of misinformation of senior management by the managers of the middle level, suppliers, marketing intermediaries, clientele, competitors or contact audiences of the enterprise. The prospect of further research in this direction is the development of a system of goals of the polycriterial diagnostics of the activity (economic diagnostics of the enterprise (on the basis of the isolation and systematization of its diagnostic purposes, taking into account the presented results of the study.

Introduction to Hardware Security and Trust

CERN Document Server

Wang, Cliff

2012-01-01

The emergence of a globalized, horizontal semiconductor business model raises a set of concerns involving the security and trust of the information systems on which modern society is increasingly reliant for mission-critical functionality. Hardware-oriented security and trust issues span a broad range including threats related to the malicious insertion of Trojan circuits designed, e.g.,to act as a ‘kill switch’ to disable a chip, to integrated circuit (IC) piracy,and to attacks designed to extract encryption keys and IP from a chip. This book provides the foundations for understanding hardware security and trust, which have become major concerns for national security over the past decade.  Coverage includes security and trust issues in all types of electronic devices and systems such as ASICs, COTS, FPGAs, microprocessors/DSPs, and embedded systems.  This serves as an invaluable reference to the state-of-the-art research that is of critical significance to the security of,and trust in, modern society�...

The Need for an Informational Systems Approach to Security

Directory of Open Access Journals (Sweden)

José María Díaz Nafría

2011-03-01

Full Text Available Different senses of security and its related assumptions, methodologies and contexts are analyzed by first reviewing the liberalistic notions of security and trust, unveiling, on the one hand, the contradictions exhibited between discourse and practice; on the other hand, the historical strategy of concentration of power behind the liberalistic doctrines. The weakness, limits and implications of the liberalistic notions and methods on security and trust are inquired, and subsequently a genuine horizon of security as sustainable and general procurement of positive freedom is advocated. The CyberSyn project successfully implemented in Chile, but tragically and prematurely ending under the hard power in the 9/11 of 1973, serves as model of the posed system approach to security. However, the system model is actualized and completed with elements of the general theory of information in virtue of: the increased complexity of societal systems, its ultimate global dimension, its biospherical closure, the increase of information assets and processes, and some epistemological boundaries. These reasons also set the need of keeping – beside the system approach – a critical and ethical stance.

An Overview of Global Nuclear Security Regime and Its Introduction into the Nigerian Educational System

International Nuclear Information System (INIS)

Jonah, S.A.

2013-01-01

Nuclear security is the prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear material, other radioactive substances or their associated facilities. The responsibility for creating and sustaining a nuclear security regime for the protection of nuclear and other radiological material clearly belongs to the respective country. Within a State the nuclear security regime resembles layers of an onion with equipment and personnel securing the borders and ports representing the outer layer. Nuclear power, research reactor and nuclear medicine facilities constitute the various inner layers down to the actual target materials. Components of any nuclear security regime include not only technological systems, but the human resources needed to manage, operate, administer and maintain equipment, hardware and software. Nigeria is a non-nuclear weapons state and without a large-scale nuclear industry, but have a major role to play in preventing nuclear terrorism globally. It is pertinent to know that as the Fukushima accident and other nuclear accidents have demonstrated, nuclear crises do not respect borders. Therefore, nuclear threats must be addressed by all nations. Furthermore, to set the groundwork for the safe, peaceful and stable use of nuclear energy in Nigeria and all over the world, efforts must be made to enhance nuclear safety and security. This paper discusses the present international nuclear security regime and possibility of integrating it into the Nigerian educational system in view of current global perspectives and nuclear renaissance.

Evaluation of Security Solutions for Android Systems

OpenAIRE

Shabtai, Asaf; Mimran, Dudu; Elovici, Yuval

2015-01-01

With the increasing usage of smartphones a plethora of security solutions are being designed and developed. Many of the security solutions fail to cope with advanced attacks and are not aways properly designed for smartphone platforms. Therefore, there is a need for a methodology to evaluate their effectiveness. Since the Android operating system has the highest market share today, we decided to focus on it in this study in which we review some of the state-of-the-art security solutions for A...

Security, privacy and trust in cloud systems

CERN Document Server

Nepal, Surya

2013-01-01

The book compiles technologies for enhancing and provisioning security, privacy and trust in cloud systems based on Quality of Service requirements. It is a timely contribution to a field that is gaining considerable research interest, momentum, and provides a comprehensive coverage of technologies related to cloud security, privacy and trust. In particular, the book includes - Cloud security fundamentals and related technologies to-date, with a comprehensive coverage of evolution, current landscape, and future roadmap. - A smooth organization with introductory, advanced and specialist content

The Design and Realization of Household Intelligent Security System

Directory of Open Access Journals (Sweden)

Huang Sheng-Bo

2016-01-01

Full Text Available It is known that Smart home has brought great convenience to the lives of humans. However, we have attached quantities of interest in its security as the development of technology goes on. According to the security requirements at the moment, we introduce the scheme of smart home security system based on ZigBee, and design system hardware and software process. By applying a STC89C52 microcontroller, our system is able to accurately detect and give alarms automatically to house fire, harmful gases and thefts.

Cognitive Security of Wireless Communication Systems in the Physical Layer

Directory of Open Access Journals (Sweden)

Mustafa Harun Yılmaz

2017-01-01

Full Text Available While the wireless communication systems provide the means of connectivity nearly everywhere and all the time, communication security requires more attention. Even though current efforts provide solutions to specific problems under given circumstances, these methods are neither adaptive nor flexible enough to provide security under the dynamic conditions which make the security breaches an important concern. In this paper, a cognitive security (CS concept for wireless communication systems in the physical layer is proposed with the aim of providing a comprehensive solution to wireless security problems. The proposed method will enable the comprehensive security to ensure a robust and reliable communication in the existence of adversaries by providing adaptive security solutions in the communication systems by exploiting the physical layer security from different perspective. The adaptiveness relies on the fact that radio adapts its propagation characteristics to satisfy secure communication based on specific conditions which are given as user density, application specific adaptation, and location within CS concept. Thus, instead of providing any type of new security mechanism, it is proposed that radio can take the necessary precautions based on these conditions before the attacks occur. Various access scenarios are investigated to enable the CS while considering these conditions.

Physical and data-link security techniques for future communication systems

CERN Document Server

Tomasin, Stefano

2016-01-01

 This book focuses on techniques that can be applied at the physical and data-link layers of communication systems in order to secure transmissions against eavesdroppers. Topics ranging from information theory-based security to coding for security and cryptography are discussed, with presentation of cutting-edge research and innovative results from leading researchers. The characteristic feature of all the contributions is their relevance for practical embodiments: detailed consideration is given to applications of security principles to a variety of widely used communication techniques such as multiantenna systems, ultra-wide band communication systems, power line communications, and quantum key distribution techniques. A further distinctive aspect is the attention paid to both unconditional and computational security techniques, providing a bridge between two usually distinct worlds. The book comprises extended versions of contributions delivered at the Workshop on Communication Security, held in Ancona, I...

