WorldWideScience

Sample records for modelling security requirements

  1. Modelling Security Requirements Through Extending Scrum Agile Development Framework

    OpenAIRE

    Alotaibi, Minahi

    2016-01-01

    Security is today considered as a basic foundation in software development and therefore, the modelling and implementation of security requirements is an essential part of the production of secure software systems. Information technology organisations are moving towards agile development methods in order to satisfy customers' changing requirements in light of accelerated evolution and time restrictions with their competitors in software production. Security engineering is considered difficult...

  2. Model of assessment of requirements of privacy, security and quality of service for mobile medical applications

    Directory of Open Access Journals (Sweden)

    Edward Paul Guillen Pinto

    2017-08-01

    Full Text Available Introduction: The development of mobile technologies has facilitated the creation of mHealth applications, which are considered key tools for safe and quality care for patients from remote populations and with lack of infrastructure for the provision of health services. The article considers a proposal for an evaluation model that allows to determine weaknesses and vulnerabilities at the security level and quality of service (QoS in mHealth applications. Objective: To carry out an approximation of a model of analysis that supports the decision making, concerning the use and production of safe applications, minimizing the impact and the probability of occurrence of the risks of computer security. Materials and methods: The type of applied research is of a descriptive type, because each one details the characteristics that the mobile health applications must have to achieve an optimum level of safety. The methodology uses the rules that regulate applications and mixes them with techniques of security analysis, using the characterization of risks posed by Open Web Application Security Project-OWASP and the QoS requirements of the International Telecommunication Union-ITU. Results: An effective analysis was obtained in actual current applications, which shows their weaknesses and the aspects to be corrected to comply with appropriate security parameters. Conclusions: The model allows to evaluate the safety and quality of service (QoS requirements of mobile health applications that can be used to evaluate current applications or to generate the criteria before deployment.

  3. Capturing security requirements for software systems

    Science.gov (United States)

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-01-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514

  4. Teaching Case: IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case

    Science.gov (United States)

    Spears, Janine L.; Parrish, James L., Jr.

    2013-01-01

    This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun &…

  5. Windows Security patch required

    CERN Multimedia

    3004-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  6. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables, ... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  7. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  8. Towards security requirements: Iconicity as a feature of an informal modeling language

    NARCIS (Netherlands)

    Vasenev, Alexandr; Ionita, Dan; Zoppi, Tomasso; Ceccarelli, Andrea; Wieringa, Roelf J.

    2017-01-01

    Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can

  9. Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models

    National Research Council Canada - National Science Library

    Mead, Nancy R; Viswanathan, Venkatesh; Padmanabhan, Deepa; Raveendran, Anusha

    2008-01-01

    ...). This report is for information technology managers and security professionals, management personnel with technical and information security knowledge, and any personnel who manage security-critical...

  10. Security Requirements Management in Software Product Line Engineering

    Science.gov (United States)

    Mellado, Daniel; Fernández-Medina, Eduardo; Piattini, Mario

    Security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this chapter we will propose a security requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

  11. Security Requirements for Post-Transition Cuba

    National Research Council Canada - National Science Library

    Crowther, Glenn A

    2007-01-01

    .... With that change, Cuba's security requirements will change as well. This monograph analyzes security requirements that the new Cuba will face and proposes what missions and structure the Cuban security forces might have after a...

  12. Requirements, model and prototype for a multi-utility locational and security information hub.

    Science.gov (United States)

    2015-11-01

    This project lays the foundation for building an exchange hub for locational and security data and risk assessment of potential excavation work. It acts primarily at 2 stages: upstream of the mark-out process, as a decision support tool to help strea...

  13. Model-Based Security Testing

    Directory of Open Access Journals (Sweden)

    Ina Schieferdecker

    2012-02-01

    Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

  14. Cloud computing security requirements: a systematic review

    OpenAIRE

    Iankoulova, Iliana; Daneva, Maia; Rolland, C; Castro, J.; Pastor, O

    2012-01-01

    Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide a comprehensive and structured overview of cloud computing security requirements and solutions. We carried out a systematic review and identified security requirements from previous publications th...

  15. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  16. 24 CFR 201.24 - Security requirements.

    Science.gov (United States)

    2010-04-01

    ... manufactured home. (c) Recording and perfection of security. The lender shall assure that the legal description... 24 Housing and Urban Development 2 2010-04-01 2010-04-01 false Security requirements. 201.24... TITLE I PROPERTY IMPROVEMENT AND MANUFACTURED HOME LOANS Eligibility and Disbursement Requirements § 201...

  17. Motorola Secure Software Development Model

    Directory of Open Access Journals (Sweden)

    Francis Mahendran

    2008-08-01

    Full Text Available In today's world, the key to meeting the demand for improved security is to implement repeatable processes that reliably deliver measurably improved security. While many organizations have announced efforts to institutionalize a secure software development process, there is little or no industry acceptance for a common process improvement framework for secure software development. Motorola has taken the initiative to develop such a framework, and plans to share this with the Software Engineering Institute for possible inclusion into its Capability Maturity Model Integration (CMMI®. This paper will go into the details of how Motorola is addressing this issue. The model that is being developed is designed as an extension of the existing CMMI structure. The assumption is that the audience will have a basic understanding of the SEI CMM® / CMMI® process framework. The paper will not describe implementation details of a security process model or improvement framework, but will address WHAT security practices are required for a company with many organizations operating at different maturity levels. It is left to the implementing organization to answer the HOW, WHEN, WHO and WHERE aspects. The paper will discuss how the model is being implemented in the Motorola Software Group.

  18. 7 CFR 764.355 - Security requirements.

    Science.gov (United States)

    2010-01-01

    ... as security, a certification of ownership in real estate is required. Certification of ownership may... estate in question and lists the balances due on all known debts against the real estate. Whenever the Agency is uncertain of the record owner or debts against the real estate security, a title search is...

  19. Security Requirements – Analysis of the Issue

    Directory of Open Access Journals (Sweden)

    Jhon Vincent

    2013-12-01

    Full Text Available Needs about security are matters little taken into account when managing requirements engineering , and when considered in the life cycle of the system , they tend to become a general list of functions, as password of protection , firewalls , virus detection tools , and other similar. But in fact, they cannot be considered as requirements of security, because they are implementation mechanisms to try to meet unspecified requirements, as an authenticated access. As a result, the security requirements for the system are ignored, which are required to protect essential services and assets, besides, when are specified, is not considered the prospect of future attacks. This paper describes the need for a systematic approach to managing security requirements engineering, in order to help avoid the problem of generic lists and take into account the future perspective. Several related approaches are described and also are provided references additional material that can help requirements engineers to ensure that their products be taken into account, effectively , the security requirements.

  20. Cloud computing security requirements: a systematic review

    NARCIS (Netherlands)

    Iankoulova, Iliana; Daneva, Maia; Rolland, C; Castro, J.; Pastor, O

    Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide

  1. Argumentation-Based Security Requirements Elicitation: The Next Round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roelf J.

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of

  2. Requirements For Security Sector Reform Success

    Science.gov (United States)

    2016-05-26

    democratic institutions, spur economic growth , trade, and investment, advance peace and security, and promote opportunity and development.2 This monograph... corruption and organized crime, and promoting economic opportunity.8 The 2012 US Strategy towards Sub-Saharan Africa contains four pillars to advance...enable good governance and economic growth in partnered nations that require external assistance to achieve those goals. These organizations work with

  3. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  4. Security model for VM in cloud

    Science.gov (United States)

    Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

    2013-03-01

    Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

  5. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development....

  6. Security and Privacy in Video Surveillance: Requirements and Challenges

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.

    2014-01-01

    observed by the system. Several techniques to protect the privacy of individuals have therefore been proposed, but very little research work has focused on the specific security requirements of video surveillance data (in transit or in storage) and on authorizing access to this data. In this paper, we...... present a general model of video surveillance systems that will help identify the major security and privacy requirements for a video surveillance system and we use this model to identify practical challenges in ensuring the security of video surveillance data in all stages (in transit and at rest). Our......Use of video surveillance has substantially increased in the last few decades. Modern video surveillance systems are equipped with techniques that allow traversal of data in an effective and efficient manner, giving massive powers to operators and potentially compromising the privacy of anyone...

  7. 49 CFR 236.1033 - Communications and security requirements.

    Science.gov (United States)

    2010-10-01

    ... Train Control Systems § 236.1033 Communications and security requirements. (a) All wireless... 49 Transportation 4 2010-10-01 2010-10-01 false Communications and security requirements. 236.1033... exceeding the security strength required to protect the data as defined in the railroad's PTCSP and required...

  8. Campus network security model study

    Science.gov (United States)

    Zhang, Yong-ku; Song, Li-ren

    2011-12-01

    Campus network security is growing importance, Design a very effective defense hacker attacks, viruses, data theft, and internal defense system, is the focus of the study in this paper. This paper compared the firewall; IDS based on the integrated, then design of a campus network security model, and detail the specific implementation principle.

  9. Threat modeling designing for security

    CERN Document Server

    Shostack, Adam

    2014-01-01

    Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems secur

  10. Design and realization of a network security model

    OpenAIRE

    WANG, Jiahai; HAN, Fangxi; Tang, Zheng; TAMURA, Hiroki; Ishii, Masahiro

    2002-01-01

    The security of information is a key problem in the development of network technology. The basic requirements of security of information clearly include confidentiality, integrity, authentication and non-repudiation. This paper proposes a network security model that is composed of security system, security connection and communication, and key management. The model carries out encrypting, decrypting, signature and ensures confidentiality, integrity, authentication and non-repudiation. Finally...

  11. 31 CFR 203.21 - Collateral security requirements.

    Science.gov (United States)

    2010-07-01

    ... 31 Money and Finance: Treasury 2 2010-07-01 2010-07-01 false Collateral security requirements. 203... TREASURY TAX AND LOAN PROGRAM Investment Program and Collateral Security Requirements for TT&L Depositaries § 203.21 Collateral security requirements. Financial institutions that process EFTPS tax payments, but...

  12. Requirements of a Better Secure Program Coding

    Directory of Open Access Journals (Sweden)

    Marius POPA

    2012-01-01

    Full Text Available Secure program coding refers to how manage the risks determined by the security breaches because of the program source code. The papers reviews the best practices must be doing during the software development life cycle for secure software assurance, the methods and techniques used for a secure coding assurance, the most known and common vulnerabilities determined by a bad coding process and how the security risks are managed and mitigated. As a tool of the better secure program coding, the code review process is presented, together with objective measures for code review assurance and estimation of the effort for the code improvement.

  13. Process Models for Security Architectures

    Directory of Open Access Journals (Sweden)

    Floarea NASTASE

    2006-01-01

    Full Text Available This paper presents a model for an integrated security system, which can be implemented in any organization. It is based on security-specific standards and taxonomies as ISO 7498-2 and Common Criteria. The functionalities are derived from the classes proposed in the Common Criteria document. In the paper we present the process model for each functionality and also we focus on the specific components.

  14. Pattern and security requirements engineering-based establishment of security standards

    CERN Document Server

    Beckers, Kristian

    2015-01-01

    Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard

  15. 20 CFR 209.3 - Social security number required.

    Science.gov (United States)

    2010-04-01

    ... 20 Employees' Benefits 1 2010-04-01 2010-04-01 false Social security number required. 209.3... RAILROAD EMPLOYERS' REPORTS AND RESPONSIBILITIES § 209.3 Social security number required. Each employer shall furnish to the Board a social security number for each employee for whom any report is submitted...

  16. Future consumer mobile phone security: A case study using the data-centric security model

    NARCIS (Netherlands)

    van Cleeff, A.

    Consumer mobile phone security requires more attention, now that their data storage capacity is increasing. At the same time, much effort is spent on data-centric security for large enterprises. In this article we try to apply data-centric security to consumer mobile phones. We show a maturity model

  17. Home-Network Security Model in Ubiquitous Environment

    OpenAIRE

    Dong-Young Yoo; Jong-Whoi Shin; Jin-Young Choi

    2007-01-01

    Social interest and demand on Home-Network has been increasing greatly. Although various services are being introduced to respond to such demands, they can cause serious security problems when linked to the open network such as Internet. This paper reviews the security requirements to protect the service users with assumption that the Home-Network environment is connected to Internet and then proposes the security model based on the requirement. The proposed security mode...

  18. 7 CFR 762.126 - Security requirements.

    Science.gov (United States)

    2010-01-01

    ... have a higher lien priority (including purchase money interest) than an unguaranteed loan secured by... than or equal to 85 percent of the value of the security. Junior liens on crops or livestock products... instruments will not contain future advance clauses (except for taxes, insurance, or other reasonable costs to...

  19. Modelling of tradeable securities with dividends

    NARCIS (Netherlands)

    Vellekoop, M.H.; Nieuwenhuis, J.W.

    2006-01-01

    We propose a generalized framework for the modeling of tradeable securities with dividends which are not necessarily cash dividends at fixed times or continuously paid dividends. In our setup the dividend processes are only required to be semi-martingales. We give a definition of self-financing

  20. 48 CFR 1337.110-70 - Personnel security processing requirements.

    Science.gov (United States)

    2010-10-01

    ... information technology (IT) system, as required by the Department of Commerce Security Manual and Department of Commerce Security Program Policy and Minimum Implementation Standards. (b) Insert clause 1352.237... as National Security Contracts that will be performed on or within a Department of Commerce facility...

  1. Spider: a Security Model Checker

    NARCIS (Netherlands)

    Lenzini, Gabriele; Gnesi, S.; Latella, D.

    This paper presents SpyDer, a model checking environment for security protocols. In SpyDer a protocol is described as a term of a process algebra (called spy-calculus) consisting in a parallel composition of a finite number of communicating and finite-behaviored processes. Each process represents an

  2. Development of a cyber security risk model using Bayesian networks

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Son, Hanseong; Khalil ur, Rahman; Heo, Gyunyoung

    2015-01-01

    Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I and C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility. - Highlights: • We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network. • One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide. • Other is the architecture model represents the probability of cyber-attack on RPS architecture. • The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor

  3. A Model Based Security Testing Method for Protocol Implementation

    Directory of Open Access Journals (Sweden)

    Yu Long Fu

    2014-01-01

    Full Text Available The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

  4. A Novel Model for Security Evaluation for Compliance

    DEFF Research Database (Denmark)

    Hald, Sara Ligaard; Pedersen, Jens Myrup; Prasad, Neeli R.

    2011-01-01

    With the increasing focus on security in information systems, it is becoming necessary to be able to describe and compare security attributes for different technologies. Existing are well-described and comprehensive, but expensive and resource demanding to apply. The Security Evaluation...... for Compliance (SEC) model offers a lightweight alternative for use by decision makers to get a quick overview of the security attributes of different technologies for easy comparison and requirement compliance evaluation. The scientific contribution is this new approach to security modelling as well...

  5. Security Theorems via Model Theory

    Directory of Open Access Journals (Sweden)

    Joshua Guttman

    2009-11-01

    Full Text Available A model-theoretic approach can establish security theorems for cryptographic protocols. Formulas expressing authentication and non-disclosure properties of protocols have a special form. They are quantified implications for all xs . (phi implies for some ys . psi. Models (interpretations for these formulas are *skeletons*, partially ordered structures consisting of a number of local protocol behaviors. *Realized* skeletons contain enough local sessions to explain all the behavior, when combined with some possible adversary behaviors. We show two results. (1 If phi is the antecedent of a security goal, then there is a skeleton A_phi such that, for every skeleton B, phi is satisfied in B iff there is a homomorphism from A_phi to B. (2 A protocol enforces for all xs . (phi implies for some ys . psi iff every realized homomorphic image of A_phi satisfies psi. Hence, to verify a security goal, one can use the Cryptographic Protocol Shapes Analyzer CPSA (TACAS, 2007 to identify minimal realized skeletons, or "shapes," that are homomorphic images of A_phi. If psi holds in each of these shapes, then the goal holds.

  6. Decomposition of the Security Requirements for Connected Information Domains

    NARCIS (Netherlands)

    Schotanus, H.A.; Boonstra, D.; Broenink, E.G.

    2011-01-01

    The introduction of network enabled capabilities (NEC) changed the way defence organisations look at their IT infrastructure. Finding the right balance between security and duty-to-share has proven to be a difficult challenge. The situations are complex and may lead to high security requirements

  7. Network model of security system

    Directory of Open Access Journals (Sweden)

    Adamczyk Piotr

    2016-01-01

    Full Text Available The article presents the concept of building a network security model and its application in the process of risk analysis. It indicates the possibility of a new definition of the role of the network models in the safety analysis. Special attention was paid to the development of the use of an algorithm describing the process of identifying the assets, vulnerability and threats in a given context. The aim of the article is to present how this algorithm reduced the complexity of the problem by eliminating from the base model these components that have no links with others component and as a result and it was possible to build a real network model corresponding to reality.

  8. Security Requirements for One Stop Government

    Science.gov (United States)

    Schäfer, Georg E.

    The highest ranking e-government solutions are based on one-window, one-click or one stop government concepts. For Europe, the EU services directive sets new requirements for e-government, that have to be met till December 2009. Simple, easy to understand and complete information is one requirement. The other requirements are, that the services covered by this directive shall be available electronically and at a distance (which means mostly “by Internet”). Acceptable solutions are digitally signed mails and, as an alternative or supplement, transaction oriented online services. To implement this, a one stop government with document safe is best practice.

  9. Requirements for multimedia metadata schemes in surveillance applications for security

    NARCIS (Netherlands)

    Rest, J.H.C. van; Grootjen, F.A.; Grootjen, M.; Wijn, R.; Aarts, O.A.J.; Roelofs, M.L.; Burghouts, G.J.; Bouma, H.; Alic, L.; Kraaij, W.

    2013-01-01

    Surveillance for security requires communication between systems and humans, involves behavioural and multimedia research, and demands an objective benchmarking for the performance of system components.Metadata representation schemes are extremely important to facilitate (system) interoperability

  10. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  11. Functional Security Model: Managers Engineers Working Together

    Science.gov (United States)

    Guillen, Edward Paul; Quintero, Rulfo

    2008-05-01

    Information security has a wide variety of solutions including security policies, network architectures and technological applications, they are usually designed and implemented by security architects, but in its own complexity this solutions are difficult to understand by company managers and they are who finally fund the security project. The main goal of the functional security model is to achieve a solid security platform reliable and understandable in the whole company without leaving of side the rigor of the recommendations and the laws compliance in a single frame. This paper shows a general scheme of the model with the use of important standards and tries to give an integrated solution.

  12. Formal Analysis of Graphical Security Models

    DEFF Research Database (Denmark)

    Aslanyan, Zaruhi

    The increasing usage of computer-based systems in almost every aspects of our daily life makes more and more dangerous the threat posed by potential attackers, and more and more rewarding a successful attack. Moreover, the complexity of these systems is also increasing, including physical devices......, software components and human actors interacting with each other to form so-called socio-technical systems. The importance of socio-technical systems to modern societies requires verifying their security properties formally, while their inherent complexity makes manual analyses impracticable. Graphical...... models for security offer an unrivalled opportunity to describe socio-technical systems, for they allow to represent different aspects like human behaviour, computation and physical phenomena in an abstract yet uniform manner. Moreover, these models can be assigned a formal semantics, thereby allowing...

  13. Defining and Enforcing Hardware Security Requirements

    Science.gov (United States)

    2011-12-01

    The Nether - lands: Gordon and Breach, 1997. [26] M. Harrison, W. Ruzzo, and J. Ullman, “Protection in operating systems,” Communications of the ACM...Verification: Principles and Processes. Dordrecht, The Nether - lands: Springer, 2006. [70] M. Glinz, “On non-functional requirements,” IEEE

  14. 77 FR 71568 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-12-03

    ...; ] SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and Segregation... proposed capital and margin requirements for security-based swap dealers (``SBSDs'') and major security...

  15. CRISP. Information Security Models and Their Economics

    International Nuclear Information System (INIS)

    Gustavsson, R.; Mellstrand, P.; Tornqvist, B.

    2005-03-01

    The deliverable D1.6 includes background material and specifications of a CRISP Framework on protection of information assets related to power net management and management of business operations related to energy services. During the project it was discovered by the CRISP consortium that the original description of WP 1.6 was not adequate for the project as such. The main insight was that the original emphasis on cost-benefit analysis of security protection measures was to early to address in the project. This issue is of course crucial in itself but requires new models of consequence analysis that still remains to be developed, especially for the new business models we are investigated in the CRISP project. The updated and approved version of the WP1.6 description, together with the also updated WP2.4 focus on Dependable ICT support of Power Grid Operations constitutes an integrated approach towards dependable and secure future utilities and their business processes. This document (D1.6) is a background to deliverable D2.4. Together they provide a dependability and security framework to the three CRISP experiments in WP3

  16. Information Security Policy Modeling for Network Security Systems

    Directory of Open Access Journals (Sweden)

    Dmitry Sergeevich Chernyavskiy

    2014-12-01

    Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

  17. How to Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods

    National Research Council Canada - National Science Library

    Mead, Nancy R

    2007-01-01

    The Security Quality Requirements Engineering (SQUARE) method, developed at the Carnegie Mellon Software Engineering Institute, provides a systematic way to identify security requirements in a software development project...

  18. Critically Important Object Security System Element Model

    Directory of Open Access Journals (Sweden)

    I. V. Khomyackov

    2012-03-01

    Full Text Available A stochastic model of critically important object security system element has been developed. The model includes mathematical description of the security system element properties and external influences. The state evolution of the security system element is described by the semi-Markov process with finite states number, the semi-Markov matrix and the initial semi-Markov process states probabilities distribution. External influences are set with the intensity of the Poisson thread.

  19. 49 CFR 659.21 - System security plan: general requirements.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: general requirements. 659.21 Section 659.21 Transportation Other Regulations Relating to Transportation (Continued) FEDERAL TRANSIT ADMINISTRATION, DEPARTMENT OF TRANSPORTATION RAIL FIXED GUIDEWAY SYSTEMS; STATE SAFETY OVERSIGHT Role of the...

  20. Computational Intelligence, Cyber Security and Computational Models

    CERN Document Server

    Anitha, R; Lekshmi, R; Kumar, M; Bonato, Anthony; Graña, Manuel

    2014-01-01

    This book contains cutting-edge research material presented by researchers, engineers, developers, and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security and Computational Models (ICC3) organized by PSG College of Technology, Coimbatore, India during December 19–21, 2013. The materials in the book include theory and applications for design, analysis, and modeling of computational intelligence and security. The book will be useful material for students, researchers, professionals, and academicians. It will help in understanding current research trends and findings and future scope of research in computational intelligence, cyber security, and computational models.

  1. 77 FR 71369 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-30

    ... From the Federal Register Online via the Government Publishing Office SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security-Based Swap Participants and Capital Requirements for Broker-Dealers...

  2. A Model of Social Security?

    DEFF Research Database (Denmark)

    Rom-Jensen, Byron Zachary

    2017-01-01

    of Scandinavian achievements were variable in their ideological outlook and sometimes deliberately challenged the existence and goals of New Deal policies. Moreover, this essay explores the usage of Scandinavia in New Deal social legislation by examining the policymaking rhetoric of the Social Security Act...... and its 1939 amendments. The surprising plasticity of the Scandinavian image amongst policymakers ultimately reveals the fluid nature of both New Deal-era politics and the Scandinavian images it appropriated....

  3. New Models for Protocol Security

    Science.gov (United States)

    2015-06-18

    the premier Cryptography conferences (CRYPTO, EuroCrypt, TCC ); 5 of these papers were selected for special issues on best papers. 15. SUBJECT TERMS...prestigious Cryptography conferences (CRYPTO, EuroCrypt, TCC ); 5 of these papers were selected for special issues on best papers. 2 Concurrent Security...sequence of works appearing in STOC 2013, FOCS 2013 (2 on this topic), and TCC 2014, we resolved some of central outstanding open questions in this

  4. Intelligent Model for Video Survillance Security System

    Directory of Open Access Journals (Sweden)

    J. Vidhya

    2013-12-01

    Full Text Available Video surveillance system senses and trails out all the threatening issues in the real time environment. It prevents from security threats with the help of visual devices which gather the information related to videos like CCTV’S and IP (Internet Protocol cameras. Video surveillance system has become a key for addressing problems in the public security. They are mostly deployed on the IP based network. So, all the possible security threats exist in the IP based application might also be the threats available for the reliable application which is available for video surveillance. In result, it may increase cybercrime, illegal video access, mishandling videos and so on. Hence, in this paper an intelligent model is used to propose security for video surveillance system which ensures safety and it provides secured access on video.

  5. A new security model for collaborative environments

    Energy Technology Data Exchange (ETDEWEB)

    Agarwal, Deborah [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Lorch, Markus [Virginia Polytechnic Inst. and State Univ. (Virginia Tech), Blacksburg, VA (United States); Thompson, Mary [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Perry, Marcia [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)

    2003-06-06

    Prevalent authentication and authorization models for distributed systems provide for the protection of computer systems and resources from unauthorized use. The rules and policies that drive the access decisions in such systems are typically configured up front and require trust establishment before the systems can be used. This approach does not work well for computer software that moderates human-to-human interaction. This work proposes a new model for trust establishment and management in computer systems supporting collaborative work. The model supports the dynamic addition of new users to a collaboration with very little initial trust placed into their identity and supports the incremental building of trust relationships through endorsements from established collaborators. It also recognizes the strength of a users authentication when making trust decisions. By mimicking the way humans build trust naturally the model can support a wide variety of usage scenarios. Its particular strength lies in the support for ad-hoc and dynamic collaborations and the ubiquitous access to a Computer Supported Collaboration Workspace (CSCW) system from locations with varying levels of trust and security.

  6. 78 FR 4365 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2013-01-22

    ... Securities and Exchange Commission (``Commission'') published in the Federal Register a proposed rule for... SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 [Release No. 34-68660; File No. S7-08-12] RIN 3235-AL12 Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major...

  7. Information Governance: A Model for Security in Medical Practice

    Directory of Open Access Journals (Sweden)

    Patricia A.H. Williams

    2007-03-01

    Full Text Available Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security.  In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term and there is little existing research into how to meet governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an on-going action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data. 

  8. Modelling security properties in a grid-based operating system with anti-goals

    OpenAIRE

    Arenas, A.; Aziz, Benjamin; Bicarregui, J.; Matthews, B.; Yang, E.

    2008-01-01

    In this paper, we discuss the use of formal requirements-engineering techniques in capturing security requirements for a Grid-based operating system. We use KAOS goal model to represent two security goals for Grid systems, namely authorisation and single-sign on authentication. We apply goal-refinement to derive security requirements for these two security goals and we develop a model of antigoals and show how system vulnerabilities and threats to the security goals can arise from such anti-m...

  9. Leadership in organizations with high security and reliability requirements

    International Nuclear Information System (INIS)

    Gonzalez, F.

    2013-01-01

    Developing leadership skills in organizations is the key to ensure the sustainability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  10. Modeling behavioral considerations related to information security.

    Energy Technology Data Exchange (ETDEWEB)

    Martinez-Moyano, I. J.; Conrad, S. H.; Andersen, D. F. (Decision and Information Sciences); (SNL); (Univ. at Albany)

    2011-01-01

    The authors present experimental and simulation results of an outcome-based learning model for the identification of threats to security systems. This model integrates judgment, decision-making, and learning theories to provide a unified framework for the behavioral study of upcoming threats.

  11. MULTILEVEL RECURRENT MODEL FOR HIERARCHICAL CONTROL OF COMPLEX REGIONAL SECURITY

    Directory of Open Access Journals (Sweden)

    Andrey V. Masloboev

    2014-11-01

    Full Text Available Subject of research. The research goal and scope are development of methods and software for mathematical and computer modeling of the regional security information support systems as multilevel hierarchical systems. Such systems are characterized by loosely formalization, multiple-aspect of descendent system processes and their interconnectivity, high level dynamics and uncertainty. The research methodology is based on functional-target approach and principles of multilevel hierarchical system theory. The work considers analysis and structural-algorithmic synthesis problem-solving of the multilevel computer-aided systems intended for management and decision-making information support in the field of regional security. Main results. A hierarchical control multilevel model of regional socio-economic system complex security has been developed. The model is based on functional-target approach and provides both formal statement and solving, and practical implementation of the automated information system structure and control algorithms synthesis problems of regional security management optimal in terms of specified criteria. An approach for intralevel and interlevel coordination problem-solving in the multilevel hierarchical systems has been proposed on the basis of model application. The coordination is provided at the expense of interconnection requirements satisfaction between the functioning quality indexes (objective functions, which are optimized by the different elements of multilevel systems. That gives the possibility for sufficient coherence reaching of the local decisions, being made on the different control levels, under decentralized decision-making and external environment high dynamics. Recurrent model application provides security control mathematical models formation of regional socioeconomic systems, functioning under uncertainty. Practical relevance. The model implementation makes it possible to automate synthesis realization of

  12. FS-OpenSecurity: A Taxonomic Modeling of Security Threats in SDN for Future Sustainable Computing

    Directory of Open Access Journals (Sweden)

    Yunsick Sung

    2016-09-01

    Full Text Available Software Defined Networking (SDN has brought many changes in terms of the interaction processes between systems and humans. It has become the key enabler of software defined architecture, which allows enterprises to build a highly agile Information Technology (IT infrastructure. For Future Sustainability Computing (FSC, SDN needs to deliver on many information technology commitments—more automation, simplified design, increased agility, policy-based management, and network management bond to more liberal IT workflow systems. To address the sustainability problems, SDN needs to provide greater collaboration and tighter integration with networks, servers, and security teams that will have an impact on how enterprises design, plan, deploy and manage networks. In this paper, we propose FS-OpenSecurity, which is a new and pragmatic security architecture model. It consists of two novel methodologies, Software Defined Orchestrator (SDO and SQUEAK, which offer a robust and secure architecture. The secure architecture is required for protection from diverse threats. Usually, security administrators need to handle each threat individually. However, handling threats automatically by adapting to the threat landscape is a critical demand. Therefore, the architecture must handle defensive processes automatically that are collaboratively based on intelligent external and internal information.

  13. Using a Prediction Model to Manage Cyber Security Threats.

    Science.gov (United States)

    Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

    2015-01-01

    Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

  14. Using a Prediction Model to Manage Cyber Security Threats

    Directory of Open Access Journals (Sweden)

    Venkatesh Jaganathan

    2015-01-01

    Full Text Available Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

  15. 75 FR 10973 - Hazardous Materials: Risk-Based Adjustment of Transportation Security Plan Requirements

    Science.gov (United States)

    2010-03-09

    ... materials that would be subject to security planning requirements under the NPRM. In this comment summary... would trigger security planning requirements for other classes of materials. Generally, the NPRM... concerning whether specific classes of materials should be subject to security planning requirements. 1...

  16. Software Security and the "Building Security in Maturity" Model

    CERN Multimedia

    CERN. Geneva

    2011-01-01

    Using the framework described in my book "Software Security: Building Security In" I will discuss and describe the state of the practice in software security. This talk is peppered with real data from the field, based on my work with several large companies as a Cigital consultant. As a discipline, software security has made great progress over the last decade. Of the sixty large-scale software security initiatives we are aware of, thirty-two---all household names---are currently included in the BSIMM study. Those companies among the thirty-two who graciously agreed to be identified include: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo. The BSIMM was created by observing and analyzing real-world data from thirty-two leading software security initiatives. The BSIMM can...

  17. A security modeling approach for web-service-based business processes

    DEFF Research Database (Denmark)

    Jensen, Meiko; Feja, Sven

    2009-01-01

    The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality...... of a process, the consideration of security properties at the level of a process model is a promising approach. In this work-in-progress paper we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide...

  18. Modelling mobility aspects of security policies

    NARCIS (Netherlands)

    Hartel, Pieter H.; van Eck, Pascal; Etalle, Sandro; Wieringa, Roelf J.

    Security policies are rules that constrain the behaviour of a system. Different, largely unrelated sets of rules typically govern the physical and logical worlds. However, increased hardware and software mobility forces us to consider those rules in an integrated fashion. We present SPIN models of

  19. Probabilistic reasoning with graphical security models

    NARCIS (Netherlands)

    Kordy, Barbara; Pouly, Marc; Schweitzer, Patrick

    This work provides a computational framework for meaningful probabilistic evaluation of attack–defense scenarios involving dependent actions. We combine the graphical security modeling technique of attack–defense trees with probabilistic information expressed in terms of Bayesian networks. In order

  20. Timed Model Checking of Security Protocols

    NARCIS (Netherlands)

    Corin, R.J.; Etalle, Sandro; Hartel, Pieter H.; Mader, Angelika H.

    We propose a method for engineering security protocols that are aware of timing aspects. We study a simplified version of the well-known Needham Schroeder protocol and the complete Yahalom protocol. Timing information allows the study of different attack scenarios. We illustrate the attacks by model

  1. Security model for picture archiving and communication systems.

    Science.gov (United States)

    Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

    2000-05-01

    The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

  2. A improved Network Security Situation Awareness Model

    Directory of Open Access Journals (Sweden)

    Li Fangwei

    2015-08-01

    Full Text Available In order to reflect the situation of network security assessment performance fully and accurately, a new network security situation awareness model based on information fusion was proposed. Network security situation is the result of fusion three aspects evaluation. In terms of attack, to improve the accuracy of evaluation, a situation assessment method of DDoS attack based on the information of data packet was proposed. In terms of vulnerability, a improved Common Vulnerability Scoring System (CVSS was raised and maked the assessment more comprehensive. In terms of node weights, the method of calculating the combined weights and optimizing the result by Sequence Quadratic Program (SQP algorithm which reduced the uncertainty of fusion was raised. To verify the validity and necessity of the method, a testing platform was built and used to test through evaluating 2000 DAPRA data sets. Experiments show that the method can improve the accuracy of evaluation results.

  3. SECURE MATHEMATICALLY- ASSURED COMPOSITION OF CONTROL MODELS

    Science.gov (United States)

    2017-09-27

    SECURE MATHEMATICALLY-ASSURED COMPOSITION OF CONTROL MODELS ROCKWELL COLLINS SEPTEMBER 2017 FINAL TECHNICAL REPORT APPROVED FOR PUBLIC RELEASE...collection of information if it does not display a currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. 1. REPORT DATE...MATHEMATICALLY-ASSURED COMPOSITION OF CONTROL MODELS 5a. CONTRACT NUMBER FA8750-12-9-0179 5b. GRANT NUMBER N/A 5c. PROGRAM ELEMENT NUMBER 62303E

  4. Requirements of a security framework for the semantic web

    CSIR Research Space (South Africa)

    Mbaya, IR

    2009-02-01

    Full Text Available introduce new security challenges. Consequently, security becomes a crucial factor for the adoption of the Semantic Web. There are existing suggested security frameworks for the Semantic Web, however none of these address all issues related to the Semantic...

  5. 33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

    Science.gov (United States)

    2010-07-01

    ... conducting the VSA, the Company Security Officer (CSO) must analyze the vessel background information and the... evaluates existing vessel protective measures, procedures, and operations for: (1) Ensuring performance of... alertness and performance; (iv) Security training deficiencies; and (v) Security equipment and systems...

  6. 77 FR 63849 - Facility Security Officer Training Requirements; Correction

    Science.gov (United States)

    2012-10-17

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2012-0908] Facility Security Officer... comments; correction. SUMMARY: The Coast Guard published a notice of public meeting; request for comments... comments on the development of a Facility Security Officer training program. The notice contains an...

  7. 17 CFR 41.21 - Requirements for underlying securities.

    Science.gov (United States)

    2010-04-01

    ... underlying security is: (i) Common stock, (ii) Such other equity security as the Commission and the SEC jointly deem appropriate, or (iii) A note, bond, debenture, or evidence of indebtedness; and (3) The... Exchange Act of 1934; (3) The securities in the index are: (i) Common stock, (ii) Such other equity...

  8. Research on network information security model and system construction

    OpenAIRE

    Wang Haijun

    2016-01-01

    It briefly describes the impact of large data era on China’s network policy, but also brings more opportunities and challenges to the network information security. This paper reviews for the internationally accepted basic model and characteristics of network information security, and analyses the characteristics of network information security and their relationship. On the basis of the NIST security model, this paper describes three security control schemes in safety management model and the...

  9. 10 CFR 73.58 - Safety/security interface requirements for nuclear power reactors.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Safety/security interface requirements for nuclear power... PLANTS AND MATERIALS Physical Protection Requirements at Fixed Sites § 73.58 Safety/security interface... licensee shall assess and manage the potential for adverse effects on safety and security, including the...

  10. A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  11. 19 CFR 113.1 - Authority to require security or execution of bond.

    Science.gov (United States)

    2010-04-01

    ... 19 Customs Duties 1 2010-04-01 2010-04-01 false Authority to require security or execution of bond. 113.1 Section 113.1 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY CUSTOMS BONDS General Provisions § 113.1 Authority to require security or...

  12. What Isn't Working and New Requirements. The Need to Harmonize Safety and Security Requirements

    International Nuclear Information System (INIS)

    Flory, D.

    2011-01-01

    The year 2011 marks the 50th anniversary of the first IAEA regulations governing the transport of radioactive material. However transport safety at the IAEA obviously predates this, since the regulations took time to develop. In 1957, GC. 1/1 already states: 'The Agency should undertake studies with a view to the establishment of regulations relating to the international transportation of radioactive materials. ...'. And goes further: 'The transport of radioisotopes and radiation sources has brought to light many problems and involves the need for uniform packaging and shipping regulations ... facilitate the acceptance of such materials by sea and air carriers'. This conference reiterates the challenge given then through the sub-title 'The next fifty years - Creating a Safe, Secure and Sustainable Framework'. Looking back, we can see that the sustainable framework was a goal in 1957, where radioactive material could be transported should it be desired. Since these early days we have added to safety the need to ensure security. However we still see the same calls today to eradicate denial of shipment, which might suggest we have not progressed. But the picture today is very different - we have today well established requirements for safe transport of radioactive material, and the recommendations for security in transport are coming of age for all radioactive materials. The outstanding issue would seem to be harmonisation, not just between safety and security in IAEA documents, but also harmonisation between Member States.

  13. What Isn’t Working and New Requirements. The Need to Harmonize Safety and Security Requirements

    International Nuclear Information System (INIS)

    Flory, D.