Cyber-Physical Systems Security: a Systematic Mapping Study

OpenAIRE

Lun, Yuriy Zacchia; D'Innocenzo, Alessandro; Malavolta, Ivano; Di Benedetto, Maria Domenica

2016-01-01

Cyber-physical systems are integrations of computation, networking, and physical processes. Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns. Our systematic mapping study sheds some light on how security is actually addressed when dealing with cyber-physical systems. The provided systematic map of 118 selected studies is based on, for instance, application fields, various system components, relate...

75 FR 28042 - Privacy Act of 1974: System of Records; Department of Homeland Security Transportation Security...

Science.gov (United States)

2010-05-19

..., VA 20598-6036 or [email protected] . For privacy issues please contact: Mary Ellen Callahan (703-235... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0013] Privacy Act of..., Transportation Security Enforcement Record System, System of Records AGENCY: Privacy Office, DHS. ACTION: Notice...

Evaluating User Experiences of the Secure Messaging Tool on the Veterans Affairs’ Patient Portal System

Science.gov (United States)

Lind, Jason D; Shimada, Stephanie L; Martin, Tracey L; Gosline, Robert M; Antinori, Nicole; Stewart, Max; Simon, Steven R

2014-01-01

Background The United States Department of Veterans Affairs has implemented an electronic asynchronous “Secure Messaging” tool within a Web-based patient portal (ie, My HealtheVet) to support patient-provider communication. This electronic resource promotes continuous and coordinated patient-centered care, but to date little research has evaluated patients’ experiences and preferences for using Secure Messaging. Objective The objectives of this mixed-methods study were to (1) characterize veterans’ experiences using Secure Messaging in the My HealtheVet portal over a 3-month period, including system usability, (2) identify barriers to and facilitators of use, and (3) describe strategies to support veterans’ use of Secure Messaging. Methods We recruited 33 veterans who had access to and had previously used the portal’s Secure Messaging tool. We used a combination of in-depth interviews, face-to-face user-testing, review of transmitted secure messages between veterans and staff, and telephone interviews three months following initial contact. We assessed participants’ computer and health literacy during initial and follow-up interviews. We used a content-analysis approach to identify dominant themes in the qualitative data. We compared inferences from each of the data sources (interviews, user-testing, and message review) to identify convergent and divergent data trends. Results The majority of veterans (27/33, 82%) reported being satisfied with Secure Messaging at initial interview; satisfaction ratings increased to 97% (31/32, 1 missing) during follow-up interviews. Veterans noted Secure Messaging to be useful for communicating with their primary care team to manage health care needs (eg, health-related questions, test requests and results, medication refills and questions, managing appointments). Four domains emerged from interviews: (1) perceived benefits of using Secure Messaging, (2) barriers to using Secure Messaging, (3) facilitators for using

Evaluating user experiences of the secure messaging tool on the Veterans Affairs' patient portal system.

Science.gov (United States)

Haun, Jolie N; Lind, Jason D; Shimada, Stephanie L; Martin, Tracey L; Gosline, Robert M; Antinori, Nicole; Stewart, Max; Simon, Steven R

2014-03-06

The United States Department of Veterans Affairs has implemented an electronic asynchronous "Secure Messaging" tool within a Web-based patient portal (ie, My HealtheVet) to support patient-provider communication. This electronic resource promotes continuous and coordinated patient-centered care, but to date little research has evaluated patients' experiences and preferences for using Secure Messaging. The objectives of this mixed-methods study were to (1) characterize veterans' experiences using Secure Messaging in the My HealtheVet portal over a 3-month period, including system usability, (2) identify barriers to and facilitators of use, and (3) describe strategies to support veterans' use of Secure Messaging. We recruited 33 veterans who had access to and had previously used the portal's Secure Messaging tool. We used a combination of in-depth interviews, face-to-face user-testing, review of transmitted secure messages between veterans and staff, and telephone interviews three months following initial contact. We assessed participants' computer and health literacy during initial and follow-up interviews. We used a content-analysis approach to identify dominant themes in the qualitative data. We compared inferences from each of the data sources (interviews, user-testing, and message review) to identify convergent and divergent data trends. The majority of veterans (27/33, 82%) reported being satisfied with Secure Messaging at initial interview; satisfaction ratings increased to 97% (31/32, 1 missing) during follow-up interviews. Veterans noted Secure Messaging to be useful for communicating with their primary care team to manage health care needs (eg, health-related questions, test requests and results, medication refills and questions, managing appointments). Four domains emerged from interviews: (1) perceived benefits of using Secure Messaging, (2) barriers to using Secure Messaging, (3) facilitators for using Secure Messaging, and (4) suggestions for improving

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

Science.gov (United States)

Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

2015-07-28

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

Ultra Safe And Secure Blasting System

Energy Technology Data Exchange (ETDEWEB)

Hart, M M

2009-07-27

The Ultra is a blasting system that is designed for special applications where the risk and consequences of unauthorized demolition or blasting are so great that the use of an extraordinarily safe and secure blasting system is justified. Such a blasting system would be connected and logically welded together through digital code-linking as part of the blasting system set-up and initialization process. The Ultra's security is so robust that it will defeat the people who designed and built the components in any attempt at unauthorized detonation. Anyone attempting to gain unauthorized control of the system by substituting components or tapping into communications lines will be thwarted in their inability to provide encrypted authentication. Authentication occurs through the use of codes that are generated by the system during initialization code-linking and the codes remain unknown to anyone, including the authorized operator. Once code-linked, a closed system has been created. The system requires all components connected as they were during initialization as well as a unique code entered by the operator for function and blasting.

Gene expression programming for power system static security ...

African Journals Online (AJOL)

user

fuzzy logic, artificial neural networks and expert systems have been explored for static security assessment problems (Bansal et ..... MATLAB version 7.6 neural network toolbox was ..... Vision 2020 Dynamic Security Assessment in Real time.