    2016-01-01

    This paper sets out the key issues for consideration at the transport conference. It will introduce each of the aspects of the framework for safe, secure and sustainable transport, building on the description of the existing situation presented in Session 1A. It will discuss purpose of the IAEA framework, and examine the scientific basis, the IAEA recommendations and requirements, the UN interface, the use of conventions, national implementation, industry compliance, communication and information, response and restoration. It will also look at the activities and related requirements outside of transport which could influence the transport frameworks either in a positive or negative manner. (author)

  14. Modelling Public Security Operations: Evaluation of the Holistic Security Ecosystem (HSE) Proof-of-Concept

    Science.gov (United States)

    2012-12-01

    de validation pour les modèles informatisées des facteurs humains . DRDC CSS CR 2012-026 2 Executive summary Modelling Public Security ...Modelling Public Security Operations Evaluation of the Holistic Security Ecosystem (HSE) Proof-of-Concept Alexis Morris William Ross Mihaela...Centre for Security Science The scientific or technical validity of this Contract Report is entirely the responsibility of the Contractor and

  15. Mission Assurance Modeling and Simulation: A Cyber Security Roadmap

    Science.gov (United States)

    Gendron, Gerald; Roberts, David; Poole, Donold; Aquino, Anna

    2012-01-01

    This paper proposes a cyber security modeling and simulation roadmap to enhance mission assurance governance and establish risk reduction processes within constrained budgets. The term mission assurance stems from risk management work by Carnegie Mellon's Software Engineering Institute in the late 19905. By 2010, the Defense Information Systems Agency revised its cyber strategy and established the Program Executive Officer-Mission Assurance. This highlights a shift from simply protecting data to balancing risk and begins a necessary dialogue to establish a cyber security roadmap. The Military Operations Research Society has recommended a cyber community of practice, recognizing there are too few professionals having both cyber and analytic experience. The authors characterize the limited body of knowledge in this symbiotic relationship. This paper identifies operational and research requirements for mission assurance M&S supporting defense and homeland security. M&S techniques are needed for enterprise oversight of cyber investments, test and evaluation, policy, training, and analysis.

  16. Modeling the Security Ecosystem - The Dynamics of (In)Security

    Science.gov (United States)

    Frei, Stefan; Schatzmann, Dominik; Plattner, Bernhard; Trammell, Brian

    The security of information technology and computer networks is effected by a wide variety of actors and processes which together make up a security ecosystem; here we examine this ecosystem, consolidating many aspects of security that have hitherto been discussed only separately. First, we analyze the roles of the major actors within this ecosystem and the processes they participate in, and the the paths vulnerability data take through the ecosystem and the impact of each of these on security risk. Then, based on a quantitative examination of 27,000 vulnerabilities disclosed over the past decade and taken from publicly available data sources, we quantify the systematic gap between exploit and patch availability. We provide the first examination of the impact and the risks associated with this gap on the ecosystem as a whole. Our analysis provides a metric for the success of the “responsible disclosure” process. We measure the prevalence of the commercial markets for vulnerability information and highlight the role of security information providers (SIP), which function as the “free press” of the ecosystem.

  17. 33 CFR 106.305 - Facility Security Assessment (FSA) requirements.

    Science.gov (United States)

    2010-07-01

    ... owner or operator must ensure that the Company Security Officer (CSO) analyzes the OCS facility...; (iii) The impact of watch-keeping duties and risk of fatigue on personnel alertness and performance...— (i) Ensuring performance of all security duties; (ii) Controlling access to the OCS facility through...

  18. A Secure Operational Model for Mobile Payments

    Directory of Open Access Journals (Sweden)

    Tao-Ku Chang

    2014-01-01

    Full Text Available Instead of paying by cash, check, or credit cards, customers can now also use their mobile devices to pay for a wide range of services and both digital and physical goods. However, customers’ security concerns are a major barrier to the broad adoption and use of mobile payments. In this paper we present the design of a secure operational model for mobile payments in which access control is based on a service-oriented architecture. A customer uses his/her mobile device to get authorization from a remote server and generate a two-dimensional barcode as the payment certificate. This payment certificate has a time limit and can be used once only. The system also provides the ability to remotely lock and disable the mobile payment service.

  19. A secure operational model for mobile payments.

    Science.gov (United States)

    Chang, Tao-Ku

    2014-01-01

    Instead of paying by cash, check, or credit cards, customers can now also use their mobile devices to pay for a wide range of services and both digital and physical goods. However, customers' security concerns are a major barrier to the broad adoption and use of mobile payments. In this paper we present the design of a secure operational model for mobile payments in which access control is based on a service-oriented architecture. A customer uses his/her mobile device to get authorization from a remote server and generate a two-dimensional barcode as the payment certificate. This payment certificate has a time limit and can be used once only. The system also provides the ability to remotely lock and disable the mobile payment service.

  20. A Secure Operational Model for Mobile Payments

    Science.gov (United States)

    2014-01-01

    Instead of paying by cash, check, or credit cards, customers can now also use their mobile devices to pay for a wide range of services and both digital and physical goods. However, customers' security concerns are a major barrier to the broad adoption and use of mobile payments. In this paper we present the design of a secure operational model for mobile payments in which access control is based on a service-oriented architecture. A customer uses his/her mobile device to get authorization from a remote server and generate a two-dimensional barcode as the payment certificate. This payment certificate has a time limit and can be used once only. The system also provides the ability to remotely lock and disable the mobile payment service. PMID:25386607

  1. 78 FR 77606 - Security Requirements for Facilities Storing Spent Nuclear Fuel

    Science.gov (United States)

    2013-12-24

    ... NUCLEAR REGULATORY COMMISSION 10 CFR Parts 72 and 73 [NRC-2009-0558] RIN 3150-AI78 Security... rulemaking that would revise the security requirements for storing spent nuclear fuel (SNF) in an independent... Nuclear Security and Incident Response, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001...

  2. 7 CFR 1781.9 - Security, feasibility, evidence of debt, title, insurance and other requirements.

    Science.gov (United States)

    2010-01-01

    ... AND DEVELOPMENT (RCD) LOANS AND WATERSHED (WS) LOANS AND ADVANCES § 1781.9 Security, feasibility, evidence of debt, title, insurance and other requirements. (a) Security. WS loans, WS advances, and RCD... secure a WS loan, WS advance, or RCD loan. These should be consistent with the applicable provisions of...

  3. 76 FR 12645 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2011-03-08

    ... 3235-AK74 Ownership Limitations and Governance Requirements for Security- Based Swap Clearing Agencies... which such security- based swap dealer or major security-based swap participant has a material debt or... restrictions in Regulation MC with respect to the ownership and voting interests in and the governance of...

  4. DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is to provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.

  5. Modeling and Security in Cloud Ecosystems

    Directory of Open Access Journals (Sweden)

    Eduardo B. Fernandez

    2016-04-01

    Full Text Available Clouds do not work in isolation but interact with other clouds and with a variety of systems either developed by the same provider or by external entities with the purpose to interact with them; forming then an ecosystem. A software ecosystem is a collection of software systems that have been developed to coexist and evolve together. The stakeholders of such a system need a variety of models to give them a perspective of the possibilities of the system, to evaluate specific quality attributes, and to extend the system. A powerful representation when building or using software ecosystems is the use of architectural models, which describe the structural aspects of such a system. These models have value for security and compliance, are useful to build new systems, can be used to define service contracts, find where quality factors can be monitored, and to plan further expansion. We have described a cloud ecosystem in the form of a pattern diagram where its components are patterns and reference architectures. A pattern is an encapsulated solution to a recurrent problem. We have recently expanded these models to cover fog systems and containers. Fog Computing is a highly-virtualized platform that provides compute, storage, and networking services between end devices and Cloud Computing Data Centers; a Software Container provides an execution environment for applications sharing a host operating system, binaries, and libraries with other containers. We intend to use this architecture to answer a variety of questions about the security of this system as well as a reference to design interacting combinations of heterogeneous components. We defined a metamodel to relate security concepts which is being expanded.

  6. 21 CFR 1301.71 - Security requirements generally.

    Science.gov (United States)

    2010-04-01

    ... buildings; (6) The type of vault, safe, and secure enclosures or other storage system (e.g., automatic...) The adequacy of key control systems and/or combination lock control systems; (9) The adequacy of...

  7. Information security governance: business requirements and research directions

    CSIR Research Space (South Africa)

    Höne, K

    2009-01-01

    Full Text Available minimum effort is being spent on the topics deemed important by the business community. Information Security Governance in general can benefit from an improved alignment between the needs of business and the outputs of the research community....

  8. Requirements for Medical Modeling Languages

    Science.gov (United States)

    van der Maas, Arnoud A.F.; Ter Hofstede, Arthur H.M.; Ten Hoopen, A. Johannes

    2001-01-01

    Objective: The development of tailor-made domain-specific modeling languages is sometimes desirable in medical informatics. Naturally, the development of such languages should be guided. The purpose of this article is to introduce a set of requirements for such languages and show their application in analyzing and comparing existing modeling languages. Design: The requirements arise from the practical experience of the authors and others in the development of modeling languages in both general informatics and medical informatics. The requirements initially emerged from the analysis of information modeling techniques. The requirements are designed to be orthogonal, i.e., one requirement can be violated without violation of the others. Results: The proposed requirements for any modeling language are that it be “formal” with regard to syntax and semantics, “conceptual,” “expressive,” “comprehensible,” “suitable,” and “executable.” The requirements are illustrated using both the medical logic modules of the Arden Syntax as a running example and selected examples from other modeling languages. Conclusion: Activity diagrams of the Unified Modeling Language, task structures for work flows, and Petri nets are discussed with regard to the list of requirements, and various tradeoffs are thus made explicit. It is concluded that this set of requirements has the potential to play a vital role in both the evaluation of existing domain-specific languages and the development of new ones. PMID:11230383

  9. 17 CFR 242.400 - Customer margin requirements for security futures-authority, purpose, interpretation, and scope.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Customer margin requirements..., AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES Customer Margin Requirements for Security Futures § 242.400 Customer margin requirements for security futures—authority, purpose...

  10. Towards a Model of the Costs of Security

    OpenAIRE

    Larochelle, David; Rosasco, Nicholas

    2003-01-01

    We present a simple information security model to determine why, historically, the level of security has not increased despite numerous technical advances. In our model, the software design process involves trade-offs between security and functionality. Developers choose points in the design space corresponding to certain levels of security and functionality. If development resources, such as number of developers, time for completion, etc., are fixed, there is an implicit trade-off between se...

  11. Requirements for effective modelling strategies.

    NARCIS (Netherlands)

    Gaunt, J.L.; Riley, J.; Stein, A.; Penning de Vries, F.W.T.

    1997-01-01

    As the result of a recent BBSRC-funded workshop between soil scientists, modellers, statisticians and others to discuss issues relating to the derivation of complex environmental models, a set of modelling guidelines is presented and the required associated research areas are discussed.

  12. 7 CFR 774.18 - Interest rate, terms and security requirements.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rate, terms and security requirements. 774.18..., DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS EMERGENCY LOAN FOR SEED PRODUCERS PROGRAM § 774.18 Interest rate, terms and security requirements. (a) Interest rate. (1) The interest rate on the loan will be zero...

  13. 12 CFR 215.10 - Reporting requirement for credit secured by certain bank stock.

    Science.gov (United States)

    2010-01-01

    ... MEMBER BANKS (REGULATION O) § 215.10 Reporting requirement for credit secured by certain bank stock. Each... 12 Banks and Banking 2 2010-01-01 2010-01-01 false Reporting requirement for credit secured by certain bank stock. 215.10 Section 215.10 Banks and Banking FEDERAL RESERVE SYSTEM BOARD OF GOVERNORS OF...

  14. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

  15. 48 CFR 1352.239-72 - Security requirements for information technology resources.

    Science.gov (United States)

    2010-10-01

    ... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations System... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources...

  16. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...

  17. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of

  18. 77 FR 61771 - Facility Security Officer Training Requirements

    Science.gov (United States)

    2012-10-11

    ... Administrator of the Department of Transportation in developing the FSO training curriculum. The purpose of the... with the Maritime Administrator of the Department of Transportation in developing the FSO training... Security Officer training program, with the primary focus on developing the curriculum for such a program...

  19. Automated analysis of security requirements through risk-based argumentation

    NARCIS (Netherlands)

    Yu, Yijun; Nunes Leal Franqueira, V.; Tun, Thein Tan; Wieringa, Roelf J.; Nuseibeh, Bashar

    2015-01-01

    Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about

  20. Security in transnational interoperable PPDR communications: Threats and requirements

    NARCIS (Netherlands)

    Ferrús, R.; Sallent, O.; Verkoelen, C.; Fransen, F.; Saijonmaa, J.; Olivieri, C.; Duits, M.; Galin, A.; Pangallo, F.; Modi, D.P.

    2015-01-01

    The relevance of cross border security operations has been identified as a priority at European level for a long time. A European network where Public Protection and Disaster Relief (PPDR) forces share communications processes and a legal framework would greatly enforce response to disaster recovery

  1. 33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

    Science.gov (United States)

    2010-07-01

    ... dangerous goods and hazardous substances; (v) Delivery of vessel stores; (vi) Any facility security... use including the presence of stowaways; (v) Smuggling dangerous substances and devices to the... disruption, including disruption to transportation systems, of an attack on or at the facility; and (7...

  2. Generic Model to Send Secure Alerts for Utility Companies

    Directory of Open Access Journals (Sweden)

    Perez–Díaz J.A.

    2010-04-01

    Full Text Available In some industries such as logistics services, bank services, and others, the use of automated systems that deliver critical business information anytime and anywhere play an important role in the decision making process. This paper introduces a "Generic model to send secure alerts and notifications", which operates as a middleware between enterprise data sources and its mobile users. This model uses Short Message Service (SMS as its main mobile messaging technology, however is open to use new types of messaging technologies. Our model is interoperable with existing information systems, it can store any kind of information about alerts or notifications at different levels of granularity, it offers different types of notifications (as analert when critical business problems occur,asanotificationina periodical basis or as 2 way query. Notification rules can be customized by final users according to their preferences. The model provides a security framework in the cases where information requires confidentiality, it is extensible to existing and new messaging technologies (like e–mail, MMS, etc. It is a platform, mobile operator and hardware independent. Currently, our solution is being used at the Comisión Federal de Electricidad (Mexico's utility company to deliver secure alerts related to critical events registered in the main power generation plants of our country.

  3. On the Need for Relaxed Security Models

    DEFF Research Database (Denmark)

    Slides for the opening panel on "Issues in the Security of Wireless Network systems" at ICETE 2008.......Slides for the opening panel on "Issues in the Security of Wireless Network systems" at ICETE 2008....

  4. The IEA Model of Short-term Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2011-07-01

    Ensuring energy security has been at the centre of the IEA mission since its inception, following the oil crises of the early 1970s. While the security of oil supplies remains important, contemporary energy security policies must address all energy sources and cover a comprehensive range of natural, economic and political risks that affect energy sources, infrastructures and services. In response to this challenge, the IEA is currently developing a Model Of Short-term Energy Security (MOSES) to evaluate the energy security risks and resilience capacities of its member countries. The current version of MOSES covers short-term security of supply for primary energy sources and secondary fuels among IEA countries. It also lays the foundation for analysis of vulnerabilities of electricity and end-use energy sectors. MOSES contains a novel approach to analysing energy security, which can be used to identify energy security priorities, as a starting point for national energy security assessments and to track the evolution of a country's energy security profile. By grouping together countries with similar 'energy security profiles', MOSES depicts the energy security landscape of IEA countries. By extending the MOSES methodology to electricity security and energy services in the future, the IEA aims to develop a comprehensive policy-relevant perspective on global energy security. This Working Paper is intended for readers who wish to explore the MOSES methodology in depth; there is also a brochure which provides an overview of the analysis and results.

  5. Secure OpenID Authentication Model by Using Trusted Computing

    Directory of Open Access Journals (Sweden)

    E. Ghazizadeh

    2014-01-01

    Full Text Available The growth of Internet online services has been very quick in recent years. Each online service requires Internet users to create a new account to use the service. The problem can be seen when each user usually needs more than one service and, consequently, has numerous accounts. These numerous accounts have to be managed in a secure and simple way to be protected against identity theft. Single sign-on (SSO and OpenID have been used to decrease the complexity of managing numerous accounts required in the Internet identity environment. Trusted Platform Module (TPM and Trust Multitenancy are great trusted computing-based technologies to solve security concerns in the Internet identity environment. Since trust is one of the pillars of security in the cloud, this paper analyzes the existing cloud identity techniques in order to investigate their strengths and weaknesses. This paper proposes a model in which One Time Password (OTP, TPM, and OpenID are used to provide a solution against phishing as a common identity theft in cloud environment.

  6. THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    V. S. Oladko

    2016-12-01

    Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

  7. The Minimum Food Security Quota (MFS-Quota) in Food Security Policy Modelling

    OpenAIRE

    Mario Arturo Ruiz Estrada

    2010-01-01

    This paper proposes the construction of the Minimum Food Security Quota (MFSQuota)using mathematical economic modelling in real time. The MFS-Quota fixes a certain amount of annual food storage to prepare a country for any natural or social disasters. Any country can construct its own MFS-Quota for “food security policy”.

  8. Modelling the System of Ensuring the Investment Security

    Directory of Open Access Journals (Sweden)

    Moroz Maxim O.

    2017-11-01

    Full Text Available The article explores approaches to modelling the system of ensuring the investment security. Necessity of observance of investment security of Ukraine has been substantiated. The author’s own vision of the modelling essentials has been provided. The eligibility for consideration of the system of ensuring the investment security of Ukraine in the functional, structural, process, formative, and factor aspects has been proved. The target setting and tasks of a functional model of the system of ensuring the investment security have been defined. The functions, subjects, organizational-economic mechanisms of the system of ensuring the investment security of Ukraine have been characterized. A structural model of the system of ensuring the investment security has been presented. Special attention has been given to the definition of objects of direct and indirect influence, control and controlled subsystems, aggregate of indicators, safe levels, principles of formation of the investment security system. The process and formative models of the system of ensuring the investment security, as well as the algorithm of the complex assessment of the level of investment security, were analyzed in detail. Measures to ensure the investment security of Ukraine have been defined.

  9. 76 FR 30204 - Exelon Nuclear, Dresden Nuclear Power Station, Unit 1; Exemption From Certain Security Requirements

    Science.gov (United States)

    2011-05-24

    ... NUCLEAR REGULATORY COMMISSION [Docket No. 50-010; NRC-2011-0108] Exelon Nuclear, Dresden Nuclear Power Station, Unit 1; Exemption From Certain Security Requirements 1.0 Background Exelon Nuclear is the... nuclear material are not inimical to the common defense and security and do not constitute an unreasonable...

  10. High Assurance Models for Secure Systems

    Science.gov (United States)

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  11. Aspect-oriented security hardening of UML design models

    CERN Document Server

    Mouheb, Djedjiga; Pourzandi, Makan; Wang, Lingyu; Nouh, Mariam; Ziarati, Raha; Alhadidi, Dima; Talhi, Chamseddine; Lima, Vitor

    2015-01-01

    This book comprehensively presents a novel approach to the systematic security hardening of software design models expressed in the standard UML language. It combines model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. To this end, a UML profile has been developed for the specification of security hardening aspects on UML diagrams. In addition, a weaving framework, with the underlying theoretical foundations, has been designed for the systematic injection of security aspects into UML models. The

  12. On Protocol Security in the Cryptographic Model

    DEFF Research Database (Denmark)

    Nielsen, Jesper Buus

    the channels by which they communicate. A general solution to the secure multiparty computation problem is a compiler which given any feasible function describes an efficient protocol which allows the parties to compute the function securely on their local inputs over an open network. Over the past twenty...... previous approaches to the problem. Starting from an open point-to-point network there is a long way to general secure multiparty computation. The dissertation contains contributions at several points along the way. In particular we investigate how to realize secure channels. We also show how threshold...... you as possible. This is the general problem of secure multiparty computation. The usual way of formalizing the problem is to say that a number of parties who do not trust each other wish to compute some function of their local inputs, while keeping their inputs as secret as possible and guaranteeing...

  13. Re-designing the PhEDEx Security Model

    Energy Technology Data Exchange (ETDEWEB)

    Huang, C.-H. [Fermilab; Wildish, T. [Princeton U.; Zhang, X. [Beijing, Inst. High Energy Phys.

    2014-01-01

    PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.

  14. 76 FR 65542 - N.S. Savannah; Exemption From Certain Security Requirements

    Science.gov (United States)

    2011-10-21

    ... NUCLEAR REGULATORY COMMISSION [Docket No. 50-238; NRC-2011-0222] N.S. Savannah; Exemption From Certain Security Requirements 1.0 Background The U.S. Department of Transportation, Maritime [[Page 65543

  15. Bayesian Network Models in Cyber Security: A Systematic Review

    NARCIS (Netherlands)

    Chockalingam, S.; Pieters, W.; Herdeiro Teixeira, A.M.; van Gelder, P.H.A.J.M.; Lipmaa, Helger; Mitrokotsa, Aikaterini; Matulevicius, Raimundas

    2017-01-01

    Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also instantiated by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these

  16. 48 CFR 52.204-2 - Security Requirements.

    Science.gov (United States)

    2010-10-01

    ... (CONTINUED) CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 52... this contract or any of its elements from an unclassified status or a lower classification to a higher... Requirements (AUG 1996) (a) This clause applies to the extent that this contract involves access to information...

  17. A security model for saas in cloud computing

    International Nuclear Information System (INIS)

    Abbas, R.; Farooq, A.

    2016-01-01

    Cloud computing is a type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications. It has many service modes like Software as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS). In SaaS model, service providers install and activate the applications in cloud and cloud customers access the software from cloud. So, the user does not have the need to purchase and install a particular software on his/her machine. While using SaaS model, there are multiple security issues and problems like Data security, Data breaches, Network security, Authentication and authorization, Data integrity, Availability, Web application security and Backup which are faced by users. Many researchers minimize these security problems by putting in hard work. A large work has been done to resolve these problems but there are a lot of issues that persist and need to overcome. In this research work, we have developed a security model that improves the security of data according to the desire of the End-user. The proposed model for different data security options can be helpful to increase the data security through which trade-off between functionalities can be optimized for private and public data. (author)

  18. Adaptable Authentication Model: Exploring Security with Weaker Attacker Models

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Most methods for protocol analysis classify protocols as “broken” if they are vulnerable to attacks from a strong attacker, e.g., assuming the Dolev-Yao attacker model. In many cases, however, exploitation of existing vulnerabilities may not be practical and, moreover, not all applications may......; for each fine level authentication goal, we determine the “least strongest-attacker” for which the authentication goal can be satisfied. We demonstrate that this model can be used to reason about the security of supposedly insecure protocols. Such adaptability is particularly useful in those applications...

  19. 17 CFR 41.42 - Customer margin requirements for security futures-authority, purpose, interpretation, and scope.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Customer margin requirements... Margin Requirements § 41.42 Customer margin requirements for security futures—authority, purpose... to regulate customer margin collected by brokers, dealers, and members of national securities...

  20. A model-driven approach to information security compliance

    Science.gov (United States)

    Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena

    2017-06-01

    The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.

  1. A model to secure a stable iodine concentration in milk

    Directory of Open Access Journals (Sweden)

    Gisken Trøan

    2015-12-01

    Full Text Available Background: Dairy products account for approximately 60% of the iodine intake in the Norwegian population. The iodine concentration in cow's milk varies considerably, depending on feeding practices, season, and amount of iodine and rapeseed products in cow fodder. The variation in iodine in milk affects the risk of iodine deficiency or excess in the population. Objective: The first goal of this study was to develop a model to predict the iodine concentration in milk based on the concentration of iodine and rapeseed or glucosinolate in feed, as a tool to securing stable iodine concentration in milk. A second aim was to estimate the impact of different iodine levels in milk on iodine nutrition in the Norwegian population. Design: Two models were developed on the basis of results from eight published and two unpublished studies from the past 20 years. The models were based on different iodine concentrations in the fodder combined with either glucosinolate (Model 1 or rapeseed cake/meal (Model 2. To illustrate the impact of different iodine concentrations in milk on iodine intake, we simulated the iodine contribution from dairy products in different population groups based on food intake data in the most recent dietary surveys in Norway. Results: The models developed could predict iodine concentration in milk. Cross-validation showed good fit and confirmed the explanatory power of the models. Our calculations showed that dairy products with current iodine level in milk (200 µg/kg cover 68, 49, 108 and 56% of the daily iodine requirements for men, women, 2-year-old children, and pregnant women, respectively. Conclusions: Securing a stable level of iodine in milk by adjusting iodine concentration in different cow feeds is thus important for preventing excess intake in small children and iodine deficiency in pregnant and non-pregnant women.

  2. Nuclear security culture: a generic model for universal application

    International Nuclear Information System (INIS)

    Khripunov, I.

    2005-01-01

    Full text: Nuclear security culture found its way into professional parlance several years ago, but still lacks an agreed-upon definition and description. The February 2005 U.S.-Russian Joint Statement, issued at the presidential summit meeting in Bratislava, referred specifically to security culture, focusing renewed attention on the concept. Numerous speakers at the March 2005 International Atomic Energy Agency's (IAEA) international conference on nuclear security referred to security culture, but their visions and interpretations were often at odds with one another. Clearly, there is a need for a generic model of nuclear security culture with universal applicability. Internationally acceptable standards in this area would be invaluable for evaluation, comparison, cooperation, and assistance. They would also help international bodies better manage their relations with the nuclear sectors in various countries. This paper will develop such a model. It will use the IAEA definition of nuclear security, and then apply Edgar Schein's model of organizational culture to security culture at a generic nuclear facility. A cultural approach to physical protection involves determining what attitudes and beliefs need to be established in an organization, how these attitudes and beliefs manifest themselves in the behavior of assigned personnel, and how desirable attitudes and beliefs can be transcribed into formal working methods to produce good outcomes, i.e., effective protection. The security-culture mechanism I will propose is broken into four major units: facility leadership, proactive policies and procedures, personnel performance, and learning and professional improvement. The paper will amplify on the specific traits characteristic of each of these units. Security culture is not a panacea. In a time of mounting terrorist threats, it should nonetheless be looked upon as a necessary organizational tool that enhances the skills of nuclear personnel and ensures that

  3. Modeling of Information Security Strategic Planning Methods and Expert Assessments

    Directory of Open Access Journals (Sweden)

    Alexander Panteleevich Batsula

    2014-09-01

    Full Text Available The article, paper addresses problem of increasing the level of information security. As a result, a method of increasing the level of information security is developed through its modeling of strategic planning SWOT-analysis using expert assessments.

  4. ONTOLOGICAL MODEL OF STRATEGIC ECONOMIC SECURITY OF ENTERPRISE

    Directory of Open Access Journals (Sweden)

    L. A. Zaporozhtseva

    2014-01-01

    Full Text Available Article explains the necessity the application of the ontological approach to modeling the strategic economic security in the formalization of the basic categories of domain company recognized its benefits. Among the advantages of the model distinguishes its versatility and ability to describe various aspects of strategic security - the system strategies and goals of the organization and business processes; possibility of its use at different levels of detail - from the top-level description of the basic categories of management, to design-level analytic applications; as well as the adaptability of the model, with depth on particular aspects determined by practical necessity and not regulated methodology. The model integrates various aspects of the concept of enterprise architecture and organizes conceptual apparatus. Ontological model easy to understand and adjust as business architects and specialists in designing systems of economic security and offers many categories of verbal representation of the domain of the enterprise. Proved the feasibility of using process-functional approach in providing strategic economic security, according to which the components of such a security company proposed as business processes, finance, staff and contractors. The article presents the author's ontological model of strategic economic security, including endangered sites, the presence of factors that threaten the security of the object and the subject of providing security. Further, it is proved that in the subjects of security impact on the object using the tools, measures and activities within the strategy formed the mechanism is implemented managerial decisions to strengthen the strategic economic security. The process of diagnosis, detection, identification of threats of economic security, and the development of enterprise development strategies, taking into account its level of economic security must be under the constant supervision of the process of

  5. Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

    Science.gov (United States)

    Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

    2015-01-01

    This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

  6. 78 FR 78470 - Registration and Financial Security Requirements for Freight Forwarders; International...

    Science.gov (United States)

    2013-12-26

    ...). See, e.g., Motor Carrier Financial Information Reporting Requirements-Request for Public Comments, 68...] Registration and Financial Security Requirements for Freight Forwarders; International Association of Movers... FURTHER INFORMATION CONTACT: Mr. Thomas Yager, Chief of Driver and Carrier Operations, (202) 366-4001 or...

  7. 78 FR 78472 - Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders...

    Science.gov (United States)

    2013-12-26

    ...). See, e.g., Motor Carrier Financial Information Reporting Requirements-Request for Public Comments, 68...] Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders; Association of...-9329. To avoid duplication, please use only one of these four methods. FOR FURTHER INFORMATION CONTACT...

  8. Using the AMAN-DA method to generate security requirements: a case study in the maritime domain

    OpenAIRE

    Souag, Amina; Mazo, Raúl; Salinesi, Camille; Comyn-Wattiau, Isabelle

    2017-01-01

    [Context and motivation] Security requirements are known to be " the most difficult of requirements types " , and potentially the ones causing the greatest risk if they are not correct. One approach to requirements elicitation is based on the reuse of explicit knowledge. AMAN-DA is a requirement elicitation method that reuses encapsulated knowledge in security and domain ontologies to produce security requirements specifications. [Question/Problem] The main research question addressed in this...

  9. A Novel Computer Virus Propagation Model under Security Classification

    Directory of Open Access Journals (Sweden)

    Qingyi Zhu

    2017-01-01

    Full Text Available In reality, some computers have specific security classification. For the sake of safety and cost, the security level of computers will be upgraded with increasing of threats in networks. Here we assume that there exists a threshold value which determines when countermeasures should be taken to level up the security of a fraction of computers with low security level. And in some specific realistic environments the propagation network can be regarded as fully interconnected. Inspired by these facts, this paper presents a novel computer virus dynamics model considering the impact brought by security classification in full interconnection network. By using the theory of dynamic stability, the existence of equilibria and stability conditions is analysed and proved. And the above optimal threshold value is given analytically. Then, some numerical experiments are made to justify the model. Besides, some discussions and antivirus measures are given.

  10. Optimizing ZigBee Security using Stochastic Model Checking

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    ZigBee is a fairly new but promising wireless sensor network standard that offers the advantages of simple and low resource communication. Nevertheless, security is of great concern to ZigBee, and enhancements are prescribed in the latest ZigBee specication: ZigBee-2007. In this technical report......, we identify an important gap in the specification on key updates, and present a methodology for determining optimal key update policies and security parameters. We exploit the stochastic model checking approach using the probabilistic model checker PRISM, and assess the security needs for realistic...

  11. Secure Certificateless Signature with Revocation in the Standard Model

    Directory of Open Access Journals (Sweden)

    Tung-Tso Tsai

    2014-01-01

    previously proposed certificateless signature schemes were insecure under a considerably strong security model in the sense that they suffered from outsiders’ key replacement attacks or the attacks from the key generation center (KGC. In this paper, we propose a certificateless signature scheme without random oracles. Moreover, our scheme is secure under the strong security model and provides a public revocation mechanism, called revocable certificateless signature (RCLS. Under the standard computational Diffie-Hellman assumption, we formally demonstrate that our scheme possesses existential unforgeability against adaptive chosen-message attacks.

  12. A multi-dimensional model for information security management

    OpenAIRE

    2011-01-01

    D.Phil. Any organisation is dependent on its information technology resources. The challenges posed by new developments such as the World Wide Web and e-business, require new approaches to address the management and protection of IT resources. Various documents exist containing recommendations for the best practice to follow for information security management. BS7799 is such a code of practice for information security management. The most important problem to be addressed in this thesis i...

  13. Simple protocols for oblivious transfer and secure identification in the noisy-quantum-storage model

    Science.gov (United States)

    Schaffner, Christian

    2010-09-01

    We present simple protocols for oblivious transfer and password-based identification which are secure against general attacks in the noisy-quantum-storage model as defined in R. König, S. Wehner, and J. Wullschleger [e-print arXiv:0906.1030]. We argue that a technical tool from König suffices to prove security of the known protocols. Whereas the more involved protocol for oblivious transfer from König requires less noise in storage to achieve security, our “canonical” protocols have the advantage of being simpler to implement and the security error is easier control. Therefore, our protocols yield higher OT rates for many realistic noise parameters. Furthermore, a proof of security of a direct protocol for password-based identification against general noisy-quantum-storage attacks is given.

  14. Simple protocols for oblivious transfer and secure identification in the noisy-quantum-storage model

    International Nuclear Information System (INIS)

    Schaffner, Christian

    2010-01-01

    We present simple protocols for oblivious transfer and password-based identification which are secure against general attacks in the noisy-quantum-storage model as defined in R. Koenig, S. Wehner, and J. Wullschleger [e-print arXiv:0906.1030]. We argue that a technical tool from Koenig et al. suffices to prove security of the known protocols. Whereas the more involved protocol for oblivious transfer from Koenig et al. requires less noise in storage to achieve security, our ''canonical'' protocols have the advantage of being simpler to implement and the security error is easier control. Therefore, our protocols yield higher OT rates for many realistic noise parameters. Furthermore, a proof of security of a direct protocol for password-based identification against general noisy-quantum-storage attacks is given.

  15. Security Process Capability Model Based on ISO/IEC 15504 Conformant Enterprise SPICE

    Directory of Open Access Journals (Sweden)

    Mitasiunas Antanas

    2014-07-01

    Full Text Available In the context of modern information systems, security has become one of the most critical quality attributes. The purpose of this paper is to address the problem of quality of information security. An approach to solve this problem is based on the main assumption that security is a process oriented activity. According to this approach, product quality can be achieved by means of process quality - process capability. Introduced in the paper, SPICE conformant information security process capability model is based on process capability modeling elaborated by world-wide software engineering community during the last 25 years, namely ISO/IEC 15504 that defines the capability dimension and the requirements for process definition and domain independent integrated model for enterprise-wide assessment and Enterprise SPICE improvement

  16. A Secure Network Coding-based Data Gathering Model and Its Protocol in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Qian Xiao

    2012-09-01

    Full Text Available To provide security for data gathering based on network coding in wireless sensor networks (WSNs, a secure network coding-based data gathering model is proposed, and a data-privacy preserving and pollution preventing (DPPaamp;PP protocol using network coding is designed. DPPaamp;PP makes use of a new proposed pollution symbol selection and pollution (PSSP scheme based on a new obfuscation idea to pollute existing symbols. Analyses of DPPaamp;PP show that it not only requires low overhead on computation and communication, but also provides high security on resisting brute-force attacks.

  17. Analysis of the security and privacy requirements of cloud-based electronic health records systems.

    Science.gov (United States)

    Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

    2013-08-21

    The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access

  18. General Approaches and Requirements on Safety and Security of Radioactive Materials Transport in Russian Federation

    International Nuclear Information System (INIS)

    Ershov, V.N.; Buchel'nikov, A.E.; Komarov, S.V.

    2016-01-01

    Development and implementation of safety and security requirements for transport of radioactive materials in the Russian Federation are addressed. At the outset it is worth noting that the transport safety requirements implemented are in full accordance with the IAEA's ''Regulations for the Safe Transport of Radioactive Material (2009 Edition)''. However, with respect to security requirements for radioactive material transport in some cases the Russian Federation requirements for nuclear material are more stringent compared to IAEA recommendations. The fundamental principles of safety and security of RM managements, recommended by IAEA documents (publications No. SF-1 and GOV/41/2001) are compared. Its correlation and differences concerning transport matters, the current level and the possibility of harmonization are analysed. In addition a reflection of the general approaches and concrete transport requirements is being evaluated. Problems of compliance assessment, including administrative and state control problems for safety and security provided at internal and international shipments are considered and compared. (author)

  19. Spent fuel reprocessing system security engineering capability maturity model

    International Nuclear Information System (INIS)

    Liu Yachun; Zou Shuliang; Yang Xiaohua; Ouyang Zigen; Dai Jianyong

    2011-01-01

    In the field of nuclear safety, traditional work places extra emphasis on risk assessment related to technical skills, production operations, accident consequences through deterministic or probabilistic analysis, and on the basis of which risk management and control are implemented. However, high quality of product does not necessarily mean good safety quality, which implies a predictable degree of uniformity and dependability suited to the specific security needs. In this paper, we make use of the system security engineering - capability maturity model (SSE-CMM) in the field of spent fuel reprocessing, establish a spent fuel reprocessing systems security engineering capability maturity model (SFR-SSE-CMM). The base practices in the model are collected from the materials of the practice of the nuclear safety engineering, which represent the best security implementation activities, reflect the regular and basic work of the implementation of the security engineering in the spent fuel reprocessing plant, the general practices reveal the management, measurement and institutional characteristics of all process activities. The basic principles that should be followed in the course of implementation of safety engineering activities are indicated from 'what' and 'how' aspects. The model provides a standardized framework and evaluation system for the safety engineering of the spent fuel reprocessing system. As a supplement to traditional methods, this new assessment technique with property of repeatability and predictability with respect to cost, procedure and quality control, can make or improve the activities of security engineering to become a serial of mature, measurable and standard activities. (author)

  20. POLICE OFFICE MODEL IMPROVEMENT FOR SECURITY OF SWARM ROBOTIC SYSTEMS

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2014-09-01

    Full Text Available This paper focuses on aspects of information security for group of mobile robotic systems with swarm intellect. The ways for hidden attacks realization by the opposing party on swarm algorithm are discussed. We have fulfilled numerical modeling of potentially destructive information influence on the ant shortest path algorithm. We have demonstrated the consequences of attacks on the ant algorithm with different concentration in a swarm of subversive robots. Approaches are suggested for information security mechanisms in swarm robotic systems, based on the principles of centralized security management for mobile agents. We have developed the method of forming a self-organizing information security management system for robotic agents in swarm groups implementing POM (Police Office Model – a security model based on police offices, to provide information security in multi-agent systems. The method is based on the usage of police station network in the graph nodes, which have functions of identification and authentication of agents, identifying subversive robots by both their formal characteristics and their behavior in the swarm. We have suggested a list of software and hardware components for police stations, consisting of: communication channels between the robots in police office, nodes register, a database of robotic agents, a database of encryption and decryption module. We have suggested the variants of logic for the mechanism of information security in swarm systems with different temporary diagrams of data communication between police stations. We present comparative analysis of implementation of protected swarm systems depending on the functioning logic of police offices, integrated in swarm system. It is shown that the security model saves the ability to operate in noisy environments, when the duration of the interference is comparable to the time necessary for the agent to overcome the path between police stations.

  1. 77 FR 52692 - NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements...

    Science.gov (United States)

    2012-08-30

    ...-03] NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements....'' Authority: Federal Information Processing Standards (FIPS) are issued by the National Institute of Standards... Standards and Technology (NIST) seeks additional comments on specific sections of Federal Information...

  2. 20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

    Science.gov (United States)

    2010-04-01

    ... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false Application for security deposit determination; information to be submitted; other requirements. 703.203 Section 703.203 Employees' Benefits... each insurance rating service designated by the Branch and posted on the Internet at http://www.dol.gov...