Detection and intelligent systems for homeland security

CERN Document Server

Voeller, John G

2014-01-01

Detection and Intelligent Systems for Homeland Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering advanced technology for image and video interpretation systems used for surveillance, which help in solving such problems as identifying faces from live streaming or stored videos. Biometrics for human identification, including eye retinas and irises, and facial patterns are also presented. The book then provides information on sensors for detection of explosive and radioactive materials and methods for sensing chemical

Cyber Security Analysis by Attack Trees for a Reactor Protection System

International Nuclear Information System (INIS)

Park, Gee-Yong; Lee, Cheol Kwon; Choi, Jong Gyun; Kim, Dong Hoon; Lee, Young Jun; Kwon, Kee-Choon

2008-01-01

As nuclear facilities are introducing digital systems, the cyber security becomes an emerging topic to be analyzed and resolved. The domestic and other nation's regulatory bodies notice this topic and are preparing an appropriate guidance. The nuclear industry where new construction or upgrade of I and C systems is planned is analyzing and establishing a cyber security. A risk-based analysis for the cyber security has been performed in the KNICS (Korea Nuclear I and C Systems) project where the cyber security analysis has been applied to a reactor protection system (RPS). In this paper, the cyber security analysis based on the attack trees is proposed for the KNICS RPS

Interrelationship between nuclear safety, safeguards and nuclear security

International Nuclear Information System (INIS)

Irie, Kazutomo

2007-01-01

As preventive activities against danger within nuclear systems, three major areas exist; nuclear safety, safeguards and nuclear security. Considering the purpose of these activities, to prevent non-peaceful use is common in nuclear security in general and safeguards. At the same time, measures against sabotage, one of the subcategory in nuclear security, is similar to nuclear safety in aiming at preventing nuclear accidents. When taking into account the insider issues in nuclear security, the distinction between measures against sabotage and nuclear safety becomes ambiguous. Similarly, the distinction between measures against theft, another subcategory in nuclear security, and safeguards also becomes vague. These distinctions are influenced by psychological conditions of members in nuclear systems. Members who have the intention to make nuclear systems dangerous to human society shall be the 'enemy' to nuclear systems and thus be the target for nuclear security. (author)

A novel wireless local positioning system for airport (indoor) security

Science.gov (United States)

Zekavat, Seyed A.; Tong, Hui; Tan, Jindong

2004-09-01

A novel wireless local positioning system (WLPS) for airport (or indoor) security is introduced. This system is used by airport (indoor) security guards to locate all of, or a group of airport employees or passengers within the airport area. WLPS consists of two main parts: (1) a base station that is carried by security personnel; hence, introducing dynamic base station (DBS), and (2) a transponder (TRX) that is mounted on all people (including security personnel) present at the airport; thus, introducing them as active targets. In this paper, we (a) draw a futuristic view of the airport security systems, and the flow of information at the airports, (b) investigate the techniques of extending WLPS coverage area beyond the line-of-sight (LoS), and (c) study the performance of this system via standard transceivers, and direct sequence code division multiple access (DS-CDMA) systems with and without antenna arrays and conventional beamforming (BF).

E-Commerce Privacy and Security System

OpenAIRE

Kuldeep Kaur; Dr. Ashutosh Pathak

2015-01-01

The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cybe...

Security Techniques for Sensor Systems and the Internet of Things

Science.gov (United States)

Midi, Daniele

2016-01-01

Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues. We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We…

Framework for optimal power flow incorporating dynamic system security

International Nuclear Information System (INIS)

El-Kady, M.A.; Owayedh, M.S.

2006-01-01

This paper introduces a novel framework and methodologies which are capable of tackling the complex issue of power system economy versus security in a practical and effective manner. At heart of achieving such a challenging and far-reaching objective is the incorporation of the Dyanamic Security Assessment (DSA) into production optimization techniques using the Transient Energy Function (TEF) method. In addition, and in parallel with the already well established concept of the system security, two new concepts pertaining to power system performance will be introduced in this paper, namely the concept of system dynamic susceptibility, which measures the level of systems weakness to a particular contingency and the concept of system consequent restorability, which measures the extent of contingency severity in terms of the required subsequent system restoration work should a particular contingency occur. (author)

Wi-Fi and GSM Based Motion Sensor for Home Security System Apllication

Science.gov (United States)

Huzaimy Jusoh, Mohamad; Jamali, Muhammad Firdaus Bin; Zainal Abidin, Ahmad Faizal bin; Asari Sulaiman, Ahmad; Fahmi Hussin, Mohamad

2015-11-01

The Wi-Fi and GSM based home security system is a system designed to reduce the high rates of crimes in most personal housing. The overall project consists of three major parts; the input part that consists of sensors, the software part that operates the entire hardware structure, and the output part, which consists of camera, alarm system, and micro secure digital (SD) data storage card. It is based on the principle of infrared radiation generated by a human body heat which trigger the passive infrared (PIR) sensor. The microcontroller processes the received signal, then trigger the buzzer alarm, camera and alerts the home owner through an SMS. Once triggered, the camera will capture the image of the intruder and the image will be saved in SD card. As alert to the user (away), the Global System for Mobile Communication (GSM) will send the Short Message Service (SMS) from the device to the user's mobile phone. The image will be sent to Dropbox data cloud storage via Wi-Fi for further clarification. The prototype was successfully developed, tested and has been installed at residential area in Taman Cahaya Alam, Section U12, Shah Alam, Malaysia.

Information security in SCADA systems in nuclear power plants

International Nuclear Information System (INIS)

Satyamurty, S.A.V.

2013-01-01

Few decades back most of the I and C systems are Hardwired based. With the developments in digital electronics, micro processors and micro controllers, the I and C systems are becoming more and more Computer based. Though it brought convenience to the designer, comfort to the operator in the form of better GUI, it also brought many challenges in the form of information security. The talk covers the typical I and C design using SCADA systems, the challenges, typical problems faced and the need for information security. The talk illustrates various security measures to be implemented in the design, development and testing stages. These security measures have to be taken both in the development environment and deployment environment. Verification and validation of computer based system is very important. Configuration change management is very essential for smooth running of the plant. The talk illustrates the various measures need to be taken. (author)

Design of security scheme of the radiotherapy planning administration system based on the hospital information system

International Nuclear Information System (INIS)

Zhuang Yongzhi; Zhao Jinzao

2010-01-01

Objective: To design a security scheme of radiotherapy planning administration system. Methods: Power Builder 9i language was used to program the system through the model of client-server machine. Oracle 9i was used as the database server. Results In this system, user registration management, user login management, application-level functions of control, database access control, and audit trail were designed to provide system security. Conclusions: As a prototype for the security analysis and protection of this scheme provides security of the system, application system, important data and message, which ensures the system work normally. (authors)

22 CFR 308.10 - Security of records systems-manual and automated.

Science.gov (United States)

2010-04-01

... 22 Foreign Relations 2 2010-04-01 2010-04-01 true Security of records systems-manual and automated... Security of records systems—manual and automated. The head of the agency has the responsibility of... destruction of manual and automatic record systems. These security safeguards shall apply to all systems in...