  3. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology...

  4. 48 CFR 352.239-72 - Security requirements for Federal information technology resources.

    Science.gov (United States)

    2010-10-01

    ... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As... Federal Information Technology Resources (January 2010) (a) Applicability. This clause applies whether the...

  5. 48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

    Science.gov (United States)

    2010-10-01

    ... Unclassified Information Technology Resources. 652.239-71 Section 652.239-71 Federal Acquisition Regulations... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As... Technology Resources (SEP 2007) (a) General. The Contractor shall be responsible for information technology...

  6. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...

  7. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

    DEFF Research Database (Denmark)

    Coles, Graeme D; Wratten, Stephen D; Porter, John Roy

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively...... and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies....... with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude...

  8. Main control computer security model of closed network systems protection against cyber attacks

    Science.gov (United States)

    Seymen, Bilal

    2014-06-01

    The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

  9. Methodology for Applying Cyber Security Risk Evaluation from BN Model to PSA Model

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Kang, Hyun Gook; Son, Han Seong

    2014-01-01

    There are several advantages to use digital equipment such as cost, convenience, and availability. It is inevitable to use the digital I and C equipment replaced analog. Nuclear facilities have already started applying the digital system to I and C system. However, the nuclear facilities also have to change I and C system even though it is difficult to use digital equipment due to high level of safety, irradiation embrittlement, and cyber security. A cyber security which is one of important concerns to use digital equipment can affect the whole integrity of nuclear facilities. For instance, cyber-attack occurred to nuclear facilities such as the SQL slammer worm, stuxnet, DUQU, and flame. The regulatory authorities have published many regulatory requirement documents such as U.S. NRC Regulatory Guide 5.71, 1.152, IAEA guide NSS-17, IEEE Standard, and KINS Regulatory Guide. One of the important problem of cyber security research for nuclear facilities is difficulty to obtain the data through the penetration experiments. Therefore, we make cyber security risk evaluation model with Bayesian network (BN) for nuclear reactor protection system (RPS), which is one of the safety-critical systems to trip the reactor when the accident is happened to the facilities. BN can be used for overcoming these problems. We propose a method to apply BN cyber security model to probabilistic safety assessment (PSA) model, which had been used for safety assessment of system, structure and components of facility. The proposed method will be able to provide the insight of safety as well as cyber risk to the facility

  10. An Integrative Behavioral Model of Information Security Policy Compliance

    Directory of Open Access Journals (Sweden)

    Sang Hoon Kim

    2014-01-01

    Full Text Available The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1 the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2 the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3 the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training

  11. An integrative behavioral model of information security policy compliance.

    Science.gov (United States)

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  12. Document and author promotion strategies in the secure wiki model

    DEFF Research Database (Denmark)

    Lindberg, Kasper; Jensen, Christian D.

    2012-01-01

    , but this also means that anyone can introduce errors into documents, either by accident or on purpose. A security model for wiki-style authoring systems, called the Secure Wiki Model, has previously been proposed to address this problem. This model is designed to prevent corruption of good quality documents......Wiki systems form a subclass of the more general Open Collaborative Authoring Systems, where content is created by a user community. The ability of anyone to edit the content is, at the same time, their strength and their weakness. Anyone can write documents that improve the value of the wiki-system......, by limiting updates, to such documents, to users who have demonstrated their ability to produce documents of similar or better quality. While this security model prevents all user from editing all documents, it does respect the wiki philosophy by allowing any author who has produced documents of a certain...

  13. A Layered Decision Model for Cost-Effective System Security

    Energy Technology Data Exchange (ETDEWEB)

    Wei, Huaqiang; Alves-Foss, James; Soule, Terry; Pforsich, Hugh; Zhang, Du; Frincke, Deborah A.

    2008-10-01

    System security involves decisions in at least three areas: identification of well-defined security policies, selection of cost-effective defence strategies, and implementation of real-time defence tactics. Although choices made in each of these areas affect the others, existing decision models typically handle these three decision areas in isolation. There is no comprehensive tool that can integrate them to provide a single efficient model for safeguarding a network. In addition, there is no clear way to determine which particular combinations of defence decisions result in cost-effective solutions. To address these problems, this paper introduces a Layered Decision Model (LDM) for use in deciding how to address defence decisions based on their cost-effectiveness. To validate the LDM and illustrate how it is used, we used simulation to test model rationality and applied the LDM to the design of system security for an e-commercial business case.

  14. International Conference on Computational Intelligence, Cyber Security, and Computational Models

    CERN Document Server

    Ramasamy, Vijayalakshmi; Sheen, Shina; Veeramani, C; Bonato, Anthony; Batten, Lynn

    2016-01-01

    This book aims at promoting high-quality research by researchers and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security, and Computational Models ICC3 2015 organized by PSG College of Technology, Coimbatore, India during December 17 – 19, 2015. This book enriches with innovations in broad areas of research like computational modeling, computational intelligence and cyber security. These emerging inter disciplinary research areas have helped to solve multifaceted problems and gained lot of attention in recent years. This encompasses theory and applications, to provide design, analysis and modeling of the aforementioned key areas.

  15. An intruder model for verifying liveness in security protocols

    NARCIS (Netherlands)

    Cederquist, J.G.; Dashti, Muhammad Torabi

    2006-01-01

    We present a process algebraic intruder model for verifying a class of liveness properties of security protocols. For this class, the proposed intruder model is proved to be equivalent to a Dolev-Yao intruder that does not delay indefinitely the delivery of messages. In order to prove the

  16. Re-designing the PhEDEx security model

    CERN Document Server

    Wildish, Anthony

    2013-01-01

    PhEDEx. the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model was designed to provide a safe working environment for site agents and operators, but provided little more protection than that. CMS data was not sufficiently protected against accidental loss caused by operator error or software bugs or from loss of data caused by deliberate manipulation of the database. Operations staff were given high levels of access to the database, beyond what should have been needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time.In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and r...

  17. DOE Integrated Safeguards and Security (DISS) historical document archival and retrieval analysis, requirements and recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Guyer, H.B.; McChesney, C.A.

    1994-10-07

    The overall primary Objective of HDAR is to create a repository of historical personnel security documents and provide the functionality needed for archival and retrieval use by other software modules and application users of the DISS/ET system. The software product to be produced from this specification is the Historical Document Archival and Retrieval Subsystem The product will provide the functionality to capture, retrieve and manage documents currently contained in the personnel security folders in DOE Operations Offices vaults at various locations across the United States. The long-term plan for DISS/ET includes the requirement to allow for capture and storage of arbitrary, currently undefined, clearance-related documents that fall outside the scope of the ``cradle-to-grave`` electronic processing provided by DISS/ET. However, this requirement is not within the scope of the requirements specified in this document.

  18. Theft of Virtual Property — Towards Security Requirements for Virtual Worlds

    Science.gov (United States)

    Beyer, Anja

    The article is focused to introduce the topic of information technology security for Virtual Worlds to a security experts’ audience. Virtual Worlds are Web 2.0 applications where the users cruise through the world with their individually shaped avatars to find either amusement, challenges or the next best business deal. People do invest a lot of time but beyond they invest in buying virtual assets like fantasy witcheries, wepaons, armour, houses, clothes,...etc with the power of real world money. Although it is called “virtual” (which is often put on the same level as “not existent”) there is a real value behind it. In November 2007 dutch police arrested a seventeen years old teenager who was suspicted to have stolen virtual items in a Virtual World called Habbo Hotel [Reuters07]. In order to successfully provide security mechanisms into Virtual Worlds it is necessarry to fully understand the domain for which the security mechansims are defined. As Virtual Worlds must be clasified into the domain of Social Software the article starts with an overview of how to understand Web 2.0 and gives a short introduction to Virtual Worlds. The article then provides a consideration of assets of Virtual Worlds participants, describes how these assets can be threatened and gives an overview of appopriate security requirements and completes with an outlook of possible countermeasures.

  19. Managing business compliance using model-driven security management

    Science.gov (United States)

    Lang, Ulrich; Schreiner, Rudolf

    Compliance with regulatory and governance standards is rapidly becoming one of the hot topics of information security today. This is because, especially with regulatory compliance, both business and government have to expect large financial and reputational losses if compliance cannot be ensured and demonstrated. One major difficulty of implementing such regulations is caused the fact that they are captured at a high level of abstraction that is business-centric and not IT centric. This means that the abstract intent needs to be translated in a trustworthy, traceable way into compliance and security policies that the IT security infrastructure can enforce. Carrying out this mapping process manually is time consuming, maintenance-intensive, costly, and error-prone. Compliance monitoring is also critical in order to be able to demonstrate compliance at any given point in time. The problem is further complicated because of the need for business-driven IT agility, where IT policies and enforcement can change frequently, e.g. Business Process Modelling (BPM) driven Service Oriented Architecture (SOA). Model Driven Security (MDS) is an innovative technology approach that can solve these problems as an extension of identity and access management (IAM) and authorization management (also called entitlement management). In this paper we will illustrate the theory behind Model Driven Security for compliance, provide an improved and extended architecture, as well as a case study in the healthcare industry using our OpenPMF 2.0 technology.

  20. New safety and security requirements for the transport of nuclear and other radioactive materials in Hungary

    International Nuclear Information System (INIS)

    Katona, T.; Horvath, K.; Safar, J.

    2016-01-01

    In addition to the promulgation of mode-specific regulations of international transport of dangerous goods, some Hungarian governmental and ministerial decrees impose further conditions upon the transport of nuclear and other radioactive materials. One of these ministerial decrees on the transport, carriage and packaging of radioactive materials is under revision and it will require • approval of emergency response plan (including security and safety contingency plan); • report on transport incidents and accidents for classifying them in accordance with the INES scale; • the competent authority to request experts’ support for the approval of package designs, radioactive material designs and shipments. Regarding the security of the transport of nuclear and other radioactive materials a new Hungarian governmental decree and a related guidance are about to be published which will supply additional requirements in the field of the transport security especially concerning radioactive materials, implementing - among others - IAEA recommendations of the NSS No9 and No14. The main and relevant features of the Hungarian nuclear regulatory system and the details of both new decrees regarding the safety and security issues of transport of nuclear and other radioactive materials will be discussed. (author)

  1. Trust Model to Enhance Security and Interoperability of Cloud Environment

    Science.gov (United States)

    Li, Wenjuan; Ping, Lingdi

    Trust is one of the most important means to improve security and enable interoperability of current heterogeneous independent cloud platforms. This paper first analyzed several trust models used in large and distributed environment and then introduced a novel cloud trust model to solve security issues in cross-clouds environment in which cloud customer can choose different providers' services and resources in heterogeneous domains can cooperate. The model is domain-based. It divides one cloud provider's resource nodes into the same domain and sets trust agent. It distinguishes two different roles cloud customer and cloud server and designs different strategies for them. In our model, trust recommendation is treated as one type of cloud services just like computation or storage. The model achieves both identity authentication and behavior authentication. The results of emulation experiments show that the proposed model can efficiently and safely construct trust relationship in cross-clouds environment.

  2. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production.

    Science.gov (United States)

    Coles, Graeme D; Wratten, Stephen D; Porter, John R

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

  3. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

    Directory of Open Access Journals (Sweden)

    Graeme D. Coles

    2016-07-01

    Full Text Available Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

  4. European Climate - Energy Security Nexus. A model based scenario analysis

    International Nuclear Information System (INIS)

    Criqui, Patrick; Mima, Silvana

    2011-01-01

    In this research, we have provided an overview of the climate-security nexus in the European sector through a model based scenario analysis with POLES model. The analysis underline that under stringent climate policies, Europe take advantage of a double dividend in its capacity to develop a new cleaner energy model and in lower vulnerability to potential shocks on the international energy markets. (authors)

  5. European Climate - Energy Security Nexus. A model based scenario analysis

    Energy Technology Data Exchange (ETDEWEB)

    Criqui, Patrick; Mima, Silvana

    2011-01-15

    In this research, we have provided an overview of the climate-security nexus in the European sector through a model based scenario analysis with POLES model. The analysis underline that under stringent climate policies, Europe take advantage of a double dividend in its capacity to develop a new cleaner energy model and in lower vulnerability to potential shocks on the international energy markets. (authors)

  6. A Hybrid Secure Scheme for Wireless Sensor Networks against Timing Attacks Using Continuous-Time Markov Chain and Queueing Model.

    Science.gov (United States)

    Meng, Tianhui; Li, Xiaofan; Zhang, Sha; Zhao, Yubin

    2016-09-28

    Wireless sensor networks (WSNs) have recently gained popularity for a wide spectrum of applications. Monitoring tasks can be performed in various environments. This may be beneficial in many scenarios, but it certainly exhibits new challenges in terms of security due to increased data transmission over the wireless channel with potentially unknown threats. Among possible security issues are timing attacks, which are not prevented by traditional cryptographic security. Moreover, the limited energy and memory resources prohibit the use of complex security mechanisms in such systems. Therefore, balancing between security and the associated energy consumption becomes a crucial challenge. This paper proposes a secure scheme for WSNs while maintaining the requirement of the security-performance tradeoff. In order to proceed to a quantitative treatment of this problem, a hybrid continuous-time Markov chain (CTMC) and queueing model are put forward, and the tradeoff analysis of the security and performance attributes is carried out. By extending and transforming this model, the mean time to security attributes failure is evaluated. Through tradeoff analysis, we show that our scheme can enhance the security of WSNs, and the optimal rekeying rate of the performance and security tradeoff can be obtained.

  7. Development of DSRC device and communication system performance measures recommendations for DSRC OBE performance and security requirements.

    Science.gov (United States)

    2016-05-22

    This report presents recommendations for minimum DSRC device communication performance and security : requirements to ensure effective operation of the DSRC system. The team identified recommended DSRC : communications requirements aligned to use cas...

  8. Modelling effective and simultaneous promotion of food security and ...

    African Journals Online (AJOL)

    This ineffectiveness extends to promoting household food security within the context of encouraging biodiversity conservation on farm lands. To examine this, this paper draws on recently conducted research to sketch the current model within which extension pursues these seemingly dichotomous objectives and identifies ...

  9. Composable security in the bounded-quantum-storage model

    NARCIS (Netherlands)

    S.D.C. Wehner (Stephanie); J. Wullschleger

    2007-01-01

    htmlabstractWe present a simplified framework for proving sequential composability in the quantum setting. In particular, we give a new, simulation-based, definition for security in the bounded-quantum-storage model, and show that this definition allows for sequential composition of protocols.

  10. Organizational information assets classification model and security architecture methodology

    Directory of Open Access Journals (Sweden)

    Mostafa Tamtaji

    2015-12-01

    Full Text Available Today's, Organizations are exposed with huge and diversity of information and information assets that are produced in different systems shuch as KMS, financial and accounting systems, official and industrial automation sysytems and so on and protection of these information is necessary. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released.several benefits of this model cuses that organization has a great trend to implementing Cloud computing. Maintaining and management of information security is the main challenges in developing and accepting of this model. In this paper, at first, according to "design science research methodology" and compatible with "design process at information systems research", a complete categorization of organizational assets, including 355 different types of information assets in 7 groups and 3 level, is presented to managers be able to plan corresponding security controls according to importance of each groups. Then, for directing of organization to architect it’s information security in cloud computing environment, appropriate methodology is presented. Presented cloud computing security architecture , resulted proposed methodology, and presented classification model according to Delphi method and expers comments discussed and verified.

  11. Security

    Science.gov (United States)

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  12. 77 FR 70213 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-23

    .... VaR Models iv. Credit Risk Charges v. Capital Charge In Lieu of Margin Collateral vi. Treatment of Swaps c. Risk Management d. Funding Liquidity Stress Test Requirement e. Other Rule 15c3-1 Provisions... Haircuts iii. Capital Charge in Lieu of Margin Collateral iv. Credit Risk Charge v. Funding Liquidity...

  13. DESIGN MODELING OF A UNIVERSITY’S COMPREHENSIVE-INTEGRATED SECURITY SYSTEM

    Directory of Open Access Journals (Sweden)

    Marina V. Dulyasova

    2017-03-01

    Full Text Available Introduction: the safety of higher education institutions is considered to be of great importance nowadays. Security challenges need to be addressed through a comprehensive and integrative approach. This approach provides neutralisation of various threats systemically, risk prevention, minimisation of the tangible and moral harm. The project concept of “safe university” is proposed and substantiated for the above-mentioned purposes. Materials and Methods: the authors used a special literature survey on the issue, which is divided into three main groups of publications, where the complex security of educational institutions is considered in the context of the general theory of security, in the educational-methodical plan and within the framework of sociological, psychological and pedagogical approaches. The legislative and regulatory sources also indicated, legislative and regulatory legal acts reviews, “Safe City” concept, National standard “Information security technologies: complex and integrated ones. Standard requirements to architecture and technologies of intellectual systems of monitoring for safety of the companies and the territories” (State standard specification P 56875-2016, documents of higher education institutions, media reports. The analysis and generalisation of information was coupled with project modeling of the new comprehensive system of higher education institution security. Results: the authors introduce the concept, architecture and model of the comprehensive integrated higher education institution security, monitoring based on measures and indicators pertaining to implementation of standard requirements and level of satisfaction with safety, evaluation of the taken measures in terms of efficiency. Discussion and Conclusions: the main contours of the model for comprehensive integrated security system in a higher education institution and algorithm of interaction between the subjects are determined. These

  14. An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment.

    Science.gov (United States)

    Muthurajan, Vinothkumar; Narayanasamy, Balaji

    2016-01-01

    Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function) provide minimum protection level compared to asymmetric key (RSA, AES, and ECC) schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation.

  15. An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment

    Directory of Open Access Journals (Sweden)

    Vinothkumar Muthurajan

    2016-01-01

    Full Text Available Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function provide minimum protection level compared to asymmetric key (RSA, AES, and ECC schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation.

  16. NERSC Cyber Security Challenges That Require DOE Development andSupport

    Energy Technology Data Exchange (ETDEWEB)

    Draney, Brent; Campbell, Scott; Walter, Howard

    2007-01-16

    Traditional security approaches do not adequately addressall the requirements of open, scientific computing facilities. Many ofthe methods used for more restricted environments, including almost allcorporate/commercial systems, do not meet the needs of today's science.Use of only the available "state of the practice" commercial methods willhave adverse impact on the ability of DOE to accomplish its sciencegoals, and impacts the productivity of the DOE Science community. Inparticular, NERSC and other high performance computing (HPC) centers havespecial security challenges that are unlikely to be met unless DOE fundsdevelopment and support of reliable and effective tools designed to meetthe cyber security needs of High Performance Science. The securitychallenges facing NERSC can be collected into three basic problem sets:network performance and dynamics, application complexity and diversity,and a complex user community that can have transient affiliations withactual institutions. To address these problems, NERSC proposes thefollowing four general solutions: auditing user and system activityacross sites; firewall port configuration in real time;cross-site/virtual organization identity management and access control;and detecting security issues in application middleware. Solutions arealsoproposed for three general long term issues: data volume,application complexity, and information integration.

  17. Towards second-generation smart card-based authentication in health information systems: the secure server model.

    Science.gov (United States)

    Hallberg, J; Hallberg, N; Timpka, T

    2001-01-01

    Conventional smart card-based authentication systems used in health care alleviate some of the security issues in user and system authentication. Existing models still do not cover all security aspects. To enable new protective measures to be developed, an extended model of the authentication process is presented. This model includes a new entity referred to as secure server. Assuming a secure server, a method where the smart card is aware of the status of the terminal integrity verification becomes feasible. The card can then act upon this knowledge and restrict the exposure of sensitive information to the terminal as required in order to minimize the risks. The secure server model can be used to illuminate the weaknesses of current approaches and the need for extensions which alleviate the resulting risks.

  18. Adaptable Authentication Model - for Exploring the Weaker Notions of Security

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    operational environment. In past, this often caused increasing the power of attacker model, for instance, now a days we also consider privacy concerns and side channel leakage beside the classic Dolev-Yao attacker. A protocol is labeled as insecure protocol once an effective attack or flaw is found in it....... In fact, the most of the published protocols are considered insecure from this point of view. In practice, however, this approach has a side effect, namely, we rarely bother to explore how much insecure is the protocol. This question asks us to explore the area between security and insecurity; after all...... and sometimes with additional capabilities such as dynamic corruption of communicating nodes. Then, one tries to show that the protocol achieves its objective under this specific attacker. Naturally there are three possibilities: one may succeed in constructing a security proof; one may fail in proving security...

  19. CONCEPTUAL MODELLING AND ORGANIZATION OF SECURITY MECHANISMS IN DISTRIBUTED SYSTEMS

    Directory of Open Access Journals (Sweden)

    T. Galibus

    2016-01-01

    Full Text Available We analyze the existing DS from the point of security and construct a two-level hierarchy of models. Such approach allows us to separate the abstraction (architecture level and the concrete (component level of ISS. The core set of methods, i. e. authentication and key exchange protocols, corresponds to the abstraction level and is defined as security infrastructure (SI. The final security parameters optimization and additional mechanisms such as authorization, routing and data auditing of the protection mechanisms are configured on the component level of the DS. In addition, we outline the systematic step-by-step ISS configuration method.

  20. Security

    OpenAIRE

    Leander, Anna

    2009-01-01

    This paper argues that security belongs to a specific category of commodities: “contested commodities” around which there is an ongoing and unsettled symbolic struggle over whether or not they can and should be though of as commodities (section 1). The contested nature of commodification has implications for how markets function; market practices tend to be defined and organized in ways that minimize their contentiousness and obfuscate their expansion. The paper looks at the implications of t...

  1. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  2. Physical security and vulnerability modeling for infrasturcture facilities.

    Energy Technology Data Exchange (ETDEWEB)

    Nozick, Linda Karen; Jones, Dean A.; Davis, Chad Edward; Turnquist, Mark Alan

    2006-07-01

    A model of malicious intrusions in infrastructure facilities is developed, using a network representation of the system structure together with Markov models of intruder progress and strategy. This structure provides an explicit mechanism to estimate the probability of successful breaches of physical security, and to evaluate potential improvements. Simulation is used to analyze varying levels of imperfect information on the part of the intruders in planning their attacks. An example of an intruder attempting to place an explosive device on an airplane at an airport gate illustrates the structure and potential application of the model.

  3. Strong tobacco control program requirements and secure funding are not enough: lessons from Florida.

    Science.gov (United States)

    Kennedy, Allison; Sullivan, Sarah; Hendlin, Yogi; Barnes, Richard; Glantz, Stanton

    2012-05-01

    Florida's Tobacco Pilot Program (TPP; 1998-2003), with its edgy Truth media campaign, achieved unprecedented youth smoking reductions and became a model for tobacco control programming. In 2006, 3 years after the TPP was defunded, public health groups restored funding for tobacco control programming by convincing Florida voters to amend their constitution. Despite the new program's strong legal structure, Governor Charlie Crist's Department of Health implemented a low-impact program. Although they secured the program's strong structure and funding, Florida's nongovernmental public health organizations did not mobilize to demand a high-impact program. Implementation of Florida's Amendment 4 demonstrates that a strong programmatic structure and secure funding are insufficient to ensure a successful public health program, without external pressure from nongovernmental groups.

  4. Meta-requirements that Model Change

    OpenAIRE

    Gouri Prakash

    2010-01-01

    One of the common problems encountered in software engineering is addressing and responding to the changing nature of requirements. While several approaches have been devised to address this issue, ranging from instilling resistance to changing requirements in order to mitigate impact to project schedules, to developing an agile mindset towards requirements, the approach discussed in this paper is one of conceptualizing the delta in requirement and modeling it, in order t...

  5. Creation of a Homeland Security Jail Information Model

    Science.gov (United States)

    2012-03-01

    In contrast, law enforcement officers at a jail have a better gestalt understanding of homeland security threats and trends in the same...and my personal familiarity with each model. In his book Beyond the Two Disciplines of Scientific Psychology , Lee Cronbach claims that...muhajir.background/index.html Cronbach, L. J. (1975). Beyond the two disciplines of scientific psychology . Washington, D.C.: American Psychologist

  6. Application distribution model and related security attacks in VANET

    Science.gov (United States)

    Nikaein, Navid; Kanti Datta, Soumya; Marecar, Irshad; Bonnet, Christian

    2013-03-01

    In this paper, we present a model for application distribution and related security attacks in dense vehicular ad hoc networks (VANET) and sparse VANET which forms a delay tolerant network (DTN). We study the vulnerabilities of VANET to evaluate the attack scenarios and introduce a new attacker`s model as an extension to the work done in [6]. Then a VANET model has been proposed that supports the application distribution through proxy app stores on top of mobile platforms installed in vehicles. The steps of application distribution have been studied in detail. We have identified key attacks (e.g. malware, spamming and phishing, software attack and threat to location privacy) for dense VANET and two attack scenarios for sparse VANET. It has been shown that attacks can be launched by distributing malicious applications and injecting malicious codes to On Board Unit (OBU) by exploiting OBU software security holes. Consequences of such security attacks have been described. Finally, countermeasures including the concepts of sandbox have also been presented in depth.

  7. Adapting Rational Unified Process (RUP) approach in designing a secure e-Tendering model

    Science.gov (United States)

    Mohd, Haslina; Robie, Muhammad Afdhal Muhammad; Baharom, Fauziah; Darus, Norida Muhd; Saip, Mohamed Ali; Yasin, Azman

    2016-08-01

    e-Tendering is an electronic processing of the tender document via internet and allow tenderer to publish, communicate, access, receive and submit all tender related information and documentation via internet. This study aims to design the e-Tendering system using Rational Unified Process approach. RUP provides a disciplined approach on how to assign tasks and responsibilities within the software development process. RUP has four phases that can assist researchers to adjust the requirements of various projects with different scope, problem and the size of projects. RUP is characterized as a use case driven, architecture centered, iterative and incremental process model. However the scope of this study only focusing on Inception and Elaboration phases as step to develop the model and perform only three of nine workflows (business modeling, requirements, analysis and design). RUP has a strong focus on documents and the activities in the inception and elaboration phases mainly concern the creation of diagrams and writing of textual descriptions. The UML notation and the software program, Star UML are used to support the design of e-Tendering. The e-Tendering design based on the RUP approach can contribute to e-Tendering developers and researchers in e-Tendering domain. In addition, this study also shows that the RUP is one of the best system development methodology that can be used as one of the research methodology in Software Engineering domain related to secured design of any observed application. This methodology has been tested in various studies in certain domains, such as in Simulation-based Decision Support, Security Requirement Engineering, Business Modeling and Secure System Requirement, and so forth. As a conclusion, these studies showed that the RUP one of a good research methodology that can be adapted in any Software Engineering (SE) research domain that required a few artifacts to be generated such as use case modeling, misuse case modeling, activity

  8. Modeling and Security Threat Assessments of Data Processed in Cloud Based Information Systems

    Directory of Open Access Journals (Sweden)

    Darya Sergeevna Simonenkova

    2016-03-01

    Full Text Available The subject of the research is modeling and security threat assessments of data processed in cloud based information systems (CBIS. This method allow to determine the current security threats of CBIS, state of the system in which vulnerabilities exists, level of possible violators, security properties and to generate recommendations for neutralizing security threats of CBIS.

  9. Safeguards and security requirements for weapons plutonium disposition in light water reactors

    International Nuclear Information System (INIS)

    Thomas, L.L.; Strait, R.S.

    1994-10-01

    This paper explores the issues surrounding the safeguarding of the plutonium disposition process in support of the United States nuclear weapons dismantlement program. It focuses on the disposition of the plutonium by burning mixed oxide fuel in light water reactors (LWR) and addresses physical protection, material control and accountability, personnel security and international safeguards. The S and S system needs to meet the requirements of the DOE Orders, NRC Regulations and international safeguards agreements. Experience has shown that incorporating S and S measures into early facility designs and integrating them into operations provides S and S that is more effective, more economical, and less intrusive. The plutonium disposition safeguards requirements with which the US has the least experience are the implementation of international safeguards on plutonium metal; the large scale commercialization of the mixed oxide fuel fabrication; and the transportation to and loading in the LWRs of fresh mixed oxide fuel. It is in these areas where the effort needs to be concentrated if the US is to develop safeguards and security systems that are effective and efficient

  10. Modeling Turkey’s future LNG supply security strategy

    International Nuclear Information System (INIS)

    Efe Biresselioglu, Mehmet; Hakan Demir, Muhittin; Kandemir, Cansu

    2012-01-01

    Turkey was among those countries which decided to increase its natural gas consumption in the 1990s, due to its relative low cost and lack of impact on the environment. However, a heavy dependence on imports, from Algeria, Qatar and Nigeria, respectively, creates a threat to energy security, both in terms of source and supply diversity. Accordingly, we follow an analytical approach to identify the accuracy of our assumption, considering the current economic, political and security risk. To this end, we formulate and solve a mixed integer programming model that determines the optimal sourcing strategy for Turkey’s increasing LNG demand. This model demonstrates a number of alternative policy options for LNG supply. Furthermore, we consider that increasing the proportion of LNG in the overall gas supply will contribute to the aim of improving Turkey’s level of energy security. - Highlights: ► Turkey’s best policy option is to increase the share of LNG. ► Turkey’s main suppliers of LNG will be Algeria, Egypt, Nigeria, and Trinidad and Tobago. ► Norway, Libya, and Oman contribute to the supply with rather smaller shares. ► With high risk scenario Algeria, Egypt, Nigeria and Libya will not be suppliers. ► Oman and Qatar will cover; even though they are high-cost suppliers.

  11. Requirements for clinical information modelling tools.

    Science.gov (United States)

    Moreno-Conde, Alberto; Jódar-Sánchez, Francisco; Kalra, Dipak

    2015-07-01

    This study proposes consensus requirements for clinical information modelling tools that can support modelling tasks in medium/large scale institutions. Rather than identify which functionalities are currently available in existing tools, the study has focused on functionalities that should be covered in order to provide guidance about how to evolve the existing tools. After identifying a set of 56 requirements for clinical information modelling tools based on a literature review and interviews with experts, a classical Delphi study methodology was applied to conduct a two round survey in order to classify them as essential or recommended. Essential requirements are those that must be met by any tool that claims to be suitable for clinical information modelling, and if we one day have a certified tools list, any tool that does not meet essential criteria would be excluded. Recommended requirements are those more advanced requirements that may be met by tools offering a superior product or only needed in certain modelling situations. According to the answers provided by 57 experts from 14 different countries, we found a high level of agreement to enable the study to identify 20 essential and 21 recommended requirements for these tools. It is expected that this list of identified requirements will guide developers on the inclusion of new basic and advanced functionalities that have strong support by end users. This list could also guide regulators in order to identify requirements that could be demanded of tools adopted within their institutions. Copyright © 2015 Elsevier Ireland Ltd. All rights reserved.

  12. Competence Requirements of ISO/IEC Standards for Information Security Professionals

    Directory of Open Access Journals (Sweden)

    Natalia G. Miloslavskaya

    2017-11-01

    Full Text Available The rapid progress in the filed of information security (IS puts one in a need of periodic revision of professional competencies (formulated in the federal state educational standards –FSESs and working functions (formulated in the professional standards – PSs. Under these conditions, a timely reaction to everything new that emerges or will appear in modern regulatory documents (primarily in standards is extremely important. We make a forecast for the content of the ISO/IEC 27021 and ISO/IEC 19896 standards drafted by the International Organization for Standardization (ISO, which should contain the requirements for the competencies of IS management system professionals and the competence of IS testers and evaluators. Our forecast takes into account the requirements of the ISO/IEC 27000 standard group and the recommendations of the European e-Competence Framework e-CF 3.0.

  13. Modeling Security-Enhanced Linux Policy Specifications for Analysis (Preprint)

    National Research Council Canada - National Science Library

    Archer, Myla; Leonard, Elizabeth; Pradella, Matteo

    2003-01-01

    Security-Enhanced (SE) Linux is a modification of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server...

  14. A Service Access Security Control Model in Cyberspace

    Science.gov (United States)

    Qianmu, Li; Jie, Yin; Jun, Hou; Jian, Xu; Hong, Zhang; Yong, Qi

    A service access control model in cyberspace is proposed, which provides a generalized and effective mechanism of security management with some items constraint specifications. These constraint specifications are organized to form a construction, and an enact process is proposed to make it scalable and flexible to meet the need of diversified service application systems in cyberspace. The model of this paper erases the downward information flow by extended rules of read/write, which is the breakthrough of the limitations when applying the standard role-based access control in cyberspace.

  15. 76 FR 15874 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-03-22

    ... (202) 551-3500, Division of Corporation Finance, U.S. Securities and Exchange Commission, 100 F Street...) analysis, such as counting beneficial ownership of those derivative securities exercisable or convertible... equity securities through the exercise or conversion of any derivative security, whether or not presently...

  16. 76 FR 34579 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-06-14

    ... (202) 551-3500, Division of Corporation Finance, U.S. Securities and Exchange Commission, 100 F Street... underlying derivative securities exercisable or convertible within 60 days,\\37\\ is imported into the ten... securities through the exercise or conversion of any derivative security, whether or not presently...

  17. Future consumer mobile phone security : a case study using the data centric security model

    NARCIS (Netherlands)

    van Cleeff, A.

    2008-01-01

    In the interconnected world that we live in, traditional security barriers are broken down. Developments such as outsourcing, increased usage of mobile devices and wireless networks each cause new security problems. To address the new security threats, a number of solutions have been suggested,

  18. Constructing RBAC Based Security Model in u-Healthcare Service Platform

    Science.gov (United States)

    Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

    2015-01-01

    In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices. PMID:25695104

  19. Constructing RBAC based security model in u-healthcare service platform.

    Science.gov (United States)

    Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

    2015-01-01

    In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

  20. Constructing RBAC Based Security Model in u-Healthcare Service Platform

    Directory of Open Access Journals (Sweden)

    Moon Sun Shin

    2015-01-01

    Full Text Available In today’s era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation’s healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR, recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

  1. Modelling of Processes of Logistics in Cyberspace Security

    Directory of Open Access Journals (Sweden)

    Konečný Jiří

    2017-01-01

    Full Text Available The goal of this contribution is especially to familiarize experts in various fields with the need for a new approach to the system-defined model and modelling of processes in the engineering practice and the expression of some state variables' possibilities for the modelling of real-world systems with regard to the highly dynamic development of structures and to the behaviour of systems of logistics. Thus, in this contribution, the necessity of making full use of cybernetics as a field for the management and communication of information is expressed, and also the environment of cybernetics as a much needed cybernetic realm (cyberspace, determining the steady state between cyber-attacks and cyber-defence as a modern knowledge-based potential in general and specifically of logistics in cyber security. Connected with this process is the very important area of lifelong training of experts in the dynamic world of science and technology (that is, also in a social system which is also expressed here briefly, and also the cyber and information security, all of which falls under the cyberspace of new perspective electronic learning (e-learning with the use of modern laboratories with new effects also for future possibilities of process modelling of artificial intelligence (AI with a perspective of mass use of UAVs in logistics.

  2. AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

    Directory of Open Access Journals (Sweden)

    JAE-GU SONG

    2013-10-01

    Full Text Available Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  3. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

    Directory of Open Access Journals (Sweden)

    Mohamed S. Abdalzaher

    2016-06-01

    Full Text Available We present a study of using game theory for protecting wireless sensor networks (WSNs from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  4. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey.

    Science.gov (United States)

    Abdalzaher, Mohamed S; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-06-29

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  5. Cooperative Monitoring Center Occasional Paper/7: A Generic Model for Cooperative Border Security

    Energy Technology Data Exchange (ETDEWEB)

    Netzer, Colonel Gideon

    1999-03-01

    This paper presents a generic model for dealing with security problems along borders between countries. It presents descriptions and characteristics of various borders and identifies the threats to border security, while emphasizing cooperative monitoring solutions.

  6. Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

    Science.gov (United States)

    Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

    2016-01-01

    Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

  7. 48 CFR 1352.237-70 - Security processing requirements-high or moderate risk contracts.

    Science.gov (United States)

    2010-10-01

    ... overseas, or to obtain access to a Department of Commerce IT system. All Department of Commerce security... facility or Department of Commerce IT system. (4) Security processing shall consist of limited personal... Department of Commerce facilities or denial of access to IT systems. (g) Access to National Security...

  8. 48 CFR 1852.204-76 - Security requirements for unclassified information technolocgy resources.

    Science.gov (United States)

    2010-10-01

    ...) Concept of Operations for reporting security incidents. Specifically, any confirmed incident of a system... annual IT security training in NASA IT Security policies, procedures, computer ethics, and best practices..., and/or web services) to someone other than themselves and takes or assumes the responsibility for the...

  9. A fuzzy model for exploiting customer requirements

    Directory of Open Access Journals (Sweden)

    Zahra Javadirad

    2016-09-01

    Full Text Available Nowadays, Quality function deployment (QFD is one of the total quality management tools, where customers’ views and requirements are perceived and using various techniques improves the production requirements and operations. The QFD department, after identification and analysis of the competitors, takes customers’ feedbacks to meet the customers’ demands for the products compared with the competitors. In this study, a comprehensive model for assessing the importance of the customer requirements in the products or services for an organization is proposed. The proposed study uses linguistic variables, as a more comprehensive approach, to increase the precision of the expression evaluations. The importance of these requirements specifies the strengths and weaknesses of the organization in meeting the requirements relative to competitors. The results of these experiments show that the proposed method performs better than the other methods.

  10. A cooperative model for IS security risk management in distributed environment.

    Science.gov (United States)

    Feng, Nan; Zheng, Chundong

    2014-01-01

    Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

  11. Business models and business model innovation in a “Secure and Distributed Cloud Clustering (DISC) Society”

    DEFF Research Database (Denmark)

    Lindgren, Peter; Taran, Yariv

    2011-01-01

    secure—but we still have some steps to go before we reach the final destination. The paper gives a conceptual futuristic outlook on behalf of the input from SW2010 and state of the art business model research to what we can expect of business Model and business model innovation in a future secure cloud......The development and innovation of business models to a secure distributed cloud clustering society (DISC)—is indeed still a complex venture and has not been widely researched yet. Numerous types of security technologies are in these years proposed and in the “slip stream” of these the study...... of secure business models and how business models can be operated and innovated in a secure context have intensified tremendously. The development of new mobile and wireless security technologies gives hopes to really realize a secure cloud clustering society where business models can act and be innovated...

  12. Knowledge Base for an Intelligent System in order to Identify Security Requirements for Government Agencies Software Projects

    Directory of Open Access Journals (Sweden)

    Adán Beltrán G.

    2016-01-01

    Full Text Available It has been evidenced that one of the most common causes in the failure of software security is the lack of identification and specification of requirements for information security, it is an activity with an insufficient importance in the software development or software acquisition We propose the knowledge base of CIBERREQ. CIBERREQ is an intelligent knowledge-based system used for the identification and specification of security requirements in the software development cycle or in the software acquisition. CIBERREQ receives functional software requirements written in natural language and produces non-functional security requirements through a semi-automatic process of risk management. The knowledge base built is formed by an ontology developed collaboratively by experts in information security. In this process has been identified six types of assets: electronic data, physical data, hardware, software, person and service; as well as six types of risk: competitive disadvantage, loss of credibility, economic risks, strategic risks, operational risks and legal sanctions. In addition there are defined 95 vulnerabilities, 24 threats, 230 controls, and 515 associations between concepts. Additionally, automatic expansion was used with Wikipedia for the asset types Software and Hardware, obtaining 7125 and 5894 software and hardware subtypes respectively, achieving thereby an improvement of 10% in the identification of the information assets candidates, one of the most important phases of the proposed system.

  13. Activity Modelling and Comparative Evaluation of WSN MAC Security Attacks

    DEFF Research Database (Denmark)

    Pawar, Pranav M.; Nielsen, Rasmus Hjorth; Prasad, Neeli R.

    2012-01-01

    Applications of wireless sensor networks (WSNs) are growing tremendously in the domains of habitat, tele-health, industry monitoring, vehicular networks, home automation and agriculture. This trend is a strong motivation for malicious users to increase their focus on WSNs and to develop and initi......Applications of wireless sensor networks (WSNs) are growing tremendously in the domains of habitat, tele-health, industry monitoring, vehicular networks, home automation and agriculture. This trend is a strong motivation for malicious users to increase their focus on WSNs and to develop...... and initiate security attacks that disturb the normal functioning of the network in a severe manner. Such attacks affect the performance of the network by increasing the energy consumption, by reducing throughput and by inducing long delays. Of all existing WSN attacks, MAC layer attacks are considered...... the most harmful as they directly affect the available resources and thus the nodes’ energy consumption. The first endeavour of this paper is to model the activities of MAC layer security attacks to understand the flow of activities taking place when mounting the attack and when actually executing it...

  14. Modeling requirements for in situ vitrification

    International Nuclear Information System (INIS)

    MacKinnon, R.J.; Mecham, D.C.; Hagrman, D.L.; Johnson, R.W.; Murray, P.E.; Slater, C.E.; Marwil, E.S.; Weaver, R.A.; Argyle, M.D.

    1991-11-01

    This document outlines the requirements for the model being developed at the INEL which will provide analytical support for the ISV technology assessment program. The model includes representations of the electric potential field, thermal transport with melting, gas and particulate release, vapor migration, off-gas combustion and process chemistry. The modeling objectives are to (1) help determine the safety of the process by assessing the air and surrounding soil radionuclide and chemical pollution hazards, the nuclear criticality hazard, and the explosion and fire hazards, (2) help determine the suitability of the ISV process for stabilizing the buried wastes involved, and (3) help design laboratory and field tests and interpret results therefrom

  15. A comprehensive Network Security Risk Model for process control networks.

    Science.gov (United States)

    Henry, Matthew H; Haimes, Yacov Y

    2009-02-01

    The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.

  16. The Chain-Link Fence Model: A Framework for Creating Security Procedures

    Science.gov (United States)

    Houghton, Robert F.

    2013-01-01

    A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is…

  17. Security and functional requirements for the smart meter gateway; Sicherheitstechnische Vorgaben und funktionale Anforderungen an das Smart Meter Gateway

    Energy Technology Data Exchange (ETDEWEB)

    Bast, Holger; Vollmer, Stefan [Bundesamt fuer Sicherheit in der Informationstechnik, Bonn (Germany)

    2012-07-01

    The availability of smart metering for the majority of both private and corporate prosumers is an essential precondition to get smart grids into operation. However, several concerns about data protection and security issues of smart meters have been raised and discussed in German media. The German Federal Data Protection Commissioner argued that without any further precautions personal data processed in smart meters could be collected and misused by unauthorized third parties if there is no technical standard that specifies technical requirements for necessary data security functions combined with regulatory instruments to make them mandatory. The German Federal Office for Information Security develops a protection profile based on Common Criteria and Technical Guidelines that allow a comparable security certification of such devices. (orig.)

  18. Analysis Social Security System Model in South Sulawesi Province: On Accounting Perspective

    OpenAIRE

    Mediaty,; Said, Darwis; Syahrir,; Indrijawati, Aini

    2015-01-01

    - This research aims to analyze the poverty, education, and health in social security system model based on accounting perspective using empirical study on South Sulawesi Province. Issued Law No. 40 for 2004 regarding National Social Security System is one of attentions from government about social welfare. Accounting as a social science deserves to create social security mechanisms. One of the crucial mechanisms is social security system. This research is a grounded exploratory research w...

  19. Utilization of Integrated Assessment Modeling for determining geologic CO2 storage security

    Science.gov (United States)

    Pawar, R.

    2017-12-01

    Geologic storage of carbon dioxide (CO2) has been extensively studied as a potential technology to mitigate atmospheric concentration of CO2. Multiple international research & development efforts, large-scale demonstration and commercial projects are helping advance the technology. One of the critical areas of active investigation is prediction of long-term CO2 storage security and risks. A quantitative methodology for predicting a storage site's long-term performance is critical for making key decisions necessary for successful deployment of commercial scale projects where projects will require quantitative assessments of potential long-term liabilities. These predictions are challenging given that they require simulating CO2 and in-situ fluid movements as well as interactions through the primary storage reservoir, potential leakage pathways (such as wellbores, faults, etc.) and shallow resources such as groundwater aquifers. They need to take into account the inherent variability and uncertainties at geologic sites. This talk will provide an overview of an approach based on integrated assessment modeling (IAM) to predict long-term performance of a geologic storage site including, storage reservoir, potential leakage pathways and shallow groundwater aquifers. The approach utilizes reduced order models (ROMs) to capture the complex physical/chemical interactions resulting due to CO2 movement and interactions but are computationally extremely efficient. Applicability of the approach will be demonstrated through examples that are focused on key storage security questions such as what is the probability of leakage of CO2 from a storage reservoir? how does storage security vary for different geologic environments and operational conditions? how site parameter variability and uncertainties affect storage security, etc.

  20. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  1. The Chain-Link Fence Model: A Framework for Creating Security Procedures

    OpenAIRE

    Houghton, Robert F.

    2013-01-01

    A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is a new model for creating and implementing information technology procedures. This model was validated by two different methods: the first being int...

  2. BC3I: towards requirements specification for preparing an information security budget

    CSIR Research Space (South Africa)

    Dlamini, MT

    2009-07-01

    Full Text Available implementing a cost-effective and optimal information security budget; in a manner that preserve organisations’ information security posture and compliance status. Research reported on in this paper forms part of an ongoing project known as the BC3I (Broad...

  3. 12 CFR 350.12 - Disclosure required by applicable banking or securities law or regulations.

    Science.gov (United States)

    2010-01-01

    ... securities law or regulations. 350.12 Section 350.12 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS OF GENERAL POLICY DISCLOSURE OF FINANCIAL AND OTHER INFORMATION BY FDIC-INSURED... made under applicable banking or securities law or regulations. [62 FR 10201, Mar. 6, 1997] ...

  4. Improving Deterministic Reserve Requirements for Security Constrained Unit Commitment and Scheduling Problems in Power Systems

    Science.gov (United States)

    Wang, Fengyu

    Traditional deterministic reserve requirements rely on ad-hoc, rule of thumb methods to determine adequate reserve in order to ensure a reliable unit commitment. Since congestion and uncertainties exist in the system, both the quantity and the location of reserves are essential to ensure system reliability and market efficiency. The modeling of operating reserves in the existing deterministic reserve requirements acquire the operating reserves on a zonal basis and do not fully capture the impact of congestion. The purpose of a reserve zone is to ensure that operating reserves are spread across the network. Operating reserves are shared inside each reserve zone, but intra-zonal congestion may block the deliverability of operating reserves within a zone. Thus, improving reserve policies such as reserve zones may improve the location and deliverability of reserve. As more non-dispatchable renewable resources are integrated into the grid, it will become increasingly difficult to predict the transfer capabilities and the network congestion. At the same time, renewable resources require operators to acquire more operating reserves. With existing deterministic reserve requirements unable to ensure optimal reserve locations, the importance of reserve location and reserve deliverability will increase. While stochastic programming can be used to determine reserve by explicitly modelling uncertainties, there are still scalability as well as pricing issues. Therefore, new methods to improve existing deterministic reserve requirements are desired. One key barrier of improving existing deterministic reserve requirements is its potential market impacts. A metric, quality of service, is proposed in this thesis to evaluate the price signal and market impacts of proposed hourly reserve zones. Three main goals of this thesis are: 1) to develop a theoretical and mathematical model to better locate reserve while maintaining the deterministic unit commitment and economic dispatch

  5. A model for best practice driven information security governance

    OpenAIRE

    2008-01-01

    To ensure the likely success of an organisation’s Information Security Governance, discipline leaders recommend that organisations follow the guidelines as set out in Information Security Governance best practice documents. Best practices and related documents from the Information Security Governance discipline, as well as best practices and related documents from the Corporate Governance and Information Technology Governance disciplines, all include sections pertaining to Information Securit...

  6. Aspects and Class-based Security: A Survey of Interactions between Advice Weaving and the Java 2 Security Model.

    NARCIS (Netherlands)

    Sewe, Andreas; Bockisch, Christoph; Mezini, Mira

    2008-01-01

    Various aspect-oriented languages, e.g., AspectJ, Aspect-Werkz, and JAsCo, have been proposed as extensions to one particular object-oriented base language, namely Java. But these extensions do not fully take the interactions with the Java 2 security model into account. In particular, the

  7. Reducing software security risk through an integrated approach research initiative model based verification of the Secure Socket Layer (SSL) Protocol

    Science.gov (United States)

    Powell, John D.

    2003-01-01

    This document discusses the verification of the Secure Socket Layer (SSL) communication protocol as a demonstration of the Model Based Verification (MBV) portion of the verification instrument set being developed under the Reducing Software Security Risk (RSSR) Trough an Integrated Approach research initiative. Code Q of the National Aeronautics and Space Administration (NASA) funds this project. The NASA Goddard Independent Verification and Validation (IV&V) facility manages this research program at the NASA agency level and the Assurance Technology Program Office (ATPO) manages the research locally at the Jet Propulsion Laboratory (California institute of Technology) where the research is being carried out.

  8. Maritime supply chain security: Navigating through a sea of compliance requirements

    Directory of Open Access Journals (Sweden)

    Emma Maspero

    2008-11-01

    Full Text Available As a direct result of the 9-11 New York attack all modes of freight and passengertransportation were scrutinised for vulnerabilities. Over 90% of international trade takes place via sea transport for at least some part of the supply chain and as a result there has been a drive to better secure maritime transportation. This paper outlines the background to and the rationale behind the most important of the new security measures for maritime transportation and provides an overview of the likely implications for supply chain role-players. In addition the paper endeavours to create awareness of the importance of maritime supply chain security.

  9. Maritime supply chain security: navigating through a sea of compliance requirements

    CSIR Research Space (South Africa)

    Maspero, EL

    2008-11-01

    Full Text Available plans • ship/port/company security officer assignment and responsibilities • training and drills • survey and certification Compliance to Part B of the ISPS code is not mandatory for Contracting Governments; rather it focuses on fleshing out... Global Supply Chain Management Forum, SGSCMF-W1-2004 Available online at: http://www.stanford.edu/group/scforum/Welcome/White%20Papers/SC_Security.pdf, 04/08/08 Lyndon B. Johnson School of Public Affairs. 2006. Port and supply-chain security...

  10. Evaluating the Security Risks of System Using Hidden Markov Models

    African Journals Online (AJOL)

    System security assessment tools are either restricted to manual risk evaluation methodologies that are not appropriate for real-time application or used to determine the impact of certain events on the security status of networked systems. In this paper, we determine the strength of computer systems from the perspective of ...

  11. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Directory of Open Access Journals (Sweden)

    Weems William A

    2009-06-01

    security officers, directors of offices of research, information security officers and university legal counsel. Nineteen total interviews were conducted over a period of 16 weeks. Respondents provided answers for all four scenarios (a total of 87 questions. Results were grouped by broad themes, including among others: governance, legal and financial issues, partnership agreements, de-identification, institutional technical infrastructure for security and privacy protection, training, risk management, auditing, IRB issues, and patient/subject consent. Conclusion The findings suggest that with additional work, large scale federated sharing of data within a regulated environment is possible. A key challenge is developing suitable models for authentication and authorization practices within a federated environment. Authentication – the recognition and validation of a person's identity – is in fact a global property of such systems, while authorization – the permission to access data or resources – mimics data sharing agreements in being best served at a local level. Nine specific recommendations result from the work and are discussed in detail. These include: (1 the necessity to construct separate legal or corporate entities for governance of federated sharing initiatives on this scale; (2 consensus on the treatment of foreign and commercial partnerships; (3 the development of risk models and risk management processes; (4 development of technical infrastructure to support the credentialing process associated with research including human subjects; (5 exploring the feasibility of developing large-scale, federated honest broker approaches; (6 the development of suitable, federated identity provisioning processes to support federated authentication and authorization; (7 community development of requisite HIPAA and research ethics training modules by federation members; (8 the recognition of the need for central auditing requirements and authority, and; (9 use of two

  12. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study.

    Science.gov (United States)

    Manion, Frank J; Robbins, Robert J; Weems, William A; Crowley, Rebecca S

    2009-06-15

    Data protection is important for all information systems that deal with human-subjects data. Grid-based systems--such as the cancer Biomedical Informatics Grid (caBIG)--seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios--difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of offices of research, information

  13. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Science.gov (United States)

    2009-01-01

    Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG) – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of

  14. Secure portal.

    Energy Technology Data Exchange (ETDEWEB)

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing

  15. 75 FR 65881 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2010-10-26

    ... responsible, fostering cooperation and coordination with persons engaged in the clearance and settlement of... decentralized, security-based swap clearing agencies would help to prevent a single market participant's failure...

  16. Projected irrigation requirements for upland crops using soil moisture model under climate change in South Korea

    Science.gov (United States)

    An increase in abnormal climate change patterns and unsustainable irrigation in uplands cause drought and affect agricultural water security, crop productivity, and price fluctuations. In this study, we developed a soil moisture model to project irrigation requirements (IR) for upland crops under cl...

  17. Texas should require homeland security standards for high-speed rail

    OpenAIRE

    Polunsky, Steven M.

    2015-01-01

    Approved for public release; distribution is unlimited A private corporation is proposing a high-speed intercity passenger train system to operate between Dallas and Houston usingJapanese technology and methods. This project brings with it an array of unique and unprecedented homeland security issues. Train bombings in Madrid and London and attacks on high-speed trains elsewhere raise questions about the security of such transportation. A modern high-speed rail system is a network of poten...

  18. Maritime supply chain security: Navigating through a sea of compliance requirements

    OpenAIRE

    Emma Maspero; Esbeth van Dyk; Hans Ittmann

    2008-01-01

    As a direct result of the 9-11 New York attack all modes of freight and passengertransportation were scrutinised for vulnerabilities. Over 90% of international trade takes place via sea transport for at least some part of the supply chain and as a result there has been a drive to better secure maritime transportation. This paper outlines the background to and the rationale behind the most important of the new security measures for maritime transportation and provides an overview of the likely...

  19. A developmental approach to learning causal models for cyber security

    Science.gov (United States)

    Mugan, Jonathan

    2013-05-01

    To keep pace with our adversaries, we must expand the scope of machine learning and reasoning to address the breadth of possible attacks. One approach is to employ an algorithm to learn a set of causal models that describes the entire cyber network and each host end node. Such a learning algorithm would run continuously on the system and monitor activity in real time. With a set of causal models, the algorithm could anticipate novel attacks, take actions to thwart them, and predict the second-order effects flood of information, and the algorithm would have to determine which streams of that flood were relevant in which situations. This paper will present the results of efforts toward the application of a developmental learning algorithm to the problem of cyber security. The algorithm is modeled on the principles of human developmental learning and is designed to allow an agent to learn about the computer system in which it resides through active exploration. Children are flexible learners who acquire knowledge by actively exploring their environment and making predictions about what they will find,1, 2 and our algorithm is inspired by the work of the developmental psychologist Jean Piaget.3 Piaget described how children construct knowledge in stages and learn new concepts on top of those they already know. Developmental learning allows our algorithm to focus on subsets of the environment that are most helpful for learning given its current knowledge. In experiments, the algorithm was able to learn the conditions for file exfiltration and use that knowledge to protect sensitive files.

  20. Modelling multiple threats to water security in the Peruvian Amazon using the WaterWorld Policy Support System

    OpenAIRE

    A. J. J. van Soesbergen; M. Mulligan

    2013-01-01

    This paper explores a multitude of threats to water security in the Peruvian Amazon using the WaterWorld policy support system. WaterWorld is a spatially explicit, physically-based globally-applicable model for baseline and scenario water balance that is particularly well suited to heterogeneous environments with little locally available data (e.g. ungauged basins) and which is delivered through a simple web interface, requiring little local capacity for use. The model is capable of pr...

  1. Toward a generic model of security in organizational context: exploring insider threats to information infrastructure.

    Energy Technology Data Exchange (ETDEWEB)

    Martinez-Moyano, I. J.; Samsa, M. E.; Burke, J. F.; Akcam, B. K.; Decision and Information Sciences; Rockefeller Coll. at the State Univ. of New York at Albany

    2008-01-01

    This paper presents a generic model for information security implementation in organizations. The model presented here is part of an ongoing research stream related to critical infrastructure protection and insider threat and attack analysis. This paper discusses the information security implementation case.

  2. An approach to secure weather and climate models against hardware faults

    Science.gov (United States)

    Düben, Peter; Dawson, Andrew

    2017-04-01

    Enabling Earth System models to run efficiently on future supercomputers is a serious challenge for model development. Many publications study efficient parallelisation to allow better scaling of performance on an increasing number of computing cores. However, one of the most alarming threats for weather and climate predictions on future high performance computing architectures is widely ignored: the presence of hardware faults that will frequently hit large applications as we approach exascale supercomputing. Changes in the structure of weather and climate models that would allow them to be resilient against hardware faults are hardly discussed in the model development community. We present an approach to secure the dynamical core of weather and climate models against hardware faults using a backup system that stores coarse resolution copies of prognostic variables. Frequent checks of the model fields on the backup grid allow the detection of severe hardware faults, and prognostic variables that are changed by hardware faults on the model grid can be restored from the backup grid to continue model simulations with no significant delay. To justify the approach, we perform simulations with a C-grid shallow water model in the presence of frequent hardware faults. As long as the backup system is used, simulations do not crash and a high level of model quality can be maintained. The overhead due to the backup system is reasonable and additional storage requirements are small. Runtime is increased by only 13% for the shallow water model.

  3. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy security definitions and security models. Although there is no inherent need to separate security and correctness requirements, practically, such separation is significant. It makes security analysis...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

  4. Advancing botnet modeling techniques for military and security simulations

    Science.gov (United States)

    Banks, Sheila B.; Stytz, Martin R.

    2011-06-01

    Simulation environments serve many purposes, but they are only as good as their content. One of the most challenging and pressing areas that call for improved content is the simulation of bot armies (botnets) and their effects upon networks and computer systems. Botnets are a new type of malware, a type that is more powerful and potentially dangerous than any other type of malware. A botnet's power derives from several capabilities including the following: 1) the botnet's capability to be controlled and directed throughout all phases of its activity, 2) a command and control structure that grows increasingly sophisticated, and 3) the ability of a bot's software to be updated at any time by the owner of the bot (a person commonly called a bot master or bot herder.) Not only is a bot army powerful and agile in its technical capabilities, a bot army can be extremely large, can be comprised of tens of thousands, if not millions, of compromised computers or it can be as small as a few thousand targeted systems. In all botnets, their members can surreptitiously communicate with each other and their command and control centers. In sum, these capabilities allow a bot army to execute attacks that are technically sophisticated, difficult to trace, tactically agile, massive, and coordinated. To improve our understanding of their operation and potential, we believe that it is necessary to develop computer security simulations that accurately portray bot army activities, with the goal of including bot army simulations within military simulation environments. In this paper, we investigate issues that arise when simulating bot armies and propose a combination of the biologically inspired MSEIR infection spread model coupled with the jump-diffusion infection spread model to portray botnet propagation.

  5. An Impact Assessment Model for Distributed Adaptive Security Situation Assessment

    National Research Council Canada - National Science Library

    Heckman, Mark; Joshi, Nikhil; Tylutki, Marcus; Levitt, Karl; Just, James; Clough, Lawrence

    2005-01-01

    The goal of any intrusion detection, anti-virus, firewall or other security mechanism is not simply to stop attacks, but to protect a computing resource so that the resource can continue to perform its function...

  6. Using Bayesian Networks and Decision Theory to Model Physical Security

    National Research Council Canada - National Science Library

    Roberts, Nancy

    2003-01-01

    .... Cameras, sensors and other components used along with the simple rules in the home automation software provide an environment where the lights, security and other appliances can be monitored and controlled...

  7. Increasing security through public health: a practical model.

    Science.gov (United States)

    Parker, R David

    2011-01-01

    As political and social changes sweep the globe, there are opportunities to increase national security through innovative approaches. While traditional security methods such as defense forces and homeland security provide both pre-emptive and defensive protection, new methods could meet emerging challenges by responding to the political, financial, and social trends. One method is the integration of defense, medicine and public health. By assisting a nation by providing basic services, such as healthcare, collaborative efforts can increase stabilization in areas of unrest. Improved health outcomes leads to increased domestic security, which can create a ripple effect across a region. Assessment, uptake and sustainability by the host nation are critical for program success. The proposed methodology focuses on the use of primarily extant resources, such as programs used by Special Operations Forces and other health and defense programs. Additional components include evaluation, set objectives and mission collaborations. As the nexus between foreign affairs, security, and public health is increasingly validated through research and practice, standardized interventions should be developed to minimize overlapping expenditures, promote security and strengthen international relations. 2011.

  8. Review of the model of technological pragmatism considering privacy and security

    Directory of Open Access Journals (Sweden)

    Kovačević-Lepojević Marina M.

    2013-01-01

    Full Text Available The model of technological pragmatism assumes awareness that technological development involves both benefits and dangers. Most modern security technologies represent citizens' mass surveillance tools, which can lead to compromising a significant amount of personal data due to the lack of institutional monitoring and control. On the other hand, people are interested in improving crime control and reducing the fear of potential victimization which this framework provides as a rational justification for the apparent loss of privacy, personal rights and freedoms. Citizens' perception on the categories of security and privacy, and their balancing, can provide the necessary guidelines to regulate the application of security technologies in the actual context. The aim of this paper is to analyze the attitudes of students at the University of Belgrade (N = 269 toward the application of security technology and identification of the key dimensions. On the basis of the relevant research the authors have formed assumptions about the following dimensions: security, privacy, trust in institutions and concern about the misuse of security technology. The Prise Questionnaire on Security Technology and Privacy was used for data collection. Factor analysis abstracted eight factors which together account for 58% of variance, with the highest loading of the four factors that are identified as security, privacy, trust and concern. The authors propose a model of technological pragmatism considering security and privacy. The data also showed that students are willing to change their privacy for the purpose of improving security and vice versa.

  9. Modeling and simulation for cyber-physical system security research, development and applications.

    Energy Technology Data Exchange (ETDEWEB)

    Pollock, Guylaine M.; Atkins, William Dee; Schwartz, Moses Daniel; Chavez, Adrian R.; Urrea, Jorge Mario; Pattengale, Nicholas; McDonald, Michael James; Cassidy, Regis H.; Halbgewachs, Ronald D.; Richardson, Bryan T.; Mulder, John C.

    2010-02-01

    This paper describes a new hybrid modeling and simulation architecture developed at Sandia for understanding and developing protections against and mitigations for cyber threats upon control systems. It first outlines the challenges to PCS security that can be addressed using these technologies. The paper then describes Virtual Control System Environments (VCSE) that use this approach and briefly discusses security research that Sandia has performed using VCSE. It closes with recommendations to the control systems security community for applying this valuable technology.

  10. Behavioral Modeling of WSN MAC Layer Security Attacks: A Sequential UML Approach

    DEFF Research Database (Denmark)

    Pawar, Pranav M.; Nielsen, Rasmus Hjorth; Prasad, Neeli R.

    2012-01-01

    is the vulnerability to security attacks/threats. The performance and behavior of a WSN are vastly affected by such attacks. In order to be able to better address the vulnerabilities of WSNs in terms of security, it is important to understand the behavior of the attacks. This paper addresses the behavioral modeling...... of medium access control (MAC) security attacks in WSNs. The MAC layer is responsible for energy consumption, delay and channel utilization of the network and attacks on this layer can introduce significant degradation of the individual sensor nodes due to energy drain and in performance due to delays....... The behavioral modeling of attacks will be beneficial for designing efficient and secure MAC layer protocols. The security attacks are modeled using a sequential diagram approach of Unified Modeling Language (UML). Further, a new attack definition, specific to hybrid MAC mechanisms, is proposed....

  11. 78 FR 48218 - Emergency Order Establishing Additional Requirements for Attendance and Securement of Certain...

    Science.gov (United States)

    2013-08-07

    ... for more than one hour, setting of the automatic brake and independent brake on any locomotive..., and position of the automatic brake valve of an unattended locomotive. See Sec. 232.103(n)(4). In FRA... terminal. The employees responsible for securing the train or vehicles must lock the controlling locomotive...

  12. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  13. 49 CFR 1572.9 - Applicant information required for HME security threat assessment.

    Science.gov (United States)

    2010-10-01

    ...) Has not been adjudicated as lacking mental capacity or committed to a mental health facility... lacking mental capacity, or committed to a mental health facility. (c) The applicant must certify and date... security threat assessment. Routine Uses: Routine uses of this information include disclosure to the FBI to...

  14. Technology transfer of dynamic IT outsourcing requires security measures in SLAs

    NARCIS (Netherlands)

    F. Dickmann (Frank); M. Brodhun (Maximilian); J. Falkner (Jürgen); T.A. Knoch (Tobias); U. Sax (Ulrich)

    2010-01-01

    textabstractFor the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the

  15. Interpretive Analysis of the Joint Maritime Command Information System (JMCIS) Sensitive Compartmented Information (SCI) Local Area Network (LAN) security Requirements

    Science.gov (United States)

    1994-09-01

    38 A. WHAT IS COMPUTER SECURITY? ......................................... 39 1. S ecrecy...by potential enemies. 38 A. WHAT IS COMPUTER SECURITY? There are many definitions of computer security, but in the simplest terms, computer security

  16. Integrated modelling requires mass collaboration (Invited)

    Science.gov (United States)

    Moore, R. V.

    2009-12-01

    The need for sustainable solutions to the world’s problems is self evident; the challenge is to anticipate where, in the environment, economy or society, the proposed solution will have negative consequences. If we failed to realise that the switch to biofuels would have the seemingly obvious result of reduced food production, how much harder will it be to predict the likely impact of policies whose impacts may be more subtle? It has been clear for a long time that models and data will be important tools for assessing the impact of events and the measures for their mitigation. They are an effective way of encapsulating knowledge of a process and using it for prediction. However, most models represent a single or small group of processes. The sustainability challenges that face us now require not just the prediction of a single process but the prediction of how many interacting processes will respond in given circumstances. These processes will not be confined to a single discipline but will often straddle many. For example, the question, “What will be the impact on river water quality of the medical plans for managing a ‘flu pandemic and could they cause a further health hazard?” spans medical planning, the absorption of drugs by the body, the spread of disease, the hydraulic and chemical processes in sewers and sewage treatment works and river water quality. This question nicely reflects the present state of the art. We have models of the processes and standards, such as the Open Modelling Interface (the OpenMI), allow them to be linked together and to datasets. We can therefore answer the question but with the important proviso that we thought to ask it. The next and greater challenge is to deal with the open question, “What are the implications of the medical plans for managing a ‘flu pandemic?”. This implies a system that can make connections that may well not have occurred to us and then evaluate their probable impact. The final touch will be to

  17. Model-based security analysis of the German health card architecture.

    Science.gov (United States)

    Jürjens, J; Rumm, R

    2008-01-01

    Health-care information systems are particularly security-critical. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such systems. This work presents the experiences and results from the security analysis of the system architecture of the German Health Card, by making use of an approach to model-based security engineering that is based on the UML extension UMLsec. The focus lies on the security mechanisms and security policies of the smart-card-based architecture which were analyzed using the UMLsec method and tools. Main results of the paper include a report on the employment of the UMLsec method in an industrial health information systems context as well as indications of its benefits and limitations. In particular, two potential security weaknesses were detected and countermeasures discussed. The results indicate that it can be feasible to apply a model-based security analysis using UMLsec to an industrial health information system like the German Health Card architecture, and that doing so can have concrete benefits (such as discovering potential weaknesses, and an increased confidence that no further vulnerabilities of the kind that were considered are present).

  18. DESIGN AND RESEARCH OF MATHEMATICAL MODEL FOR INFORMATION SECURITY SYSTEM IN COMPUTER NETWORK

    OpenAIRE

    Корнієнко, Б.Я.; кафедра комп`ютеризованих систем захисту інформації, Національний авіаційний університет; Галата, Л.П.; кафедра комп`ютеризованих систем захисту інформації, Національний авіаційний університет

    2017-01-01

    This article presents simulation modeling process as the way to study the behavior of the Information Security system. Graphical Network Simulator is used for modeling such system and Kali Linux is used for penetration testing and security audit. The main approaches to simulation of computer networks are considered. The functional capabilities of the GNS3 package are explored. When building an imitation model, the main components of information protection were used. The Kali Linux package imp...

  19. Social security as Markov equilibrium in OLG models: A note

    DEFF Research Database (Denmark)

    Gonzalez Eiras, Martin

    2011-01-01

    I refine and extend the Markov perfect equilibrium of the social security policy game in Forni (2005) for the special case of logarithmic utility. Under the restriction that the policy function be continuous, instead of differentiable, the equilibrium is globally well defined and its dynamics alw...

  20. Enterprise Architecture-Based Risk and Security Modelling and Analysis

    NARCIS (Netherlands)

    Jonkers, Henk; Quartel, Dick; Kordy, Barbara; Ekstedt, Mathias; Seong Kim, Deng

    2016-01-01

    The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects

  1. An Intruder Model for Verifying Termination in Security Protocols

    NARCIS (Netherlands)

    Cederquist, J.G.; Dashti, M.T.

    We formally describe an intruder that is suitable for checking fairness properties of security protocols. The intruder is proved to be equivalent to the Dolev-Yao intruder that respects the resilient communication channels assumption, in the sense that, if a fairness property holds in one of these

  2. Building a world class information security governance model

    CSIR Research Space (South Africa)

    Lessing, M

    2008-05-01

    Full Text Available The lack of a fully inclusive guideline document to assist the functioning of sufficient Information Security Governance is common in the business environment. This article focuses on developing such a guideline document, based on a number of best...

  3. Agent-Based Modelling for Security Risk Assessment

    NARCIS (Netherlands)

    Janssen, S.A.M.; Sharpans'kykh, Alexei; Bajo, J.; Vale, Z.; Hallenborg, K.; Rocha, A.P.; Mathieu, P.; Pawlewski, P.; Del Val, E.; Novais, P.; Lopes, F.; Duque Méndez, N.D.; Julián, V.; Holmgren, J.

    2017-01-01

    Security Risk Assessment is commonly performed by using traditional methods based on linear probabilistic tools and informal expert judgements. These methods lack the capability to take the inherent dynamic and intelligent nature of attackers into account. To partially address the limitations,

  4. Social security as Markov equilibrium in OLG models: A note

    DEFF Research Database (Denmark)

    Gonzalez Eiras, Martin

    2011-01-01

    I refine and extend the Markov perfect equilibrium of the social security policy game in Forni (2005) for the special case of logarithmic utility. Under the restriction that the policy function be continuous, instead of differentiable, the equilibrium is globally well defined and its dynamics...

  5. Analysis Of The Windows Vista Security Model And The Implications ...

    African Journals Online (AJOL)

    This paper provides an in-depth technical assessment of the security improvements implemented in the new Microsoft Windows Vista (officially released February, 2007), focusing primarily on the areas of User Account Protection and User Interface Privilege Isolation. This paper discusses these features and touches on ...

  6. A Key Generation Model for Improving the Security of Cryptographic ...

    African Journals Online (AJOL)

    In public key cryptography, the security of private keys is very importance, for if ever compromised, it can be used to decrypt secret messages. Conventional methods that use textual passwords, graphical passwords and single modal biometric systems that are used to encryption and protect private keys do not provide ...

  7. A novel water poverty index model for evaluation of Chinese regional water security

    Science.gov (United States)

    Gong, L.; Jin, C. L.; Li, Y. X.; Zhou, Z. L.

    2017-08-01

    This study proposed an improved Water Poverty Index (WPI) model employed in evaluating Chinese regional water security. Firstly, the Chinese WPI index system was constructed, in which the indicators were obtained according to China River reality. A new mathematical model was then established for WPI values calculation on the basis of Center for Ecology and Hydrology (CEH) model. Furthermore, this new model was applied in Shiyanghe River (located in western China). It turned out that the Chinese index system could clearly reflect the indicators threatening security of river water and the Chinese WPI model is feasible. This work has also developed a Water Security Degree (WSD) standard which is able to be regarded as a scientific basis for further water resources utilization and water security warning mechanism formulation.

  8. Dynamic Model of Islamic Hybrid Securities: Empirical Evidence From Malaysia Islamic Capital Market

    Directory of Open Access Journals (Sweden)

    Jaafar Pyeman

    2016-12-01

    Full Text Available Capital structure selection is fundamentally important in corporate financial management as it influence on mutually return and risk to stakeholders. Despite of Malaysia’s position as one of the major players of Islamic Financial Market, there are still lack of studies has been conducted on the capital structure of shariah compliant firms especially related to hybrid securities. The objective of this study is to determine the hybrid securities issuance model among the shariah compliant firms in Malaysia. As such, this study is to expand the literature review by providing comprehensive analysis on the hybrid capital structure and to develop dynamic Islamic hybrid securities model for shariah compliant firms. We use panel data of 50 companies that have been issuing the hybrid securities from the year of 2004- 2012. The outcomes of the studies are based on the dynamic model GMM estimation for the determinants of hybrid securities. Based on our model, risk and growth are considered as the most determinant factors for issuing convertible bond and loan stock. These results suggest that, the firms that have high risk but having good growth prospect will choose hybrid securities of convertible bond. The model also support the backdoor equity listing hypothesis by Stein (1992 where the hybrid securities enable the profitable firms to venture into positive NPV project by issuing convertible bond as it offer lower coupon rate as compare to the normal debt rate

  9. Vague Sets Security Measure for Steganographic System Based on High-Order Markov Model

    Directory of Open Access Journals (Sweden)

    Chun-Juan Ouyang

    2017-01-01

    Full Text Available Security measure is of great importance in both steganography and steganalysis. Considering that statistical feature perturbations caused by steganography in an image are always nondeterministic and that an image is considered nonstationary, in this paper, the steganography is regarded as a fuzzy process. Here a steganographic security measure is proposed. This security measure evaluates the similarity between two vague sets of cover images and stego images in terms of n-order Markov chain to capture the interpixel correlation. The new security measure has proven to have the properties of boundedness, commutativity, and unity. Furthermore, the security measures of zero order, first order, second order, third order, and so forth are obtained by adjusting the order value of n-order Markov chain. Experimental results indicate that the larger n is, the better the measuring ability of the proposed security measure will be. The proposed security measure is more sensitive than other security measures defined under a deterministic distribution model, when the embedding is low. It is expected to provide a helpful guidance for designing secure steganographic algorithms or reliable steganalytic methods.

  10. Energy Security Requires Diversity: An Argument for The Defense Production Act Title III Biofuel Initiative

    Science.gov (United States)

    2013-06-19

    speeches/su80jec.phtml. 39 Steven R. Weisman, Reagan Says U.S. Would Bar a Takeover in Saudi Arabia that Impeded Flow of Oil, THE NEW YORK TIMES...October 2, 1981, available at http://www.nytimes.com/1981/10/02/world/reagan-says-us-would-bar-a- takeover -in- saudi-arabia-that-imperiled-flow-of-oil.html...of the Naval strategist Alfred Thayer Mahan, the U.S. secured a network of naval bases, including Guam, Guantanamo Bay, Hawaii and Puerto Rico

  11. From requirements to Java in a snap model-driven requirements engineering in practice

    CERN Document Server

    Smialek, Michal

    2015-01-01

    This book provides a coherent methodology for Model-Driven Requirements Engineering which stresses the systematic treatment of requirements within the realm of modelling and model transformations. The underlying basic assumption is that detailed requirements models are used as first-class artefacts playing a direct role in constructing software. To this end, the book presents the Requirements Specification Language (RSL) that allows precision and formality, which eventually permits automation of the process of turning requirements into a working system by applying model transformations and co

  12. Representing humans in system security models: An actor-network approach

    NARCIS (Netherlands)

    Pieters, Wolter

    2011-01-01

    System models to assess the vulnerability of information systems to security threats typically represent a physical infrastructure (buildings) and a digital infrastructure (computers and networks), in combination with an attacker traversing the system while acquiring credentials. Other humans are

  13. Decision Model for U.S.- Mexico Border Security Measures

    Science.gov (United States)

    2017-09-01

    23 G. INTELLIGENCE COMMUNITY AND BORDER DEFENSE ..........25 H. STATE AND LOCAL LAW ENFORCEMENT ..................................28 I...2014, 6, http://www.rand.org/content/dam/rand/pubs/testimonies/CT400/CT415/RAND_CT415.pdf. 5 changes in cargo security and the costs companies ...that private companies take. In the private sector, ROI is a measure of the overall profit or loss of an investment, expressed in percentage.25 For

  14. ADVANTAGES AND CONSTRAINTS OF INNOVATIVE BUSINESS MODELS FOR FOOD SECURITY: CASE STUDY IN SMOLYAN DISTRICT, BULGARIA

    Directory of Open Access Journals (Sweden)

    Dimitre NIKOLOV

    2018-02-01

    Full Text Available The market access has been often defined as a factor having the strongest impact on agriculturalsector activity. Its importance is particularly critical for the small farms, which could not offer theirproduction on the market through single and sporadic sales. They could overcome these weaknessesof their business through participation in cooperative marketing. This article goal is to establish theadvantages and the constraints of cooperative business marketing model for food security in farmsof Smolyan district, Bulgaria. Farmers expect some advantages from the participation in such cooperationform. Three are the main approved advantages: 1 better awareness of market requirements; 2 marketaccess facilitation; 3 realization of higher profit from the activity. These advantages are expectedas a result form the direct contact with the final consumers, without external mediators. The implementationof cooperative marketing has its challenges embarrassing its effective use. The main constraints are relatedto the efficiency of processes management and to the coordination of activities of different economic entities.