Cyber Security Analysis by Attack Trees for a Reactor Protection System

Energy Technology Data Exchange (ETDEWEB)

Park, Gee-Yong; Lee, Cheol Kwon; Choi, Jong Gyun; Kim, Dong Hoon; Lee, Young Jun; Kwon, Kee-Choon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2008-10-15

As nuclear facilities are introducing digital systems, the cyber security becomes an emerging topic to be analyzed and resolved. The domestic and other nation's regulatory bodies notice this topic and are preparing an appropriate guidance. The nuclear industry where new construction or upgrade of I and C systems is planned is analyzing and establishing a cyber security. A risk-based analysis for the cyber security has been performed in the KNICS (Korea Nuclear I and C Systems) project where the cyber security analysis has been applied to a reactor protection system (RPS). In this paper, the cyber security analysis based on the attack trees is proposed for the KNICS RPS.

Cyber security with radio frequency interferences mitigation study for satellite systems

Science.gov (United States)

Wang, Gang; Wei, Sixiao; Chen, Genshe; Tian, Xin; Shen, Dan; Pham, Khanh; Nguyen, Tien M.; Blasch, Erik

2016-05-01

Satellite systems including the Global Navigation Satellite System (GNSS) and the satellite communications (SATCOM) system provide great convenience and utility to human life including emergency response, wide area efficient communications, and effective transportation. Elements of satellite systems incorporate technologies such as navigation with the global positioning system (GPS), satellite digital video broadcasting, and information transmission with a very small aperture terminal (VSAT), etc. The satellite systems importance is growing in prominence with end users' requirement for globally high data rate transmissions; the cost reduction of launching satellites; development of smaller sized satellites including cubesat, nanosat, picosat, and femtosat; and integrating internet services with satellite networks. However, with the promising benefits, challenges remain to fully develop secure and robust satellite systems with pervasive computing and communications. In this paper, we investigate both cyber security and radio frequency (RF) interferences mitigation for satellite systems, and demonstrate that they are not isolated. The action space for both cyber security and RF interferences are firstly summarized for satellite systems, based on which the mitigation schemes for both cyber security and RF interferences are given. A multi-layered satellite systems structure is provided with cross-layer design considering multi-path routing and channel coding, to provide great security and diversity gains for secure and robust satellite systems.

POLICE OFFICE MODEL IMPROVEMENT FOR SECURITY OF SWARM ROBOTIC SYSTEMS

Directory of Open Access Journals (Sweden)

I. A. Zikratov

2014-09-01

Full Text Available This paper focuses on aspects of information security for group of mobile robotic systems with swarm intellect. The ways for hidden attacks realization by the opposing party on swarm algorithm are discussed. We have fulfilled numerical modeling of potentially destructive information influence on the ant shortest path algorithm. We have demonstrated the consequences of attacks on the ant algorithm with different concentration in a swarm of subversive robots. Approaches are suggested for information security mechanisms in swarm robotic systems, based on the principles of centralized security management for mobile agents. We have developed the method of forming a self-organizing information security management system for robotic agents in swarm groups implementing POM (Police Office Model – a security model based on police offices, to provide information security in multi-agent systems. The method is based on the usage of police station network in the graph nodes, which have functions of identification and authentication of agents, identifying subversive robots by both their formal characteristics and their behavior in the swarm. We have suggested a list of software and hardware components for police stations, consisting of: communication channels between the robots in police office, nodes register, a database of robotic agents, a database of encryption and decryption module. We have suggested the variants of logic for the mechanism of information security in swarm systems with different temporary diagrams of data communication between police stations. We present comparative analysis of implementation of protected swarm systems depending on the functioning logic of police offices, integrated in swarm system. It is shown that the security model saves the ability to operate in noisy environments, when the duration of the interference is comparable to the time necessary for the agent to overcome the path between police stations.

Alternatives of Cross-Border Securities Settlement System in East Asia

Directory of Open Access Journals (Sweden)

Hee-Yul Chai

2005-12-01

Full Text Available The establishment of cross-border securities settlement system is a very important element of regional capital market integration. Despite its importance, relatively few arguments, both theoretical and practical, have been advanced on the subject. This paper aims to examine the alternatives of cross-border securities settlement system in East Asia, and analyse the feasibility and the advantages and disadvantages of each alternative. The paper underlines the need to develop a multi-currency DVP securities settlement system. The conceivable alternatives of East Asia's cross-border securities settlement system can be divided into decentralized system and centralized system. It is possible to consider a large array of institutional settings according to the depository/settlement methods. The comparison of the alternatives is based on economic efficiency, feasibility and institutional location of settlement system. In view of these criteria, it is argued that a 'big-bang' approach toward imperfectly cenralized system is the most desirable alternative.

INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

Energy Technology Data Exchange (ETDEWEB)

Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

2011-07-01

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

Industrial Control System Cyber Security: Questions And Answers Relevant To Nuclear Facilities, Safeguards And Security

International Nuclear Information System (INIS)

Anderson, Robert S.; Schanfein, Mark; Bjornard, Trond; Moskowitz, Paul

2011-01-01

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

A survey of visualization systems for network security.

Science.gov (United States)

Shiravi, Hadi; Shiravi, Ali; Ghorbani, Ali A

2012-08-01

Security Visualization is a very young term. It expresses the idea that common visualization techniques have been designed for use cases that are not supportive of security-related data, demanding novel techniques fine tuned for the purpose of thorough analysis. Significant amount of work has been published in this area, but little work has been done to study this emerging visualization discipline. We offer a comprehensive review of network security visualization and provide a taxonomy in the form of five use-case classes encompassing nearly all recent works in this area. We outline the incorporated visualization techniques and data sources and provide an informative table to display our findings. From the analysis of these systems, we examine issues and concerns regarding network security visualization and provide guidelines and directions for future researchers and visual system developers.

A review of the security of insulin pump infusion systems.

Science.gov (United States)

Paul, Nathanael; Kohno, Tadayoshi; Klonoff, David C

2011-11-01

Insulin therapy has enabled patients with diabetes to maintain blood glucose control to lead healthier lives. Today, rather than injecting insulin manually using syringes, a patient can use a device such as an insulin pump to deliver insulin programmatically. This allows for more granular insulin delivery while attaining blood glucose control. Insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result, security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this article, we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components, which include the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues. © 2011 Diabetes Technology Society.

Efficient Data Transfer Rate and Speed of Secured Ethernet Interface System

Science.gov (United States)

Ghanti, Shaila

2016-01-01

Embedded systems are extensively used in home automation systems, small office systems, vehicle communication systems, and health service systems. The services provided by these systems are available on the Internet and these services need to be protected. Security features like IP filtering, UDP protection, or TCP protection need to be implemented depending on the specific application used by the device. Every device on the Internet must have network interface. This paper proposes the design of the embedded Secured Ethernet Interface System to protect the service available on the Internet against the SYN flood attack. In this experimental study, Secured Ethernet Interface System is customized to protect the web service against the SYN flood attack. Secured Ethernet Interface System is implemented on ALTERA Stratix IV FPGA as a system on chip and uses the modified SYN flood attack protection method. The experimental results using Secured Ethernet Interface System indicate increase in number of genuine clients getting service from the server, considerable improvement in the data transfer rate, and better response time during the SYN flood attack. PMID:28116350

Efficient Data Transfer Rate and Speed of Secured Ethernet Interface System.

Science.gov (United States)

Ghanti, Shaila; Naik, G M

2016-01-01

Embedded systems are extensively used in home automation systems, small office systems, vehicle communication systems, and health service systems. The services provided by these systems are available on the Internet and these services need to be protected. Security features like IP filtering, UDP protection, or TCP protection need to be implemented depending on the specific application used by the device. Every device on the Internet must have network interface. This paper proposes the design of the embedded Secured Ethernet Interface System to protect the service available on the Internet against the SYN flood attack. In this experimental study, Secured Ethernet Interface System is customized to protect the web service against the SYN flood attack. Secured Ethernet Interface System is implemented on ALTERA Stratix IV FPGA as a system on chip and uses the modified SYN flood attack protection method. The experimental results using Secured Ethernet Interface System indicate increase in number of genuine clients getting service from the server, considerable improvement in the data transfer rate, and better response time during the SYN flood attack.

Security engineering: systems engineering of security through the adaptation and application of risk management

Science.gov (United States)

Gilliam, David P.; Feather, Martin S.

2004-01-01

Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

Classical noise, quantum noise and secure communication

International Nuclear Information System (INIS)

Tannous, C; Langlois, J

2016-01-01

Secure communication based on message encryption might be performed by combining the message with controlled noise (called pseudo-noise) as performed in spread-spectrum communication used presently in Wi-Fi and smartphone telecommunication systems. Quantum communication based on entanglement is another route for securing communications as demonstrated by several important experiments described in this work. The central role played by the photon in unifying the description of classical and quantum noise as major ingredients of secure communication systems is highlighted and described on the basis of the classical and quantum fluctuation dissipation theorems. (review)

SMART SECURITY SYSTEM FOR CARS

OpenAIRE

Akshay V. Balki*, Ankit A. Ramteke, Akshay Dhankar, Prof. Nilesh S. Panchbudhe

2017-01-01

This propose work is an attempt to model design an smart advance vehicle security system that uses biometric scanner and RFID card reader to give ignition pulse using two main module and to prevent theft. The system contains biometric scanner, RFID card reader, alcohol sensor, vibration sensor, GSM module, microcontroller (8051), relay switch, high voltage mesh..The safety of car is exceptionally essential. It provides pulse to ignition system by synchronizing driver’s data from license and t...

NotaMark industrial laser marking system: a new security marking technology

Science.gov (United States)

Moreau, Vincent G.

2004-06-01

Up until now, the only variable alphanumeric data which could be added to banknotes was the number, applied by means of impact typographical numbering boxes. As an additional process or an alternative to this mechanical method, a non-contact laser marking process can be used offering high quality and greater levels of flexibility. For this purpose KBA-GIORI propose an exclusive laser marking solution called NotaMark. The laser marking process NotaMark is the ideal solution for applying variable data and personalizing banknotes (or any other security documents) with a very high resolution, for extremely large production volumes. A completely integrated solution has been developed comprised of laser light sources, marking head units, and covers and extraction systems. NotaMark allows the marking of variable data by removing locally and selectively, specific printed materials leaving the substrate itself untouched. A wide range of materials has already been tested extensively. NotaMark is a new security feature which is easy to identify and difficult to counterfeit, and which complies with the standard mechanical and chemical resistance tests in the security printing industry as well as with other major soiling tests. The laser marking process opens up a whole new range of design possibilities and can be used to create a primary security feature such as numbering, or to enhance the value of existing features.

Secure Server Login by Using Third Party and Chaotic System

Science.gov (United States)

Abdulatif, Firas A.; zuhiar, Maan

2018-05-01

Server is popular among all companies and it used by most of them but due to the security threat on the server make this companies are concerned when using it so that in this paper we will design a secure system based on one time password and third parity authentication (smart phone). The proposed system make security to the login process of server by using one time password to authenticate person how have permission to login and third parity device (smart phone) as other level of security.

Review of the Main Security Problems with Multi-Agent Systems used in E-commerce Applications

Directory of Open Access Journals (Sweden)

Alfonso GONZÁLEZ BRIONES

2016-12-01

Full Text Available The ability to connect to the Internet from a wide variety of devices such as smart phones, IoT devices and desktops at anytime and anywhere, produces a large number of e-commerce transactions, such as purchases of clothes, ticket entrances for performances, or banking operations. The increasing number of these transactions has also created an increase in the number of threats and attacks by third parties to access user data banks. It is important to control the access procedure to user data so that the number of threats does not continue to grow. To do so, it is necessary to prevent unauthorized access, theft and fraud in electronic commerce, which is required to ensure the safety of these transactions. Many e-commerce platforms are developed through multi-agent-systems because they include certain advantages to control the product, resource management, task distribution, etc. However, there are a number of threats that can jeopardize the safety of the agents that make up the system. These issues must be taken into account in the development of these multi-agent systems. However, existing methods of development do not cover in depth the issue of security. It is necessary to present and classify the potential security flaws of multi-agent systems. Therefore, the present research presents a review of the main vulnerabilities that occur in multi-agent systems responsible for managing e-commerce applications, as well as the proposed solutions to the major security problems on these platform systems. The main conclusions provided by this research is the need to optimize security measures and enhance the different security solutions applied in e-commerce applications in order to prevent identity theft, access to private data, access control, etc. It is therefore essential to continue to develop the security methods employed in applications such as e-commerce as different types of attacks and threats continue to evolve.

Analysis of Intel IA-64 Processor Support for Secure Systems

National Research Council Canada - National Science Library

Unalmis, Bugra

2001-01-01

.... Systems could be constructed for which serious security threats would be eliminated. This thesis explores the Intel IA-64 processor's hardware support and its relationship to software for building a secure system...

Training programs for the systems approach to nuclear security

International Nuclear Information System (INIS)

Ellis, Doris E.