  15. A model of airport security work flow based on petri net

    Science.gov (United States)

    Dong, Xinming

    2017-09-01

    Extremely long lines at airports in the United States have been sharply criticized. In order to find out the bottleneck in the existing security system and put forward reasonable improvement plans and proposal, the Petri net model and the Markov Chain are introduced in this paper. This paper uses data collected by transportation Security Agency (TSA), assuming the data can represent the average level of all airports in the Unites States, to analysis the performance of security check system. By calculating the busy probabilities and the utilization probabilities, the bottleneck is found. Moreover, recommendation is given based on the parameters’ modification in Petri net model.

  16. The Model-Driven openETCS Paradigm for Secure, Safe and Certifiable Train Control Systems

    DEFF Research Database (Denmark)

    Peleska, Jan; Feuser, Johannes; Haxthausen, Anne Elisabeth

    2012-01-01

    A novel approach to managing development, verification, and validation artifacts for the European Train Control System as open, publicly available items is analyzed and discussed with respect to its implications on system safety, security, and certifiability. After introducing this so-called model......-driven openETCS approach, a threat analysis is performed, identifying both safety and security hazards that may be common to all model-based development paradigms for safety-critical railway control systems, or specific to the openETCS approach. In the subsequent sections state-of-the-art methods suitable...... of security hazards....

  17. More options and better job security required in career paths of physiotherapist researchers: an observational study.

    Science.gov (United States)

    Bernhardt, Julie; Tang, Lili Shyn-Li

    2008-01-01

    What career paths have physiotherapist researchers taken? What should career paths for physiotherapist researchers look like? Observational study with questionnaire. Australian physiotherapists who had a completed a Doctor of Philosophy degree by 2006. Fifty-six of 87 physiotherapists with a doctorate degree (response rate 64%) completed the questionnaire. Over half had completed the doctorate since 2000. An interest in clinical research was the strongest driver for undertaking a doctorate degree. Of the respondents, 52% worked in traditional academic roles while those who pursued other mixed clinical/research or pure research paths reported a lack of job security; 38% continued to work clinically, with a further 43% reporting they would like to but had insufficient time or a career structure that did not allow clinical work. 54% felt that the profession valued research, while 63% felt that research was valued by clinicians. The four main suggestions for improving current research career paths were: 1) develop research careers that allow mixed clinical/research and academic/clinical roles; 2) improve funding for training, particularly post-doctoral positions, and secure appropriately funded physiotherapy research positions; 3) improve co-operation between academic (university) and clinical researchers; and 4) develop more flexible research careers to accommodate private practitioner researchers and others wishing to combine clinical work with teaching and research. Physiotherapist researchers need broader career options and seek greater opportunity to link with clinical practice. Encouraging a vibrant research culture should foster professional excellence and enhance our reputation in the community.

  18. Modeling uncertainty in requirements engineering decision support

    Science.gov (United States)

    Feather, Martin S.; Maynard-Zhang, Pedrito; Kiper, James D.

    2005-01-01

    One inherent characteristic of requrements engineering is a lack of certainty during this early phase of a project. Nevertheless, decisions about requirements must be made in spite of this uncertainty. Here we describe the context in which we are exploring this, and some initial work to support elicitation of uncertain requirements, and to deal with the combination of such information from multiple stakeholders.

  19. Research of Models for Evaluating the Optimal Level of Information Security Investment

    Directory of Open Access Journals (Sweden)

    A. S. Polyakova

    2012-03-01

    Full Text Available This article presents a research of Gordon—Loeb model for evaluating the optimal level of information security investment and a model of interdependent risks. One is provided by practical recommendations for choosing and applying models, for choosing a range of vulnerabilities to concentrate financial resources on, and weak points of models are discussed.

  20. A goal-oriented requirements modelling language for enterprise architecture

    NARCIS (Netherlands)

    Quartel, Dick; Engelsman, W.; Jonkers, Henk; van Sinderen, Marten J.

    2009-01-01

    Methods for enterprise architecture, such as TOGAF, acknowledge the importance of requirements engineering in the development of enterprise architectures. Modelling support is needed to specify, document, communicate and reason about goals and requirements. Current modelling techniques for

  1. Model Based Cyber Security Analysis for Research Reactor Protection System

    International Nuclear Information System (INIS)

    Sho, Jinsoo; Rahman, Khalil Ur; Heo, Gyunyoung; Son, Hanseong

    2013-01-01

    The study on the qualitative risk due to cyber-attacks into research reactors was performed using bayesian Network (BN). This was motivated to solve the issues of cyber security raised due to digitalization of instrumentation and control (I and C) system. As a demonstrative example, we chose the reactor protection system (RPS) of research reactors. Two scenarios of cyber-attacks on RPS were analyzed to develop mitigation measures against vulnerabilities. The one is the 'insertion of reactor trip' and the other is the 'scram halt'. The six mitigation measures are developed for five vulnerability for these scenarios by getting the risk information from BN

  2. Node security

    CERN Document Server

    Barnes, Dominic

    2013-01-01

    A practical and fast-paced guide that will give you all the information you need to secure your Node applications.If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

  3. Leadership in organizations with high security and reliability requirements; Liderazgo en organizaciones con altos requisitos de seguridad y fiabilidad

    Energy Technology Data Exchange (ETDEWEB)

    Gonzalez, F.

    2013-07-01

    Developing leadership skills in organizations is the key to ensure the sustain ability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  4. Generating unique IDs from patient identification data using security models.

    Science.gov (United States)

    Mohammed, Emad A; Slack, Jonathan C; Naugler, Christopher T

    2016-01-01

    The use of electronic health records (EHRs) has continued to increase within healthcare systems in the developed and developing nations. EHRs allow for increased patient safety, grant patients easier access to their medical records, and offer a wealth of data to researchers. However, various bioethical, financial, logistical, and information security considerations must be addressed while transitioning to an EHR system. The need to encrypt private patient information for data sharing is one of the foremost challenges faced by health information technology. We describe the usage of the message digest-5 (MD5) and secure hashing algorithm (SHA) as methods for encrypting electronic medical data. In particular, we present an application of the MD5 and SHA-1 algorithms in encrypting a composite message from private patient information. The results show that the composite message can be used to create a unique one-way encrypted ID per patient record that can be used for data sharing. The described software tool can be used to share patient EMRs between practitioners without revealing patients identifiable data.

  5. Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

    Science.gov (United States)

    Bernik, Igor; Prislan, Kaja

    Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

  6. 17 CFR 240.15g-9 - Sales practice requirements for certain low-priced securities.

    Science.gov (United States)

    2010-04-01

    ...) Obtain from the person information concerning the person's financial situation, investment experience, and investment objectives; (2) Reasonably determine, based on the information required by paragraph (b... accurately reflect the person's financial situation, investment experience, and investment objectives; and (4...

  7. Modeling Local vs. Global Dimensions of Food Security in Sub-Saharan Africa

    Science.gov (United States)

    Evans, T. P.; Caylor, K. K.; Estes, L. D.; McCord, P. F.; Attari, S.; Sheffield, J.

    2015-12-01

    Food security remains a daunting challenge in Sub-Saharan Africa despite dramatic efforts to foster innovation in the agricultural sector. Food security is complicated by a diversity of factors whose relative influence varies across scales, such as the nature of transportation infrastructure, the variety of agricultural practices, and the relative importance of food production versus food access. Efforts to model food security often focus on local-level dynamics (agricultural decision-making) or regional/coarse scale dynamics (e.g. GCM output + generalized equilibrium models of food trade) - both scales are of paramount importance to food security. Yet models of food security rarely span this scale divide. We present work linking agent-based models of agricultural decision-making to regional and global dynamics of environmental change, food movement and virtual water trade in sub-Saharan Africa. Specifically we investigate the heterogeneity of environmental factors and agricultural decisions within the context of droughts of different duration and spatial extent. Drivers of meteorological drought manifest in agricultural drought through the complexity inherent in agricultural management. But efforts to model food security are often challenged by a lack of local-level empirical data to characterize the relationship between meteorological drought and agricultural drought. Our agent-based model is built using detailed information on household farm assets and individual farmer decisions, combined with crop yield estimated developed using the DSSAT cropping system model run with bias-corrected meteorological data. We then address food access through a analysis of food trade data given the increasing relevance of food movement to mitigate local and regional drought. We discuss the analytical challenges and opportunities in linking these cross-scale dynamics in food security modeling.

  8. Security Audit of WLAN Networks Using Statistical Models of Specified Language Group

    Directory of Open Access Journals (Sweden)

    KREKAN Jan

    2013-05-01

    Full Text Available In order to build a secure computing environment, persons responsible for data security need tools which allow them to test the security of data being protected. Research of passwords, used in usual computing environments, showed that easy to remember non-dictionary passwords are widely used. So it should be useful to build a statistical model,which can then be used to create very effective password lists for testing the security of a given protected data object. The problem is that the society from specified location is using also foreign words,from languages widely used. This article describes a comparison of different language models used for this new statistical candidates generation method. This generator could be then used to test the strength of passwords used to protect wireless networks which useWPA-PSK as its data encryption standard. The password candidates passed to tools which perform the security audit. This method could be described also as sorting of Brute-force password candidates usingknowledge about languages used by the users. The tests showed that using combination of language models (MIX of specified language group for the password candidates’ generator could improve thespeed of the security procedure by 37% relatively in average (60% speedup when finding 50% of passwords – in 0.69% vs 1.715% of Bruteforce combinations comparing to mother language model (SK and 20 times average absolute speedup comparing to Bruteforce.

  9. REQUIREMENTS PARTICLE NETWORKS: AN APPROACH TO FORMAL SOFTWARE FUNCTIONAL REQUIREMENTS MODELLING

    OpenAIRE

    Wiwat Vatanawood; Wanchai Rivepiboon

    2001-01-01

    In this paper, an approach to software functional requirements modelling using requirements particle networks is presented. In our approach, a set of requirements particles is defined as an essential tool to construct a visual model of software functional requirements specification during the software analysis phase and the relevant formal specification is systematically generated without the experience of writing formal specification. A number of algorithms are presented to perform these for...

  10. Building traceable Event-B models from requirements

    OpenAIRE

    Alkhammash, Eman; Butler, Michael; Fathabadi, Asieh Salehi; Cîrstea, Corina

    2015-01-01

    Abstract Bridging the gap between informal requirements and formal specifications is a key challenge in systems engineering. Constructing appropriate abstractions in formal models requires skill and managing the complexity of the relationships between requirements and formal models can be difficult. In this paper we present an approach that aims to address the twin challenges of finding appropriate abstractions and managing traceability between requirements and models. Our approach is based o...

  11. An energy security management model using quality function deployment and system dynamics

    International Nuclear Information System (INIS)

    Shin, Juneseuk; Shin, Wan-Seon; Lee, Changyong

    2013-01-01

    An energy security management model using quality function deployment (QFD) and system dynamics (SD) is suggested for application in public policymaking in developing economies. Through QFD, experts are guided toward identifying key energy security components, including indicators and policies, and in making these components consistent, focused, and customized for a particular country. Using these components as inputs, we construct an intermediate complex system dynamics model with a minimal number of crucial interactions. Key policies are simulated and evaluated in terms of the improvement of key indicators. Even with little data, our approach provides a coherent, useful, and customized energy security management model to help policymakers more effectively manage national energy security. To demonstrate its advantages, the model is applied to the Korean gas sector as an example. - Highlights: ► We suggest an energy security management model for developing economies. ► We identify a consistent set of key components, indicators and policies by using QFD. ► A coherent and practical system dynamics model based on QFD's output is constructed. ► The model is applied to the Korean gas sector as an example

  12. Regional Radiological Security Partnership in Southeast Asia - Increasing the Sustainability of Security Systems at the Site-Level by Using a Model Facility Approach

    International Nuclear Information System (INIS)

    Chamberlain, Travis L.; Dickerson, Sarah; Ravenhill, Scott D.; Murray, Allan; Morris, Frederic A.; Herdes, Gregory A.

    2009-01-01

    In 2004, Australia, through the Australian Nuclear Science and Technology Organisation (ANSTO), created the Regional Security of Radioactive Sources (RSRS) project and partnered with the U.S. Department of Energy's Global Threat Reduction Initiative (GTRI) and the International Atomic Energy Agency (IAEA) to form the Southeast Asian Regional Radiological Security Partnership (RRSP). The intent of the RRSP is to cooperate with countries in Southeast Asia to improve the security of their radioactive sources. This Southeast Asian Partnership supports objectives to improve the security of high risk radioactive sources by raising awareness of the need and developing national programs to protect and control such materials, improve the security of such materials, and recover and condition the materials no longer in use. The RRSP has utilized many tools to meet those objectives including: provision of physical protection upgrades, awareness training, physical protection training, regulatory development, locating and recovering orphan sources, and most recently - development of model security procedures at a model facility. This paper discusses the benefits of establishing a model facility, the methods employed by the RRSP, and three of the expected outcomes of the Model Facility approach. The first expected outcome is to increase compliance with source security guidance materials and national regulations by adding context to those materials, and illustrating their impact on a facility. Second, the effectiveness of each of the tools above is increased by making them part of an integrated system. Third, the methods used to develop the model procedures establishes a sustainable process that can ultimately be transferred to all facilities beyond the model. Overall, the RRSP has utilized the Model Facility approach as an important tool to increase the security of radioactive sources, and to position facilities and countries for the long term secure management of those sources.

  13. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    Science.gov (United States)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  14. Routing in Vehicular Networks: Feasibility, Modeling, and Security

    Directory of Open Access Journals (Sweden)

    Ioannis Broustis

    2008-01-01

    Full Text Available Vehicular networks are sets of surface transportation systems that have the ability to communicate with each other. There are several possible network architectures to organize their in-vehicle computing systems. Potential schemes may include vehicle-to-vehicle ad hoc networks, wired backbone with wireless last hops, or hybrid architectures using vehicle-to-vehicle communications to augment roadside communication infrastructures. Some special properties of these networks, such as high mobility, network partitioning, and constrained topology, differentiate them from other types of wireless networks. We provide an in-depth discussion on the important studies related to architectural design and routing for such networks. Moreover, we discuss the major security concerns appearing in vehicular networks.

  15. Security in the data link layer of the OSI model on LANs wired Cisco

    OpenAIRE

    Moreira Santos, María Genoveva; Alcívar Marcillo, Pedro Antonio

    2018-01-01

    There are no technologies or protocols completely secure in network infrastructures, for this reason, this document aims to demonstrate the importance of configuring security options on network equipments. On this occasion we will focus on the data link layer of the OSI model, which is where controls have begun to be implemented at level of protocols. The tools that are used in the research facilitate the implementation of a virtual laboratory, which consists of a base operating system (windo...

  16. Regional, national and international security requirements for the transport of nuclear cargo by sea

    Energy Technology Data Exchange (ETDEWEB)

    Booker, P.A.; Barnwell, I. [Marine Operations, BNFL International Transport and British Nuclear Group Security (United Kingdom)

    2004-07-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea.

  17. Regional, national and international security requirements for the transport of nuclear cargo by sea

    International Nuclear Information System (INIS)

    Booker, P.A.; Barnwell, I.

    2004-01-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea

  18. 77 FR 35259 - Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment

    Science.gov (United States)

    2012-06-13

    ... understand the quality of the X underwriting of the underlying collateral as well as any risk concentrations... requirements in assessing credit risk for portfolio investments. Today, the OCC is issuing final guidance that...: Kerri Corn, Director for Market Risk, or Michael Drennan, Senior Advisor, Credit and Market Risk...

  19. 76 FR 73777 - Guidance on Due Diligence Requirements in Determining Whether Investment Securities Are Eligible...

    Science.gov (United States)

    2011-11-29

    ... understand the quality of the X underwriting of the underlying collateral as well as any risk concentrations... requirements in assessing credit risk for portfolio investments. DATES: Comments must be received December 29...: Kerri Corn, Director for Market Risk, Credit and Market Risk Division, (202) 874-4660; or Carl Kaminski...

  20. An Attack Model Development Process for the Cyber Security of Safety Related Nuclear Digital I and C Systems

    International Nuclear Information System (INIS)

    Khand, Parvaiz Ahmed; Seong, Poong Hyun

    2007-01-01

    root node and different ways to achieve that attack as leaf nodes. The structure, syntax and semantics of attack trees can be seen in. In attack trees, the leaf nodes can take many kinds of values to evaluate different aspects of system security. For example, the possible/impossible value can be assigned to enumerate all sets of possible attacks that achieve the attack goal, probability values to evaluate the probability that the attack goal can be achieved, cost value to evaluate the minimum cost needed to reach attack goal, and the special equipment value to obtain the most probable attack sets with no special equipment required. Although it is possible to implement security controls almost any type of attack, it is not practical to protect everything. Attack trees also provide a systematic way to model security controls and plant specific procedures as a safeguard against attacks, and check their effectiveness. In this paper, we will present a process for developing an attack model for the cyber security of safety related nuclear digital I and C systems using attack trees

  1. The Informatics Security Cost of Distributed Applications

    Directory of Open Access Journals (Sweden)

    Ion IVAN

    2010-01-01

    Full Text Available The objective, necessity, means and estimated efficiency of information security cost modeling are presented. The security requirements of distributed informatics applications are determined. Aspects regarding design, development and implementation are established. Influence factors for informatics security are presented and their correlation is analyzed. The costs associated to security processes are studied. Optimal criteria for informatics security are established. The security cost of the informatics application for validating organizational identifiers is determined using theoretical assumptions made for cost models. The conclusions highlight the validity of research results and offer perspectives for future research.

  2. Mixing Formal and Informal Model Elements for Tracing Requirements

    DEFF Research Database (Denmark)

    Jastram, Michael; Hallerstede, Stefan; Ladenberger, Lukas

    2011-01-01

    Tracing between informal requirements and formal models is challenging. A method for such tracing should permit to deal efficiently with changes to both the requirements and the model. A particular challenge is posed by the persisting interplay of formal and informal elements. In this paper, we...... describe an incremental approach to requirements validation and systems modelling. Formal modelling facilitates a high degree of automation: it serves for validation and traceability. The foundation for our approach are requirements that are structured according to the WRSPM reference model. We provide...... a system for traceability with a state-based formal method that supports refinement. We do not require all specification elements to be modelled formally and support incremental incorporation of new specification elements into the formal model. Refinement is used to deal with larger amounts of requirements...

  3. Androgyny and Attachment Security: Two Related Models of Optimal Personality.

    Science.gov (United States)

    Shaver, Phillip R.; And Others

    1996-01-01

    Three studies explore similarities between attachment style typologies and sex role typologies. Both are defined by pairs of dimensions: self model and other model (attachment styles); masculinity, or agency, and femininity, or communion (sex role orientations). Discusses results. (KW)

  4. Improved E-Banking System With Advanced Encryption Standards And Security Models

    Directory of Open Access Journals (Sweden)

    Sharaaf N. A.

    2015-08-01

    Full Text Available Emerging new Technologies and large scale businesses have made this world a global village. Many business organizations provide online services targeting global consumer bases. Transaction in international scale has been enabled by banks all around the world through E-banking in order to supply the needs of above business organizations. E-banking serves lots of benefits to both customers of banks and banks itself. It adds value to customers satisfaction with better service quality and enables banks to gain a competitive advantage over other competitors. Online banking need to possess high level security in order to provide safe consistent and robust online environment which guarantees secure data transmission and identity of both bank and customer. Lack of security may lead to less trust or hard to trust attitude towards online banking. Although customers are attracted by online banking convenience they seem largely in concern about identity theft and phishing. Analysis of many research papers on e-banking security models and their respective advantages and disadvantages have been discussed in literature review. Username password E-banking dongles fractal images biometric scans and advanced encryption standards are some of the suggested solutions for E-banking security. This study focuses on the security beyond above mechanisms. This paper ensures security of online banking at three levels. At client side using internet dongle integrated with finger print scanning technology at banking sever side and data transmission level. This model also includes username password and advanced encryption for further security. Complete description on the model has been discussed in methodology section. Future works on this topic and Conclusion are covered in separate sections.

  5. Password-only authenticated three-party key exchange with provable security in the standard model.

    Science.gov (United States)

    Nam, Junghyun; Choo, Kim-Kwang Raymond; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon; Won, Dongho

    2014-01-01

    Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

  6. Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

    Directory of Open Access Journals (Sweden)

    Junghyun Nam

    2014-01-01

    Full Text Available Protocols for password-only authenticated key exchange (PAKE in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000, which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

  7. Basic requirements to be established in a norm of radiologic security for operation of measuring equipment

    International Nuclear Information System (INIS)

    Milagros Ruiz, M.; Cateriano, Miguel A.

    2001-01-01

    According to the requirements in Argentina, each user of radioactive material must have a specific Authorization and a person who acts as the responsible for these material. But there is not any specific norm for each one. Dew to what we said before, it is necessary to make a rule to Industrials Uses. That is why this paper tries to establish the basis to do it. (author)

  8. Spreadsheet Decision Support Model for Training Exercise Material Requirements Planning

    National Research Council Canada - National Science Library

    Tringali, Arthur

    1997-01-01

    ... associated with military training exercises. The model combines the business practice of Material Requirements Planning and the commercial spreadsheet software capabilities of Lotus 1-2-3 to calculate the requirements for food, consumable...

  9. Extending enterprise architecture modelling with business goals and requirements

    NARCIS (Netherlands)

    Engelsman, W.; Quartel, Dick; Jonkers, Henk; van Sinderen, Marten J.

    The methods for enterprise architecture (EA), such as The Open Group Architecture Framework, acknowledge the importance of requirements modelling in the development of EAs. Modelling support is needed to specify, document, communicate and reason about goals and requirements. The current modelling

  10. Formal Requirements Modeling for Simulation-Based Verification

    OpenAIRE

    Otter, Martin; Thuy, Nguyen; Bouskela, Daniel; Buffoni, Lena; Elmqvist, Hilding; Fritzson, Peter; Garro, Alfredo; Jardin, Audrey; Olsson, Hans; Payelleville, Maxime; Schamai, Wladimir; Thomas, Eric; Tundis, Andrea

    2015-01-01

    This paper describes a proposal on how to model formal requirements in Modelica for simulation-based verification. The approach is implemented in the open source Modelica_Requirements library. It requires extensions to the Modelica language, that have been prototypically implemented in the Dymola and Open-Modelica software. The design of the library is based on the FOrmal Requirement Modeling Language (FORM-L) defined by EDF, and on industrial use cases from EDF and Dassault Aviation. It uses...

  11. Carboy Security Risk Analysis Model of I and C System Using Bayesian Network

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Heo, Gyunyoung; Son, Hanseong; Park, Jaekwan

    2013-01-01

    The Korea Institute of Nuclear Safety (KINS) as a regulatory agency declares the R. G 8.22 for applying cyber security in Korea in 2011. In nuclear power industrial, ShinUljin 1, 2 unit and Shingori 3, 4 unit are demonstrating the cyber security for the first time. And in terms of research, the National Security Research Institute and the Korea Atomic Energy Research Institute are developing the nuclear power plant cyber security system in Korean. Currently, these cyber securities like regulation, demonstration and research are focused on nuclear power plant. However, cyber security is also important for the nuclear research reactor like a HANARO which is in Daejeon, primarily due to its characteristic as research reactor since since people access more than power plant. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected final risk by evaluating input score for each checklist. In this way, you can see an important checklist. Further, if the cyber-attack occurs, it is possible to provide an evidentiary material that is able to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetratio test scenario according to each situation. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected in the final risk by evaluating input score for each checklist, in this way, you can see an important checklist. Furthermore, if the cyber-attack occurs, it is possible to provide an evidentiary material that enables to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetration test scenario according to

  12. A Trust-Based Model for Security Cooperating in Vehicular Cloud Computing

    Directory of Open Access Journals (Sweden)

    Zhipeng Tang

    2016-01-01

    Full Text Available VCC is a computing paradigm which consists of vehicles cooperating with each other to realize a lot of practical applications, such as delivering packages. Security cooperation is a fundamental research topic in Vehicular Cloud Computing (VCC. Because of the existence of malicious vehicles, the security cooperation has become a challenging issue in VCC. In this paper, a trust-based model for security cooperating, named DBTEC, is proposed to promote vehicles’ security cooperation in VCC. DBTEC combines the indirect trust estimation in Public board and the direct trust estimation in Private board to compute the trust value of vehicles when choosing cooperative partners; a trustworthy cooperation path generating scheme is proposed to ensure the safety of cooperation and increase the cooperation completion rates in VCC. Extensive experiments show that our scheme improves the overall cooperation completion rates by 6~7%.

  13. Quantitative Analysis of the Security of Software-Defined Network Controller Using Threat/Effort Model

    Directory of Open Access Journals (Sweden)

    Zehui Wu

    2017-01-01

    Full Text Available SDN-based controller, which is responsible for the configuration and management of the network, is the core of Software-Defined Networks. Current methods, which focus on the secure mechanism, use qualitative analysis to estimate the security of controllers, leading to inaccurate results frequently. In this paper, we employ a quantitative approach to overcome the above shortage. Under the analysis of the controller threat model we give the formal model results of the APIs, the protocol interfaces, and the data items of controller and further provide our Threat/Effort quantitative calculation model. With the help of Threat/Effort model, we are able to compare not only the security of different versions of the same kind controller but also different kinds of controllers and provide a basis for controller selection and secure development. We evaluated our approach in four widely used SDN-based controllers which are POX, OpenDaylight, Floodlight, and Ryu. The test, which shows the similarity outcomes with the traditional qualitative analysis, demonstrates that with our approach we are able to get the specific security values of different controllers and presents more accurate results.

  14. Extending enterprise architecture modelling with business goals and requirements

    Science.gov (United States)

    Engelsman, Wilco; Quartel, Dick; Jonkers, Henk; van Sinderen, Marten

    2011-02-01

    The methods for enterprise architecture (EA), such as The Open Group Architecture Framework, acknowledge the importance of requirements modelling in the development of EAs. Modelling support is needed to specify, document, communicate and reason about goals and requirements. The current modelling techniques for EA focus on the products, services, processes and applications of an enterprise. In addition, techniques may be provided to describe structured requirements lists and use cases. Little support is available however for modelling the underlying motivation of EAs in terms of stakeholder concerns and the high-level goals that address these concerns. This article describes a language that supports the modelling of this motivation. The definition of the language is based on existing work on high-level goal and requirements modelling and is aligned with an existing standard for enterprise modelling: the ArchiMate language. Furthermore, the article illustrates how EA can benefit from analysis techniques from the requirements engineering domain.

  15. Secure and Resilient Functional Modeling for Navy Cyber-Physical Systems

    Science.gov (United States)

    2017-05-24

    models were implemented in MATLAB/Simulink as simulation models and evaluated with an example system model of an engine cooling system . The UCI team is...Cyber-Physical Systems ” and submitted for publication to IEEE Conference on Automation Science and Engineering (CASE) 2017. Functional Editor (SCCT...release; distribution is unlimited. Page 1 of 4 Secure & Resilient Functional Modeling for Navy Cyber-Physical Systems FY17 Quarter 2 Technical Progress

  16. Validation of Computer Models for Homeland Security Purposes

    International Nuclear Information System (INIS)

    Schweppe, John E.; Ely, James; Kouzes, Richard T.; McConn, Ronald J.; Pagh, Richard T.; Robinson, Sean M.; Siciliano, Edward R.; Borgardt, James D.; Bender, Sarah E.; Earnhart, Alison H.

    2005-01-01

    At Pacific Northwest National Laboratory, we are developing computer models of radiation portal monitors for screening vehicles and cargo. Detailed models of the radiation detection equipment, vehicles, cargo containers, cargos, and radioactive sources have been created. These are used to determine the optimal configuration of detectors and the best alarm algorithms for the detection of items of interest while minimizing nuisance alarms due to the presence of legitimate radioactive material in the commerce stream. Most of the modeling is done with the Monte Carlo code MCNP to describe the transport of gammas and neutrons from extended sources through large, irregularly shaped absorbers to large detectors. A fundamental prerequisite is the validation of the computational models against field measurements. We describe the first step of this validation process, the comparison of the models to measurements with bare static sources

  17. Research on Secure Localization Model Based on Trust Valuation in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Peng Li

    2017-01-01

    Full Text Available Secure localization has become very important in wireless sensor networks. However, the conventional secure localization algorithms used in wireless sensor networks cannot deal with internal attacks and cannot identify malicious nodes. In this paper, a localization based on trust valuation, which can overcome a various attack types, such as spoofing attacks and Sybil attacks, is presented. The trust valuation is obtained via selection of the property set, which includes estimated distance, localization performance, position information of beacon nodes, and transmission time, and discussion of the threshold in the property set. In addition, the robustness of the proposed model is verified by analysis of attack intensity, localization error, and trust relationship for three typical scenes. The experimental results have shown that the proposed model is superior to the traditional secure localization models in terms of malicious nodes identification and performance improvement.

  18. Computer Modeling of Radiation Portal Monitors for Homeland Security Applications

    International Nuclear Information System (INIS)

    Pagh, Richard T.; Kouzes, Richard T.; McConn, Ronald J.; Robinson, Sean M.; Schweppe, John E.; Siciliano, Edward R.

    2005-01-01

    Radiation Portal Monitors (RPMs) are currently being used at our nation's borders to detect potential nuclear threats. At the Pacific Northwest National Laboratory (PNNL), realistic computer models of RPMs are being developed to simulate the screening of vehicles and cargo. Detailed models of the detection equipment, vehicles, cargo containers, cargos, and radioactive sources are being used to determine the optimal configuration of detectors. These models can also be used to support work to optimize alarming algorithms so that they maximize sensitivity for items of interest while minimizing nuisance alarms triggered by legitimate radioactive material in the commerce stream. Proposed next-generation equipment is also being modeled to quantify performance and capability improvements to detect potential nuclear threats. A discussion of the methodology used to perform computer modeling for RPMs will be provided. In addition, the efforts to validate models used to perform these scenario analyses will be described. Finally, areas where improved modeling capability is needed will be discussed as a guide to future development efforts

  19. Dynamic, stochastic models for congestion pricing and congestion securities.

    Science.gov (United States)

    2010-12-01

    This research considers congestion pricing under demand uncertainty. In particular, a robust optimization (RO) approach is applied to optimal congestion pricing problems under user equilibrium. A mathematical model is developed and an analysis perfor...

  20. SECURITY MODELING FOR MARITIME PORT DEFENSE RESOURCE ALLOCATION

    Energy Technology Data Exchange (ETDEWEB)

    Harris, S.; Dunn, D.

    2010-09-07

    Redeployment of existing law enforcement resources and optimal use of geographic terrain are examined for countering the threat of a maritime based small-vessel radiological or nuclear attack. The evaluation was based on modeling conducted by the Savannah River National Laboratory that involved the development of options for defensive resource allocation that can reduce the risk of a maritime based radiological or nuclear threat. A diverse range of potential attack scenarios has been assessed. As a result of identifying vulnerable pathways, effective countermeasures can be deployed using current resources. The modeling involved the use of the Automated Vulnerability Evaluation for Risks of Terrorism (AVERT{reg_sign}) software to conduct computer based simulation modeling. The models provided estimates for the probability of encountering an adversary based on allocated resources including response boats, patrol boats and helicopters over various environmental conditions including day, night, rough seas and various traffic flow rates.

  1. Using cognitive modeling for requirements engineering in anesthesiology

    NARCIS (Netherlands)

    Pott, C; le Feber, J

    2005-01-01

    Cognitive modeling is a complexity reducing method to describe significant cognitive processes under a specified research focus. Here, a cognitive process model for decision making in anesthesiology is presented and applied in requirements engineering. Three decision making situations of

  2. Modeling Domain Variability in Requirements Engineering with Contexts

    Science.gov (United States)

    Lapouchnian, Alexei; Mylopoulos, John

    Various characteristics of the problem domain define the context in which the system is to operate and thus impact heavily on its requirements. However, most requirements specifications do not consider contextual properties and few modeling notations explicitly specify how domain variability affects the requirements. In this paper, we propose an approach for using contexts to model domain variability in goal models. We discuss the modeling of contexts, the specification of their effects on system goals, and the analysis of goal models with contextual variability. The approach is illustrated with a case study.

  3. 15 CFR 744.11 - License requirements that apply to entities acting contrary to the national security or foreign...

    Science.gov (United States)

    2010-01-01

    ... entities acting contrary to the national security or foreign policy interests of the United States. 744.11... national security or foreign policy interests of the United States. BIS may impose foreign policy export... to United States national security or foreign policy interests or enabling such transfer, service...

  4. Modelling Status Food Security Households Disease Sufferers Pulmonary Tuberculosis Uses the Method Regression Logistics Binary

    Science.gov (United States)

    Wulandari, S. P.; Salamah, M.; Rositawati, A. F. D.

    2018-04-01

    Food security is the condition where the food fulfilment is managed well for the country till the individual. Indonesia is one of the country which has the commitment to create the food security becomes main priority. However, the food necessity becomes common thing means that it doesn’t care about nutrient standard and the health condition of family member, so in the fulfilment of food necessity also has to consider the disease suffered by the family member, one of them is pulmonary tuberculosa. From that reasons, this research is conducted to know the factors which influence on household food security status which suffered from pulmonary tuberculosis in the coastal area of Surabaya by using binary logistic regression method. The analysis result by using binary logistic regression shows that the variables wife latest education, house density and spacious house ventilation significantly affect on household food security status which suffered from pulmonary tuberculosis in the coastal area of Surabaya, where the wife education level is University/equivalent, the house density is eligible or 8 m2/person and spacious house ventilation 10% of the floor area has the opportunity to become food secure households amounted to 0.911089. While the chance of becoming food insecure households amounted to 0.088911. The model household food security status which suffered from pulmonary tuberculosis in the coastal area of Surabaya has been conformable, and the overall percentages of those classifications are at 71.8%.

  5. Perceptions of self-drive tourists along the Alaska-Canada border toward the increased security requirements of the western hemisphere travel initiative

    Science.gov (United States)

    Nicholas Palso

    2009-01-01

    This study explores the attitudes and feelings of self-drive tourists who cross the Alaska-Canada border about the increased security requirements of the Western Hemisphere Travel Initiative (WHTI), and how such attitudes and feelings may impact the tourism industry in this region. Results of a 2007 survey suggest that implementation of passport requirements will have...

  6. Modelling climate change impacts on crop production for food security

    Czech Academy of Sciences Publication Activity Database

    Bindi, M.; Palosuo, T.; Trnka, Miroslav; Semenov, M. A.

    2015-01-01

    Roč. 65, SEP (2015), s. 3-5 ISSN 0936-577X Institutional support: RVO:67179843 Keywords : Crop production Upscaling * Climate change impact and adaptation assessments * Upscaling * Model ensembles Subject RIV: DG - Athmosphere Sciences, Meteorology Impact factor: 1.690, year: 2015

  7. Software Requirements Specification Verifiable Fuel Cycle Simulation (VISION) Model

    International Nuclear Information System (INIS)

    D. E. Shropshire; W. H. West

    2005-01-01

    The purpose of this Software Requirements Specification (SRS) is to define the top-level requirements for a Verifiable Fuel Cycle Simulation Model (VISION) of the Advanced Fuel Cycle (AFC). This simulation model is intended to serve a broad systems analysis and study tool applicable to work conducted as part of the AFCI (including costs estimates) and Generation IV reactor development studies

  8. Capabilities and requirements for modelling radionuclide transport in the geosphere

    International Nuclear Information System (INIS)

    Paige, R.W.; Piper, D.

    1989-02-01

    This report gives an overview of geosphere flow and transport models suitable for use by the Department of the Environment in the performance assessment of radioactive waste disposal sites. An outline methodology for geosphere modelling is proposed, consisting of a number of different types of model. A brief description of each of the component models is given, indicating the purpose of the model, the processes being modelled and the methodologies adopted. Areas requiring development are noted. (author)

  9. Privacy and security in teleradiology

    Energy Technology Data Exchange (ETDEWEB)

    Ruotsalainen, Pekka [National Institute for Health and Welfare, Helsinki (Finland)], E-mail: pekka.ruotsalainen@THL.fi

    2010-01-15

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  10. Privacy and security in teleradiology

    International Nuclear Information System (INIS)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  11. The "Legal Aversion to Changes" State in Touching the Model Manager of Public Security National: Advances and Challenges in the Provision of Public Service Security in Brazil

    Directory of Open Access Journals (Sweden)

    Guilherme Barbosa da Silva

    2015-12-01

    Full Text Available Regarding the national public security, it is stated that current conventional models managers can no longer deal effectively with the escalation of violence and crime in order to push forward the need for broader changes in contemporary social life, to account the complexity and fragmentation of social reality of Brazilian public security. For proper delivery of public security service, it is necessary for the election of a committed and effective public security policy that must be consistently held, focusing on effective social pacification of conflicts; so that the repressive paradigm should be finally left side; splitting thus entitled to the "legal aversion to change " state with regard to national public security, since not just the mere transmission of a false sense of security to society through reinvestment in the current model reactive-repressive manager - with increasing repression State - without detailed examination of the whole issue of social conflicts, which must first of all examine in a general way factors such as criminal policy so far adopted, the current focus of the provision of public safety services made available to the population and the its effectiveness to thus - through analysis engaged with current social reality, and, using the literature and the deductive-inductive method - propose new public safety managers paradigms that are consistent with a sustainable model of "law and policy" committed to an effective social pacification of conflicts.

  12. TRUST MODEL FOR INFORMATION SECURITY OF MULTI-AGENT ROBOTIC SYSTEMS WITH A DECENTRALIZED MANAGEMENT

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2014-03-01

    Full Text Available The paper deals with the issues on protection of multi-agent robotic systems against attacks by robots-saboteurs. The operation analysis of such systems with decentralized control is carried out. Concept of harmful information impact (attack from a robot-saboteur to the multi-agent robotic system is given. The class of attacks is considered using interception of messages, formation and transfer of misinformation to group of robots, and also carrying out other actions with vulnerabilities of multiagent algorithms without obviously identified signs of invasion of robots-saboteurs. The model of information security is developed, in which robots-agents work out trust levels to each other analyzing the events occurring in the system. The idea of trust model consists in the analysis of transferred information by each robot and the executed actions of other members in a group, comparison of chosen decision on iteration step k with objective function of the group. Distinctive feature of the trust model in comparison with the closest analogue - Buddy Security Model in which the exchange between the agents security tokens is done — is involvement of the time factor during which agents have to "prove" by their actions the usefulness in achievement of a common goal to members of the group. Variants of this model realization and ways of an assessment of trust levels for agents in view of the security policy accepted in the group are proposed.