2005-01-01

In support of the US Government and the International Atomic Energy Agency (IAEA) Nuclear Security Programmes, Sandia National Laboratories (SNL) has advocated and practiced a risk-based, systematic approach to nuclear security. The risk equation has been implemented as the basis for a performance methodology for the design and evaluation of Physical Protection Systems against a Design Basis Threat (DBT) for theft or sabotage of nuclear and/or radiological materials. Since integrated systems must include people as well as technology and the man-machine interface, a critical aspect of the human element is to train all stakeholders in nuclear security on the systems approach. Current training courses have been beneficial but are still limited in scope. SNL has developed two primary international courses and is completing development of three new courses that will be offered and presented in the near term. In the long-term, SNL envisions establishing a comprehensive nuclear security training curriculum that will be developed along with a series of forthcoming IAEA Nuclear Security Series guidance documents.

Design and Implementation of GSM Based Automated Home Security System

Directory of Open Access Journals (Sweden)

Love Aggarwal

2014-05-01

Full Text Available The Automated Home Security System aims at building a security system for common households using GSM modem, sensors and microcontroller. Since many years, impeccable security system has been the prime need of every man who owns a house. The increasing crime rate has further pressed the need for it. Our system is an initiative in this direction. The system provides security function by monitoring the surroundings at home for intruders, fire, gas leakages etc. using sensors and issue alerts to the owners and local authorities by using GSM via SMS. It provides the automation function as it can control (On/Off the various home appliances while the owners are away via SMS. Thus the Automated Home Security System is self-sufficient and can be relied upon undoubtedly. Also, it is capable of establishing two way communication with its owner so that he/she can keep a watch on his/her home via sensor information or live video streaming. A camera can be installed for continuous monitoring of the system and its surroundings. The system consists of two main parts: hardware and software. Hardware consists of Microcontroller, Sensors, Buzzer and GSM modem while software is implemented by tools using Embedded ‘C’.

Culturing Security System of Chemical Laboratory in Indonesia

Directory of Open Access Journals (Sweden)

Eka Dian Pusfitasari

2017-04-01

Full Text Available Indonesia has experiences on the lack of chemical security such as: a number of bombing terrors and hazardous chemicals found in food. Bomb used in terror is a homemade bomb made from chemicals which are widely spread in the research laboratories such as a mixture of pottasium chlorate, sulphur, and alumunium. Therefore, security of chemicals should be implemented to avoid the misused of the chemicals. Although it has experienced many cases of the misuse of chemicals, and many regulations and seminars related to chemical security have been held, but the implementation of chemical security is still a new thing for Indonesian citizens. The evident is coming from the interviews conducted in this study. Questions asked in this interview/survey included: the implementation of chemical safety and chemical security in laboratory; chemical inventory system and its regulation; and training needed for chemical security implementation. Respondents were basically a researcher from Government Research Institutes, University laboratories, senior high school laboratories, and service laboratories were still ambiguous in distinguishing chemical safety and chemical security. Because of this condition, most Indonesia chemical laboratories did not totally apply chemical security system. Education is very important step to raise people awareness and address this problem. Law and regulations should be sustained by all laboratory personnel activities to avoid chemical diversion to be used for harming people and environment. The Indonesia Government could also develop practical guidelines and standards to be applied to all chemical laboratories in Indonesia. These acts can help Government’s efforts to promote chemical security best practices which usually conducted by doing seminars and workshop.

Cyber Security Testing and Training Programs for Industrial Control Systems

Energy Technology Data Exchange (ETDEWEB)

Daniel Noyes

2012-03-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

Carboy Security Testing and Training Programs for Industrial Control Systems

International Nuclear Information System (INIS)

Noyes, Daniel

2012-01-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These training vary from web-based cyber security training for control systems engineers to more advanced hands-on training that culminates with a Red Team/Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors

Cyber Security Testing and Training Programs for Industrial Control Systems

International Nuclear Information System (INIS)

Noyes, Daniel

2012-01-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

Carboy Security Testing and Training Programs for Industrial Control Systems

Energy Technology Data Exchange (ETDEWEB)

Noyes, Daniel [Idaho National Laboratory, Idaho (United States)

2012-03-15

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These training vary from web-based cyber security training for control systems engineers to more advanced hands-on training that culminates with a Red Team/Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

Security Assessment of Payment Systems under PCI DSS Incompatibilities

OpenAIRE

Bahtiyar , Şerif; Gür , Gürkan; Altay , Levent

2014-01-01

Part 9: Malicious Behavior and Fraud; International audience; With the ubiquitous proliferation of electronic payment systems, data and application security has become more critical for financial operations. The Payment Card Industry Data Security Standard (PCI DSS) has been developed by the payment industry to provide a widely-applicable and definitive security compliance among all components in electronic payment infrastructure. However, the security impact of PCI DSS incompatibilities and ...

Modelling security properties in a grid-based operating system with anti-goals

OpenAIRE

Arenas, A.; Aziz, Benjamin; Bicarregui, J.; Matthews, B.; Yang, E.

2008-01-01

In this paper, we discuss the use of formal requirements-engineering techniques in capturing security requirements for a Grid-based operating system. We use KAOS goal model to represent two security goals for Grid systems, namely authorisation and single-sign on authentication. We apply goal-refinement to derive security requirements for these two security goals and we develop a model of antigoals and show how system vulnerabilities and threats to the security goals can arise from such anti-m...

Assessing and managing security risk in IT systems a structured methodology

CERN Document Server

McCumber, John

2004-01-01

SECURITY CONCEPTSUsing ModelsIntroduction: Understanding, Selecting, and Applying Models Understanding AssetsLayered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in SecuritySecurity in Context Reference Defining Information SecurityConfidentiality, Integrity, and Availability Information AttributesIntrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources ReferencesUnderstanding Threat and Its Relatio

SecureCPS: Defending a nanosatellite cyber-physical system

Science.gov (United States)

Forbes, Lance; Vu, Huy; Udrea, Bogdan; Hagar, Hamilton; Koutsoukos, Xenofon D.; Yampolskiy, Mark

2014-06-01

Recent inexpensive nanosatellite designs employ maneuvering thrusters, much as large satellites have done for decades. However, because a maneuvering nanosatellite can threaten HVAs on-­orbit, it must provide a level of security typically reserved for HVAs. Securing nanosatellites with maneuvering capability is challenging due to extreme cost, size, and power constraints. While still in the design process, our low-­cost SecureCPS architecture promises to dramatically improve security, to include preempting unknown binaries and detecting abnormal behavior. SecureCPS also applies to a broad class of cyber-­physical systems (CPS), such as aircraft, cars, and trains. This paper focuses on Embry-­Riddle's ARAPAIMA nanosatellite architecture, where we assume any off-­the-­shelf component could be compromised by a supply chain attack.1 Based on these assumptions, we have used Vanderbilt's Cyber Physical -­ Attack Description Language (CP-­ADL) to represent realistic attacks, analyze how these attacks propagate in the ARAPAIMA architecture, and how to defeat them using the combination of a low-­cost Root of Trust (RoT) Module, Global InfoTek's Advanced Malware Analysis System (GAMAS), and Anomaly Detection by Machine Learning (ADML).2 Our most recent efforts focus on refining and validating the design of SecureCPS.

Security information and event management systems: benefits and inefficiencies

OpenAIRE

Κάτσαρης, Δημήτριος Σ.

2014-01-01

In this Master’s thesis, the new trend in computer and information security industry called Security Information and Event Management systems will be covered. The evolution, advantages and weaknesses of these systems will be described, as well as a home-based implementation with open source tools will be proposed and implemented.

A transportation security system applying RFID and GPS

Directory of Open Access Journals (Sweden)

Ruijian Zhang

2013-03-01

Full Text Available Purpose: This paper is about developing a centralized, internet based security tool which utilizes RFID and GPS technology to identify drivers and track the load integrity. Design/methodology/approach: The system will accomplish the security testing in real-time using the internet and the U.S. Customs’ database (ACE. A central database and the interfaces and communication between the database and ACE will be established. After the vehicle is loaded, all openings of the tanker are sealed with disposable RFID tag seals. Findings/value: An RFID reader and GPS tracker wirelessly connected with the databases will serve as testing grounds for the implementation of security measures that can help prevent future terrorist attacks and help in ensuring that the goods and products are not compromised while in transit. The system will also reduce the labor work of security check to its minimum. 

Hardware-Assisted System for Program Execution Security of SOC

Directory of Open Access Journals (Sweden)

Wang Xiang

2016-01-01

Full Text Available With the rapid development of embedded systems, the systems’ security has become more and more important. Most embedded systems are at the risk of series of software attacks, such as buffer overflow attack, Trojan virus. In addition, with the rapid growth in the number of embedded systems and wide application, followed embedded hardware attacks are also increasing. This paper presents a new hardware assisted security mechanism to protect the program’s code and data, monitoring its normal execution. The mechanism mainly monitors three types of information: the start/end address of the program of basic blocks; the lightweight hash value in basic blocks and address of the next basic block. These parameters are extracted through additional tools running on PC. The information will be stored in the security module. During normal program execution, the security module is designed to compare the real-time state of program with the information in the security module. If abnormal, it will trigger the appropriate security response, suspend the program and jump to the specified location. The module has been tested and validated on the SOPC with OR1200 processor. The experimental analysis shows that the proposed mechanism can defence a wide range of common software and physical attacks with low performance penalties and minimal overheads.

Windows XP Operating System Security Analysis

National Research Council Canada - National Science Library

Goktepe, Meftun

2002-01-01

.... The purpose of this research is to determine if Windows XP, when used as a workstation operating system in domain- based networks, provides adequate security policy enforcement for organizations...

Security credentials management system (SCMS) design and analysis for the connected vehicle system : draft.

Science.gov (United States)

2013-12-27

This report presents an analysis by Booz Allen Hamilton (Booz Allen) of the technical design for the Security Credentials Management System (SCMS) intended to support communications security for the connected vehicle system. The SCMS technical design...

A Survey on the Security of Blockchain Systems

OpenAIRE

Li, Xiaoqi; Jiang, Peng; Chen, Ting; Luo, Xiapu; Wen, Qiaoyan

2018-01-01

Since its inception, the blockchain technology has shown promising application prospects. From the initial cryptocurrency to the current smart contract, blockchain has been applied to many fields. Although there are some studies on the security and privacy issues of blockchain, there lacks a systematic examination on the security of blockchain systems. In this paper, we conduct a systematic study on the security threats to blockchain and survey the corresponding real attacks by examining popu...

CNSS: Interagency Partnering to Protect Our National Security Systems

National Research Council Canada - National Science Library

Grimes, John G

2008-01-01

.... The CNSS performs the vital function of mobilizing the full, interagency National Security Community for the protection of telecommunications and information systems that support U.S. national security...

Reforming the South African Social Security Adjudication System: Innovative Experiences from South African Non-Social Security Jurisdictions

Directory of Open Access Journals (Sweden)

Mathias Ashu Tako Nyenti

2016-08-01

Full Text Available There is currently no uniform social security dispute resolution system in South Africa due to the piecemeal fashion in which schemes were established or protection against individual risks regulated. The result is that each statute provides for its own dispute resolution institution(s and processes. There are also various gaps and challenges in the current social security dispute resolution systems, some of these relating to the uncoordinated and fragmented nature of the system; inaccessibility of some social security institutions; inappropriateness of some current appeal institutions; the lack of a systematic approach in establishing appeal institutions; a limited scope of jurisdiction and powers of adjudication institutions; inconsistencies in review and/or appeal provisions in various laws; an unavailability of alternative dispute resolution procedures; and an absence of institutional independence of adjudication institutions or forums. The system is therefore in need of reform. In developing an appropriate system, much can be learned from innovative experiences in comparative South African non-social security jurisdictions on the establishment of effective and efficient dispute resolution frameworks. Dispute resolution systems in the labour relations, business competition regulation and consumer protection jurisdictions have been established to realise the constitutional rights of their users (especially the rights of access to justice, to a fair trial and to just administrative action. They thus provide a benchmark for the development of the South African social security dispute resolution system.

A survey of approaches combining safety and security for industrial control systems

International Nuclear Information System (INIS)

Kriaa, Siwar; Pietre-Cambacedes, Ludovic; Bouissou, Marc; Halgand, Yoran

2015-01-01

The migration towards digital control systems creates new security threats that can endanger the safety of industrial infrastructures. Addressing the convergence of safety and security concerns in this context, we provide a comprehensive survey of existing approaches to industrial facility design and risk assessment that consider both safety and security. We also provide a comparative analysis of the different approaches identified in the literature. - Highlights: • We raise awareness of safety and security convergence in numerical control systems. • We highlight safety and security interdependencies for modern industrial systems. • We give a survey of approaches combining safety and security engineering. • We discuss the potential of the approaches to model safety and security interactions

A Multilevel Secure Workflow Management System

National Research Council Canada - National Science Library

Kang, Myong H; Froscher, Judith N; Sheth, Amit P; Kochut, Krys J; Miller, John A

1999-01-01

The Department of Defense (DoD) needs multilevel secure (MLS) workflow management systems to enable globally distributed users and applications to cooperate across classification levels to achieve mission critical goals...

Pitfalls and Security Measures for the Mobile EMR System in Medical Facilities.