  13. Employing the intelligence cycle process model within the Homeland Security Enterprise

    OpenAIRE

    Stokes, Roger L.

    2013-01-01

    CHDS State/Local The purpose of this thesis was to examine the employment and adherence of the intelligence cycle process model within the National Network of Fusion Centers and the greater Homeland Security Enterprise by exploring the customary intelligence cycle process model established by the United States Intelligence Community (USIC). This thesis revealed there are various intelligence cycle process models used by the USIC and taught to the National Network. Given the numerous differ...

  14. A PROFICIENT MODEL FOR HIGH END SECURITY IN CLOUD COMPUTING

    Directory of Open Access Journals (Sweden)

    R. Bala Chandar

    2014-01-01

    Full Text Available Cloud computing is an inspiring technology due to its abilities like ensuring scalable services, reducing the anxiety of local hardware and software management associated with computing while increasing flexibility and scalability. A key trait of the cloud services is remotely processing of data. Even though this technology had offered a lot of services, there are a few concerns such as misbehavior of server side stored data , out of control of data owner's data and cloud computing does not control the access of outsourced data desired by the data owner. To handle these issues, we propose a new model to ensure the data correctness for assurance of stored data, distributed accountability for authentication and efficient access control of outsourced data for authorization. This model strengthens the correctness of data and helps to achieve the cloud data integrity, supports data owner to have control on their own data through tracking and improves the access control of outsourced data.

  15. Requirements Validation: Execution of UML Models with CPN Tools

    DEFF Research Database (Denmark)

    Machado, Ricardo J.; Lassen, Kristian Bisgaard; Oliveira, Sérgio

    2007-01-01

    Requirements validation is a critical task in any engineering project. The confrontation of stakeholders with static requirements models is not enough, since stakeholders with non-computer science education are not able to discover all the inter-dependencies between the elicited requirements. Even...... requirements, where the system to be built must explicitly support the interaction between people within a pervasive cooperative workflow execution. A case study from a real project is used to illustrate the proposed approach....

  16. Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model

    Science.gov (United States)

    Moghaddasi, Hamid; Kamkarhaghighi, Mehran

    2016-01-01

    Introduction: Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. Background: The “data security models” presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the “needs and improvement” cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Findings: Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Conclusion: Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced. PMID:27857823

  17. Modeling the transient security constraints of natural gas network in day-ahead power system scheduling

    DEFF Research Database (Denmark)

    Yang, Jingwei; Zhang, Ning; Kang, Chongqing

    2017-01-01

    accurately, they are hard to be embedded into the power system scheduling model, which consists of algebraic equations and inequations. This paper addresses this dilemma by proposing an algebraic transient model of natural gas network which is similar to the branch-node model of power network. Based......The rapid deployment of gas-fired generating units makes the power system more vulnerable to failures in the natural gas system. To reduce the risk of gas system failure and to guarantee the security of power system operation, it is necessary to take the security constraints of natural gas...... pipelines into account in the day-ahead power generation scheduling model. However, the minute- and hour-level dynamic characteristics of gas systems prevents an accurate decision-making simply with the steady-state gas flow model. Although the partial differential equations depict the dynamics of gas flow...

  18. A construction kit for modeling the security of M-Commerce applications

    OpenAIRE

    Reif, Wolfgang

    2004-01-01

    A construction kit for modeling the security of M-Commerce applications / Dominik Haneberg, Wolfgang Reif, Kurt Stenzel. - In: Applying formal methods : testing, performance and M/E commerce ; FORTE 2004 Workshops The FormEMC ..., Toledo, Spain, October 1 - 2, 2004 ; proceedings / Manuel Núñez ... (ed.). - Berlin u. a : Springer, 2004. - S. 72-85. - (Lecture notes in computer science ; 3236)

  19. A generalized one-factor term structure model and pricing of interest rate derivative securities

    NARCIS (Netherlands)

    Jiang, George J.

    1997-01-01

    The purpose of this paper is to propose a nonparametric interest rate term structure model and investigate its implications on term structure dynamics and prices of interest rate derivative securities. The nonparametric spot interest rate process is estimated from the observed short-term interest

  20. Predicting Preschoolers' Attachment Security from Fathers' Involvement, Internal Working Models, and Use of Social Support

    Science.gov (United States)

    Newland, Lisa A.; Coyl, Diana D.; Freeman, Harry

    2008-01-01

    Associations between preschoolers' attachment security, fathers' involvement (i.e. parenting behaviors and consistency) and fathering context (i.e. fathers' internal working models (IWMs) and use of social support) were examined in a subsample of 102 fathers, taken from a larger sample of 235 culturally diverse US families. The authors predicted…

  1. Social security wealth and aggregate consumption : An extended life-cycle model estimated for The Netherlands

    NARCIS (Netherlands)

    Zant, W.

    In this paper a method is developed to calculate a wealth variable accounting for the existence of the basic old-age provisions in The Netherlands (AOW). In line with Feldstein's extended life-cycle model, consumption functions with (gross) social security wealth are estimated for The Netherlands

  2. Civil Defence and National Security: Composition and Implementation Model in National Defence

    Directory of Open Access Journals (Sweden)

    Mr. Muradi

    2017-01-01

    Full Text Available Civil Defense is inherent part of every citizen in many countries anywhere in the world, which differ only in the implementation of the program. The difference depends on the threat level and needs of each country in mobilizing citizens. However, the Civil Defense’s Governance which involvement of citizens is already regulated in a number of regulations and legislation, but as one part of an integrated program linked to the involvement of citizens in the framework of national defense, civil defense program is not enough to have its own laws. So that when applied in the form of operational, interpretation of these programs tend to be not in tune and even have precisely the opposite perspective between the state and citizens. This paper argued that the Civil Defense program is part of an integrated governance program of national security. Therefore, the state should be required to ensure that the program of Civil Defense goes well. This paper is also offer the composition and program models associated with the Civil Defense, Conscription Program (draftee and Reserve Component. The argument of this paper is that the Civil Defense Program is a linear and continuous with Conscription and Reserves Programs.

  3. Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

    Directory of Open Access Journals (Sweden)

    Gustavo Betarte

    2015-12-01

    Full Text Available In this work we investigate the security of security-critical applications, i.e. applications in which a failure may produce consequences that are unacceptable. We consider three areas: mobile devices, virtualization platforms, and domain name systems. The Java Micro Edition platform defines the Mobile Information Device Profile (MIDP to facilitate the development of applications for mobile devices, like cell phones and PDAs. We first study and compare formally several variants of the security model specified by MIDP to access sensitive resources of a mobile device. Hypervisors allow multiple guest operating systems to run on shared hardware, and offer a compelling means of improving the security and the flexibility of software systems. In this work we present a formalization of an idealized model of a hypervisor. We establish (formally that the hypervisor ensures strong isolation properties between the different operating systems, and guarantees that requests from guest operating systems are eventually attended. We show also that virtualized platforms are transparent, i.e. a guest operating system cannot distinguish whether it executes alone or together with other guest operating systems on the platform. The Domain Name System Security Extensions (DNSSEC is a suite of specifications that provides origin authentication and integrity assurance services for DNS data. We finally introduce a minimalistic specification of a DNSSEC model which provides the grounds needed to formally state and verify security properties concerning the chain of trust of the DNSSEC tree. We develop all our formalizations in the Calculus of Inductive Constructions --formal language that combines a higher-order logic and a richly-typed functional programming language-- using the Coq proof assistant.

  4. Food Security Model and the Role of Community Empowerment: The Case of a Marginalized Village in Mexico, Tatoxcac, Puebla

    OpenAIRE

    Marco Antonio Lara De la Calleja; María Catalina Ovando Chico; Eduardo Lopez Ruiz

    2017-01-01

    Community empowerment has been proved to be a key element in the solution of the food security problem. As a result of a conceptual analysis, it was found that agricultural production, economic development and governance, are the traditional basis of food security models. Although the literature points to social inclusion as an important factor for food security, no model has considered it as the basis of it. The aim of this research is to identify different dimensions that make an integral m...

  5. Discrete choice modeling of environmental security. Research report

    Energy Technology Data Exchange (ETDEWEB)

    Carson, K.S.

    1998-10-01

    The presence of overpopulation or unsustainable population growth may place pressure on the food and water supplies of countries in sensitive areas of the world. Severe air or water pollution may place additional pressure on these resources. These pressures may generate both internal and international conflict in these areas as nations struggle to provide for their citizens. Such conflicts may result in United States intervention, either unilaterally, or through the United Nations. Therefore, it is in the interests of the United States to identify potential areas of conflict in order to properly train and allocate forces. The purpose of this research is to forecast the probability of conflict in a nation as a function of it s environmental conditions. Probit, logit and ordered probit models are employed to forecast the probability of a given level of conflict. Data from 95 countries are used to estimate the models. Probability forecasts are generated for these 95 nations. Out-of sample forecasts are generated for an additional 22 nations. These probabilities are then used to rank nations from highest probability of conflict to lowest. The results indicate that the dependence of a nation`s economy on agriculture, the rate of deforestation, and the population density are important variables in forecasting the probability and level of conflict. These results indicate that environmental variables do play a role in generating or exacerbating conflict. It is unclear that the United States military has any direct role in mitigating the environmental conditions that may generate conflict. A more important role for the military is to aid in data gathering to generate better forecasts so that the troops are adequntely prepared when conflicts arises.

  6. COORDINATION IN MULTILEVEL NETWORK-CENTRIC CONTROL SYSTEMS OF REGIONAL SECURITY: APPROACH AND FORMAL MODEL

    Directory of Open Access Journals (Sweden)

    A. V. Masloboev

    2015-01-01

    Full Text Available The paper deals with development of methods and tools for mathematical and computer modeling of the multilevel network-centric control systems of regional security. This research is carried out under development strategy implementation of the Arctic zone of the Russian Federation and national safeguarding for the period before 2020 in the Murmansk region territory. Creation of unified interdepartmental multilevel computer-aided system is proposed intended for decision-making information support and socio-economic security monitoring of the Arctic regions of Russia. The distinctive features of the investigated system class are openness, self-organization, decentralization of management functions and decision-making, weak hierarchy in the decision-making circuit and goal generation capability inside itself. Research techniques include functional-target approach, mathematical apparatus of multilevel hierarchical system theory and principles of network-centric control of distributed systems with pro-active components and variable structure. The work considers network-centric management local decisions coordination problem-solving within the multilevel distributed systems intended for information support of regional security. The coordination problem-solving approach and problem formalization in the multilevel network-centric control systems of regional security have been proposed based on developed multilevel recurrent hierarchical model of regional socio-economic system complex security. The model provides coordination of regional security indexes, optimized by the different elements of multilevel control systems, subject to decentralized decision-making. The model specificity consists in application of functional-target technology and mathematical apparatus of multilevel hierarchical system theory for coordination procedures implementation of the network-centric management local decisions. The work-out and research results can find further

  7. Land Ecological Security Evaluation of Underground Iron Mine Based on PSR Model

    Science.gov (United States)

    Xiao, Xiao; Chen, Yong; Ruan, Jinghua; Hong, Qiang; Gan, Yong

    2018-01-01

    Iron ore mine provides an important strategic resource to the national economy while it also causes many serious ecological problems to the environment. The study summed up the characteristics of ecological environment problems of underground iron mine. Considering the mining process of underground iron mine, we analysis connections between mining production, resource, environment and economical background. The paper proposed a land ecological security evaluation system and method of underground iron mine based on Pressure-State-Response model. Our application in Chengchao iron mine proves its efficiency and promising guide on land ecological security evaluation.

  8. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  9. Security giving in surrogacy motherhood process as a caring model for commissioning mothers: A theory synthesis.

    Science.gov (United States)

    Zandi, Mitra; Vanaki, Zohreh; Shiva, Marziyeh; Mohammadi, Eesa; Bagheri-Lankarani, Narges

    2016-07-01

    Despite the increasing use of surrogacy, there are no caring theories/models that serve as the basis for nursing care to surrogacy commissioning mothers. This study has designed a model for caring of surrogacy commissioning mothers in 2013. The theory synthesis of Walker and Avant's strategies of theory construction (2011) was used to design a caring model/theory. The theory synthesis includes three stages: (i) selection of focal concept (the concept of "security giving in motherhood" was selected); (ii) review of studies in order to identify factors related to focal concept relevant studies (42 articles and 13 books) were reviewed, statements and concepts related to focal concept were then extracted and classified, and their relations were specified; and (iii) organization of concepts and statements within a relevant general and effective manifestation of the phenomenon under study which led to developing of a model. In this caring model/theory, entitled "security giving in surrogacy motherhood", nurses roles were conceptualized within the conceptual framework that includes three main roles: (i) coordination; (ii) participation; and (iii) security giving (physical, emotional, and legal support; empowerment; presence; relationship management between both parties and advocacy). Training surrogacy specialist nurses and establishment of surrogacy care centers are important factors for implementation of the model. This model could help to provided better caring for surrogacy clients, especially for commissioning mothers. © 2016 Japan Academy of Nursing Science.

  10. Requirements Traceability and Transformation Conformance in Model-Driven Development

    NARCIS (Netherlands)

    Andrade Almeida, João; van Eck, Pascal; Iacob, Maria Eugenia

    2006-01-01

    The variety of design artefacts (models) produced in a model-driven design process results in an intricate rela-tionship between requirements and the various models. This paper proposes a methodological framework that simplifies management of this relationship. This frame-work is a basis for tracing

  11. A network security situation prediction model based on wavelet neural network with optimized parameters

    Directory of Open Access Journals (Sweden)

    Haibo Zhang

    2016-08-01

    Full Text Available The security incidents ion networks are sudden and uncertain, it is very hard to precisely predict the network security situation by traditional methods. In order to improve the prediction accuracy of the network security situation, we build a network security situation prediction model based on Wavelet Neural Network (WNN with optimized parameters by the Improved Niche Genetic Algorithm (INGA. The proposed model adopts WNN which has strong nonlinear ability and fault-tolerance performance. Also, the parameters for WNN are optimized through the adaptive genetic algorithm (GA so that WNN searches more effectively. Considering the problem that the adaptive GA converges slowly and easily turns to the premature problem, we introduce a novel niche technology with a dynamic fuzzy clustering and elimination mechanism to solve the premature convergence of the GA. Our final simulation results show that the proposed INGA-WNN prediction model is more reliable and effective, and it achieves faster convergence-speed and higher prediction accuracy than the Genetic Algorithm-Wavelet Neural Network (GA-WNN, Genetic Algorithm-Back Propagation Neural Network (GA-BPNN and WNN.

  12. Security for grids

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  13. 75 FR 76647 - Special Conditions: Boeing Model 747-8 Airplanes, Systems and Data Networks Security-Isolation or...

    Science.gov (United States)

    2010-12-09

    ... Model 747-8 Airplanes, Systems and Data Networks Security--Isolation or Protection From Unauthorized... information services, than previous 747-8 airplane models. This may allow the exploitation of network security... passenger domain computer systems to the airplane critical systems and data networks. The applicable...

  14. Commonsense Psychology and the Functional Requirements of Cognitive Models

    National Research Council Canada - National Science Library

    Gordon, Andrew S

    2005-01-01

    In this paper we argue that previous models of cognitive abilities (e.g. memory, analogy) have been constructed to satisfy functional requirements of implicit commonsense psychological theories held by researchers and nonresearchers alike...

  15. Requirements engineering for cross-sectional information chain models.

    Science.gov (United States)

    Hübner, U; Cruel, E; Gök, M; Garthaus, M; Zimansky, M; Remmers, H; Rienhoff, O

    2012-01-01

    Despite the wealth of literature on requirements engineering, little is known about engineering very generic, innovative and emerging requirements, such as those for cross-sectional information chains. The IKM health project aims at building information chain reference models for the care of patients with chronic wounds, cancer-related pain and back pain. Our question therefore was how to appropriately capture information and process requirements that are both generally applicable and practically useful. To this end, we started with recommendations from clinical guidelines and put them up for discussion in Delphi surveys and expert interviews. Despite the heterogeneity we encountered in all three methods, it was possible to obtain requirements suitable for building reference models. We evaluated three modelling languages and then chose to write the models in UML (class and activity diagrams). On the basis of the current project results, the pros and cons of our approach are discussed.

  16. Spreadsheet Decision Support Model for Training Exercise Material Requirements Planning

    National Research Council Canada - National Science Library

    Tringali, Arthur

    1997-01-01

    This thesis focuses on developing a spreadsheet decision support model that can be used by combat engineer platoon and company commanders in determining the material requirements and estimated costs...

  17. Model Based User's Access Requirement Analysis of E-Governance Systems

    Science.gov (United States)

    Saha, Shilpi; Jeon, Seung-Hwan; Robles, Rosslin John; Kim, Tai-Hoon; Bandyopadhyay, Samir Kumar

    The strategic and contemporary importance of e-governance has been recognized across the world. In India too, various ministries of Govt. of India and State Governments have taken e-governance initiatives to provide e-services to citizens and the business they serve. To achieve the mission objectives, and make such e-governance initiatives successful it would be necessary to improve the trust and confidence of the stakeholders. It is assumed that the delivery of government services will share the same public network information that is being used in the community at large. In particular, the Internet will be the principal means by which public access to government and government services will be achieved. To provide the security measures main aim is to identify user's access requirement for the stakeholders and then according to the models of Nath's approach. Based on this analysis, the Govt. can also make standards of security based on the e-governance models. Thus there will be less human errors and bias. This analysis leads to the security architecture of the specific G2C application.

  18. Hybriding CMMI and requirement engineering maturity and capability models

    OpenAIRE

    Buglione, Luigi; Hauck, Jean Carlo R.; Gresse von Wangenheim, Christiane; Mc Caffery, Fergal

    2012-01-01

    peer-reviewed Estimation represents one of the most critical processes for any project and it is highly dependent on the quality of requirements elicitation and management. Therefore, the management of requirements should be prioritised in any process improvement program, because the less precise the requirements gathering, analysis and sizing, the greater the error in terms of time and cost estimation. Maturity and Capability Models (MCM) represent a good tool for assessing the status of ...

  19. Generic skills requirements (KSA model) towards future mechanical ...

    African Journals Online (AJOL)

    Generic Skills is a basic requirement that engineers need to master in all areas of Engineering. This study was conducted throughout the peninsular Malaysia involving small, medium and heavy industries using the KSA Model. The objectives of this study are studying the level of requirement of Generic Skills that need to be ...

  20. Security of Device-Independent Quantum Key Distribution in the Bounded-Quantum-Storage Model

    Directory of Open Access Journals (Sweden)

    S. Pironio

    2013-08-01

    Full Text Available Device-independent quantum key distribution (DIQKD is a formalism that supersedes traditional quantum key distribution, as its security does not rely on any detailed modeling of the internal working of the devices. This strong form of security is only possible using devices producing correlations that violate a Bell inequality. Full security proofs of DIQKD have recently been reported, but they tolerate zero or small amounts of noise and are restricted to protocols based on specific Bell inequalities. Here, we provide a security proof of DIQKD that is both more efficient and noise resistant, and also more general, as it applies to protocols based on arbitrary Bell inequalities and can be adapted to cover supraquantum eavesdroppers limited by the no-signaling principle only. It is formulated, however, in the bounded-quantum-storage model, where an upper bound on the adversary’s quantum memory is a priori known. This condition is not a limitation at present, since the best existing quantum memories have very short coherence times.

  1. A Quantitative Risk Evaluation Model for Network Security Based on Body Temperature

    Directory of Open Access Journals (Sweden)

    Y. P. Jiang

    2016-01-01

    Full Text Available These days, in allusion to the traditional network security risk evaluation model, which have certain limitations for real-time, accuracy, characterization. This paper proposed a quantitative risk evaluation model for network security based on body temperature (QREM-BT, which refers to the mechanism of biological immune system and the imbalance of immune system which can result in body temperature changes, firstly, through the r-contiguous bits nonconstant matching rate algorithm to improve the detection quality of detector and reduce missing rate or false detection rate. Then the dynamic evolution process of the detector was described in detail. And the mechanism of increased antibody concentration, which is made up of activating mature detector and cloning memory detector, is mainly used to assess network risk caused by various species of attacks. Based on these reasons, this paper not only established the equation of antibody concentration increase factor but also put forward the antibody concentration quantitative calculation model. Finally, because the mechanism of antibody concentration change is reasonable and effective, which can effectively reflect the network risk, thus body temperature evaluation model was established in this paper. The simulation results showed that, according to body temperature value, the proposed model has more effective, real time to assess network security risk.

  2. A DPSIR model for ecological security assessment through indicator screening: a case study at Dianchi Lake in China.

    Science.gov (United States)

    Wang, Zhen; Zhou, Jingqing; Loaiciga, Hugo; Guo, Huaicheng; Hong, Song

    2015-01-01

    Given the important role of lake ecosystems in social and economic development, and the current severe environmental degradation in China, a systematic diagnosis of the ecological security of lakes is essential for sustainable development. A Driving-force, Pressure, Status, Impact, and Risk (DPSIR) model, combined with data screening for lake ecological security assessment was developed to overcome the disadvantages of data selection in existing assessment methods. Correlation and principal component analysis were used to select independent and representative data. The DPSIR model was then applied to evaluate the ecological security of Dianchi Lake in China during 1988-2007 using an ecological security index. The results revealed a V-shaped trend. The application of the DPSIR model with data screening provided useful information regarding the status of the lake's ecosystem, while ensuring information efficiency and eliminating multicollinearity. The modeling approach described here is practical and operationally efficient, and provides an attractive alternative approach to assess the ecological security of lakes.

  3. Irrigation Requirement Estimation Using Vegetation Indices and Inverse Biophysical Modeling

    Science.gov (United States)

    Bounoua, Lahouari; Imhoff, Marc L.; Franks, Shannon

    2010-01-01

    We explore an inverse biophysical modeling process forced by satellite and climatological data to quantify irrigation requirements in semi-arid agricultural areas. We constrain the carbon and water cycles modeled under both equilibrium, balance between vegetation and climate, and non-equilibrium, water added through irrigation. We postulate that the degree to which irrigated dry lands vary from equilibrium climate conditions is related to the amount of irrigation. The amount of water required over and above precipitation is considered as an irrigation requirement. For July, results show that spray irrigation resulted in an additional amount of water of 1.3 mm per occurrence with a frequency of 24.6 hours. In contrast, the drip irrigation required only 0.6 mm every 45.6 hours or 46% of that simulated by the spray irrigation. The modeled estimates account for 87% of the total reported irrigation water use, when soil salinity is not important and 66% in saline lands.

  4. Probabilistic modelling of security of supply in gas networks and evaluation of new infrastructure

    International Nuclear Information System (INIS)

    Praks, Pavel; Kopustinskas, Vytis; Masera, Marcelo

    2015-01-01

    The paper presents a probabilistic model to study security of supply in a gas network. The model is based on Monte-Carlo simulations with graph theory, and is implemented in the software tool ProGasNet. The software allows studying gas networks in various aspects including identification of weakest links and nodes, vulnerability analysis, bottleneck analysis, evaluation of new infrastructure etc. In this paper ProGasNet is applied to a benchmark network based on a real EU gas transmission network of several countries with the purpose of evaluating the security of supply effects of new infrastructure, either under construction, recently completed or under planning. The probabilistic model enables quantitative evaluations by comparing the reliability of gas supply in each consuming node of the network. - Highlights: • A Monte-Carlo algorithm for stochastic flow networks is presented. • Network elements can fail according to a given probabilistic model. • Priority supply pattern of gas transmission networks is assumed. • A real-world EU gas transmission network is presented and analyzed. • A risk ratio is used for security of supply quantification of a new infrastructure.

  5. Formalization in PVS of Balancing Properties Necessary for Proving Security of the Dolev-Yao Cascade Protocol Model

    Directory of Open Access Journals (Sweden)

    Mauricio Ayala-Rincón

    2013-01-01

    Full Text Available In this work, we present an algebraic approach for modeling the two-party cascade protocol of Dolev-Yao and for fully formalizing its security in the specification language of the Prototype Verification System PVS. Although cascade protocols could be argued to be a very limited model, it should be stressed here that they are the basis of more sophisticated protocols of great applicability, such as those which allow treatment of multiparty, tuples, nonces, name-stamps, signatures, etc. In the current algebraic approach, steps of the protocol are modeled in a monoid freely generated by the cryptographic operators. Words in this monoid are specified as finite sequences and the whole protocol as a finite sequence of protocol steps, that are functions from pairs of users to sequences of cryptographic operators. In a previous work, assuming that for balanced protocols admissible words produced by a potential intruder should be balanced, a formalization of the characterization of security of this kind of protocols was given in PVS. In this work, the previously assumed property is also formalized, obtaining in this way a complete formalization which mathematically guarantees the security of these protocols. Despite such property being relatively easy to specify, obtaining a complete formalization requires a great amount of effort, because several algebraic properties, that are related to the preservation of the balancing property of the admissible language of the intruder, should be formalized in the granularity of the underlying data structure (of finite sequences used in the specification. Among these properties, the most complex are related to the notion of linkage property, which allows for a systematic analysis of words of the admissible language of a potential saboteur, showing how he/she is unable to isolate private keys of other users under the assumption of balanced protocols. The difficulties that arose in conducting this formalization are

  6. What Happened to the Nordic Model for International Peace and Security?

    DEFF Research Database (Denmark)

    Wivel, Anders

    2017-01-01

    The Nordic countries have long been renowned for their contribution to international peace and security. This contribution – occasionally viewed by both Nordic and non-Nordic policy-makers and academics as a particular model for facilitating peace and development in international affairs – is based...... internationalist peacemakers. This article identifies the characteristics of the Nordic model for international peace and security and discusses how and why it has changed....... on a combination of active contributions to peaceful conflict resolution, a high level of development aid and a continuous commitment to strengthening international society. However, recently Scandinavians have been making headlines for reasons that seem to contrast with their well-established brand as humane...

  7. Marine Search and Rescue of UAV in Long-Distance Security Modeling Simulation

    Directory of Open Access Journals (Sweden)

    Zheng Lei

    2017-11-01

    Full Text Available Long-distance safety of Marine search and rescue using drones can improve the searching speed. The current method is based on the long distance security classification of UAV.The degree of accuracy is low. A long-distance security modeling approach based on ArduinoMiniPro’s Marine search-and-rescue applying UAV is proposed. The method puts the fault tree analysis and relevant calculation for risk identification into use. The main factors affecting the safety of unmanned aerial vehicle (UAV are long-distance searching and rescuing. The experimental results show that the proposed method can effectively build modeling for the long-distance safety of the Marine search and rescue UAV

  8. Shift scheduling model considering workload and worker’s preference for security department

    Science.gov (United States)

    Herawati, A.; Yuniartha, D. R.; Purnama, I. L. I.; Dewi, LT

    2018-04-01

    Security department operates for 24 hours and applies shift scheduling to organize its workers as well as in hotel industry. This research has been conducted to develop shift scheduling model considering the workers physical workload using rating of perceived exertion (RPE) Borg’s Scale and workers’ preference to accommodate schedule flexibility. The mathematic model is developed in integer linear programming and results optimal solution for simple problem. Resulting shift schedule of the developed model has equally distribution shift allocation among workers to balance the physical workload and give flexibility for workers in working hours arrangement.

  9. A two-factor, stochastic programming model of Danish mortgage-backed securities

    DEFF Research Database (Denmark)

    Nielsen, Søren S.; Poulsen, Rolf

    2004-01-01

    -trivial, both in terms of deciding on an initial mortgage, and in terms of managing (rebalancing) it optimally.We propose a two-factor, arbitrage-free interest-rate model, calibrated to observable security prices, and implement on top of it a multi-stage, stochastic optimization program with the purpose...... of optimally composing and managing a typical mortgage loan. We model accurately both fixed and proportional transaction costs as well as tax effects. Risk attitudes are addressed through utility functions and through worst-case (min-max) optimization. The model is solved in up to 9 stages, having 19...

  10. Security in the data link layer of the OSI model on LANs wired Cisco

    Directory of Open Access Journals (Sweden)

    María Genoveva Moreira Santos

    2018-02-01

    Full Text Available There are no technologies or protocols completely secure in network infrastructures, for this reason, this document aims to demonstrate the importance of configuring security options on network equipments. On this occasion we will focus on the data link layer of the OSI model, which is where controls have begun to be implemented at level of protocols. The tools that are used in the research facilitate the implementation of a virtual laboratory, which consists of a base operating system (windows in which virtualbox is installed to mount linux mint, which will generate attacks; while in VMware, we installed a virtual machine that allows you to add the image of a switch to our network simulation software (GNS3, which integrates all the components. The tests were able to identify the vulnerabilities in MAC, ARP, VLAN and STP, and then to proceed to patch these security aws. Keeping the setting by default or ignoring the characteristics of network equipment are usually the reasons why these vulnerabilities exist. Finally, it was proved how easy it can be to run an attack and at the same time to implement security measures on the layer 2 of the OSI.

  11. The French nuclear policy. A model for security policy in North-East Asia

    International Nuclear Information System (INIS)

    Choe, K.

    1998-01-01

    Between the end of the second world war and the collapse of the Berlin wall, the French diplomacy was based on the nuclear policy in a solid and coherent way. This nuclear policy was an 'incarnation' of the national security conception, allowing France to recover its political, military and economical rank on the international scene. The most important characteristic of the French nuclear policy concerns the commercialization of the nuclear energy which aims to ensuring the national security through the building up of a financial, technological and political 'reserve'. In front of the domination of the USA and USSR during the cold war era, NE Asia had a similar geostrategic configuration as Western Europe. It concerns in particular the massive application of nuclear energy for both military and industrial purposes. The bases of the security policy in this region refers to the real use of the nuclear weapon by the USA against Japan in 1945. The French nuclear policy may be considered as a model for the building of the security policy of NE Asia, in particular through the commercialization of the nuclear technology between the countries in concern. This nuclear approach would allow the countries of these region to change their present day national defense policy into an economical and military cooperation. (J.S.)

  12. Business Process Simulation: Requirements for Business and Resource Models

    OpenAIRE

    Audrius Rima; Olegas Vasilecas

    2015-01-01

    The purpose of Business Process Model and Notation (BPMN) is to provide easily understandable graphical representation of business process. Thus BPMN is widely used and applied in various areas one of them being a business process simulation. This paper addresses some BPMN model based business process simulation problems. The paper formulate requirements for business process and resource models in enabling their use for business process simulation.

  13. Business Process Simulation: Requirements for Business and Resource Models

    Directory of Open Access Journals (Sweden)

    Audrius Rima

    2015-07-01

    Full Text Available The purpose of Business Process Model and Notation (BPMN is to provide easily understandable graphical representation of business process. Thus BPMN is widely used and applied in various areas one of them being a business process simulation. This paper addresses some BPMN model based business process simulation problems. The paper formulate requirements for business process and resource models in enabling their use for business process simulation.

  14. Advanced approach to information security management system model for industrial control system.

    Science.gov (United States)

    Park, Sanghyun; Lee, Kyungho

    2014-01-01

    Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

  15. Advanced Approach to Information Security Management System Model for Industrial Control System

    Science.gov (United States)

    2014-01-01

    Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS. PMID:25136659

  16. Advanced Approach to Information Security Management System Model for Industrial Control System

    Directory of Open Access Journals (Sweden)

    Sanghyun Park

    2014-01-01

    Full Text Available Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS. ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

  17. Behavioral and physical biometric characteristics modeling used for ITS security improvement

    Directory of Open Access Journals (Sweden)

    Miroslav BAČA

    2009-01-01

    Full Text Available Biometric technologies rely on specific biometric characteristics that are used for recognition. The particular characteristic for a given situation can be described through a serious of descriptive parameters including ease of collecting, permanence, measurably, acceptability, deceptiveness, universality, uniqueness, sample cost, system cost, database size, as well as environmental factors. By using our ontology-based framework for adequacy of biometric systems, we introduce a model for using biometric technologies in ITS. Such technologies increase security, safety and protection of ITS.

  18. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  19. Increasing security of supply: The search for stable models of financing for new nuclear build in the European Union

    International Nuclear Information System (INIS)

    Heffron, Raphael James

    2009-01-01

    Full text: This research assesses models for financing of new nuclear build in European Union (EU) member states to find the most stable form. The countries examined in this study are France, the United Kingdom, Finland and Romania. The results attest that due to various historical, political, competition, and electricity market structural conditions Romania has emerged with the most secure and stable model for financing of new nuclear projects. This paper begins with an assessment of the effects on the nuclear sector from energy, environment and competition legislation in the EU. Then the political and economic climate of the afore mentioned EU member states is completed. Following this an overview of the market structure of the electricity sector in those respective countries is conducted. Then the key research on the models of financing of new nuclear build is explored, contrasted and analysed. The research concludes that there are four main models for financing new nuclear projects in Europe. Each model has transcended from different political and economic forces, and consequently each model has met with varied levels of success. Electricity market structures while operating to the same legal requirements, have been dissimilar in their evolution. The combination of the above factors has led to different models for financing new nuclear build. Upon further analysis it is concluded and demonstrated that the Romanian financing model is the most suitable and provides an example for any new nuclear build aspiring nations in the EU and beyond. (author)

  20. Knowledge-based computer security advisor

    International Nuclear Information System (INIS)

    Hunteman, W.J.; Squire, M.B.

    1991-01-01

    The rapid expansion of computer security information and technology has included little support to help the security officer identify the safeguards needed to comply with a policy and to secure a computing system. This paper reports that Los Alamos is developing a knowledge-based computer security system to provide expert knowledge to the security officer. This system includes a model for expressing the complex requirements in computer security policy statements. The model is part of an expert system that allows a security officer to describe a computer system and then determine compliance with the policy. The model contains a generic representation that contains network relationships among the policy concepts to support inferencing based on information represented in the generic policy description

  1. RESEARCH OF OPEN SYSTEMS INTERCONNECTION MODEL IN TERMS OF INFORMATION SECURITY

    OpenAIRE

    Корнієнко, Б.; Національний авіаційний університет

    2013-01-01

    In this article the OSI model in terms of information security classification of vulnerabilities and security measures at the level of model OSI. In order to build a comprehensive information security systems for information and communication systems and networks offer a model to extend the seven- nine levels — through eight levels — level politician and ninth — level users. Рассмотрены модель OSI с точки зрения информационной безопасности, классификация уязвимостей и мероприятий обеспечен...

  2. Security during the Construction of New Nuclear Power Plants: Technical Basis for Access Authorization and Fitness-For-Duty Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Branch, Kristi M.; Baker, Kathryn A.

    2009-09-01

    A technical letter report to the NRC summarizing the findings of a benchmarking study, literature review, and workshop with experts on current industry standards and expert judgments about needs for security during the construction phase of critical infrastructure facilities in the post-September 11 U.S. context, with a special focus on the construction phase of nuclear power plants and personnel security measures.

  3. Air Cargo Security

    Science.gov (United States)

    2007-07-30

    security identification display areas ( SIDAs ). This effectively elevates the required security measures for these cargo handling areas and requires...monitoring. Additional technologies, such as computer algorithms for highlighting potential threat objects, may also be considered to aid human observers

  4. Ministerial Decree of 16 February 1976 relating to approval of the model certificate of financial security for the transport of radioactive materials

    International Nuclear Information System (INIS)

    1976-01-01

    This Decree by the Minister of Industry, Commerce and Crafts, in consultation with the Minister of Transport, approves the model certificate of financial security for the transport of nuclear materials. This type of certificate issued by nuclear insurers is intended to provide detailed information on the nature of the financial security for damage likely to be caused by the materials in the course of transport; it is required to supply the certificate according to the Paris Convention on Third Party Liability in the Field of Nuclear Energy, ratified by Italy in 1975. The standardised presentation of this certificate enables it to be used in international transport between countries parties to the Paris Convention as proof of the existence of the financial security. (N.E.A.)

  5. Building a Narrative Based Requirements Engineering Mediation Model

    Science.gov (United States)

    Ma, Nan; Hall, Tracy; Barker, Trevor

    This paper presents a narrative-based Requirements Engineering (RE) mediation model to help RE practitioners to effectively identify, define, and resolve conflicts of interest, goals, and requirements. Within the SPI community, there is a common belief that social, human, and organizational issues significantly impact on the effectiveness of software process improvement in general and the requirements engineering process in particularl. Conflicts among different stakeholders are an important human and social issue that need more research attention in the SPI and RE community. By drawing on the conflict resolution literature and IS literature, we argue that conflict resolution in RE is a mediated process, in which a requirements engineer can act as a mediator among different stakeholders. To address socio-psychological aspects of conflict in RE and SPI, Winslade and Monk (2000)'s narrative mediation model is introduced, justified, and translated into the context of RE.

  6. The Application of Human and Social Behavioral-Inspired Security Models for Self-aware Collaborative Cognitive Radio Networks

    Science.gov (United States)

    Burbank, Jack L.; Kasch, William T. M.

    This paper discusses the introduction of anthropology and sociology-inspired approaches to providing security in collaborative self-aware cognitive radio networks. This includes the introduction of not only trust models, but also respect models and ‘intuition’ models. This paper discusses numerous potential benefits from this type of approach, including benefits to algorithm security, compromise recovery, protection from the Byzantine threat, and policy enforcement.

  7. Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard.

    Science.gov (United States)

    Gutiérrez-Martínez, Josefina; Núñez-Gaona, Marco Antonio; Aguirre-Meneses, Heriberto

    2015-08-01

    Data security is a critical issue in an organization; a proper information security management (ISM) is an ongoing process that seeks to build and maintain programs, policies, and controls for protecting information. A hospital is one of the most complex organizations, where patient information has not only legal and economic implications but, more importantly, an impact on the patient's health. Imaging studies include medical images, patient identification data, and proprietary information of the study; these data are contained in the storage device of a PACS. This system must preserve the confidentiality, integrity, and availability of patient information. There are techniques such as firewalls, encryption, and data encapsulation that contribute to the protection of information. In addition, the Digital Imaging and Communications in Medicine (DICOM) standard and the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regulations are also used to protect the patient clinical data. However, these techniques are not systematically applied to the picture and archiving and communication system (PACS) in most cases and are not sufficient to ensure the integrity of the images and associated data during transmission. The ISO/IEC 27001:2013 standard has been developed to improve the ISM. Currently, health institutions lack effective ISM processes that enable reliable interorganizational activities. In this paper, we present a business model that accomplishes the controls of ISO/IEC 27002:2013 standard and criteria of security and privacy from DICOM and HIPAA to improve the ISM of a large-scale PACS. The methodology associated with the model can monitor the flow of data in a PACS, facilitating the detection of unauthorized access to images and other abnormal activities.

  8. Quality of Security Service: Adaptive Security

    National Research Council Canada - National Science Library

    Levin, Timothy E; Irvine, Cynthia E; Spyropoulou, Evdoxia

    2004-01-01

    The premise of Quality of Security Service is that system and network management functions can be more effective if variable levels of security services and requirements can be presented to users or network tasks...

  9. Cloud Computing Security: A Survey

    Directory of Open Access Journals (Sweden)

    Issa M. Khalil

    2014-02-01

    Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

  10. Global maize trade and food security: implications from a social network model.

    Science.gov (United States)

    Wu, Felicia; Guclu, Hasan

    2013-12-01

    In this study, we developed a social network model of the global trade of maize: one of the most important food, feed, and industrial crops worldwide, and critical to food security. We used this model to analyze patterns of maize trade among nations, and to determine where vulnerabilities in food security might arise if maize availability was decreased due to factors such as diversion to nonfood uses, climatic factors, or plant diseases. Using data on imports and exports from the U.N. Commodity Trade Statistics Database for each year from 2000 to 2009 inclusive, we summarized statistics on volumes of maize trade between pairs of nations for 217 nations. There is evidence of market segregation among clusters of nations; with three prominent clusters representing Europe, Brazil and Argentina, and the United States. The United States is by far the largest exporter of maize worldwide, whereas Japan and the Republic of Korea are the largest maize importers. In particular, the star-shaped cluster of the network that represents U.S. maize trade to other nations indicates the potential for food security risks because of the lack of trade these other nations conduct with other maize exporters. If a scenario arose in which U.S. maize could not be exported in as large quantities, maize supplies in many nations could be jeopardized. We discuss this in the context of recent maize ethanol production and its attendant impacts on food prices elsewhere worldwide. © 2013 Society for Risk Analysis.

  11. CRYPTOGRAPHIC SECURE CLOUD STORAGE MODEL WITH ANONYMOUS AUTHENTICATION AND AUTOMATIC FILE RECOVERY

    Directory of Open Access Journals (Sweden)

    Sowmiya Murthy

    2014-10-01

    Full Text Available We propose a secure cloud storage model that addresses security and storage issues for cloud computing environments. Security is achieved by anonymous authentication which ensures that cloud users remain anonymous while getting duly authenticated. For achieving this goal, we propose a digital signature based authentication scheme with a decentralized architecture for distributed key management with multiple Key Distribution Centers. Homomorphic encryption scheme using Paillier public key cryptosystem is used for encrypting the data that is stored in the cloud. We incorporate a query driven approach for validating the access policies defined by an individual user for his/her data i.e. the access is granted to a requester only if his credentials matches with the hidden access policy. Further, since data is vulnerable to losses or damages due to the vagaries of the network, we propose an automatic retrieval mechanism where lost data is recovered by data replication and file replacement with string matching algorithm. We describe a prototype implementation of our proposed model.

  12. WORKSTATION SECURITY ENSURANCE

    OpenAIRE

    Hudoklin, Alenka; Stadler, Alenka

    1998-01-01

    A methodology for the ensured security of a workstation connected in a computer network with in an organization is presented. A technique for the determination of the required security level for a workstation's tangible and intangible components is described. A set of security measures for each security level of the workstation's tangible and intangible components is selected. The methodology is applied to workstations in the computer network of a Slovenian state agency. The required security...

  13. 78 FR 73993 - Special Conditions: Cessna Model 680 Series Airplanes; Aircraft Electronic System Security...

    Science.gov (United States)

    2013-12-10

    ... systems and networks. Connectivity to, or access by, external systems and networks may result in security... and network configuration may allow the exploitation of network security vulnerabilities resulting in... Electronic System Security Protection From Unauthorized External Access AGENCY: Federal Aviation...

  14. 78 FR 75451 - Special Conditions: Cessna Model 750 Series Airplanes; Aircraft Electronic System Security...

    Science.gov (United States)

    2013-12-12

    ... systems and networks. Connectivity to, or access by, external systems and networks may result in security... and network configuration may allow the exploitation of network security vulnerabilities resulting in... Electronic System Security Protection From Unauthorized External Access AGENCY: Federal Aviation...

  15. Mathematical model and coordination algorithms for ensuring complex security of an organization

    Science.gov (United States)

    Novoseltsev, V. I.; Orlova, D. E.; Dubrovin, A. S.; Irkhin, V. P.

    2018-03-01

    The mathematical model of coordination when ensuring complex security of the organization is considered. On the basis of use of a method of casual search three types of algorithms of effective coordination adequate to mismatch level concerning security are developed: a coordination algorithm at domination of instructions of the coordinator; a coordination algorithm at domination of decisions of performers; a coordination algorithm at parity of interests of the coordinator and performers. Assessment of convergence of the algorithms considered above it was made by carrying out a computing experiment. The described algorithms of coordination have property of convergence in the sense stated above. And, the following regularity is revealed: than more simply in the structural relation the algorithm, for the smaller number of iterations is provided to those its convergence.

  16. Model-based human reliability analysis: prospects and requirements

    International Nuclear Information System (INIS)

    Mosleh, A.; Chang, Y.H.

    2004-01-01

    Major limitations of the conventional methods for human reliability analysis (HRA), particularly those developed for operator response analysis in probabilistic safety assessments (PSA) of nuclear power plants, are summarized as a motivation for the need and a basis for developing requirements for the next generation HRA methods. It is argued that a model-based approach that provides explicit cognitive causal links between operator behaviors and directly or indirectly measurable causal factors should be at the core of the advanced methods. An example of such causal model is briefly reviewed, where due to the model complexity and input requirements can only be currently implemented in a dynamic PSA environment. The computer simulation code developed for this purpose is also described briefly, together with current limitations in the models, data, and the computer implementation

  17. An Analysis of Cloud Model-Based Security for Computing Secure Cloud Bursting and Aggregation in Real Environment

    OpenAIRE

    Pritesh Jain; Vaishali Chourey; Dheeraj Rane

    2011-01-01

    Cloud Computing has emerged as a major information and communications technology trend and has been proved as a key technology for market development and analysis for the users of several field. The practice of computing across two or more data centers separated by the Internet is growing in popularity due to an explosion in scalable computing demands. However, one of the major challenges that faces the cloud computing is how to secure and protect the data and processes the data of the user. ...

  18. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  19. NASA Standard for Models and Simulations: Philosophy and Requirements Overview

    Science.gov (United States)

    Blattnig, Steve R.; Luckring, James M.; Morrison, Joseph H.; Sylvester, Andre J.; Tripathi, Ram K.; Zang, Thomas A.

    2013-01-01

    Following the Columbia Accident Investigation Board report, the NASA Administrator chartered an executive team (known as the Diaz Team) to identify those CAIB report elements with NASA-wide applicability and to develop corrective measures to address each element. One such measure was the development of a standard for the development, documentation, and operation of models and simulations. This report describes the philosophy and requirements overview of the resulting NASA Standard for Models and Simulations.

  20. Critical Business Requirements Model and Metrics for Intranet ROI

    OpenAIRE

    Luqi; Jacoby, Grant A.

    2005-01-01

    Journal of Electronic Commerce Research, Vol. 6, No. 1, pp. 1-30. This research provides the first theoretical model, the Intranet Efficiency and Effectiveness Model (IEEM), to measure intranet overall value contributions based on a corporation’s critical business requirements by applying a balanced baseline of metrics and conversion ratios linked to key business processes of knowledge workers, IT managers and business decision makers -- in effect, closing the gap of understanding...

  1. 76 FR 46603 - Security Ratings

    Science.gov (United States)

    2011-08-03

    ... SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 200, 229, 230, 232, 239, 240, and 249 [Release No. 33-9245; 34-64975; File No. S7-18-08] RIN 3235-AK18 Security Ratings AGENCY: Securities and Exchange... requirements under the Securities Act of 1933 and the Securities Exchange Act of 1934 for securities offering...

  2. Fusing Quantitative Requirements Analysis with Model-based Systems Engineering

    Science.gov (United States)

    Cornford, Steven L.; Feather, Martin S.; Heron, Vance A.; Jenkins, J. Steven

    2006-01-01

    A vision is presented for fusing quantitative requirements analysis with model-based systems engineering. This vision draws upon and combines emergent themes in the engineering milieu. "Requirements engineering" provides means to explicitly represent requirements (both functional and non-functional) as constraints and preferences on acceptable solutions, and emphasizes early-lifecycle review, analysis and verification of design and development plans. "Design by shopping" emphasizes revealing the space of options available from which to choose (without presuming that all selection criteria have previously been elicited), and provides means to make understandable the range of choices and their ramifications. "Model-based engineering" emphasizes the goal of utilizing a formal representation of all aspects of system design, from development through operations, and provides powerful tool suites that support the practical application of these principles. A first step prototype towards this vision is described, embodying the key capabilities. Illustrations, implications, further challenges and opportunities are outlined.

  3. Models of protein and amino acid requirements for cattle

    Directory of Open Access Journals (Sweden)

    Luis Orlindo Tedeschi

    2015-03-01

    Full Text Available Protein supply and requirements by ruminants have been studied for more than a century. These studies led to the accumulation of lots of scientific information about digestion and metabolism of protein by ruminants as well as the characterization of the dietary protein in order to maximize animal performance. During the 1980s and 1990s, when computers became more accessible and powerful, scientists began to conceptualize and develop mathematical nutrition models, and to program them into computers to assist with ration balancing and formulation for domesticated ruminants, specifically dairy and beef cattle. The most commonly known nutrition models developed during this period were the National Research Council (NRC in the United States, Agricultural Research Council (ARC in the United Kingdom, Institut National de la Recherche Agronomique (INRA in France, and the Commonwealth Scientific and Industrial Research Organization (CSIRO in Australia. Others were derivative works from these models with different degrees of modifications in the supply or requirement calculations, and the modeling nature (e.g., static or dynamic, mechanistic, or deterministic. Circa 1990s, most models adopted the metabolizable protein (MP system over the crude protein (CP and digestible CP systems to estimate supply of MP and the factorial system to calculate MP required by the animal. The MP system included two portions of protein (i.e., the rumen-undegraded dietary CP - RUP - and the contributions of microbial CP - MCP as the main sources of MP for the animal. Some models would explicitly account for the impact of dry matter intake (DMI on the MP required for maintenance (MPm; e.g., Cornell Net Carbohydrate and Protein System - CNCPS, the Dutch system - DVE/OEB, while others would simply account for scurf, urinary, metabolic fecal, and endogenous contributions independently of DMI. All models included milk yield and its components in estimating MP required for lactation

  4. Agent-Based Model of Information Security System: Architecture and Formal Framework for Coordinated Intelligent Agents Behavior Specification

    National Research Council Canada - National Science Library

    Gorodetski, Vladimir

    2001-01-01

    The contractor will research and further develop the technology supporting an agent-based architecture for an information security system and a formal framework to specify a model of distributed knowledge...

  5. Computer security engineering management

    International Nuclear Information System (INIS)

    McDonald, G.W.

    1988-01-01

    For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

  6. Quality of Protection Evaluation of Security Mechanisms

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol. PMID:25136683

  7. PREVENTIVE SIGNATURE MODEL FOR SECURE CLOUD DEPLOYMENT THROUGH FUZZY DATA ARRAY COMPUTATION

    Directory of Open Access Journals (Sweden)

    R. Poorvadevi

    2017-01-01

    Full Text Available Cloud computing is a resource pool which offers boundless services by the form of resources to its end users whoever heavily depends on cloud service providers. Cloud is providing the service access across the geographic locations in an efficient way. However it is offering numerous services, client end system is not having adequate methods, security policies and other protocols for using the cloud customer secret level transactions and other privacy related information. So, this proposed model brings the solution for securing the cloud user confidential data, Application deployment and also identifying the genuineness of the user by applying the scheme which is referred as fuzzy data array computation. Fuzzy data array computation provides an effective system is called signature retrieval and evaluation system through which customer’s data can be safeguarded along with their application. This signature system can be implemented on the cloud environment using the cloud sim 3.0 simulator tools. It facilitates the security operation over the data centre and cloud vendor locations in an effective manner.

  8. Safety Analysis Report for Packaging, Y-12 National Security Complex, Model ES-3100 Package with Bulk HEU Contents

    Energy Technology Data Exchange (ETDEWEB)

    Anderson, James [Y-12 National Security Complex, Oak Ridge, TN (United States); Goins, Monty [Y-12 National Security Complex, Oak Ridge, TN (United States); Paul, Pran [Y-12 National Security Complex, Oak Ridge, TN (United States); Wilkinson, Alan [Y-12 National Security Complex, Oak Ridge, TN (United States); Wilson, David [Y-12 National Security Complex, Oak Ridge, TN (United States)

    2015-09-03

    This safety analysis report for packaging (SARP) presents the results of the safety analysis prepared in support of the Consolidated Nuclear Security, LLC (CNS) request for licensing of the Model ES-3100 package with bulk highly enriched uranium (HEU) contents and issuance of a Type B(U) Fissile Material Certificate of Compliance. This SARP, published in the format specified in the Nuclear Regulatory Commission (NRC) Regulatory Guide 7.9 and using information provided in UCID-21218 and NRC Regulatory Guide 7.10, demonstrates that the Y-12 National Security Complex (Y-12) ES-3100 package with bulk HEU contents meets the established NRC regulations for packaging, preparation for shipment, and transportation of radioactive materials given in Title 10, Part 71, of the Code of Federal Regulations (CFR) [10 CFR 71] as well as U.S. Department of Transportation (DOT) regulations for packaging and shipment of hazardous materials given in Title 49 CFR. To protect the health and safety of the public, shipments of adioactive materials are made in packaging that is designed, fabricated, assembled, tested, procured, used, maintained, and repaired in accordance with the provisions cited above. Safety requirements addressed by the regulations that must be met when transporting radioactive materials are containment of radioactive materials, radiation shielding, and assurance of nuclear subcriticality.

  9. Protecting America's economy, environment, health, and security against invasive species requires a strong federal program in systematic biology

    Science.gov (United States)

    Hilda Diaz-Soltero; Amy Y. Rossman

    2011-01-01

    Systematics is the science that identifies and groups organisms by understanding their origins, relationships, and distributions. It is fundamental to understanding life on earth, our crops, wildlife, and diseases, and it provides the scientific foundation to recognize and manage invasive species. Protecting America's economy, environment, health, and security...

  10. From Wireless Sensor Networks to Wireless Body Area Networks: Formal Modeling and Verification on Security Using PAT

    Directory of Open Access Journals (Sweden)

    Tieming Chen

    2016-01-01

    Full Text Available Model checking has successfully been applied on verification of security protocols, but the modeling process is always tedious and proficient knowledge of formal method is also needed although the final verification could be automatic depending on specific tools. At the same time, due to the appearance of novel kind of networks, such as wireless sensor networks (WSN and wireless body area networks (WBAN, formal modeling and verification for these domain-specific systems are quite challenging. In this paper, a specific and novel formal modeling and verification method is proposed and implemented using an expandable tool called PAT to do WSN-specific security verification. At first, an abstract modeling data structure for CSP#, which is built in PAT, is developed to support the node mobility related specification for modeling location-based node activity. Then, the traditional Dolev-Yao model is redefined to facilitate modeling of location-specific attack behaviors on security mechanism. A throughout formal verification application on a location-based security protocol in WSN is described in detail to show the usability and effectiveness of the proposed methodology. Furthermore, also a novel location-based authentication security protocol in WBAN can be successfully modeled and verified directly using our method, which is, to the best of our knowledge, the first effort on employing model checking for automatic analysis of authentication protocol for WBAN.

  11. Atmospheric disturbance modelling requirements for flying qualities applications

    Science.gov (United States)

    Moorhouse, D. J.

    1978-01-01

    Flying qualities are defined as those airplane characteristics which govern the ease or precision with which the pilot can accomplish the mission. Some atmospheric disturbance modelling requirements for aircraft flying qualities applications are reviewed. It is concluded that some simplifications are justified in identifying the primary influence on aircraft response and pilot control. It is recommended that a universal environmental model be developed, which could form the reference for different applications. This model should include the latest information on winds, turbulence, gusts, visibility, icing and precipitation. A chosen model would be kept by a national agency and updated regularly by feedback from users. A user manual is believed to be an essential part of such a model.

  12. Baseline requirements of the proposed action for the Transportation Management Division routing models

    International Nuclear Information System (INIS)

    Johnson, P.E.; Joy, D.S.

    1995-02-01

    The potential impacts associated with the transportation of hazardous materials are important to shippers, carriers, and the general public. This is particularly true for shipments of radioactive material. The shippers are primarily concerned with safety, security, efficiency, and equipment requirements. The carriers are concerned with the potential impact that radioactive shipments may have on their operations--particularly if such materials are involved in an accident. The general public has also expressed concerns regarding the safety of transporting radioactive and other hazardous materials through their communities. Because transportation routes are a central concern in hazardous material transport, the prediction of likely routes is the first step toward resolution of these issues. In response to these routing needs, several models have been developed over the past fifteen years at Oak Ridge National Laboratory (ORNL). The HIGHWAY routing model is used to predict routes for truck transportation, the INTERLINE routing model is used to predict both rail and barge routes, and the AIRPORT locator model is used to determine airports with specified criteria near a specific location. As part of the ongoing improvement of the US Department of Energy's (DOE) Environmental Management Transportation Management Division's (EM-261) computer systems and development efforts, a Baseline Requirements Assessment Session on the HIGHWAY, INTERLINE, and AIRPORT models was held at ORNL on April 27, 1994. The purpose of this meeting was to discuss the existing capabilities of the models and data bases and to review enhancements of the models and data bases to expand their usefulness. The results of the Baseline Requirements Assessment Section will be discussed in this report. The discussions pertaining to the different models are contained in separate sections

  13. Information Models, Data Requirements, and Agile Data Curation

    Science.gov (United States)

    Hughes, John S.; Crichton, Dan; Ritschel, Bernd; Hardman, Sean; Joyner, Ron

    2015-04-01

    The Planetary Data System's next generation system, PDS4, is an example of the successful use of an ontology-based Information Model (IM) to drive the development and operations of a data system. In traditional systems engineering, requirements or statements about what is necessary for the system are collected and analyzed for input into the design stage of systems development. With the advent of big data the requirements associated with data have begun to dominate and an ontology-based information model can be used to provide a formalized and rigorous set of data requirements. These requirements address not only the usual issues of data quantity, quality, and disposition but also data representation, integrity, provenance, context, and semantics. In addition the use of these data requirements during system's development has many characteristics of Agile Curation as proposed by Young et al. [Taking Another Look at the Data Management Life Cycle: Deconstruction, Agile, and Community, AGU 2014], namely adaptive planning, evolutionary development, early delivery, continuous improvement, and rapid and flexible response to change. For example customers can be satisfied through early and continuous delivery of system software and services that are configured directly from the information model. This presentation will describe the PDS4 architecture and its three principle parts: the ontology-based Information Model (IM), the federated registries and repositories, and the REST-based service layer for search, retrieval, and distribution. The development of the IM will be highlighted with special emphasis on knowledge acquisition, the impact of the IM on development and operations, and the use of shared ontologies at multiple governance levels to promote system interoperability and data correlation.

  14. SPION: Secure Protocols in OSI Networks

    OpenAIRE

    Ahlgren, Bengt; Lindgren, Per; Sirotkin, Teet

    1989-01-01

    SPION: Secure Protocols in OSI Networks This report describes how security services can be realized in a computer network using the protocols of the Open Systems Interconnection (OSI) reference model for communication. The report starts with defining security requirements for a "typical" local area network in a company, university or similar organization. It is assumed that the organization does not use the network for transfer of extremely sensitive information, such a...

  15. Security for safety critical space borne systems

    Science.gov (United States)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  16. Backup key generation model for one-time password security protocol

    Science.gov (United States)

    Jeyanthi, N.; Kundu, Sourav

    2017-11-01

    The use of one-time password (OTP) has ushered new life into the existing authentication protocols used by the software industry. It introduced a second layer of security to the traditional username-password authentication, thus coining the term, two-factor authentication. One of the drawbacks of this protocol is the unreliability of the hardware token at the time of authentication. This paper proposes a simple backup key model that can be associated with the real world applications’user database, which would allow a user to circumvent the second authentication stage, in the event of unavailability of the hardware token.

  17. Customer focus level following implementation of quality improvement model in Tehran social security hospitals.

    Science.gov (United States)

    Mehrabi, F; Nasiripour, A; Delgoshaei, B

    2008-01-01

    The key factor for the success of total quality management programs in an organization is focusing on the customer. The purpose of this paper is to assess customer focus level following implementation of a quality improvement model in social security hospitals in Tehran Province. This research was descriptive-comparative in nature. The study population consisted of the implementers of quality improvement model in four Tehran social security hospitals. The data were gathered through a checklist addressing customer knowledge and customer satisfaction. The research findings indicated that the average scores on customer knowledge in Shahriar, Alborz, Milad, and Varamin hospitals were 64.1, 61.2, 54.1, and 46.6, respectively. The average scores on customer satisfaction in Shahriar, Alborz, Milad, and Varamin hospitals were 67.7, 65, 59.4, and 50, respectively. The customer focus average scores in Shahriar, Alborz, Milad, and Varamin hospitals were 66.3, 63.3, 57.3, and 48.6, respectively. The total average scores on customer knowledge, satisfaction and customer focus in the investigated hospitals proved to be 56.4, 60.5, and 58.9, respectively. The paper is of value in showing that implementation of the quality improvement model could considerably improve customer focus level.

  18. FOOD SECURITY

    Directory of Open Access Journals (Sweden)

    Dorina Ardelean

    2013-12-01

    Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

  19. Numerical Simulation of Inter-basin Groundwater Flow into Northern Yucca Flat, Nevada National Security Site, Using the Death Valley Regional Flow System Model

    Energy Technology Data Exchange (ETDEWEB)

    Pohlmann Karl,Ye Ming

    2012-03-01

    Models of groundwater flow for the Yucca Flat area of the Nevada National Security Site (NNSS) are under development by the U.S. Department of Energy (DOE) for corrective action investigations of the Yucca Flat-Climax Mine Corrective Action Unit (CAU). One important aspect of these models is the quantity of inter-basin groundwater flow from regional systems to the north. This component of flow, together with its uncertainty, must be properly accounted for in the CAU flow models to provide a defensible regional framework for calculations of radionuclide transport that will support determinations of the Yucca Flat-Climax Mine contaminant boundary. Because characterizing flow boundary conditions in northern Yucca Flat requires evaluation to a higher level of detail than the scale of the Yucca Flat-Climax Mine CAU model can efficiently provide, a study more focused on this aspect of the model was required.

  20. Using Trust to Establish a Secure Routing Model in Cognitive Radio Network.

    Science.gov (United States)

    Zhang, Guanghua; Chen, Zhenguo; Tian, Liqin; Zhang, Dongwen

    2015-01-01

    Specific to the selective forwarding attack on routing in cognitive radio network, this paper proposes a trust-based secure routing model. Through monitoring nodes' forwarding behaviors, trusts of nodes are constructed to identify malicious nodes. In consideration of that routing selection-based model must be closely collaborative with spectrum allocation, a route request piggybacking available spectrum opportunities is sent to non-malicious nodes. In the routing decision phase, nodes' trusts are used to construct available path trusts and delay measurement is combined for making routing decisions. At the same time, according to the trust classification, different responses are made specific to their service requests. By adopting stricter punishment on malicious behaviors from non-trusted nodes, the cooperation of nodes in routing can be stimulated. Simulation results and analysis indicate that this model has good performance in network throughput and end-to-end delay under the selective forwarding attack.

  1. Using Trust to Establish a Secure Routing Model in Cognitive Radio Network

    Science.gov (United States)

    Zhang, Guanghua; Chen, Zhenguo; Tian, Liqin; Zhang, Dongwen

    2015-01-01

    Specific to the selective forwarding attack on routing in cognitive radio network, this paper proposes a trust-based secure routing model. Through monitoring nodes’ forwarding behaviors, trusts of nodes are constructed to identify malicious nodes. In consideration of that routing selection-based model must be closely collaborative with spectrum allocation, a route request piggybacking available spectrum opportunities is sent to non-malicious nodes. In the routing decision phase, nodes’ trusts are used to construct available path trusts and delay measurement is combined for making routing decisions. At the same time, according to the trust classification, different responses are made specific to their service requests. By adopting stricter punishment on malicious behaviors from non-trusted nodes, the cooperation of nodes in routing can be stimulated. Simulation results and analysis indicate that this model has good performance in network throughput and end-to-end delay under the selective forwarding attack. PMID:26421843

  2. Developing security protocols in χ-Spaces

    DEFF Research Database (Denmark)

    Crazzolara, Federico; Milicia, Giuseppe

    2002-01-01

    It is of paramount importance that a security protocol effectively enforces the desired security requirements. The apparent simplicity of informal protocol descriptions hides the inherent complexity of their interactions which, often, invalidate informal correctness arguments and justify the effort...... of formal protocol verification. Verification, however, is usually carried out on an abstract model not at all related with a protocol’s implementation. Experience shows that security breaches introduced in implementations of successfully verified models are rather common. The χ-Spaces framework...... is an implementation of SPL (Security Protocol Language), a formal model for studying security protocols. In this paper we discuss the use of χ-Spaces as a tool for developing robust security protocol implementations. To make the case, we take a family of key-translation protocols due to Woo and Lam and show how χ...

  3. The Security Aspect of Turkey-United States Relations: In Search For a New Model

    Directory of Open Access Journals (Sweden)

    Irina A. Svistunova

    2016-01-01

    Full Text Available Security cooperation has always been an important aspect of the relations between Turkey and the USA. In Cold War era Turkish-American interaction within NATO played a crucial role in this cooperation. After that period the two countries began to search for a new model of their relations. Both Turkey and the USA started to use cooperation within NATO for the purpose of strengthening their global positions. At the same time the USA aspiration to use military bases in Turkey beyond NATO obligations frequently becomes a source of disagreement and crises in the relations of the two countries as it happened during the American intervention to Iraq in 2003. At present new challenges for regional security, especially in the Middle East, demands new forms of interaction between Turkey and the USA. The beginning of "the Arab spring" was met in Ankara and Washington with overlapping interest in changing conservative regimes and promoting "Turkish model". At the same time such questions as participation of Turkey in the fight against ISIL and the USA military cooperation with the Syrian Kurds, whom Ankara considers to be connected with the PKK terrorist organization, has brought serious contradictions between the two countries. The cause of these contradiction is the difference in the perception of threats in Turkey and in the Western countries. While the search for new forms of security cooperation meets with difficulties, NATO remains important for the relations between Turkey and the USA, despite traditionally high level of anti-NATO moods in the Turkish society.

  4. Water security, risk, and economic growth: Insights from a dynamical systems model

    Science.gov (United States)

    Dadson, Simon; Hall, Jim W.; Garrick, Dustin; Sadoff, Claudia; Grey, David; Whittington, Dale

    2017-08-01

    Investments in the physical infrastructure, human capital, and institutions needed for water resources management have been noteworthy in the development of most civilizations. These investments affect the economy in two distinct ways: (i) by improving the factor productivity of water in multiple economic sectors, especially those that are water intensive such as agriculture and energy and (ii) by reducing acute and chronic harmful effects of water-related hazards like floods, droughts, and water-related diseases. The need for capital investment to mitigate risks and promote economic growth is widely acknowledged, but prior conceptual work on the relationship between water-related investments and economic growth has focused on the productive and harmful roles of water in the economy independently. Here the two influences are combined using a simple, dynamical systems model of water-related investment, risk, and growth. In cases where initial water security is low, initial investment in water-related assets enables growth. Without such investment, losses due to water-related hazards exert a drag on economic growth and may create a poverty trap. The presence and location of the poverty trap is context-specific and depends on the exposure of productive water-related assets to water-related risk. Exogenous changes in water-related risk can potentially push an economy away from a growth path toward a poverty trap. Our investigation shows that an inverted-U-shaped investment relation between the level of investment in water security and the current level of water security leads to faster rates of growth than the alternatives that we consider here, and that this relation is responsible for the "S"-curve that is posited in the literature. These results illustrate the importance of accounting for environmental and health risks in economic models and offer insights for the design of robust policies for investment in water-related productive assets to manage risk, in the face

  5. Dynamic model of minimax control over economic security state of the region in the presence of risks

    Directory of Open Access Journals (Sweden)

    Andrey Fedorovich Shorikov

    2012-06-01

    Full Text Available Investigation and solution of management of economic security state in the region (MESSR requires development of a dynamic economic-mathematical model that takes into account the presence of control actions, uncontrolled parameters (risk modeling errors, etc. and availability of information deficit. At the same time, the existing approaches to solving such problems are based primarily on static models and the use of stochastic modeling of the device, which is required for the application of knowledge of the probability characteristics of the main model parameters and special conditions for the realization of the process. We should note that to use the apparatus of stochastic modeling, very strict conditions are required, which in practice are usually not feasible in advance In this paper, we propose to use a deterministic approach for modeling and solving the original problem in the form of a dynamic programming problem of minimax control (optimization of a guaranteed result MESSR at the determined point of time, taking into account the availability of risks of deterministic and stochastic nature (combined risks model. At thesametime, under therisks in thesocial and economic system we understand thefactors that negatively catastrophically affect the results of the reviewed processes inside it. For an effective use, a technique of prediction and assessment of time rows and stochastic risks in MESSR optimization process is presented, which can serve as a basis for the development of appropriate computer software. To solve the problem of program minimax control MESSR in the presence of risks, we propose a method which is reduced to the realization of a finite number of solutions of linear and convex mathematical programming and discrete optimization problem. The proposed method makes it possible to develop efficient numerical procedures to implement computer simulation of the dynamics of the problem, build program minimax control and gain optimal

  6. The Extended Concept of Security and the Czech Security Practice

    Directory of Open Access Journals (Sweden)

    Libor Stejskal

    2008-12-01

    Full Text Available According to the extended concept of security, the nation state is no longer the sole privileged reference object of security. The traditional model of national security is developing from military terms to a broader concept which embraces the international, economic, social, environmental, and human rights dimensions of security. The meaning and relevance of the concept is being extended “upwards”, to international organisations, and “downwards”, to regional and local authorities, non-governmental organisations, communities, and individual citizens. This has immediate bearing on the everyday security reality of the Czech Republic. In international context, the “security frontier” of the Czech Republic is expanding, e.g. through the country’s involvement in UN and NATO security missions in conflict-ridden regions of Europe and the world. The country also helps enhance the internal security of the European Union, whose strength depends on its Member States’ willingness to “harmonise” the pursuit of their respective national security interests. This approach is especially important with regard to the principal security threats Europe faces and will continue to face in the future: terrorism and organised crime. It is vital that the Czech Republic have a well-working security system capable of responding effectively to a broad range of threats. This requirement applies first and foremost to the Police, the Fire and Rescue Service, and intelligence services. Unfortunately, with the present effectiveness of the Czech security system, much remains wishful thinking and, due to the lack of a comprehensive framework, a comparatively low level of protection against emergencies exists. Fight against crime is hampered by inefficient operation of the Police and judiciary. A thorough analysis of the aforementioned problems could provide basis for a broader public debate over the priorities and goals of Czech security policy, which should

  7. Secure Attachment Conceptualizations: The Influence of General and Specific Relational Models on Conflict Beliefs and Conflict Resolution Styles

    Directory of Open Access Journals (Sweden)

    Cheryl C. Woolley

    2007-06-01

    Full Text Available Attachment theory focuses on the cognitive models that underlie our interactions with attachment figures. Global or generalized mental models are thought to develop on the basis of attachment models with parents and might form the initial basis of internal working models in novel relationships. However, as discrepant information presents itself in a new relationship, it is thought that specific relational models develop. When conflict arises it can threaten the attachment bonds of the relationship. An Internet survey of 134 individuals in couple relationships was conducted to test the influence of secure parental and partner attachment conceptualizations on romantic relationship variables (conflict beliefs and conflict resolution styles. Results indicated that for the most part relationship variables were influenced by current secure romantic attachment conceptualizations. Analyses also indicated differential gender results for positive problem solving in terms of secure parental and partner attachment. Secure parental attachment was also found to impact on the report of compliant behavior during conflict resolution. Lastly, the belief that arguing is threatening was found to be impacted by an interaction effect between parental and partner attachment. In general secure partner attachment was more predictive of conflict resolution behavior and conflict beliefs, than a global attachment model. However, it would appear that the global attachment model can be activated in the context of the current relationship under certain conditions. This research lends support to the notion that generalized and specific attachment representations impacts differently on close relationship functioning, and encourages a further mapping of relationship functions in this regard.

  8. Supporting reputation based trust management enhancing security layer for cloud service models

    Science.gov (United States)

    Karthiga, R.; Vanitha, M.; Sumaiya Thaseen, I.; Mangaiyarkarasi, R.

    2017-11-01

    In the existing system trust between cloud providers and consumers is inadequate to establish the service level agreement though the consumer’s response is good cause to assess the overall reliability of cloud services. Investigators recognized the significance of trust can be managed and security can be provided based on feedback collected from participant. In this work a face recognition system that helps to identify the user effectively. So we use an image comparison algorithm where the user face is captured during registration time and get stored in database. With that original image we compare it with the sample image that is already stored in database. If both the image get matched then the users are identified effectively. When the confidential data are subcontracted to the cloud, data holders will become worried about the confidentiality of their data in the cloud. Encrypting the data before subcontracting has been regarded as the important resources of keeping user data privacy beside the cloud server. So in order to keep the data secure we use an AES algorithm. Symmetric-key algorithms practice a shared key concept, keeping data secret requires keeping this key secret. So only the user with private key can decrypt data.

  9. Effective Methodology for Security Risk Assessment of Computer Systems

    OpenAIRE

    Daniel F. García; Adrián Fernández

    2013-01-01

    Today, computer systems are more and more complex and support growing security risks. The security managers need to find effective security risk assessment methodologies that allow modeling well the increasing complexity of current computer systems but also maintaining low the complexity of the assessment procedure. This paper provides a brief analysis of common security risk assessment methodologies leading to the selection of a proper methodology to fulfill these requirements. Then, a detai...

  10. Using cloud models of heartbeats as the entity identifier to secure mobile devices.

    Science.gov (United States)

    Fu, Donglai; Liu, Yanhua

    2017-01-01

    Mobile devices are extensively used to store more private and often sensitive information. Therefore, it is important to protect them against unauthorised access. Authentication ensures that authorised users can use mobile devices. However, traditional authentication methods, such as numerical or graphic passwords, are vulnerable to passive attacks. For example, an adversary can steal the password by snooping from a shorter distance. To avoid these problems, this study presents a biometric approach that uses cloud models of heartbeats as the entity identifier to secure mobile devices. Here, it is identified that these concepts including cloud model or cloud have nothing to do with cloud computing. The cloud model appearing in the study is the cognitive model. In the proposed method, heartbeats are collected by two ECG electrodes that are connected to one mobile device. The backward normal cloud generator is used to generate ECG standard cloud models characterising the heartbeat template. When a user tries to have access to their mobile device, cloud models regenerated by fresh heartbeats will be compared with ECG standard cloud models to determine if the current user can use this mobile device. This authentication method was evaluated from three aspects including accuracy, authentication time and energy consumption. The proposed method gives 86.04% of true acceptance rate with 2.73% of false acceptance rate. One authentication can be done in 6s, and this processing consumes about 2000 mW of power.

  11. A framework for modelling the complexities of food and water security under globalisation

    Science.gov (United States)

    Dermody, Brian J.; Sivapalan, Murugesu; Stehfest, Elke; van Vuuren, Detlef P.; Wassen, Martin J.; Bierkens, Marc F. P.; Dekker, Stefan C.

    2018-01-01

    We present a new framework for modelling the complexities of food and water security under globalisation. The framework sets out a method to capture regional and sectoral interdependencies and cross-scale feedbacks within the global food system that contribute to emergent water use patterns. The framework integrates aspects of existing models and approaches in the fields of hydrology and integrated assessment modelling. The core of the framework is a multi-agent network of city agents connected by infrastructural trade networks. Agents receive socio-economic and environmental constraint information from integrated assessment models and hydrological models respectively and simulate complex, socio-environmental dynamics that operate within those constraints. The emergent changes in food and water resources are aggregated and fed back to the original models with minimal modification of the structure of those models. It is our conviction that the framework presented can form the basis for a new wave of decision tools that capture complex socio-environmental change within our globalised world. In doing so they will contribute to illuminating pathways towards a sustainable future for humans, ecosystems and the water they share.

  12. A framework for modelling the complexities of food and water security under globalisation

    Directory of Open Access Journals (Sweden)

    B. J. Dermody

    2018-01-01

    Full Text Available We present a new framework for modelling the complexities of food and water security under globalisation. The framework sets out a method to capture regional and sectoral interdependencies and cross-scale feedbacks within the global food system that contribute to emergent water use patterns. The framework integrates aspects of existing models and approaches in the fields of hydrology and integrated assessment modelling. The core of the framework is a multi-agent network of city agents connected by infrastructural trade networks. Agents receive socio-economic and environmental constraint information from integrated assessment models and hydrological models respectively and simulate complex, socio-environmental dynamics that operate within those constraints. The emergent changes in food and water resources are aggregated and fed back to the original models with minimal modification of the structure of those models. It is our conviction that the framework presented can form the basis for a new wave of decision tools that capture complex socio-environmental change within our globalised world. In doing so they will contribute to illuminating pathways towards a sustainable future for humans, ecosystems and the water they share.

  13. Modelling human resource requirements for the nuclear industry in Europe

    Energy Technology Data Exchange (ETDEWEB)

    Roelofs, Ferry [Nuclear Research and Consultancy Group (NRG) (Netherlands); Flore, Massimo; Estorff, Ulrik von [Joint Research Center (JRC) (Netherlands)

    2017-11-15

    The European Human Resource Observatory for Nuclear (EHRO-N) provides the European Commission with essential data related to supply and demand for nuclear experts in the EU-28 and the enlargement and integration countries based on bottom-up information from the nuclear industry. The objective is to assess how the supply of experts for the nuclear industry responds to the needs for the same experts for present and future nuclear projects in the region. Complementary to the bottom-up approach taken by the EHRO-N team at JRC, a top-down modelling approach has been taken in a collaboration with NRG in the Netherlands. This top-down modelling approach focuses on the human resource requirements for operation, construction, decommissioning, and efforts for long term operation of nuclear power plants. This paper describes the top-down methodology, the model input, the main assumptions, and the results of the analyses.