Science.gov (United States)

Yeo, Kiho; Lee, Keehyuck; Kim, Jong-Min; Kim, Tae-Hun; Choi, Yong-Hoon; Jeong, Woo-Jin; Hwang, Hee; Baek, Rong Min; Yoo, Sooyoung

2012-06-01

The goal of this paper is to examine the security measures that should be reviewed by medical facilities that are trying to implement mobile Electronic Medical Record (EMR) systems designed for hospitals. The study of the security requirements for a mobile EMR system is divided into legal considerations and sectional security investigations. Legal considerations were examined with regard to remote medical services, patients' personal information and EMR, medical devices, the establishment of mobile systems, and mobile applications. For the 4 sectional security investigations, the mobile security level SL-3 from the Smartphone Security Standards of the National Intelligence Service (NIS) was used. From a compliance perspective, legal considerations for various laws and guidelines of mobile EMR were executed according to the model of the legal considerations. To correspond to the SL-3, separation of DMZ and wireless network is needed. Mobile access servers must be located in only the smartphone DMZ. Furthermore, security measures like 24-hour security control, WIPS, VPN, MDM, and ISMS for each section are needed to establish a secure mobile EMR system. This paper suggested a direction for applying regulatory measures to strengthen the security of a mobile EMR system in accordance with the standard security requirements presented by the Smartphone Security Guideline of the NIS. A future study on the materialization of these suggestions after their application at actual medical facilities can be used as an illustrative case to determine the degree to which theory and reality correspond with one another.

ABOUT THE SPECIAL INVESTIGATIONS OF THE PROTECTION OF THE TECHNICAL SECURITY SYSTEMS AGAINST INFORMATION LEAKAGE DUE TO THE ACOUSTO-ELECTRICAL TRANSFORMATIONS

Directory of Open Access Journals (Sweden)

A. P. Durakovskiy

2016-12-01

Full Text Available None of the critically important facilities can operate without the engineered safety system. Functionally varied security networks or a fire alarm system can refer to this system as well as safety and reliability which are provided by secured energy, water and heating supply. In the process of attestation according to the requirements of information security of information objects with such technical means, it is necessary to conduct special investigations of protection against leakage of acoustic speech information through the channels of the acousto-electrical transformations (AET. There are major aspects in the data leak via AET, which currently include the following: lack of and /or obtaining legal and safety norms to regulate specified parameters; lack of the automated hardware and software system for some AET variations to carry out measurements; lack of specified safety equipment for some AET variations; lack of shelter security units; high costs of AET measurement and control units; and low measurement repeatability.

Research on Lightweight Information Security System of the Internet of Things

OpenAIRE

Ying Li; Li Ping Du; JianWei Guo; Xin Zhao

2013-01-01

In order to improve the security of information transmitted in the internet of things, this study designs an information security system architecture of internet of things based on a lightweight cryptography. In this security system, an authentication protocol, encryption/decryption protocol and signature verification protocol are proposed and implemented. All these security protocol are used to verify the legality of access device and to protect the confidentiality and integrity of transform...

NOSArmor: Building a Secure Network Operating System

Directory of Open Access Journals (Sweden)

Hyeonseong Jo

2018-01-01

Full Text Available Software-Defined Networking (SDN, controlling underlying network devices (i.e., data plane in a logically centralized manner, is now actively adopted in many real world networking environments. It is clear that a network administrator can easily understand and manage his networking environments with the help of SDN. In SDN, a network operating system (NOS, also known as an SDN controller, is the most critical component because it should be involved in all transactions for controlling network devices, and thus the security of NOS cannot be highly exaggerated. However, in spite of its importance, no previous works have thoroughly investigated the security of NOS. In this work, to address this problem, we present the NOSArmor, which integrates several security mechanisms, named as security building block (SBB, into a consolidated SDN controller. NOSArmor consists of eight SBBs and each of them addresses different security principles of network assets. For example, while role-based authorization focuses on securing confidentiality of internal storage from malicious applications, OpenFlow protocol verifier protects availability of core service in the controller from malformed control messages received from switches. In addition, NOSArmor shows competitive performance compared to existing other controllers (i.e., ONOS, Floodlight with secureness of network assets.

Security for small computer systems a practical guide for users

CERN Document Server

Saddington, Tricia

1988-01-01

Security for Small Computer Systems: A Practical Guide for Users is a guidebook for security concerns for small computers. The book provides security advice for the end-users of small computers in different aspects of computing security. Chapter 1 discusses the security and threats, and Chapter 2 covers the physical aspect of computer security. The text also talks about the protection of data, and then deals with the defenses against fraud. Survival planning and risk assessment are also encompassed. The last chapter tackles security management from an organizational perspective. The bo

Load control services in the management of power system security costs

International Nuclear Information System (INIS)

Jayantilal, A.; Strbac, G.

1999-01-01

The new climate of deregulation in the electricity industry is creating a need for a more transparent cost structure and within this framework the cost of system security has been a subject of considerable interest. Traditionally power system security has been supplied by out-of-merit generation, in the short term, and transmission reinforcement, in the long term. This paper presents a method of analysing the role of load-demand in the management of power system security costs by utilising load control services (LCS). It also proposes a competitive market to enable bidding from various participants within the electricity industry to supply system security. (author)

Behavior Change Support Systems for Privacy and Security

NARCIS (Netherlands)

Kegel, Roeland Hendrik,Pieter; Wieringa, Roelf J.; Kulyk, Olga Anatoliyivna; Kelders, S.; van Gemert-Pijnen, L.; Oinas-Kukkonen, H

2015-01-01

This article proposes to use Behavior Change Support Systems (BCSSs) to improve the security of IT applications and the privacy of its users. We discuss challenges specific to BCSSs applied to information security, list research questions to be answered in order to meet these challenges, and propose

Securing a control system: experiences from ISO 27001 implementation

International Nuclear Information System (INIS)

Vuppala, V.; Vincent, J.; Kusler, J.; Davidson, K.

2012-01-01

Recent incidents of breaches, in control systems in specific and information systems in general, have emphasized the importance of security and operational continuity in achieving the quality objectives of an organization, and the safety of its personnel and infrastructure. However, security and disaster recovery are either completely ignored or given a low priority during the design and development of an accelerator control system, the underlying technologies, and the overlaid applications. This leads to an operational facility that is easy to breach, and difficult to recover. Retrofitting security into a control system becomes much more difficult during operations. In this paper we describe our experiences with implementing ISO/IEC 27001 Standard for information security at the Electronics Department of the National Superconducting Cyclotron Laboratory (NSCL) located on the campus of Michigan State University. We describe our risk assessment methodology, the identified risks, the selected controls, their implementation, and our documentation structure. We also report the current status of the project. We conclude with the challenges faced and the lessons learnt. (authors)

The Current State of the International Security System