  14. Formal Requirements Modeling for Reactive Systems with Coloured Petri Nets

    DEFF Research Database (Denmark)

    Tjell, Simon

    . This is important because it represents the identi cation of what is being designed (the reactive system), and what is given and being made assumptions about (the environment). The representation of the environment is further partitioned to distinguish human actors from non-human actors. This allows the modeler...... to addressing the problem of validating formal requirements models through interactive graphical animations is presented. Executable Use Cases (EUCs) provide a framework for integrating three tiers of descriptions of specifications and environment assumptions: the lower tier is an informal description...... to distinguish the modeling artifacts describing the environment from those describing the specifications for a reactive system. The formalization allows for clear identi cation of interfaces between interacting domains, where the interaction takes place through an abstraction of possibly parameterized states...

  15. COMPUTER SYSTEM AND MODELLING OF THREATS TO ENERGY SECURITY OF MOLDOVA IN CASE OF INTERSYSTEM COMMUNICATION DISCONNECTION

    Directory of Open Access Journals (Sweden)

    Bicova E.V.

    2010-12-01

    Full Text Available In the paper modeling of a group of scenarios of threats to energetic security of Moldovan energy system, which occur in case of disconnecting (or limitation of cross-flows of electricity of 330 kV transmission line Balti-Dniester HPS. It was used for analysis a software application for energy security monitoring. The application has been developed in IE ASM.

  16. Trivariate Modeling of Interparental Conflict and Adolescent Emotional Security: An Examination of Mother-Father-Child Dynamics.

    Science.gov (United States)

    Cheung, Rebecca Y M; Cummings, E Mark; Zhang, Zhiyong; Davies, Patrick T

    2016-11-01

    Recognizing the significance of interacting family subsystems, the present study addresses how interparental conflict is linked to adolescent emotional security as a function of parental gender. A total of 272 families with a child at 12.60 years of age (133 boys, 139 girls) were invited to participate each year for three consecutive years. A multi-informant method was used, along with trivariate models to test the associations among mothers, fathers, and their adolescent children's behaviors. The findings from separate models of destructive and constructive interparental conflict revealed intricate linkages among family members. In the model of destructive interparental conflict, mothers and fathers predicted each other's conflict behaviors over time. Moreover, adolescents' exposure to negativity expressed by either parent dampened their emotional security. Consistent with child effects models, adolescent emotional insecurity predicted fathers' destructive conflict behaviors. As for the model of constructive interparental conflict, fathers predicted mothers' conflict behaviors over time. Adolescents' exposure to fathers' constructive conflict behaviors also enhanced their sense of emotional security. Consistent with child effects models, adolescent emotional security predicted mothers' and fathers' constructive conflict behaviors. These findings extended the family and the adolescent literature by indicating that family processes are multiidirectional, involving multiple dyads in the study of parents' and adolescents' functioning. Contributions of these findings to the understanding of interparental conflict and emotional security in adolescence are discussed.

  17. Model of an aquaponic system for minimised water, energy and nitrogen requirements.

    Science.gov (United States)

    Reyes Lastiri, D; Slinkert, T; Cappon, H J; Baganz, D; Staaks, G; Keesman, K J

    2016-01-01

    Water and nutrient savings can be established by coupling water streams between interacting processes. Wastewater from production processes contains nutrients like nitrogen (N), which can and should be recycled in order to meet future regulatory discharge demands. Optimisation of interacting water systems is a complex task. An effective way of understanding, analysing and optimising such systems is by applying mathematical models. The present modelling work aims at supporting the design of a nearly emission-free aquaculture and hydroponic system (aquaponics), thus contributing to sustainable production and to food security for the 21st century. Based on the model, a system that couples 40 m(3) fish tanks and a hydroponic system of 1,000 m(2) can produce 5 tons of tilapia and 75 tons of tomato yearly. The system requires energy to condense and recover evaporated water, for lighting and heating, adding up to 1.3 GJ/m(2) every year. In the suggested configuration, the fish can provide about 26% of the N required in a plant cycle. A coupling strategy that sends water from the fish to the plants in amounts proportional to the fish feed input, reduces the standard deviation of the NO3(-) level in the fish cycle by 35%.

  18. Relational-model based change management for non-functional requirements: approach and experiment

    NARCIS (Netherlands)

    Kassab, M.; Ormandjieva, O.; Daneva, Maia; Rolland, Colette; Collard, Martine

    2011-01-01

    In software industry, many organizations either focus their traceability efforts on Functional Requirements (FRs) or else fail entirely to implement an effective traceability process. NonFunctional Requirements (NFRs) such as security, safety, performance, and reliability are treated in a rather ad

  19. Transaction-based building controls framework, Volume 2: Platform descriptive model and requirements

    Energy Technology Data Exchange (ETDEWEB)

    Akyol, Bora A. [Pacific Northwest National Laboratory (PNNL), Richland, WA (United States); Haack, Jereme N. [Pacific Northwest National Laboratory (PNNL), Richland, WA (United States); Carpenter, Brandon J. [Pacific Northwest National Laboratory (PNNL), Richland, WA (United States); Katipamula, Srinivas [Pacific Northwest National Laboratory (PNNL), Richland, WA (United States); Lutes, Robert G. [Pacific Northwest National Laboratory (PNNL), Richland, WA (United States); Hernandez, George [Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)

    2015-07-31

    Transaction-based Building Controls (TBC) offer a control systems platform that provides an agent execution environment that meets the growing requirements for security, resource utilization, and reliability. This report outlines the requirements for a platform to meet these needs and describes an illustrative/exemplary implementation.

  20. A Research Agenda for Security Engineering

    Directory of Open Access Journals (Sweden)

    Rich Goyette

    2013-08-01

    Full Text Available Despite nearly 30 years of research and application, the practice of information system security engineering has not yet begun to exhibit the traits of a rigorous scientific discipline. As cyberadversaries have become more mature, sophisticated, and disciplined in their tradecraft, the science of security engineering has not kept pace. The evidence of the erosion of our digital security – upon which society is increasingly dependent – appears in the news almost daily. In this article, we outline a research agenda designed to begin addressing this deficit and to move information system security engineering toward a mature engineering discipline. Our experience suggests that there are two key areas in which this movement should begin. First, a threat model that is actionable from the perspectives of risk management and security engineering should be developed. Second, a practical and relevant security-measurement framework should be developed to adequately inform security-engineering and risk-management processes. Advances in these areas will particularly benefit business/government risk assessors as well as security engineers performing security design work, leading to more accurate, meaningful, and quantitative risk analyses and more consistent and coherent security design decisions. Threat modelling and security measurement are challenging activities to get right – especially when they need to be applied in a general context. However, these are decisive starting points because they constitute the foundation of a scientific security-engineering practice. Addressing these challenges will require stronger and more coherent integration between the sub-disciplines of risk assessment and security engineering, including new tools to facilitate that integration. More generally, changes will be required in the way security engineering is both taught and practiced to take into account the holistic approach necessary from a mature, scientific

  1. Experimental development based on mapping rule between requirements analysis model and web framework specific design model.

    Science.gov (United States)

    Okuda, Hirotaka; Ogata, Shinpei; Matsuura, Saeko

    2013-12-01

    Model Driven Development is a promising approach to develop high quality software systems. We have proposed a method of model-driven requirements analysis using Unified Modeling Language (UML). The main feature of our method is to automatically generate a Web user interface prototype from UML requirements analysis model so that we can confirm validity of input/output data for each page and page transition on the system by directly operating the prototype. We proposes a mapping rule in which design information independent of each web application framework implementation is defined based on the requirements analysis model, so as to improve the traceability to the final product from the valid requirements analysis model. This paper discusses the result of applying our method to the development of a Group Work Support System that is currently running in our department.

  2. Security Viewpoint in a Reference Architecture Model for Cyber-Physical Production Systems

    OpenAIRE

    Ma, Zhendong; Hudic, Aleksandar; Shaaban, Abdelkader; Plosz, Sandor

    2017-01-01

    Cyber-physical Production Systems (CPPS) are one of the technical driving forces behind the transformation of industrial production towards "digital factory of the future" in the context of Industry 4.0. Security is a major concern for such systems as they become more intelligent, interconnected, and coupled with physical devices. For various security activities from security analysis to designing security controls and architecture, a systematic and structured view and presentation of securit...

  3. An Assessment of the Security of China’s Natural Gas Supply System Using Two Network Models

    Directory of Open Access Journals (Sweden)

    Mingqi Zhang

    2015-12-01

    Full Text Available In the context of climate change, natural gas is becoming increasingly important for low-carbon development in China. The gap between the demand and supply of natural gas, domestically, and China’s high dependence on foreign sources, highlights the importance of ensuring a secure system for supplying natural gas in the country. This study applied ecological network analysis, a powerful systems-oriented method, to simulate interactions between different nodes of the natural gas supply system and to evaluate the system’s security level. Two network models were constructed at the regional and national layers, respectively, by dividing external natural gas suppliers into multiple regions and countries. These models were used to evaluate the overall security level and related characteristics of China’s natural gas supply system from 2000 to 2012. The results showed stable improvement in the system’s security during this period. With the exceptions of some specific indicators (e.g., the mutualism index (MI, analyses of network information and structure yielded the mostly similar results for the two models. In conclusion, a regional layer (RL network model is considered more economical than a national layer (NL model for evaluating the overall security of China’s natural gas supply system, especially when available data are limited.

  4. Development of a model for assessing the impact of information assurance functionality on secure messaging system performance

    Science.gov (United States)

    Belur, Sheela V.; Gloster, Jonathan

    2007-04-01

    An analytical performance model for a generic secure messaging system is formulated as a multi-class queuing network. The model includes assessment of the impact of security features such as secret key encryption/ decryption, signature generation/verification, and certificate validation, on overall performance. Findings of sensitivity analysis with respect to message rate, WAN transmission link, SSL encryption, message size, and distance between servers is also presented. Finally, the description of how the model can be adopted for making performance based architectural design options is outlined.

  5. MODELING OF PROCESSES OF OVERCOMING CONTRADICTIONS OF THE STATE AND ECONOMIC OPERATORS FOR THE SECURITY AND FACILITATION OF CUSTOMS PROCEDURES

    Directory of Open Access Journals (Sweden)

    Berezhnyuk Ivan

    2018-03-01

    Full Text Available Introduction. The issue of simultaneous provision of economic security of the state and simplification of customs procedures is actualized nowadays. The author of the study stressed the importance to create a «safe» business environment from the point of view of the customs sphere, which is based on «security», «justice» and «stability». Purpose. Development of methodical recommendations for modeling the processes of overcoming contradictions of the state and subjects of foreign economic activity in the field of security and simplification of customs procedures. Results. The research indicates that the appointment of revenue and fee bodies is the creation of favorable conditions for the development of foreign economic activity, ensuring the safety of society, protecting the customs interests of Ukraine. When performing customs duties by the SFS, the tasks assigned to them, aimed at ensuring the correct application, strict observance and prevention of non-compliance with the requirements of the Ukrainian legislation on state customs issues, may present risks that are inherently contradictory, conflicting in terms of the vector of action with respect to each other, namely: the probability of non-compliance by the subjects of foreign trade with the norms of customs legislation, or the creation of significant bureaucratic barriers in the process of economic operators. There is a peculiar conflict of interests between the state and the subjects of foreign economic activity. The main direction of creating a favorable business environment in accordance with the recommendations of WCO is the process of further simplification of customs procedures for subjects with a high degree of trust, fighting corruption and facilitating the movement of goods, vehicles and people in general. Conclusions. Thus, the scheme of «relations» between the state and the subjects of foreign economic activity can be modeled by the means of game theory, which is

  6. Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

    Science.gov (United States)

    Kassa, Woldeloul

    2016-01-01

    Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

  7. Specification of advanced safety modeling requirements (Rev. 0).

    Energy Technology Data Exchange (ETDEWEB)

    Fanning, T. H.; Tautges, T. J.

    2008-06-30

    The U.S. Department of Energy's Global Nuclear Energy Partnership has lead to renewed interest in liquid-metal-cooled fast reactors for the purpose of closing the nuclear fuel cycle and making more efficient use of future repository capacity. However, the U.S. has not designed or constructed a fast reactor in nearly 30 years. Accurate, high-fidelity, whole-plant dynamics safety simulations will play a crucial role by providing confidence that component and system designs will satisfy established design limits and safety margins under a wide variety of operational, design basis, and beyond design basis transient conditions. Current modeling capabilities for fast reactor safety analyses have resulted from several hundred person-years of code development effort supported by experimental validation. The broad spectrum of mechanistic and phenomenological models that have been developed represent an enormous amount of institutional knowledge that needs to be maintained. Complicating this, the existing code architectures for safety modeling evolved from programming practices of the 1970s. This has lead to monolithic applications with interdependent data models which require significant knowledge of the complexities of the entire code in order for each component to be maintained. In order to develop an advanced fast reactor safety modeling capability, the limitations of the existing code architecture must be overcome while preserving the capabilities that already exist. To accomplish this, a set of advanced safety modeling requirements is defined, based on modern programming practices, that focuses on modular development within a flexible coupling framework. An approach for integrating the existing capabilities of the SAS4A/SASSYS-1 fast reactor safety analysis code into the SHARP framework is provided in order to preserve existing capabilities while providing a smooth transition to advanced modeling capabilities. In doing this, the advanced fast reactor safety models

  8. CLSM: COUPLE LAYERED SECURITY MODEL A HIGH-CAPACITY DATA HIDING SCHEME USING WITH STEGANOGRAPHY

    Directory of Open Access Journals (Sweden)

    Cemal Kocak

    2017-03-01

    Full Text Available Cryptography and steganography are the two significant techniques used in secrecy of communications and in safe message transfer. In this study CLSM – Couple Layered Security Model is suggested which has a hybrid structure enhancing information security using features of cryptography and steganography. In CLSM system; the information which has been initially cryptographically encrypted is steganographically embedded in an image at the next step. The information is encrypted by means of a Text Keyword consisting of maximum 16 digits determined by the user in cryptography method. Similarly, the encrypted information is processed, during the embedding stage, using a 16 digit pin (I-PIN which is determined again by the user. The carrier images utilized in the study have been determined as 24 bit/pixel colour. Utilization of images in .jpeg, .tiff, .pnp format has also been provided. The performance of the CLSM method has been evaluated according to the objective quality measurement criteria of PSNR-dB (Peak Signal-to-Noise Ratio and SSIM (Structural Similarity Index. In the study, 12 different sized information between 1000 and 609,129 bits were embedded into images. Between 34.14 and 65.8 dB PSNR values and between 0.989 and 0.999 SSIM values were obtained. CLSM showed better results compared to Pixel Value Differencing (PVD method, Simulated Annealing (SA Algorithm and Mix column transform based on irreducible polynomial mathematics methods.

  9. Strategic planning and security analysis

    International Nuclear Information System (INIS)

    DePasquale, S.

    1991-01-01

    Nuclear security master planning is a deliberative process, founded on the premise that the broad scope of security must be analyzed before any meaningful determinations may be reached on an individual security aspect. This paper examines the analytical process required in developing a Security Master Plan. It defines a four stage process concluding with the selection of security measures encompassing physical security, policy and procedure considerations and guard force deployment. The final product orchestrates each security measure in a complementary and supportive configuration

  10. Model Penentuan Nilai Target Functional Requirement Berbasis Utilitas

    Directory of Open Access Journals (Sweden)

    Cucuk Nur Rosyidi

    2012-01-01

    Full Text Available In a product design and development process, a designer faces a problem to decide functional requirement (FR target values. That decision is made under a risk since it is conducted in the early design phase using incomplete information. Utility function can be used to reflect the decision maker attitude towards the risk in making such decision. In this research, we develop a utility-based model to determine FR target values using quadratic utility function and information from Quality Function Deployment (QFD. A pencil design is used as a numerical example using quadratic utility function for each FR. The model can be applied for balancing customer and designer interest in determining FR target values.

  11. Mathematical model as means of optimization of the automation system of the process of incidents of information security management

    Directory of Open Access Journals (Sweden)

    Yulia G. Krasnozhon

    2018-03-01

    Full Text Available Modern information technologies have an increasing importance for development dynamics and management structure of an enterprise. The management efficiency of implementation of modern information technologies directly related to the quality of information security incident management. However, issues of assessment of the impact of information security incidents management on quality and efficiency of the enterprise management system are not sufficiently highlighted neither in Russian nor in foreign literature. The main direction to approach these problems is the optimization of the process automation system of the information security incident management. Today a special attention is paid to IT-technologies while dealing with information security incidents at mission-critical facilities in Russian Federation such as the Federal Tax Service of Russia (FTS. It is proposed to use the mathematical apparatus of queueing theory in order to build a mathematical model of the system optimization. The developed model allows to estimate quality of the management taking into account the rules and restrictions imposed on the system by the effects of information security incidents. Here an example is given in order to demonstrate the system in work. The obtained statistical data are shown. An implementation of the system discussed here will improve the quality of the Russian FTS services and make responses to information security incidents faster.

  12. Requirements traceability in model-driven development: Applying model and transformation conformance

    NARCIS (Netherlands)

    Andrade Almeida, João; Iacob, Maria Eugenia; van Eck, Pascal

    The variety of design artifacts (models) produced in a model-driven design process results in an intricate relationship between requirements and the various models. This paper proposes a methodological framework that simplifies management of this relationship, which helps in assessing the quality of

  13. Security for multi-hop wireless networks

    CERN Document Server

    Mahmoud, Mohamed M E A

    2014-01-01

    This Springer Brief discusses efficient security protocols and schemes for multi-hop wireless networks. It presents an overview of security requirements for these networks, explores challenges in securing networks and presents system models. The authors introduce mechanisms to reduce the overhead and identify malicious nodes that drop packets intentionally. Also included is a new, efficient cooperation incentive scheme to stimulate the selfish nodes to relay information packets and enforce fairness. Many examples are provided, along with predictions for future directions of the field. Security

  14. A DPSIR model for ecological security assessment through indicator screening: a case study at Dianchi Lake in China.

    Directory of Open Access Journals (Sweden)

    Zhen Wang

    Full Text Available Given the important role of lake ecosystems in social and economic development, and the current severe environmental degradation in China, a systematic diagnosis of the ecological security of lakes is essential for sustainable development. A Driving-force, Pressure, Status, Impact, and Risk (DPSIR model, combined with data screening for lake ecological security assessment was developed to overcome the disadvantages of data selection in existing assessment methods. Correlation and principal component analysis were used to select independent and representative data. The DPSIR model was then applied to evaluate the ecological security of Dianchi Lake in China during 1988-2007 using an ecological security index. The results revealed a V-shaped trend. The application of the DPSIR model with data screening provided useful information regarding the status of the lake's ecosystem, while ensuring information efficiency and eliminating multicollinearity. The modeling approach described here is practical and operationally efficient, and provides an attractive alternative approach to assess the ecological security of lakes.

  15. Adequate Security Protocols Adopt in a Conceptual Model in Identity Management for the Civil Registry of Ecuador

    Science.gov (United States)

    Toapanta, Moisés; Mafla, Enrique; Orizaga, Antonio

    2017-08-01

    We analyzed the problems of security of the information of the civil registries and identification at world level that are considered strategic. The objective is to adopt the appropriate security protocols in a conceptual model in the identity management for the Civil Registry of Ecuador. In this phase, the appropriate security protocols were determined in a Conceptual Model in Identity Management with Authentication, Authorization and Auditing (AAA). We used the deductive method and exploratory research to define the appropriate security protocols to be adopted in the identity model: IPSec, DNSsec, Radius, SSL, TLS, IEEE 802.1X EAP, Set. It was a prototype of the location of the security protocols adopted in the logical design of the technological infrastructure considering the conceptual model for Identity, Authentication, Authorization, and Audit management. It was concluded that the adopted protocols are appropriate for a distributed database and should have a direct relationship with the algorithms, which allows vulnerability and risk mitigation taking into account confidentiality, integrity and availability (CIA).

  16. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

    Science.gov (United States)

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields.

  17. Security Operations Curriculum Package: BS in Global Security and Intelligence Studies, Security Operations Management Track, Embry-Riddle Aeronautical University, Prescott, AZ. BS in Security Operations Management, Model Curriculum

    Science.gov (United States)

    2011-10-24

    Jones and Barlett Publishers, Sudbury, MA (2005) 3. I David G. Patterson, CPP, PSP, Physical Protection Systems: Implementing Physical Security... Canter , D., & Youngs, D. (2009). Investigative psychology: Offender profiling and the analysis of criminal action. Chichester, West Sussex, United...Analysis of a scientific abstract [PsycNET] Scientific issues from Canter & Youngs Trans-scientific issues [Blackboard PowerPoint] Weekly Writing

  18. HOW RESILIENT IS THE EUROPEAN SOCIAL MODEL? FLEXIBILITY OR/AND SECURITY?

    Directory of Open Access Journals (Sweden)

    Georgeta GHEBREA

    2017-12-01

    Full Text Available Our paper aims to assess the resilience of the European social model (ESM against recent challenges. Resilience depends on effectively managing the contradictions of the ESM. Flexicurity is an example of managing contradictions between security and flexibility. The contribution of flexicurity to the resilience of the ESM is determined by the development of the abilities necessary for resilience. Our research evaluates the performance of these abilities using statistical and document analyses. The results show that flexicurity policies perform satisfactorily relative to their resilience abilities. Still, the ability to respond is less effective due to significant differences among the Member States (regarding the implementation of flexicurity policies and to insufficient openness and functionality of the European labour market. Nevertheless, the European flexicurity policies redefine the ESM by adding a touch of a more mobile, autonomous and free-spirited approach, thus representing a solution to both preserve valuable tradition and modernise the ESM.

  19. A GENERALIZATION OF TRADITIONAL KANO MODEL FOR CUSTOMER REQUIREMENTS ANALYSIS

    Directory of Open Access Journals (Sweden)

    Renáta Turisová

    2015-07-01

    Full Text Available Purpose: The theory of attractiveness determines the relationship between the technically achieved and customer perceived quality of product attributes. The most frequently used approach in the theory of attractiveness is the implementation of Kano‘s model. There exist a lot of generalizations of that model which take into consideration various aspects and approaches focused on understanding the customer preferences and identification of his priorities for a selling  product. The aim of this article is to outline another possible generalization of Kano‘s model.Methodology/Approach: The traditional Kano’s model captures the nonlinear relationship between reached attributes of quality and customer requirements. The individual attributes of quality are divided into three main categories: must-be, one-dimensional, attractive quality and into two side categories: indifferent and reverse quality. The well selling product has to contain the must-be attribute. It should contain as many one-dimensional attributes as possible. If there are also supplementary attractive attributes, it means that attractiveness of the entire product, from the viewpoint of the customer, nonlinearly sharply rises what has a direct positive impact on a decision of potential customer when purchasing the product. In this article, we show that inclusion of individual quality attributes of a product to the mentioned categories depends, among other things, also on costs on life cycle of the product, respectively on a price of the product on the market.Findings: In practice, we are often encountering the inclusion of products into different price categories: lower, middle and upper class. For a certain type of products the category is either directly declared by a producer (especially in automotive industry, or is determined by a customer by means of assessment of available market prices. To each of those groups of a products different customer expectations can be assigned

  20. Alternative policy impacts on US GHG emissions and energy security: A hybrid modeling approach

    International Nuclear Information System (INIS)

    Sarica, Kemal; Tyner, Wallace E.

    2013-01-01

    This study addresses the possible impacts of energy and climate policies, namely corporate average fleet efficiency (CAFE) standard, renewable fuel standard (RFS) and clean energy standard (CES), and an economy wide equivalent carbon tax on GHG emissions in the US to the year 2045. Bottom–up and top–down modeling approaches find widespread use in energy economic modeling and policy analysis, in which they differ mainly with respect to the emphasis placed on technology of the energy system and/or the comprehensiveness of endogenous market adjustments. For this study, we use a hybrid energy modeling approach, MARKAL–Macro, that combines the characteristics of two divergent approaches, in order to investigate and quantify the cost of climate policies for the US and an equivalent carbon tax. The approach incorporates Macro-economic feedbacks through a single sector neoclassical growth model while maintaining sectoral and technological detail of the bottom–up optimization framework with endogenous aggregated energy demand. Our analysis is done for two important objectives of the US energy policy: GHG reduction and increased energy security. Our results suggest that the emission tax achieves results quite similar to the CES policy but very different results in the transportation sector. The CAFE standard and RFS are more expensive than a carbon tax for emission reductions. However, the CAFE standard and RFS are much more efficient at achieving crude oil import reductions. The GDP losses are 2.0% and 1.2% relative to the base case for the policy case and carbon tax. That difference may be perceived as being small given the increased energy security gained from the CAFE and RFS policy measures and the uncertainty inherent in this type of analysis. - Highlights: • Evaluates US impacts of three energy/climate policies and a carbon tax (CT) • Analysis done with bottom–up MARKAL model coupled with a macro model • Electricity clean energy standard very close to

  1. Evaluation of Cyber Security and Modelling of Risk Propagation with Petri Nets

    Directory of Open Access Journals (Sweden)

    Marcin Szpyrka

    2017-02-01

    Full Text Available This article presents a new method of risk propagation among associated elements. On thebasis of coloured Petri nets, a new class called propagation nets is defined. This class providesa formal model of a risk propagation. The proposed method allows for model relations betweennodes forming the network structure. Additionally, it takes into account the bidirectional relationsbetween components as well as relations between isomorphic, symmetrical components in variousbranches of the network. This method is agnostic in terms of use in various systems and it canbe adapted to the propagation model of any systems’ characteristics; however, it is intentionallyproposed to assess the risk of critical infrastructures. In this paper, as a proof of concept example, weshow the formal model of risk propagation proposed within the project Cyberspace Security ThreatsEvaluation System of the Republic of Poland. In the article, the idea of the method is presented aswell as its use case for evaluation of risk for cyber threats. With the adaptation of Petri nets, it ispossible to evaluate the risk for the particular node and assess the impact of this risk for all relatednodes including hierarchic relations of components as well as isomorphism of elements.

  2. Modelling multiple threats to water security in the Peruvian Amazon using the WaterWorld Policy Support System

    Science.gov (United States)

    van Soesbergen, A. J. J.; Mulligan, M.

    2013-06-01

    This paper explores a multitude of threats to water security in the Peruvian Amazon using the WaterWorld policy support system. WaterWorld is a spatially explicit, physically-based globally-applicable model for baseline and scenario water balance that is particularly well suited to heterogeneous environments with little locally available data (e.g. ungauged basins) and which is delivered through a simple web interface, requiring little local capacity for use. The model is capable of producing a hydrological baseline representing the mean water balance for 1950-2000 and allows for examining impacts of population, climate and land use change as well as land and water management interventions on hydrology. This paper describes the application of WaterWorld to the Peruvian Amazon, an area that is increasingly under pressure from deforestation and water pollution as a result of population growth, rural to urban migration and oil and gas extraction, potentially impacting both water quantity and water quality. By applying single and combined scenarios of: climate change, deforestation around existing and planned roads, population growth and rural-urban migration, mining and oil and gas exploitation, we explore the potential combined impacts of these multiple changes on water resources in the Peruvian Amazon and discuss the likely pathways for adaptation to and mitigation against their worst effects. See Mulligan et al. (2013) for a similar analysis for the entire Amazon Basin.

  3. What is Security? A perspective on achieving security

    Energy Technology Data Exchange (ETDEWEB)

    Atencio, Julian J.

    2014-05-05

    This presentation provides a perspective on achieving security in an organization. It touches upon security as a mindset, ability to adhere to rules, cultivating awareness of the reason for a security mindset, the quality of a security program, willingness to admit fault or acknowledge failure, peer review in security, science as a model that can be applied to the security profession, the security vision, security partnering, staleness in the security program, security responsibilities, and achievement of success over time despite the impossibility of perfection.

  4. Modeling the minimum enzymatic requirements for optimal cellulose conversion

    International Nuclear Information System (INIS)

    Den Haan, R; Van Zyl, W H; Van Zyl, J M; Harms, T M

    2013-01-01

    Hydrolysis of cellulose is achieved by the synergistic action of endoglucanases, exoglucanases and β-glucosidases. Most cellulolytic microorganisms produce a varied array of these enzymes and the relative roles of the components are not easily defined or quantified. In this study we have used partially purified cellulases produced heterologously in the yeast Saccharomyces cerevisiae to increase our understanding of the roles of some of these components. CBH1 (Cel7), CBH2 (Cel6) and EG2 (Cel5) were separately produced in recombinant yeast strains, allowing their isolation free of any contaminating cellulolytic activity. Binary and ternary mixtures of the enzymes at loadings ranging between 3 and 100 mg g −1 Avicel allowed us to illustrate the relative roles of the enzymes and their levels of synergy. A mathematical model was created to simulate the interactions of these enzymes on crystalline cellulose, under both isolated and synergistic conditions. Laboratory results from the various mixtures at a range of loadings of recombinant enzymes allowed refinement of the mathematical model. The model can further be used to predict the optimal synergistic mixes of the enzymes. This information can subsequently be applied to help to determine the minimum protein requirement for complete hydrolysis of cellulose. Such knowledge will be greatly informative for the design of better enzymatic cocktails or processing organisms for the conversion of cellulosic biomass to commodity products. (letter)

  5. THz and Security Applications

    CERN Document Server

    Sizov, Fedir; Detectors, Sources and Associated Electronics for THz Applications

    2014-01-01

    These proceedings comprise invited papers from highly experienced researchers in THz technology and security applications. THz detection of explosives represents one of the most appealing technologies to have recently emerged in dealing with terrorist attacks encountered by civil security and military forces throughout the world. Discussed are the most advanced technologies and developments, the various points of operational strength and weaknesses as well as are suggestions and predictions the best technological solutions to  overcome current operational limits.  The current status of various levels of cooling in THz detectors, sources and associated electronics are also addressed. The goal was to provide a clear view on the current technologies available and the required advances needed in order to achieve more efficient systems. This goal was outlined in part by establishing the baseline of current uncertainty estimations in physics-based modelling and the identification of key areas which require additi...

  6. The complexity of an investment competition dynamical model with imperfect information in a security market

    International Nuclear Information System (INIS)

    Xin Baogui; Ma Junhai; Gao Qin

    2009-01-01

    We present a nonlinear discrete dynamical model of investment competition with imperfect information for N heterogeneous oligopolists in a security market. In this paper, our focus is on a given three-dimensional model which exhibits highly rich dynamical behaviors. Based on Wen's Hopf bifurcation criterion [Wen GL. Criterion to identify Hopf bifurcations in maps of arbitrary dimension. Phys Rev E 2005;72:026201-3; Wen GL, Xu DL, Han X. On creation of Hopf bifurcations in discrete-time nonlinear systems. Chaos 2002;12(2):350-5] and Kuznetsov's normal form theory [Kuznetsov YA. Elements of applied bifurcation theory. New York: Springer-Verlag; 1998. p. 125-37], we study the model's stability, criterion and direction of Neimark-Sacker bifurcation. Moreover, we numerically simulate a complexity evolution route: fixed point, closed invariant curve, double closed invariant curves, fourfold closed invariant curves, strange attractor, period-3 closed invariant curve, period-3 2-tours, period-4 closed invariant curve, period-4 2-tours.

  7. Biosurveillance capability requirements for the global health security agenda: lessons from the 2009 H1N1 pandemic.

    Science.gov (United States)

    Stoto, Michael A

    2014-01-01

    The biosurveillance capabilities needed to rapidly detect and characterize emerging biological threats are an essential part of the Global Health Security Agenda (GHSA). The analyses of the global public health system's functioning during the 2009 H1N1 pandemic suggest that while capacities such as those identified in the GHSA are essential building blocks, the global biosurveillance system must possess 3 critical capabilities: (1) the ability to detect outbreaks and determine whether they are of significant global concern, (2) the ability to describe the epidemiologic characteristics of the pathogen responsible, and (3) the ability to track the pathogen's spread through national populations and around the world and to measure the impact of control strategies. The GHSA capacities-laboratory and diagnostic capacity, reporting networks, and so on-were essential in 2009 and surely will be in future events. But the 2009 H1N1 experience reminds us that it is not just detection but epidemiologic characterization that is necessary. Similarly, real-time biosurveillance systems are important, but as the 2009 H1N1 experience shows, they may contain inaccurate information about epidemiologic risks. Rather, the ability of scientists in Mexico, the United States, and other countries to make sense of the emerging laboratory and epidemiologic information that was critical-an example of global social capital-enabled an effective global response. Thus, to ensure that it is meeting its goals, the GHSA must track capabilities as well as capacities.

  8. A Comparison Between a Dynamic and Static Approach to Asset Management Using CAPM Models on the Australian Securities Market

    Directory of Open Access Journals (Sweden)

    Dionigi Gerace

    2015-06-01

    Full Text Available Despite the capital asset pricing model being one of the most influential mod¬els in modern portfolio theory, it has also been a victim of criticism in numerous academic papers. Its assumptions which seem to be rather unre¬alistic, have caused many academics to improve the model by relaxing some of its restrictive statements. In this journal article, we compare the performance of an optimal portfolio of securities in the Australian securities market by constructing two theoretical portfolios; one using the capital asset pricing model which uses a single beta throughout a static investment horizon; and another, which allows the op¬timal portfolio to be rebalanced each week with an adjusted beta. The performance of the two theoretical portfolios is compared to determine the superior model. Overall, findings showed that due to rebalancing of the portfolio, the multiple period model was the superior model based on before and after transaction cost returns.

  9. Learning Puppet security

    CERN Document Server

    Slagle, Jason

    2015-01-01

    If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

  10. Microsoft Azure security

    CERN Document Server

    Freato, Roberto

    2015-01-01

    This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

  11. Alternative security

    International Nuclear Information System (INIS)

    Weston, B.H.

    1990-01-01

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  12. Arguing Against Security Communitarianism

    DEFF Research Database (Denmark)

    Bilgin, Pinar

    2016-01-01

    Anthony Burke’s ‘security cosmopolitanism’ is a fresh and thought-provoking contribution to critical theorizing about security. In this discussion piece, I would like to join Burke’s call for ‘security cosmopolitanism’ by way of arguing against ‘security communitarianism’. I understand the latter...... as a particular approach that seeks to limit the scope of security to one’s community – be it the ‘nation-state’ or ‘civilization’. I will suggest that arguing against ‘security communitarianism’ requires paying further attention to the postcolonial critique of cosmopolitanism....

  13. Homeland Security

    Science.gov (United States)

    Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.

  14. International Legal Framework for Nuclear Security

    International Nuclear Information System (INIS)

    Moore, G.M.

    2010-01-01

    The responsibility for nuclear security rests entirely with each State. There is no single international instrument that addresses nuclear security in a comprehensive manner. The legal foundation for nuclear security comprises international instruments and recognized principles that are implemented by national authorities. Security systems at the national level will contribute to a strengthened and more universal system of nuclear security at the international level. The binding security treaties are; Convention on the Physical Protection of Nuclear Material, the 2005 amendment thereto, Safeguards Agreements between the Agency and states required in Connection with the Treaty on the Non-Proliferation of Nuclear Weapons. Model Protocol additional to agreement(s) between State(s) and the Agency for the application of Safeguards Convention on Early Notification of a Nuclear Accident, Convention on Assistance in the Case of a Nuclear Accident or Radiological Emergency, Convention on Nuclear Safety, Joint Convention on the Safety of Spent Fuel Management and on the Safety of Radioactive Waste Management

  15. Mobile platform security

    CERN Document Server

    Asokan, N; Dmitrienko, Alexandra

    2013-01-01

    Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrat

  16. Research on Computer Aided Innovation Model of Weapon Equipment Requirement Demonstration

    Science.gov (United States)

    Li, Yong; Guo, Qisheng; Wang, Rui; Li, Liang

    Firstly, in order to overcome the shortcoming of using only AD or TRIZ solely, and solve the problems currently existed in weapon equipment requirement demonstration, the paper construct the method system of weapon equipment requirement demonstration combining QFD, AD, TRIZ, FA. Then, we construct a CAI model frame of weapon equipment requirement demonstration, which include requirement decomposed model, requirement mapping model and requirement plan optimization model. Finally, we construct the computer aided innovation model of weapon equipment requirement demonstration, and developed CAI software of equipment requirement demonstration.

  17. A 2nd generation static model of greenhouse energy requirements (horticern) : a comparison with dynamic models

    CERN Document Server

    Jolliet, O; Munday, G L

    1989-01-01

    Optimisation of a greenhouse and its components requires a suitable model permitting precise determination of its energy requirements. Existing static models are simple but lack precision; dynamic models though more precise, are unsuitable for use over long periods and difficult to handle in practice. A theoretical study and measurements from the CERN trial greenhouse have allowed the development of new static model named "HORTICERN", precise and easy to use for predicting energy consumption and which takes into account effects of solar energy, wind and radiative loss to the sky. This paper compares the HORTICERN model with the dynamic models of Bot, Takakura, Van Bavel and Gembloux, and demonstrates that its precision is comparable; differences on average being less than 5%, it is independent of type of greenhouse (e.g. single or double glazing, Hortiplus, etc.) and climate. The HORTICERN method has been developed for PC use and is proving to be a powerful tool for greenhouse optimisation by research work...

  18. Android application security essentials

    CERN Document Server

    Rai, Pragati

    2013-01-01

    Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

  19. MISTRAL: A game-theoretical model to allocate security measures in a multi-modal chemical transportation network with adaptive adversaries

    International Nuclear Information System (INIS)

    Talarico, Luca; Reniers, Genserik; Sörensen, Kenneth; Springael, Johan

    2015-01-01

    In this paper we present a multi-modal security-transportation model to allocate security resources within a chemical supply chain which is characterized by the use of different transport modes, each having their own security features. We consider security-related risks so as to take measures against terrorist acts which could target critical transportation systems. The idea of addressing security-related issues, by supporting decisions for preventing or mitigating intentional acts on transportation infrastructure, has gained attention in academic research only recently. The decision model presented in this paper is based on game theory and it can be employed to organize intelligence capabilities aimed at securing chemical supply chains. It enables detection and warning against impending attacks on transportation infrastructures and the subsequent adoption of security countermeasures. This is of extreme importance for preventing terrorist attacks and for avoiding (possibly huge) human and economic losses. In our work we also provide data sources and numerical simulations by applying the proposed model to a illustrative multi-modal chemical supply chain. - Highlights: • A model to increase the security in a multimodal chemical supply chain is proposed. • The model considers adaptive opponents having multi-attribute utility functions. • The model is based on game theory using an attacker–defender schema. • The model provides recommendations about where to allocate security measures. • Numerical simulations on a sample multimodal chemical supply chain are shown

  20. Transportation Secure Data Center: Real-world Data for Planning, Modeling, and Analysis (Fact Sheet)

    Energy Technology Data Exchange (ETDEWEB)

    2015-01-01

    The Transportation Secure Data Center (TSDC) at www.nrel.gov/tsdc provides free, web-based access to detailed transportation data from a variety of travel surveys conducted across the nation. While preserving the privacy of survey participants, this online repository makes vital transportation data broadly available to users from the comfort of their own desks via a secure online connection.